hi all, thought i'd get into a bit of SAINT and all. 1. situation: host report of my newly installed 7.1 (!) shows vulnerable qpop. 2. situation: so i go and update. after update version still shows 2.53 and SAINT reports. anybody seen this? what gives ? tia dan
On Thu, 22 Feb 2001 16:54:00 +0100, you wrote:
hi all, thought i'd get into a bit of SAINT and all. 1. situation: host report of my newly installed 7.1 (!) shows vulnerable qpop. 2. situation: so i go and update. after update version still shows 2.53 and SAINT reports.
I guest: 1.- SuSE 7.1 ships PATCHED version for qpop 2.53. 2.- SAINT uses the banner which is prompted by popper daemon upon connection to port 110. This banner has not been touched by SuSE people so SAINT gets confused thinking it has found a vulnerable version. So... 3.- It's a false positive :-) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi all, thought i'd get into a bit of SAINT and all. 1. situation: host report of my newly installed 7.1 (!) shows vulnerable qpop. 2. situation: so i go and update. after update version still shows 2.53 and SAINT reports.
I guest: 1.- SuSE 7.1 ships PATCHED version for qpop 2.53.
Negative. All SuSE distributions _before_ did. 7.1 contains qpopper-3.1.2, the most recent version at the time the CDs were made. It's on CD 2, path suse/n2/qpopper.rpm . The package pop was split up into two single packages "imap" and qpopper.
2.- SAINT uses the banner which is prompted by popper daemon upon connection to port 110. This banner has not been touched by SuSE people so SAINT gets confused thinking it has found a vulnerable version. So... 3.- It's a false positive :-)
Yes. Our poppers do not contain any of the known weaknesses.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com
Thank you for the information, Roman. ;o) Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
On Thu, 22 Feb 2001, RoMaN SoFt / LLFB!! wrote:
On Thu, 22 Feb 2001 16:54:00 +0100, you wrote:
hi all, thought i'd get into a bit of SAINT and all. 1. situation: host report of my newly installed 7.1 (!) shows vulnerable qpop. 2. situation: so i go and update. after update version still shows 2.53 and SAINT reports.
I guest: 1.- SuSE 7.1 ships PATCHED version for qpop 2.53.
right! .. call it honeypot or alike. ;-) Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
participants (4)
-
kleindoofi -
Roman Drahtmueller -
RoMaN SoFt / LLFB!! -
Thomas Biege