[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Qpopper - remote root...
- Subject: RE: [cobalt-security] Qpopper - remote root...
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 23 Jul 2000 22:09:40 +0100 (BST)
Hi, I just made a little procedure for manually upgrading Qpopper on
RaQ2/3's. Note that this will break APOP. In most cases this shouldn't
be a problem.
- get qpopper3.0.2.tar.gz
- list of mirrors on qpopper.org
- su to root
now do:
- gzip -cd qpopper3.0.2.tar.gz | tar -xvf -
- cd qpopper3.0.2
- ./configure --enable-specialauth
- make
- cp ./popper/popper /usr/sbin/in.qpopper
You might need to kill inetd while you copy the file (incase anybody is
checking mail at the time). This will almost certainly invalidate your
cobalt warranty (back up /usr/sbin/in.qpopper!) but its probably worth it
(remote root == bad).
Gossi.
On Sun, 23 Jul 2000, Matthias Pigulla wrote:
> I wonder why there they haven't published a fix yet... the issue is
> known for a longer time now.
>
> SuSE published a patch for the old version almost immediately, stating
> that the license would permit them to redistribute the new qpopper.
>
> I think it will be faster to build a fixed qpopper on your own than
> waiting for Cobalt Networks to fix this.
>
> My $0.02,
> Matthias
> --
>
> w e b f a c t o r y G m b H
> Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
> Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
> Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233
>
> > -----Original Message-----
> > Now that it has been, I'm looking forward to cobalt's official fix.
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
--
gossi@xxxxxxxxxxxxxxx