On Sun, 19 Jul 1998, Brett Glass wrote:
> Our system has been penetrated via a buffer overflow exploit in Qualcomm's
> QPOPPER, as obtained from the FreeBSD ports library. But there's no
> advisory about this on FreeBSD's site.... In fact, we learned of the
> exploit only because the cracker was sloppy.
>
> We need advice on resecuring the system and preventing future incidents of
> this kind. CERT has been utterly unresponsive; they seem to have ignored
> our two e-mails asking for help. Any help we can get from members of the
> FreeBSD community would be MUCH appreciated.
CERT typically ignores requests for help unless you are a very large
company. Small ISP's and businesses connected to the internet are unlikely
to receive personal assistance.
However, CERT has put out an advisory on the qpopper vulnerability:
ftp.cert.org:/pub/cert_advisories/CA-98.08.qpopper_vul
>From the vendor information page:
"Versions of QUALCOMM qpopper prior to 2.5 are vulnerable. QUALCOMM
recommends upgrading to the most recent version..."
CERT also has a paper on recovering from incidents which is accessable
from their web page and ftp site.
And finally, two other sites you should keep an eye on:
http://www.freebsd.org/security/security.html (FreeBSD Security Guide)
http://www.watson.org/fbsd-hardening/ (FreeBSD Hardening Project)
>
> --Brett Glass
Good luck,
Nick :)
--
Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick
Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A
"When in doubt, ask someone wiser than yourself..." -unknown
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message