From owner-freebsd-questions Tue Jun 30 16:09:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA26601 for freebsd-questions-outgoing; Tue, 30 Jun 1998 16:09:05 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mail001.mediacity.com (mail001.mediacity.com [205.216.172.9]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA26574 for ; Tue, 30 Jun 1998 16:08:56 -0700 (PDT) (envelope-from nicole@mediacity.com) Received: (qmail 2747 invoked from network); 30 Jun 1998 23:08:51 -0000 Received: from dogbert.mediacity.com (@208.138.36.62) by mail001.mediacity.com with SMTP; 30 Jun 1998 23:08:51 -0000 Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Tue, 30 Jun 1998 16:08:55 -0700 (PDT) Organization: MediaCity World From: Nicole To: Jeremy Shaffner Subject: Re: Remote exploit in qpopper. Cc: Brian Somers , Sasha Egan , brian@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 30-Jun-98 Jeremy Shaffner wrote: > Heh..the bastards...They changed it to oldeudora. They could have done > that before mailing me with the URL I gave you. > Ah ha... Yes they are on the move arn't they.. That wasn't there when I went there... Tap tap tap tap... Nicole > On Tue, 30 Jun 1998, Nicole wrote: > >> >> On 30-Jun-98 Jeremy Shaffner wrote: >> > >> > There is also a new version released today from Qualcomm. 2.5 is >> > patched against all known problems. >> > ftp://ftp.qualcomm.com/eudora/servers/popper/. >> > >> >> >> I just tried to go there and the eudora directory doesn't exist. i also >> tried >> their other reccoemnded site. Anyone know of alternate sites? >> >> >> Nicole >> >> >> > >> > FWIW, I compiled the exploit (known as qpush or qpop) and tried it on an >> > unpatched 2.41beta1. Although it did cause a overflow and popper exited >> > with a signal 11, it did not provide a root shell. The author of this >> > particular exploit (It's available on the bugtraq list or from rootshell) >> > says that it only works on 2.2 or 2.41b1 and only on Linux systems. (The >> > exploit itself can be run from any platform.) >> > >> > The patches that Jordan has made do work. You can get the new -current >> > port and build that, or get 2.5 from qualcomm and build it yourself. >> > >> > On Tue, 30 Jun 1998, Brian Somers wrote: >> > >> >> > >> >> > Hey Brian, >> >> > I dunno if you have been watching some of the lists but there is some >> >> > definate problems in Qualcom's popper... >> >> [.....] >> >> >> >> Looks like I spoke too soon. A pile of patches have now been made to >> >> popper :-) >> >> >> >> > Sasha Egan >> >> > Belen Consolidated Schools >> >> > Belen, NM >> >> > (505) 861-4981 >> >> > pager: (505) 875-8866 >> >> >> >> -- >> >> Brian , , >> >> >> >> Don't _EVER_ lose your sense of humour.... >> >> >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> > -===================================================================- >> > Jeremy Shaffner JORSM Internet >> > Senior Technical Support Northwest Indiana's Premium >> > jer@jorsm.com Internet Service Provider >> > support@jorsm.com http://www.jorsm.com >> > -===================================================================- >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe security" in the body of the message >> >> |\ __ /| (`\ >> | o_o |__ ) ) >> // \\ >> Nicole Harrington | SR Systems Administrator >> -------------------(((---(((----------------------- >> >> nicole@mediacity.com - nicole@ispchannel.com >> www.mediacity.com - www.ispchannel.com >> Phone: 650-237-1464 - Pager: 415-301-2482 >> >> Powered By Coca-Cola and FreeBSD >> >> Why do doctors call what they do practice? >> Microsoft: What bug would you like today? >> ---------------------------------------------------- >> >> > > > -===================================================================- > Jeremy Shaffner JORSM Internet > Senior Technical Support Northwest Indiana's Premium > jer@jorsm.com Internet Service Provider > support@jorsm.com http://www.jorsm.com > -===================================================================- |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | SR Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1464 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message