Bugtraq mailing list archives
Re: Qpopper 2.53 remote problem, user can gain gid=mail
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Wed, 24 May 2000 13:02:52 -0400
while investigating the qpopper 2.53 source lying around to see about this
fix, i noticed they note the source patches mentioned are incorrect. they
note:
[quote]
At lines 150 and 62 from pop_msg.c, replace:
- return (pop_msg (p,POP_SUCCESS, buffer));
to:
+ return (pop_msg (p,POP_SUCCESS, "%s", buffer));
[end quote]
when infact it's lines 62 and 152 in the source file pop_uidl.c that
contain these lines (god bless grep).
just a minor correction... damn, i gotta start looking for a better pop3d!
jose nazario jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Re: Another hole in Cart32 sert sert (May 22)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Jose Nazario (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Qpopper Support (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Sebastian (May 25)
- RFP2K05 - NetProwler "Fragmentation" Issue AXENT Security Team (May 23)
- Re: Another hole in Cart32 CDI (May 23)
- <Possible follow-ups>
- Re: Another hole in Cart32 Clover Andrew (May 23)
- Re: Another hole in Cart32 Justin King (May 24)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)