[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: popper protection

From: "Tony Johnson" <gjohnson showmaster com>
To: <redhat-list redhat com>
Subject: RE: popper protection
Date: Mon, 1 Mar 1999 09:56:06 -0600

I would call bhnet.comm.br and ask who was logged into pm117 at the time.
Try to have their account killed.  I would atleast complain.  Too many
script kiddies out there trying to hack into someone else.  This one left
all the evidence needed.

> -----Original Message-----
> From: rfg mail redhat com [mailto:rfg mail redhat com]On
> Behalf Of Ramon
> Gandia
> Sent: Monday, March 01, 1999 4:25 AM
> To: redhat-list redhat com
> Subject: Re: popper protection
>
>
> Philippe Platiau wrote:
> >
> > Sorry, but I forgot to send you an example:
> >
> > Feb 28 01:34 my_hostname popper[1351]: [truncated]
> @pm117.bhnet.comm.br:
> > -ERR Unknown command:
> "^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P..."
> >
> > I suppose it's correct and that it's protected
> >  but...
>
> This is a username buffer overflow attack.  Its done by
> telnetting to your mailserver port 110 and entering at least
> 130 control-P's like the guy was trying to do.  If your
> pop server is vulnerable, it will crash leaving the
> intruder at a root prompt on your machine.
>
> This same attack also works on NFS.
>
> You need to make sure you have the latest versions of
> your POP server software and NFS to protect yourself against
> this sort of attack.  Basically, these vulnerabilities were
> discovered in mid 1998 or earlier, so RedHat 5.2 should be
> safe.
>
> The other one is the IMAP server, which is vulnerable on some
> early CD's of Redhat 5.2.  Be sure you have imap turned off
> in /etc/inetd.conf and that you do a "prompt # kill -HUP inetd"
> to make the change effective.
>
> --
> Ramon Gandia ================= Sysadmin ================ Nook Net
> http://www.nook.net                                  rfg nook net
> 285 West First Avenue                           tel. 907-443-7575
> P.O. Box 970                                    fax. 907-443-2487
> Nome, Alaska 99762-0970 ========== Alaska Toll Free. 888-443-7525
>
>
> --
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING
> LIST ARCHIVES!
> 		http://www.redhat.com http://archive.redhat.com
>          To unsubscribe: mail redhat-list-request redhat com with
>                        "unsubscribe" as the Subject.
>

References:
- Re: popper protection
  - From: Ramon Gandia

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]