[29979] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Qpopper v4.0.x poppassd local root exploit

daemon@ATHENA.MIT.EDU (Randall Gellens)
Thu May 1 14:54:57 2003

Mime-Version: 1.0
Message-Id: <a06001009bad564fb0563@[213.117.165.164]>
In-Reply-To: <20030428141244.4009.qmail@hackermail.com>
Date: Wed, 30 Apr 2003 13:35:20 +0200
To: "dong-h0un U" <xploit@hackermail.com>, bugtraq@securityfocus.com
From: Randall Gellens <rg_public.1@flagg.qualcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

I'm working on a fix, but would like to point out that poppassd is 
not built nor installed by default.  Also, poppassd is an inherently 
insecure protocol that sends both the current and new passwords in 
the clear, and in general should only be used with full understanding 
of the situation.
-- 
Randall Gellens
rg_public.1@flagg.qualcomm.com
Opinions are personal;     facts are suspect;     I speak for myself only


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29979] in bugtraq

Re: Qpopper v4.0.x poppassd local root exploit

daemon@ATHENA.MIT.EDU (Randall Gellens)Thu May 1 14:54:57 2003

daemon@ATHENA.MIT.EDU (Randall Gellens)
Thu May 1 14:54:57 2003