Date: Tue, 25 Aug 1998 11:11:10 -0600 (MDT)
From: ekiM <ekim@sekurity.org>
To: linux-alert@redhat.com
Subject: [linux-security] Advisory: NetManage ZPOP v1.0
PTL: Prism Technologies, Ltd. http://www.prism.net/secure
Netmanage ZPOP v1.1 August 24, 1998
http://www.prism.net/secure/advisory/PTL.092498.ZPOP
-------------------------------------------------------------------------------
=== -Credit- ==================================================================
Mark Dowd - markd@prism.net
Michael Freeman - mikef@prism.net
Discovered: August 24, 1998
Released: September 1, 1998
Operating Systems tested on: Linux, Solaris 2.6/SPARC
Information
-----------
The ZPOP server daemon available from Netmanage contains multiple buffer
overflows. Overflows are present upto and including the latest version
(ZPOP 1.0 (patchlevel 60423dev) ). We do not believe that any systems
ship ZPOP 1.0 by default.
Impact
------
Remote users can compromise root access.
Fix
---
We have contacted NetManage about releasing a patch, please refer to their
website for more information or remove 'zpop' from your system.
No patches are available from us since source code is not available to the
public.
------------------------------------------------------------------------------
Contact Information
-------------------
E-Mail: secure@prism.net
WWW: http://www.prism.net/secure
FTP: ftp://ftp.prism.net
PGP Key
-------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0
mQGiBDWG6s0RBADbLW34n65UR7sRkm40AQCUtHNI4lly4+oQZdGZWgoLn7fMzk2W
wxMxSsQLXyRgC4AkpKW5oFCk+iGQXNF3kaqOuv4d/AsCyB4a85Y6ugXhXi/4cek8
MoOZoKS0vi5mhGsqjt+lkVVA1MowzoKFDX41wT44SLG+hCq7JvQnA3rLtwCg//Ev
u+H6MOccDiKB6Dv6lfkunysD/Rq2chNinZD0uS56MhhIyR1VjoxdiG1YLyQpkqCd
gZKCTvfkf6yzvYurZXe1ymYJmPxItn93oWTbEQsSdNH0U5GMxwEsH3raj7mBUJtA
d479XqWcvRfE1qQfxzMfF/xU8UOJQ3yU2DsJFgzlQqstxsl7pqo4952HaZPT+Qf5
bBsyBACx01eCqQAgwIH2nj07Um4qcogej88e5nGuKTtktYWtiA3wkzFtyDi6v2l5
ZXDEQPnDmxRmVPr2nAgtIhxw/ApAwkepp8dcxIL4Z26X3I0eUBPKzRY1y8mxbFw8
CuW3zrnve3jj1zVi/pB5qbqSyWGkUSp7v9RG6Kfvs+d/jQ61OLQhTWljaGFlbCBG
cmVlbWFuIDxtaWtlZkBwcmlzbS5uZXQ+iQBLBBARAgALBQI1hurNBAsDAQIACgkQ
ihIYjDz0olobqQCfULOQGG5he4HHoRP5srrxIKwYLMMAniWuob0Eh5gQCe6br3lk
/3Zdp2H/uQINBDWG6s4QCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB
p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh
V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr
5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4
XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf
q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/wIS4751YqFQ537
6RvTqal3jHL0pJX0waxaM4fp8MS6JenZ+cHFZ5m1z05J+k1lUfTnqZjGHveIQXYJ
OgZe7JDMEkxJ2APzp6HsiO4//PZrv5fhxh/nHhNFI79M7EniIRT1+GNAbQlM0LSz
519cw7UrhInuKK3KrCu9CZMWvDArhcu20k96pIMZXANq8fGMtqPybUDkIAcHh/1w
ZnIERzhNVvoo9VxmSglNHrfKt5qKTECQTz93Txckp910sZ2+OB7en2jPNl4wJ2Q+
Gm+fybtJIUCdtZnZX3Suvkvt25KKUSTNPms27DWtvEyeke5qreEBqOTkX/VeRY+I
LqBQeCZPiQA/AwUYNYbqzooSGIw89KJaEQLV7QCg8dNTajMOPygJR4U4oj+Yvsr4
Ak8AnjGu49yAN2Rntz5Fnjc9yFL3LIAt
=rAdO
-----END PGP PUBLIC KEY BLOCK-----
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
