Re: Qpopper v4.0.x poppassd local root exploit

From: Randall Gellens (rg_public.1at_private)
Date: Wed Apr 30 2003 - 04:35:20 PDT

Next message: jasonk: "RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS"

Previous message: Martin Schulze: "[SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution"
In reply to: dong-h0un U: "Qpopper v4.0.x poppassd local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm working on a fix, but would like to point out that poppassd is 
not built nor installed by default.  Also, poppassd is an inherently 
insecure protocol that sends both the current and new passwords in 
the clear, and in general should only be used with full understanding 
of the situation.
-- 
Randall Gellens
rg_public.1at_private
Opinions are personal;     facts are suspect;     I speak for myself only

Next message: jasonk: "RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS"
Previous message: Martin Schulze: "[SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution"
In reply to: dong-h0un U: "Qpopper v4.0.x poppassd local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 01 2003 - 11:54:35 PDT