----- Original Message -----
From: "Brad Stockdale" <[EMAIL PROTECTED]>
To: "Subscribers of Qpopper" <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 4:45 PM
Subject: Re: The Qpopper 4.0.x exploit
> Hello all,
>
> I'm sure by now you all have heard that there is a Qpopper 4.0.x
> exploit going around... (If not, it was posted to bugtraq sometime this
> morning I believe -- Should be findable on the bugtraq archives)
> I was just wondering if anyone had a temporary or permanent fix for the
> problem?
What really irks me is that we shouldn't have to ask this question. I don't
know what the order of events are, but it seems to me that this
vulnerability was made public with a POC exploit before Qualcomm was given
time to inform us and supply a patch.
As someone admining a great number of servers running QPopper, I'm more than
a little pissed about this. I guess having more information would be
helpful, but my immediate complaint is founded.
>From what I understand, it's mitigated some by requiring a valid username
and password. That eases my worries somewhat.
Anyone else?
--
Alan W. Rateliff, II : RATELIFF.NET
Independent Technology Consultant : [EMAIL PROTECTED]
(Office) 850/350-0260 : (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]
