Re: Urgent: Potato Qpopper root explotable.

To: Rodney Caston <largo@megatokyo.com>, debian-devel@lists.debian.org
Subject: Re: Urgent: Potato Qpopper root explotable.
From: Remco van de Meent <remco@dnd.utwente.nl>
Date: Wed, 1 Dec 1999 16:47:24 +0100
Message-id: <[🔎] 19991201164724.A9663@dnd.utwente.nl>
In-reply-to: <[🔎] Pine.LNX.4.03.9912010851290.3849-100000@quincy.megatokyo.com>; from Rodney Caston on Wed, Dec 01, 1999 at 08:53:23AM +0000
References: <[🔎] 38453154.BDEC56D4@vt.edu> <[🔎] Pine.LNX.4.03.9912010851290.3849-100000@quincy.megatokyo.com>

Rodney Caston wrote:
> The package maintainer of "qpopper" needs to update the qpopper to the
> newest version, the current one in the potato build is root exploitable.

I don't think it is. The current version of qpopper in potato is 2.53.

Now have a look at the advisory:

-----
Vulnerable versions are all versions of qpop 3.0b, affected operating
systems are _all_ systems that run it. Versions 2.52 and 2.53 do not contain
this bug. The latest version available is 3.0b20, which is vulnerable, along
with all previous 3.0 versions.
-----

So I don't know if you tried the particular sploit and concluded you gained
remote root?  


		Remco

Reply to:

Follow-Ups:
- Re: Urgent: Potato Qpopper root explotable.
  - From: Rodney Caston <largo@megatokyo.com>

References:
- Re: xdm and user's profiles
  - From: Brian Rectanus <brectanu@vt.edu>
- Urgent: Potato Qpopper root explotable.
  - From: Rodney Caston <largo@megatokyo.com>

Prev by Date: Dealing with hardcoded paths
Next by Date: Re: ITP ZCAV
Previous by thread: Urgent: Potato Qpopper root explotable.
Next by thread: Re: Urgent: Potato Qpopper root explotable.
Index(es):
- Date
- Thread