I haven't had time to try it, our 4.0.4 may not even be vulnerable. -----Original Message----- From: paul jacobs [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 11:31 AM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] QPopper 4.0.x buffer overflow vulnerability
At 08:48 AM 3/12/2003, you wrote: >On Wednesday, March 12, 2003, at 11:31 AM, Goade, Matthew forwarded from >bugtraq: >>I successfully managed to execute arbitrary code using the >>'mdef'-command with the binary in the most recent debian-package >>'qpopper-4.0.4-8' > >Our Qube3 appears to be running qpopper-3.0.2. Are there (m)any RaQs >running newer versions? How would we find out if it affects the older versions? > >pjm When do you think SUN Cobalt will have a fix for this one?. Hopefully pkgmaster or solarspeed will have a fix sooner than SUN will. >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security > Best Regards, Paul Jacobs / SR. Network Manager Microsoft MCP 2000 / Cisco Certified Design / Install / Troubleshoot / Optimize / Security of WANs / LANs / Data Recovery Mon. - Fri. 9AM - 5PM (619)336-1400 http://www.adv-data.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
