Date: Tue, 30 Jun 1998 16:01:16 -0500 (CDT) From: Jeremy Shaffner <jer@jorsm.com> To: Nicole <nicole@mediacity.com> Cc: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, brian@FreeBSD.ORG, Sasha Egan <wildcard@dax.belen.k12.nm.us>, Brian Somers <brian@Awfulhak.org> Subject: Re: Remote exploit in qpopper. Message-ID: <Pine.BSF.3.95q.980630160044.24890L-100000@mercury.jorsm.com> In-Reply-To: <XFMail.980630131538.nicole@mediacity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Heh..the bastards...They changed it to oldeudora. They could have done that before mailing me with the URL I gave you. On Tue, 30 Jun 1998, Nicole wrote: > > On 30-Jun-98 Jeremy Shaffner wrote: > > > > There is also a new version released today from Qualcomm. 2.5 is > > patched against all known problems. > > ftp://ftp.qualcomm.com/eudora/servers/popper/. > > > > > I just tried to go there and the eudora directory doesn't exist. i also tried > their other reccoemnded site. Anyone know of alternate sites? > > > Nicole > > > > > > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an > > unpatched 2.41beta1. Although it did cause a overflow and popper exited > > with a signal 11, it did not provide a root shell. The author of this > > particular exploit (It's available on the bugtraq list or from rootshell) > > says that it only works on 2.2 or 2.41b1 and only on Linux systems. (The > > exploit itself can be run from any platform.) > > > > The patches that Jordan has made do work. You can get the new -current > > port and build that, or get 2.5 from qualcomm and build it yourself. > > > > On Tue, 30 Jun 1998, Brian Somers wrote: > > > >> > > >> > Hey Brian, > >> > I dunno if you have been watching some of the lists but there is some > >> > definate problems in Qualcom's popper... > >> [.....] > >> > >> Looks like I spoke too soon. A pile of patches have now been made to > >> popper :-) > >> > >> > Sasha Egan > >> > Belen Consolidated Schools > >> > Belen, NM > >> > (505) 861-4981 > >> > pager: (505) 875-8866 > >> > >> -- > >> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> > >> <http://www.Awfulhak.org>; > >> Don't _EVER_ lose your sense of humour.... > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-questions" in the body of the message > >> > > > > > > -===================================================================- > > Jeremy Shaffner JORSM Internet > > Senior Technical Support Northwest Indiana's Premium > > jer@jorsm.com Internet Service Provider > > support@jorsm.com http://www.jorsm.com > > -===================================================================- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe security" in the body of the message > > |\ __ /| (`\ > | o_o |__ ) ) > // \\ > Nicole Harrington | SR Systems Administrator > -------------------(((---(((----------------------- > > nicole@mediacity.com - nicole@ispchannel.com > www.mediacity.com - www.ispchannel.com > Phone: 650-237-1464 - Pager: 415-301-2482 > > Powered By Coca-Cola and FreeBSD > > Why do doctors call what they do practice? > Microsoft: What bug would you like today? > ---------------------------------------------------- > > -===================================================================- Jeremy Shaffner JORSM Internet Senior Technical Support Northwest Indiana's Premium jer@jorsm.com Internet Service Provider support@jorsm.com http://www.jorsm.com -===================================================================- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980630160044.24890L-100000>