On Fri, Mar 29, 2002 at 12:49:05PM -1000, Clifton Royston wrote: ... > Having said all that, I do honestly think you're better off applying > the little patch I wrote rather than doing nothing. This *is* known to > close at least one of the vulnerabilities seen by at least one exploit > script, on at least some sites which were vulnerable in 4.0.3. It also > fixes another (non-exploitable?) bug where the daemon hangs around too > long in the case of a client disconnecting prematurely.
Urrgh, and once again I forgot that the mailing list strips attachments. Oh well, go *here* for it: <http://shaveice.lava.net/qpopper/qpopper4.0.3-digitux-exploit.patch> -- Clifton -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] "What do we need to make our world come alive? What does it take to make us sing? While we're waiting for the next one to arrive..." - Sisters of Mercy
