Date: Sun, 5 Jul 1998 03:48:30 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Scot Elliott <scot@planet-three.com> Cc: freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Security Alert: Qualcomm POP Server Message-ID: <Pine.BSF.3.96.980705034608.15271A-100000@shell6.ba.best.com> In-Reply-To: <Pine.BSF.3.96.980705100321.19331A-100000@tweetie.online.barbour-index.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Where have you been all this time? Dont' you follow bugtraq? Yes, Qualcomm had remote root shell buffer overflow "y3r 0wned" type thingie. Exploits for both *bsd and linux systems were published. Get cucipop or updated qualcomm pop server. -- Yan Jan Koum jkb@best.com | "Turn up the lights; I don't want www.FreeBSD.org -- The Power to Serve | to go home in the dark." ---------------------------------------+----------------------------------- ICMP: What happens when you hack into a military network and they catch you. On Sun, 5 Jul 1998, Scot Elliott wrote: >Morning all. > >I caught someone last night with a root shell on our mail server. I >traced it back to somewhere in the US, but unfortunately got locked out >and the log files removed before I had time to fix it ;-( > >I shut the machine down remotely by mounting /usr over NFS and changing >/usr/libexec/atrun to a shell script that run /sbin/shutdown (near huh? >;-) > >Anyway - the point is that is looks like some kind of buffer overflow in >the POP daemon that ships with FreeBSD 2.2.6. I noticed lots of ^P^P^P... >messages from popper in the log file before it was removed. There was an >extra line in /etc/inetd.conf which ran a shell as root on some port I >wasn't using (talk I think). So I'm guessing that the exploit allows >anyone to run any command as root. Nice. Whomever it was was having a >whale of a time with my C compiler for some reason... very dodgy. > >If I can find out the source of this then I'd like to follow it up. Does >anyone have experience of chasing this sort of thing from across the US >border? Also, of course, everyone should check their popper version. > >Cheers > > >Yours - Scot. > > >----------------------------------------------------------------------------- >Scot Elliott (scot@poptart.org, scot@nic.cx) | Work: +44 (0)171 7046777 >PGP fingerprint: FCAE9ED3A234FEB59F8C7F9DDD112D | Home: +44 (0)181 8961019 >----------------------------------------------------------------------------- >Public key available by finger at: finger scot@poptart.org > or at: http://www.poptart.org/pgpkey.html > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980705034608.15271A-100000>