Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jun 1998 13:30:55 -0500 (CDT)
From:      Jeremy Shaffner <jer@jorsm.com>
To:        Brian Somers <brian@Awfulhak.org>
Cc:        Sasha Egan <wildcard@dax.belen.k12.nm.us>, brian@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Remote exploit in qpopper. 
Message-ID:  <Pine.BSF.3.95q.980630132340.24890F-100000@mercury.jorsm.com>
In-Reply-To: <199806300740.IAA11820@awfulhak.org>

next in thread | previous in thread | raw e-mail | index | archive | help

There is also a new version released today from Qualcomm.  2.5 is
patched against all known problems.
ftp://ftp.qualcomm.com/eudora/servers/popper/.


FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an
unpatched 2.41beta1.  Although it did cause a overflow and popper exited
with a signal 11, it did not provide a root shell.  The author of this
particular exploit (It's available on the bugtraq list or from rootshell)
says that it only works on 2.2 or 2.41b1 and only on Linux systems.  (The
exploit itself can be run from any platform.)

The patches that Jordan has made do work.  You can get the new -current
port and build that, or get 2.5 from qualcomm and build it yourself.

On Tue, 30 Jun 1998, Brian Somers wrote:

> > 
> > Hey Brian, 
> > I dunno if you have been watching some of the lists but there is some
> > definate problems in Qualcom's popper...
> [.....]
> 
> Looks like I spoke too soon.  A pile of patches have now been made to 
> popper :-)
> 
> > Sasha Egan
> > Belen Consolidated Schools
> > Belen, NM 
> > (505) 861-4981
> > pager: (505) 875-8866
> 
> -- 
> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
>       <http://www.Awfulhak.org>;
> Don't _EVER_ lose your sense of humour....
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


-===================================================================-
Jeremy Shaffner					JORSM Internet
Senior Technical Support 		  Northwest Indiana's Premium
jer@jorsm.com				   Internet Service Provider	
support@jorsm.com			     http://www.jorsm.com	
-===================================================================-


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980630132340.24890F-100000>