From owner-freebsd-questions Tue Jun 30 13:15:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA25989 for freebsd-questions-outgoing; Tue, 30 Jun 1998 13:15:40 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mail001.mediacity.com (mail001.mediacity.com [205.216.172.9]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA25971 for ; Tue, 30 Jun 1998 13:15:36 -0700 (PDT) (envelope-from nicole@mediacity.com) Received: (qmail 26824 invoked from network); 30 Jun 1998 20:15:34 -0000 Received: from dogbert.mediacity.com (@208.138.36.62) by mail001.mediacity.com with SMTP; 30 Jun 1998 20:15:34 -0000 Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Tue, 30 Jun 1998 13:15:38 -0700 (PDT) Organization: MediaCity World From: Nicole To: Jeremy Shaffner Subject: Re: Remote exploit in qpopper. Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, brian@FreeBSD.ORG, Sasha Egan , Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 30-Jun-98 Jeremy Shaffner wrote: > > There is also a new version released today from Qualcomm. 2.5 is > patched against all known problems. > ftp://ftp.qualcomm.com/eudora/servers/popper/. > I just tried to go there and the eudora directory doesn't exist. i also tried their other reccoemnded site. Anyone know of alternate sites? Nicole > > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an > unpatched 2.41beta1. Although it did cause a overflow and popper exited > with a signal 11, it did not provide a root shell. The author of this > particular exploit (It's available on the bugtraq list or from rootshell) > says that it only works on 2.2 or 2.41b1 and only on Linux systems. (The > exploit itself can be run from any platform.) > > The patches that Jordan has made do work. You can get the new -current > port and build that, or get 2.5 from qualcomm and build it yourself. > > On Tue, 30 Jun 1998, Brian Somers wrote: > >> > >> > Hey Brian, >> > I dunno if you have been watching some of the lists but there is some >> > definate problems in Qualcom's popper... >> [.....] >> >> Looks like I spoke too soon. A pile of patches have now been made to >> popper :-) >> >> > Sasha Egan >> > Belen Consolidated Schools >> > Belen, NM >> > (505) 861-4981 >> > pager: (505) 875-8866 >> >> -- >> Brian , , >> >> Don't _EVER_ lose your sense of humour.... >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > > -===================================================================- > Jeremy Shaffner JORSM Internet > Senior Technical Support Northwest Indiana's Premium > jer@jorsm.com Internet Service Provider > support@jorsm.com http://www.jorsm.com > -===================================================================- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | SR Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1464 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message