Date: Sat, 27 Jun 1998 19:23:54 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: freebsd-security@FreeBSD.ORG, igor@alecto.physics.uiuc.edu (Igor Roshchin) Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT Message-ID: <199806280023.TAA04462@alecto.physics.uiuc.edu> In-Reply-To: <6133.898984165@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 27, 1998 2:49:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > THere seems to be yet another similar buffer overflow > > in pop_log.c > > Fixed. Please cvsup the latest ports collection and make sure > that ports/mail/popper is updated - all the new patches are in > ports/mail/popper/patches/patch-ag. > > - Jordan > Jordan, I've just downloaded "popper" directory from ftp://ftp.freebsd.org/.25/FreeBSD/FreeBSD-current/ports/mail It is still missing patch for the "UIDL" problem (pop_dropcopy.c) Several people had suggestion looking like: if (strlen(cp) >= 128) cp[127] = 0; before the line 497 as it appears in that file after patch-ad is applied. (originally, I believe, before 459 ) May be I am missing something, but I don't think that patch-ad, which is so far the only patch realted to pop_dropcopy.c addressed this problem Regards, IgoR To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806280023.TAA04462>