Bugtraq mailing list archives
Re: serious Qpopper 3.0 vulnerability
From: jhigham () BIGSKY NET (Josh Higham)
Date: Tue, 30 Nov 1999 10:54:03 -0700
-----Original Message----- From: Mixter <mixter () NEWYORKOFFICE COM> To: BUGTRAQ () SECURITYFOCUS COM <BUGTRAQ () SECURITYFOCUS COM> Date: Tuesday, November 30, 1999 10:23 AM Subject: serious Qpopper 3.0 vulnerability
PS: The installation file suggests to run qpopper without tcpd, e.g.: pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s I would NOT suggest doing it that way. Use: pop3 stream tcp nowait root /usr/sbin/tcpd qpopper -s instead. At least for me it works behind a tcp wrapper, and that way, you can use access control and every connection _attempt_ gets logged.
Does anyone know why qpopper suggests running without wrappers? Does it lose some functionality that way, or is it deadwood from a previous incompatibility between tcpd and qpopper? It seems pretty significant to suggest not using wrappers, and I would expect a significant reason for that, but I don't recall seeing anything about it in the docs. Josh Higham
Current thread:
- Re: serious Qpopper 3.0 vulnerability Josh Higham (Nov 30)
- Re: serious Qpopper 3.0 vulnerability M. Adam Kendall (Dec 01)
- <Possible follow-ups>
- Re: serious Qpopper 3.0 vulnerability Dan Groscost (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Elgin Lee (Nov 30)
- Re: serious Qpopper 3.0 vulnerability Qpopper Support (Nov 30)