[15714] in bugtraq
Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper
daemon@ATHENA.MIT.EDU (Mike Brown)
Mon Jul 10 15:15:45 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20000710164843.11238.qmail@hyperreal.org>
Date: Mon, 10 Jul 2000 09:48:43 -0700
Reply-To: mike@HYPERREAL.ORG
From: Mike Brown <mike@HYPERREAL.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
> FreeBSD-SA-00:26
> Topic: popper port contains remote vulnerability
> Category: ports
> Module: popper
> Announced: 2000-07-05
>
> The popper port, version 2.53 and earlier, [is insecure...]
> V. Solution
> One of the following:
> 1) Upgrade your entire ports collection and rebuild the popper port.
> 2) Deinstall the old package and install a new package [...]
> 3) download a new port skeleton [...] and use it to rebuild the port.
> 4) Use the portcheckout utility to automate option (3) above.
Not sure why this wasn't mentioned, but it should be noted that
Qualcomm's Qpopper 3.x is no longer considered beta, and there is a
FreeBSD port for it: 'popper3', which could be installed instead of
a patched version of 2.53. Version 3.0.2, which the current popper3
port uses, is, I believe, not subject to these vulnerabilities.
References:
http://www.eudora.com/qpopper/30.html
http://www.freebsd.org/ports/mail.html
-M.
