[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] 14. RE: qpopper exploit? - script kiddie scripts

Subject: Re: [cobalt-users] 14. RE: qpopper exploit? - script kiddie scripts
From: "Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Thu Mar 15 21:56:44 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Dee,

> and I'm going to be digging
> around all day to see if I can find news about a new qpopper exploit.

Here's what's listed on Qualcomm's website
(http://www.eudora.com/qpopper_general/#BUFFER):

"Security Vulnerability
Some versions of Qpopper are vulnerable to buffer overruns.  Qpopper 2.41
and older can be used to obtain root access to your system.  Qpopper 2.53
and older may permit an attacker who has access to a valid account to obtain
a shell with group-id 'mail', potentially allowing read/write access to all
mail.

All users of Qpopper are urged to upgrade to the current version."

There's no mention of an exploit for 3.0.x, but I wouldn't bet on it.
Securiteam (http://www.securiteam.com) mentions exploits up to 3.0b22, as
far as I can tell.

Hope I didn't ruin your day... ;-)

Greetz... Nico

Follow-Ups:
- [cobalt-users] [OT] Welcome, Nico! (was qpopper exploit)
  - From: Dee Dreslough
- [cobalt-users] sshd problem
  - From: Zahid N. Sindhu

References:
- RE: [cobalt-users] 14. RE: qpopper exploit? - script kiddie scripts
  - From: Dee Dreslough

Prev by Date: [cobalt-users] xinetd & apache mod_proxy for RaQ4
Next by Date: [cobalt-users] Adding localhost.domain.tld
Previous by thread: RE: [cobalt-users] 14. RE: qpopper exploit? - script kiddie scripts
Next by thread: [cobalt-users] [OT] Welcome, Nico! (was qpopper exploit)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index