RE: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released

["Goade, Matthew" <mgoade@xxxxxxxxxxxxxxx>]

Michael,

Great pkg! No wonder it takes Sun so long, they just rely on the open community to take care of each other.

Thanks!

-----Original Message-----
From: Michael Stauber [mailto:cobalt@xxxxxxxxxxxxxx]
Sent: Wednesday, March 12, 2003 6:50 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released


Hi all,

To fix the recently discovered vulnerability in Qpopper-4.0.4 I created a PKG 
for the RaQ3 and RaQ4 which is based on the 4.0.5fc2 sources of Qpopper.

Who should upgrade? Basically everyone who installed the Solarspeed 
Qpopper-4.0.4 for the RaQ3 and RaQ4. 

A stock Cobalt RaQ3 or RaQ4 is not vulnerable to this issue - unless you 
installed the free Qpopper-4.0.4 upgrade or compiled Qpopper-4.0.4 yourself 
from the sources.

The new PKG can be downloaded here:

http://www.solarspeed.net/downloads/index.php

As this is an often asked question in regards to Qpopper, here are the 
configure options I used when compiling the sources:

./configure --prefix=/usr               \
            --enable-apop=/etc/pop.auth \
            --with-popuid=pop           \
            --enable-specialauth        \
            --enable-servermode         \
            --enable-uw-kludge          \
            --enable-log-login

Before someone asks the next obvious question:

The option ...

	--with-pam=qpop

... was NOT used for performance reasons. So this package doesn't use PAM 
authentication because POP based authentication against PAM uses a tremendous 
amount of ressources without any actual gains. So especially on heavy duty 
POP3 servers this package will create less load than the previos 
Qpopper-4.0.4 or the stock Sun Cobalt Qpopper-3.0.2.

-- 

With best regards,

Michael Stauber

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security