[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Cobalt Security Issues
- Subject: [cobalt-security] Cobalt Security Issues
- From: "Jose Luis Aguilar" <jlaguilar@xxxxxxx>
- Date: Tue, 4 Jul 2000 16:43:54 -0400
With all this security talk going on, I downloaded SAINT (network security
hole scanner) and ran it on my RAQ3. It only returned one critical problem,
and one potential problem.
Potential problem.
pop receives password in clear (we all know this)
The CRITICAL problem was about the version of QPopper the RAQ3 uses (QPOP
version 2.53). It has a security vulnerability. If you go to the QPopper
home page (http://www.eudora.com/freeware/qpop.html), there is a security
vulnerability alert:
------------------------------------------------------------------
Security Vulnerability
Some versions of Qpopper are vulnerable to buffer overruns. Qpopper 2.41
and older can be used to obtain root access to your system. Qpopper 2.53
^^^^^^^^^^^^^
and older may permit an attacker who has access to a valid account to obtain
a shell with group-id 'mail', potentially allowing read/write access to all
mail.
All users of Qpopper are urged to upgrade to the current version.
-------------------------------------------------------------------
Is Cobalt aware of this?
JA
-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Brian
Curtis
Sent: Tuesday, July 04, 2000 10:27 AM
To: cobalt-developers@xxxxxxxxxxxxxxx
Subject: [cobalt-developers] Cobalt Security Issues
Here's an interesting article released today:
http://black.box.sk/issue.php3?article=cobalt.txt&issue=9
BC
_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers