Date: Thu, 25 May 2000 16:04:10 +0900 From: sen_ml@eccosys.com To: freebsd-security@freebsd.org Subject: Re: QPOPPER: Remote gid mail exploit Message-ID: <20000525160410I.1001@eccosys.com> In-Reply-To: <Pine.BSF.4.21.0005241633020.7700-100000@mercury.jorsm.com> References: <Pine.BSF.4.21.0005241633020.7700-100000@mercury.jorsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From: Jeremy Shaffner <jer@jorsm.com> Subject: QPOPPER: Remote gid mail exploit Date: Wed, 24 May 2000 16:40:00 -0500 (CDT) Message-ID: <Pine.BSF.4.21.0005241633020.7700-100000@mercury.jorsm.com> > [Patch is at the end] > > Here is the original advisory. Note that the actual advisory is > correct WRT the file and line numbers. The posts on Bugtraq indicate to > patch pop_msg.c instead of pop_uidl.c. while patching and restarting a qpopper server locally, i started wondering...how much of a problem is this on a freebsd system where /var/mail or /var/spool/mail is not setgid mail? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000525160410I.1001>