[6] in Security FYI
new security hole found in pop-2 service
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Thu May 27 16:29:52 1999
From: <mhpower@MIT.EDU>
Date: Thu, 27 May 1999 16:29:40 -0400
Message-Id: <199905272029.QAA08810@the-oz.mit.edu>
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
There has been a recent announcement of a security problem in the
Unix pop-2 (Post Office Protocol, version 2) service -- the problem
can allow intruders to break in to your computer remotely. The pop-2
service is seldom accessed at MIT (most everyone uses pop-3 instead)
but the insecure service is still enabled on many MIT computers,
especially ones running Linux.
It is likely that intruders will start trying to break in via this
security hole by this weekend, or earlier.
Please check your Linux or other Unix systems for the existence of a
pop-2 service, and shut off the service if it exists. In general, the
steps would be
-- login to the system as root
-- look for any line in the /etc/inetd.conf file that begins with
either pop-2 or pop2
-- if there is no such line, the system does not have this security
problem; you are done
-- insert a # character at the beginning of the line that starts
with pop-2 or pop2 (this comments out the line)
-- save the modified /etc/inetd.conf file
-- have your inetd process reload this configuration file inetd.conf.
In general, you need to find the pid number of your inetd process
and then type in "kill -HUP" followed by the pid number, e.g.,
kill -HUP 12345
On most Linux systems, the pid number is found in the file
/var/run/inetd.pid
For more information about reconfiguring your computers to eliminate
this new security problem, see
http://web.mit.edu/net-security/www/fyi/fyi-1999-001-pop2.html
Matt Power
Network Security team, MIT Information Systems
