tech-pkg: poppassd buffer overflow?

Subject: poppassd buffer overflow?
To: None <tech-pkg@netbsd.org>
From: Martti Kuparinen <martti.kuparinen@iki.fi>
List: tech-pkg
Date: 04/30/2002 14:40:04

Hi!

Should we be worried about this?

fw:~> telnet localhost 106
200 fw poppassd v4.0.3 hello, who are you?
USER username
200 your password please.
PASS oldpass
200 your new password please.
NEWPASS newpass
200 Password changed, thank-you.
fw:~>

And from /var/log/messages:

Apr 30 14:20:36 fw poppassd[22010]: buffer overflow on read from child
Apr 30 14:20:36 fw poppassd[22010]: password changed for username

I have this in inetd.conf:

poppassd stream tcp nowait root /usr/pkg/libexec/poppassd poppassd

Martti

---
Martti Kuparinen <martti.kuparinen@iki.fi>      NetBSD - No media hype
http://www.iki.fi/kuparine/                     http://www.netbsd.org/