From owner-freebsd-security  Sun Jul 19 11:38:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA06682
          for freebsd-security-outgoing; Sun, 19 Jul 1998 11:38:03 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hotjobs.com (fs2.ny.genx.net [206.64.4.67])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA06674
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 11:38:00 -0700 (PDT)
          (envelope-from perlsta@fs3.ny.genx.net)
Received: (qmail 28328 invoked by uid 1288); 19 Jul 1998 18:36:43 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Jul 1998 18:36:43 -0000
Date: Sun, 19 Jul 1998 14:36:43 -0400 (EDT)
From: Alfred <perlsta@fs3.ny.genx.net>
To: Brett Glass <brett@lariat.org>
cc: security@FreeBSD.ORG
Subject: Re: Why is there no info on the QPOPPER hack?
In-Reply-To: <199807191709.LAA28734@lariat.lariat.org>
Message-ID: <Pine.SOL.4.00.9807191434410.28070-100000@fs3.ny.genx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

y'know not to flame, but the popper sploit was the topic of 1/3 of the
e-mails on all the lists i'm on freebsd as well as others.

if you keep your head in a hole you're not going to get any help or
warning.  you didn't expect chuck to knock  on your door and tell you, did
you? :)

i suggest you subscribe to some of the lists, at LEAST security.

-Alfred

On Sun, 19 Jul 1998, Brett Glass wrote:

> Our system has been penetrated via a buffer overflow exploit in Qualcomm's
> QPOPPER, as obtained from the FreeBSD ports library. But there's no
> advisory about this on FreeBSD's site.... In fact, we learned of the
> exploit only because the cracker was sloppy.
> 
> We need advice on resecuring the system and preventing future incidents of
> this kind. CERT has been utterly unresponsive; they seem to have ignored
> our two e-mails asking for help. Any help we can get from members of the
> FreeBSD community would be MUCH appreciated.
> 
> --Brett Glass
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message