Interesting that qualcomm appears to have pulled the 2.51 release off their
server and are now back to having the 2.5 release there. I suspect that a
2.52 is in the works or will be shortly.
-_Gene
Kyle made the following keystrokes:
>BACKGROUND
>
> Buffer overrun vulnerabilities have been discovered in the
> Qpopper POP server for UNIX from Qualcomm, Inc.
>
>
>SYSTEMS AFFECTED
>
> All systems running Qpopper versions prior to 2.51.
>
>
>PROBLEM
>
> Several buffer overrun vulnerabilities have been discovered in
> the Qpopper POP3 server freely available from Qualcomm, Inc.
> Exploit code has been released to the Internet, and scans for the
> vulnerability have been detected on NASA systems. As of now, it
> appears that the vulnerability is not system-specific, and
> exploit code for several architectures has been released.
>
>
>RECOMMENDED ACTIONS
>
> Administrators should disable access to Qpopper, and upgrade to
> version 2.51, released July 1, 1998. The updated source code is
> available from:
>
> ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper2.51.tar.Z
>
>
>
>Kyle
>[EMAIL PROTECTED]
>
>
>
