Re: Urgent: Potato Qpopper root explotable.
Rodney Caston wrote:
> The package maintainer of "qpopper" needs to update the qpopper to the
> newest version, the current one in the potato build is root exploitable.
I don't think it is. The current version of qpopper in potato is 2.53.
Now have a look at the advisory:
-----
Vulnerable versions are all versions of qpop 3.0b, affected operating
systems are _all_ systems that run it. Versions 2.52 and 2.53 do not contain
this bug. The latest version available is 3.0b20, which is vulnerable, along
with all previous 3.0 versions.
-----
So I don't know if you tried the particular sploit and concluded you gained
remote root?
Remco
Reply to: