Re: ipop3d logwatch entry suspicious

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I wrote:
> You need to plan around a security problem being found with your version
> of ipop3d. Either you need to follow the appropriate security lists, and
> be ready to patch your version of ipop3d quickly, or you need to use a
> supported operating system which will do this for you.

Roberto Figueroa wrote:
> Thanks James for your advice.
> 
> Another question: where can I find those security list...or more specific
> mailing list related to ipop3d?

Actually, I was trying to hint that this is what you *don’t* want to do!

I believe that ipop3d in FC5 comes from the University of Washington at
http://www.washington.edu/imap/ : run something like
rpm -qif /usr/sbin/ipop3d
and check the URL line. You will find a link to
http://www.washington.edu/imap/lists/imap-uw.html on that page, which
seems to be the best list.

But there’s a couple of other things you need to bear in mind.

If you’re going to use otherwise-unsupported software, you need to do
this with every service you expose to the Internet. You should be aware
of every service you offer to the Internet, anyway.

You may well need to be examining your MTA software (probably sendmail,
postfix, exim, or qmail), OpenSSH, and maybe stuff like Samba, bind and
Cups. The few Linux viruses to date have spread this way (Lion used bind
and Ramen used lpd – both exploited vulnerabilities in Red Hat Linux for
which Red Hat had issued patches).

Part of what a distribution should be offering you is that it will
monitor these lists for you. You just have one place to go to look for
updates. They should also have someone monitoring mailing lists like
Bugtraq, which contains reports of security problems found by third
parties. They also have access to vendor-sec, a closed distributor-only
list co-ordinating upcoming security patches.

Were you actually intending to offer POP3 access across the Internet?
You may well have intended this: it’s a reasonable thing to do IF you’re
offering e-mail service to people outside your network.

James.

-- 
E-mail:     james@ | WARNING:  Pressing CTRL+ALT+DEL again will restart your
aprilcottage.co.uk | computer.  Then again, what won't?  You will lose unsaved
                   | information, and even supposedly saved information, in
                   | any case.                              -- David P. Murphy

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux