Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: serious Qpopper 3.0 vulnerability
From: mak () KHA0S ORG (M. Adam Kendall)
Date: Wed, 1 Dec 1999 13:12:39 -0500


On 30-Nov-1999 Josh Higham wrote:
PS: The installation file suggests to run qpopper without tcpd, e.g.:
pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s
I would NOT suggest doing it that way. Use:

Does anyone know why qpopper suggests running without wrappers?

It doesn't suggest running it without wrappers.. it just doesn't suggest
that you DO.  Like most documentation, it doesn't assume you are running
anything but their software, and therefore doesn't specifically mention
the use of wrappers. How are they supposed to know that YOU (specifically)
happen to have something else installed?

Hell, even those vendors that DO know you have wrappers installed
don't mention anything about it.  Those are the folks that you should
be 'scolding'.  Just as a case in point, from a stock RH6.1 box:
#linuxconf stream tcp wait root /bin/linuxconf linuxconf --http

*sigh*

--
M. Adam Kendall         |
mak () kha0s org           |  "There's never enough time to do
http://kha0s.org        |  all the nothing you want."
                        |   --Bill Watterson (Calvin and Hobbes)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]