Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: popper and qpopper let you read email from other pop clients
From: ianj () CALWEB COM (Ian R. Justman)
Date: Fri, 8 Aug 1997 14:44:08 -0700


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Aug 1997 dynamo () IME NET wrote:

Some versions of popper and qpopper from qualcomm allow you to read
other peoples email.  There are quite a few situations in which you
need your mail spool directory chmodded 1777.  If you have local users
on a machine with the mail spool directory, they can create symbolic
links from the temporary pop drop box to a file that they can read.

See if youre vulnerable:

<Details of exploit deleted>

Apparently it is fixed in the newest version.

Here's what I did when I tried this on my personal system at home which
runs QPOPPER 2.2:

/tmp$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK QPOP (version 2.2) at (zang!) starting.  <2104.871076037@(plink!)>
user (poof!)
+OK Password required for (zap!).
pass (boink!)
- -ERR Your temporary drop file /usr/spool/mail/.(blink!).pop is not type 'regular file'

Even version 2.2 of qpopper is smart enough to know the difference between
a regular file and a symbolic link.

- --Ian.

- ---
Ian R. Justman (ianj () calweb com)

Finger ianj () calweb com for my public PGP key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQEVAwUBM+uTLkyc+bfQRhUBAQF3Cwf/WxHBunYU0OCyyMVSClUVq9lV8bDkijqk
EfvcQF1wbEAcm+f4d7FnF55Q6QZlyXYejRYwy0ocro+erE9DHWfqj7lQJ9OTReKq
1I+vPXbx6y15bfAo7pwwW/G8XZFXiLs3cRXw9K0znMoFvRbJezrgCMrC/3O41glP
SvBU3OhDNtuV1RMcRR8gsBnkWtqKQG53WVvNhf/wSvVxhChL4MQADlFTkosS43il
jmJ7rPYxV/jxDV/jMS40iFM7yjtIQv7RrwmQDpVI5PHjxHHaZiJkDUqZUTWwidBG
3KyW+DYPNRDkqnmPwpJKBytOh3UhMpXc0a/euBPO7VhzVB53cSI01A==
=p1SE
-----END PGP SIGNATURE-----



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault