Hi @ll: I'm going to run a POP server in a SuSE 6.4 box. The 2.53 version which ships with original 6.4 is buggy (remote root possible) so I downloaded the SuSE updated packages at */updates/6.4: pop: A few POP Servers ---------------------------------------------------------------------- File: pop-2000.6.7-0.i386.rpm Version: 2000.6.7 Size: 1252 kB Date: Thu 08 Jun 2000 Source: pop-2000.6.7-0.src.rpm Security: Yes ---------------------------------------------------------------------- Description: Security update for qpopper in pop_msg(), also APOP support enabled, POP_TIMEOUT = 600 and NO UPDATE ON ABORT Upon installing, the banner says it's also 2.53 (version). I supposed it will be a *patched* version. There have been various pop3 related bugs, so I'm wondering if this rpm is really secure. I've also downloaded the */updates/7.0 rpm. It says: pop: A few POP Servers ---------------------------------------------------------------------- File: pop-2000.9.29-0.i386.rpm Version: 2000.9.29 Size: 1252 kB Date: Fri 29 Sep 2000 02:33:37 PM CEST Source: pop-2000.9.29-0.src.rpm Security: No ---------------------------------------------------------------------- Description: Fixed program popauth. Only necessary for qpopper with apop authorization. My Q is: Why isn't there a similar patch for 6.4 distro? Finally, what I've done is going to Qualcom web and get 3.1.2 (latest) popper. I think this option is the most secure, isn't it? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi,
File: pop-2000.9.29-0.i386.rpm Version: 2000.9.29 Size: 1252 kB Date: Fri 29 Sep 2000 02:33:37 PM CEST Source: pop-2000.9.29-0.src.rpm Security: No
It is the qpopper 2.5.x version with security-hole too. I've compiled the newest version und replaced the /usr/sbin/popper with the new compiled one. In inetd.conf you have to change the pop3-entry into pop3 stream tcp nowait root /usr/sbin/popper -s The old entry doesn't run at my system. Bye Daniel Golesny
File: pop-2000.9.29-0.i386.rpm Version: 2000.9.29 Size: 1252 kB Date: Fri 29 Sep 2000 02:33:37 PM CEST Source: pop-2000.9.29-0.src.rpm Security: No
It is the qpopper 2.5.x version with security-hole too.
I've compiled the newest version und replaced the /usr/sbin/popper with the new compiled one.
In inetd.conf you have to change the pop3-entry into
pop3 stream tcp nowait root /usr/sbin/popper -s
The old entry doesn't run at my system.
Bye Daniel Golesny
Just a brief note: our qpopper is indeed old, but it has all security
problems fixed that are known so far. We didn't include the current
version of the qpopper (3.x) yet because of licensing issues. That may be
subject to change in the future.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
dgolesny
-
Roman Drahtmueller
-
RoMaN SoFt / LLFB!!