[Replying via webmail...could be messy]
Paul,
That bug if I remember right was found a little over a year ago. I
believe it was patched in vpopmail quite some time ago.
Please someone correct me if I am wrong as this is of the _utmost_
importance.
As a side note, I had a machine attacked recenly with a pseudo-successful
compromise and the only three services that could be seen outside the
firewall were proftpd 2.1.0rc3 and qmail SMTP and qpop3D. (ssh was also
there)
Are best guess right now is that it was an attack from a user who has ssh
access on the system...other then that, those three/four ports should not
have been the source of the compromise -- certainly not qmail or qpop3d --
maybe proftpd. -- Just a heads up to people...
-davidu
> Hello everyone,
>
> I just came across some website stating that
> qmail-pop3d + vchkpw contains a particular exploit.
>
> http://www.ktwo.ca/c/qmail-pop3d-vchkpw.c
>
>
> Has this been patched already? Is it a qmail
> problem or a vpopmail problem?
>
> Rgds,
> Paul
""
