[1996] in linux-security and linux-alert archive
[linux-security] Re: Qpop CERT advisory?
daemon@ATHENA.MIT.EDU (Bryan C. Andregg)
Sat Jul 18 06:27:31 1998
To: linux-security@redhat.com
From: bryan@redhat.com (Bryan C. Andregg)
Date: 17 Jul 1998 15:22:08 GMT
Reply-To: bryan@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Thu, 16 Jul 1998 11:27:41 -0700 (PDT), <bryan@terran.org> wrote:
> The question was meant to be interpreted: is the POP daemon distributed
> with RedHat affected by the same exploits? Many people have responded with
> information that doesn't answer the question. I have also received
> responses from people stating that the POP with RedHat (imap-4.1) is not
> affected, and others who say it is. I've tried running two of the exploits
> I could find on the Bugtraq archive against a RedHat-4.2 system with no
> success. So the question still stands: is the imap package distributed
> with RedHat also vulnerable to the qpopper exploit, or any other POP
> exploit? It doesn't appear to be, but...
Red Hat does not ship qpopper.
Red Hat ships ipop3d from the WU pine package.
ipop3d is not affected by this attack.
Red Hat ships imap from the WU pine package.
imap has recently had exploits posted for it.
Please download and install updates from ftp://ftp.redhat.com/pub/updates.
--
Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software
"So hang the brand-name ego at the door and think about what I'm saying" -
Peter Da Silva
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null