mailing list archives
Re: popper and qpopper let you read email from other pop clients
From: ianj () CALWEB COM (Ian R. Justman)
Date: Fri, 8 Aug 1997 14:44:08 -0700
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 7 Aug 1997 dynamo () IME NET wrote:
Some versions of popper and qpopper from qualcomm allow you to read
other peoples email. There are quite a few situations in which you
need your mail spool directory chmodded 1777. If you have local users
on a machine with the mail spool directory, they can create symbolic
links from the temporary pop drop box to a file that they can read.
See if youre vulnerable:
<Details of exploit deleted>
Apparently it is fixed in the newest version.
Here's what I did when I tried this on my personal system at home which
runs QPOPPER 2.2:
/tmp$ telnet localhost 110
Connected to localhost.
Escape character is '^]'.
+OK QPOP (version 2.2) at (zang!) starting. <2104.871076037@(plink!)>
+OK Password required for (zap!).
- -ERR Your temporary drop file /usr/spool/mail/.(blink!).pop is not type 'regular file'
Even version 2.2 of qpopper is smart enough to know the difference between
a regular file and a symbolic link.
Ian R. Justman (ianj () calweb com)
Finger ianj () calweb com for my public PGP key.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----