Bugtraq mailing list archives
Re: popper and qpopper let you read email from other pop clients
From: ianj () CALWEB COM (Ian R. Justman)
Date: Fri, 8 Aug 1997 14:44:08 -0700
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 7 Aug 1997 dynamo () IME NET wrote:
Some versions of popper and qpopper from qualcomm allow you to read other peoples email. There are quite a few situations in which you need your mail spool directory chmodded 1777. If you have local users on a machine with the mail spool directory, they can create symbolic links from the temporary pop drop box to a file that they can read. See if youre vulnerable:
<Details of exploit deleted>
Apparently it is fixed in the newest version.
Here's what I did when I tried this on my personal system at home which runs QPOPPER 2.2: /tmp$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK QPOP (version 2.2) at (zang!) starting. <2104.871076037@(plink!)> user (poof!) +OK Password required for (zap!). pass (boink!) - -ERR Your temporary drop file /usr/spool/mail/.(blink!).pop is not type 'regular file' Even version 2.2 of qpopper is smart enough to know the difference between a regular file and a symbolic link. - --Ian. - --- Ian R. Justman (ianj () calweb com) Finger ianj () calweb com for my public PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQEVAwUBM+uTLkyc+bfQRhUBAQF3Cwf/WxHBunYU0OCyyMVSClUVq9lV8bDkijqk EfvcQF1wbEAcm+f4d7FnF55Q6QZlyXYejRYwy0ocro+erE9DHWfqj7lQJ9OTReKq 1I+vPXbx6y15bfAo7pwwW/G8XZFXiLs3cRXw9K0znMoFvRbJezrgCMrC/3O41glP SvBU3OhDNtuV1RMcRR8gsBnkWtqKQG53WVvNhf/wSvVxhChL4MQADlFTkosS43il jmJ7rPYxV/jxDV/jMS40iFM7yjtIQv7RrwmQDpVI5PHjxHHaZiJkDUqZUTWwidBG 3KyW+DYPNRDkqnmPwpJKBytOh3UhMpXc0a/euBPO7VhzVB53cSI01A== =p1SE -----END PGP SIGNATURE-----
Current thread:
- popper and qpopper let you read email from other pop clients dynamo () IME NET (Aug 07)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Re: solaris ^[[1J reboot Scott Moseman (Aug 11)
- Re: popper and qpopper let you read email from other pop clients Marc Slemko (Aug 10)
- dgux in.fingerd vulnerability George Imburgia (Aug 11)
- procfs patch (fwd) Alex (Aug 11)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Getting around non-executable stack (and fix) Solar Designer (Aug 10)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)