|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: serious Qpopper 3.0 vulnerability
Subject: Re: serious Qpopper 3.0 vulnerability
From: Josh Higham (jhigham
BIGSKY.NET)
Date: Tue Nov 30 1999 - 11:54:03 CST
- Next message: Brock Tellier: "Solaris 2.x chkperm/arp vulnerabilities"
- Previous message: Rafael Rodrigues Obelheiro: "Security Patches for Slackware 7.0 Available (fwd)"
- Maybe in reply to: Mixter: "serious Qpopper 3.0 vulnerability"
- Next in thread: M. Adam Kendall: "Re: serious Qpopper 3.0 vulnerability"
- Next in thread: Elgin Lee: "Re: serious Qpopper 3.0 vulnerability"
- Maybe reply: Josh Higham: "Re: serious Qpopper 3.0 vulnerability"
- Reply: M. Adam Kendall: "Re: serious Qpopper 3.0 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----Original Message-----
From: Mixter <mixterNEWYORKOFFICE.COM>
To: BUGTRAQSECURITYFOCUS.COM <BUGTRAQSECURITYFOCUS.COM>
Date: Tuesday, November 30, 1999 10:23 AM
Subject: serious Qpopper 3.0 vulnerability
>PS: The installation file suggests to run qpopper without tcpd, e.g.:
>pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s
>I would NOT suggest doing it that way. Use:
>pop3 stream tcp nowait root /usr/sbin/tcpd qpopper -s
>instead. At least for me it works behind a tcp wrapper, and that way,
>you can use access control and every connection _attempt_ gets logged.
Does anyone know why qpopper suggests running without wrappers? Does it
lose some functionality that way, or is it deadwood from a previous
incompatibility between tcpd and qpopper? It seems pretty significant to
suggest not using wrappers, and I would expect a significant reason for
that, but I don't recall seeing anything about it in the docs.
Josh Higham
- Next message: Brock Tellier: "Solaris 2.x chkperm/arp vulnerabilities"
- Previous message: Rafael Rodrigues Obelheiro: "Security Patches for Slackware 7.0 Available (fwd)"
- Maybe in reply to: Mixter: "serious Qpopper 3.0 vulnerability"
- Next in thread: M. Adam Kendall: "Re: serious Qpopper 3.0 vulnerability"
- Next in thread: Elgin Lee: "Re: serious Qpopper 3.0 vulnerability"
- Maybe reply: Josh Higham: "Re: serious Qpopper 3.0 vulnerability"
- Reply: M. Adam Kendall: "Re: serious Qpopper 3.0 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Wed Dec 01 1999 - 13:37:43 CST