From owner-freebsd-security  Sun Jun 28 02:41:21 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA24683
          for freebsd-security-outgoing; Sun, 28 Jun 1998 02:41:21 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA24678
          for <freebsd-security@FreeBSD.ORG>; Sun, 28 Jun 1998 02:41:20 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id CAA06367;
	Sun, 28 Jun 1998 02:31:14 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: "Vadim V. Chepkov" <vvc@kharkiv.net>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: (FWD) QPOPPER REMOTE ROOT EXPLOIT 
In-reply-to: Your message of "Sun, 28 Jun 1998 12:21:22 +0300."
             <Pine.BSF.3.96.980628121929.511A-100000@hut.kharkiv.net> 
Date: Sun, 28 Jun 1998 02:31:13 -0700
Message-ID: <6363.899026273@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> On Sun, 28 Jun 1998, Jordan K. Hubbard wrote:
> 
> > Get revision 1.6 of that patch file; this is now fixed, sorry folks!
> > 
> 
> Hello!
> 
> I did that, but it still crashes on overflow.

Well, I'm going to let you find this one then.  I don't even have the
*exploit* for this problem and the folks who are managing to induce
these overflows can run gdb on popper's post-mortem dumps a lot more
easily than I can. :-)

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message