Bugtraq mailing list archives

Re: serious Qpopper 3.0 vulnerability

From: mak () KHA0S ORG (M. Adam Kendall)
Date: Wed, 1 Dec 1999 13:12:39 -0500


On 30-Nov-1999 Josh Higham wrote:

PS: The installation file suggests to run qpopper without tcpd, e.g.:
pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s
I would NOT suggest doing it that way. Use:


Does anyone know why qpopper suggests running without wrappers?


It doesn't suggest running it without wrappers.. it just doesn't suggest
that you DO.  Like most documentation, it doesn't assume you are running
anything but their software, and therefore doesn't specifically mention
the use of wrappers. How are they supposed to know that YOU (specifically)
happen to have something else installed?

Hell, even those vendors that DO know you have wrappers installed
don't mention anything about it.  Those are the folks that you should
be 'scolding'.  Just as a case in point, from a stock RH6.1 box:
#linuxconf stream tcp wait root /bin/linuxconf linuxconf --http

*sigh*

--
M. Adam Kendall         |
mak () kha0s org           |  "There's never enough time to do
http://kha0s.org        |  all the nothing you want."
                        |   --Bill Watterson (Calvin and Hobbes)

Current thread:

Re: serious Qpopper 3.0 vulnerability Josh Higham (Nov 30)
- Re: serious Qpopper 3.0 vulnerability M. Adam Kendall (Dec 01)
- <Possible follow-ups>
- Re: serious Qpopper 3.0 vulnerability Dan Groscost (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Elgin Lee (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Qpopper Support (Nov 30)