[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] [Fwd: Cobalt Security Advisory - 07.24.2000 - Qpopper]

--------------------------------------------------

  Cobalt Security Update Advisory - 07.24.2000

--------------------------------------------------
Abstract:

Package Name:                              qpopper
Date:                                July 24, 2000
Platforms Affected:        RaQ1, RaQ2, RaQ3, Qube1

--------------------------------------------------
Description:

Qpopper 2.53 and older may permit an attacker who has
access to a valid account to obtain a shell with group-id
'mail', potentially allowing read/write access to all mail.

The Cobalt Qube2 was updated in with the latest
version of qpopper as of OS Update 3.0.  If you
have not installed that update yet, it is recommended
you do so as soon as possible.  It can be found
at:

ftp://ftp.cobalt.com/pub/packages/qube2/eng/Qube2-Update-OS-2.0.pkg

--------------------------------------------------
Location:

RaQ3
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ3-Qpopper-3.0.2.pkg
RaQ2
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ2-Qpopper-3.0.2.pkg
RaQ1
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ1-Qpopper-3.0.2.pkg
Qube1
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/Qube1-Qpopper-3.0.2.pkg

--------------------------------------------------
Verification: (md5sum)

RaQ3:
7b278d6e3136e5f5f07ae90c783234eb  RaQ3-Qpopper-3.0.2.pkg
RaQ2:
4996b2bee0765191e5d121e7b7cfc235  RaQ2-Qpopper-3.0.2.pkg
RaQ1:
463f485f244f4c554132440a8bbec477  RaQ1-Qpopper-3.0.2.pkg
Qube1:
27d7fb721c5d00b0f5708da9aa2a49c5  Qube1-Qpopper-3.0.2.pkg

---------------------------------------------------
Correspondence:

If have any comments about this update or have any
technical issues directly relating to this update
please contact Cobalt Security <security@xxxxxxxxxx>

Jeff
--
Jeff Lovell
Cobalt Networks, Inc.