[1985] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Qpop CERT advisory?

daemon@ATHENA.MIT.EDU (Stunt Pope)
Fri Jul 17 05:03:28 1998

In-Reply-To: <Pine.LNX.3.96.980714132622.12545B-100000@earth.terran.org>
Date: Thu, 16 Jul 1998 10:55:02 -0400 (EDT)
Reply-To: Stunt Pope <markjr@shmOOze.net>
From: Stunt Pope <markjr@shmOOze.net>
To: "B. James Phillippe" <bryan@terran.org>
Cc: Linux Security <linux-security@tarsier.cv.nrao.edu>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


On 14-Jul-98 B. James Phillippe wrote:
> Hello,
> 
>       Anyone have information on whether RedHat-5.0+ is affected by the
> recent (today's) CERT advisory regarding QPOP?
> 
> thanks,
> -bp
> --

There's a long thread on Bugtraq (http://www.geek-girl.com/bugtraq/) about
it. Just search on qpopper or click on the last quarter's thread. Originally
it seemed only linux was affected. In the intervening weeks I've seen someone
post a freeBSD version and yesterday one for SCO (although come to think
of it that one may not have been qpopper, but whatever pop3 SCO ships with).

At any rate, there's a couple versions of exploit code in the thread you
should perhaps compile and test out for yourself.

What I can't believe is how long CERT advisories take to come out these days.
If I would have waited until I got this one before I patched the one box
I had that was affected I would have been hacked about 3 times. 

-mark

---
Mark Jeftovic                   aka: mark jeff or vic, stunt pope. 
markjr@shmOOze.net              http://www.shmOOze.net/~markjr
Private World's BOFH            http://www.PrivateWorld.com
irc: L-bOMb                     Keep `em Guessing

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post