Re: Urgent: Potato Qpopper root explotable.

To: debian-devel@lists.debian.org
Subject: Re: Urgent: Potato Qpopper root explotable.
From: Rodney Caston <largo@megatokyo.com>
Date: Wed, 1 Dec 1999 13:43:57 +0000 (/etc/localtime)
Message-id: <[🔎] Pine.LNX.4.03.9912011343060.5799-100000@quincy.megatokyo.com>
In-reply-to: <[🔎] 19991201164724.A9663@dnd.utwente.nl>

I can assure you, there is another exploit for 2.53, i suggest we upgrade
to 3.0b20.

On Wed, 1 Dec 1999, Remco van de Meent wrote:

> Rodney Caston wrote:
> > The package maintainer of "qpopper" needs to update the qpopper to the
> > newest version, the current one in the potato build is root exploitable.
> 
> I don't think it is. The current version of qpopper in potato is 2.53.
> 
> Now have a look at the advisory:
> 
> -----
> Vulnerable versions are all versions of qpop 3.0b, affected operating
> systems are _all_ systems that run it. Versions 2.52 and 2.53 do not contain
> this bug. The latest version available is 3.0b20, which is vulnerable, along
> with all previous 3.0 versions.
> -----
> 
> So I don't know if you tried the particular sploit and concluded you gained
> remote root?  
> 
> 
> 		Remco
>

Reply to:

References:
- Re: Urgent: Potato Qpopper root explotable.
  - From: Remco van de Meent <remco@dnd.utwente.nl>

Prev by Date: Bug #50399 (was: Re: Release-critical Bugreport for November 26, 1999)
Next by Date: [lss@ukl.uni-freiburg.de: ITP: Request Tracker]
Previous by thread: Re: Urgent: Potato Qpopper root explotable.
Next by thread: Re: xdm and user's profiles
Index(es):
- Date
- Thread