RE: [cobalt-security] Qpopper - remote root...

[Gossi The Dog <gossi@xxxxxxxxxxxxxx>]

Hi, I just made a little procedure for manually upgrading Qpopper on
RaQ2/3's.  Note that this will break APOP.  In most cases this shouldn't
be a problem.

- get qpopper3.0.2.tar.gz
- list of mirrors on qpopper.org
- su to root

now do:

- gzip -cd qpopper3.0.2.tar.gz | tar -xvf -
- cd qpopper3.0.2
- ./configure --enable-specialauth
- make
- cp ./popper/popper /usr/sbin/in.qpopper

You might need to kill inetd while you copy the file (incase anybody is
checking mail at the time).  This will almost certainly invalidate your
cobalt warranty (back up /usr/sbin/in.qpopper!) but its probably worth it
(remote root == bad).

Gossi.

On Sun, 23 Jul 2000, Matthias Pigulla wrote:

> I wonder why there they haven't published a fix yet... the issue is
> known for a longer time now.
> 
> SuSE published a patch for the old version almost immediately, stating
> that the license would permit them to redistribute the new qpopper.
> 
> I think it will be faster to build a fixed qpopper on your own than
> waiting for Cobalt Networks to fix this.
> 
> My $0.02,
> Matthias
> --
> 
>  w e b f a c t o r y   G m b H
>    Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
>    Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
>    Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233
> 
> > -----Original Message-----
> > Now that it has been, I'm looking forward to cobalt's official fix.
> 
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> 

-- 
gossi@xxxxxxxxxxxxxxx