Bugtraq mailing list archives
popper and qpopper let you read email from other pop clients
From: dynamo () IME NET (dynamo () IME NET)
Date: Thu, 7 Aug 1997 21:04:47 -0400
when i found this, i checked the archive to see if anyone else had found this, and it didnt look like it.. if its a repost of ideas, sorry. Some versions of popper and qpopper from qualcomm allow you to read other peoples email. There are quite a few situations in which you need your mail spool directory chmodded 1777. If you have local users on a machine with the mail spool directory, they can create symbolic links from the temporary pop drop box to a file that they can read. See if youre vulnerable: 1) touch /tmp/lumpy; chmod 777 /tmp/lumpy 2) ln -s /tmp/lumpy /var/mail/.luser.pop 3) wait for them to check their email. 4) while they are reading it from the pop server, look at the file in the tmp dir. Apparently it is fixed in the newest version. dynamo
Current thread:
- popper and qpopper let you read email from other pop clients dynamo () IME NET (Aug 07)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Re: solaris ^[[1J reboot Scott Moseman (Aug 11)
- Re: popper and qpopper let you read email from other pop clients Marc Slemko (Aug 10)
- dgux in.fingerd vulnerability George Imburgia (Aug 11)
- procfs patch (fwd) Alex (Aug 11)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Getting around non-executable stack (and fix) Solar Designer (Aug 10)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)