On 2008/01/28 20:05, Richard P. Koett wrote: > > The machine is running poptop-1.1.4.b4p1. Someone did an audit and declared > "PoPToP servers prior to version 1.1.4-bs are vulnerable to a buffer > overflow".
Nice of PoPToP to warn about this on their web page (not...) > I notice that even the current version of OpenBSD has a package for > poptop-1.1.4.b4p1, so I find it hard to believe that this version contains a > known buffer overflow. propolice might catch it (in which case poptop will stop running). the exploit code is at http://marc.info/?l=bugtraq&m=105068728421160&w=2 if you want to try it to find out whether or not you get a shell. the -current version of OpenBSD has PoPToP 1.3.0 in ports and packages. the last release does have the older version.
