search for: ipop2d

[mod: In addition to this, Jon points us to: http://www.redhat.com/corp/support/errata/rh52-errata-general.html#imap for the official fix from Red Hat. -- REW] ---------- Forwarded message ---------- From: dumped <dumped@SEKURE.ORG> Subject: ipop2d buffer overflow fix Resent-Subject: ipop2d buffer overflow fix Date: Thu, 3 Jun 1999 17:29:05 -0300 Resent-Date: Fri, 4 Jun 1999 00:52:49 -0500 (CDT) Resent-From: Ron DuFresne <dufresne@winternet.com> To: BUGTRAQ@netspace.org Resent-To: dufresne <dufresne@darkstar.sysinfo.com> This pat...

Has anyone released or is working on a patch yet for this pop2d vulnerability, Our site has been hit twice this week before we found what was causing it. Apparently a remote user can crash pop2d out into a shell account for user nobody. description of the exploit and code can be found at. http://www.rootshell.com/archive-j457nxiqi3gq59dv/199906/sdi-pop2.c.html Thanks

I''ve got qualcomm''s qpopper2.2, and am not sure if its vulnerable. The advisory mentions pop and imap servers, but only says: version of IMAP (Section B). If your POP server is based on the University of Washington IMAP server code, you should also upgrade to the latest version of IMAP. Until you can take one of these actions, I installed the new imapd about 3

....rexecd talk dgram udp wait root /usr/sbin/tcpd in.talkd ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd #dtalk stream tcp waut nobody /usr/sbin/tcpd in.dtalkd # # Pop and imap mail services et al # pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d imap stream tcp nowait root /usr/sbin/tcpd imapd # # The Internet UUCP service. # #uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l # # Tftp service is provided primarily for booting. Most...