The BSD mascot drawed by Tatsumi Hosokawa
  Chuck's corner (site title)

Home
  Welcome!
  Who's that Chuck? [FR]

Articles
  Computer forensics [FR]
  Virtual-to-Remote Physical [FR]
  Promethee, educ. intranet [FR]
  Frenzy, live mini CD [FR]
  Open/Closed source sec. [FR]
  Installing FreeBSD 5 [FR]
  Powered by Unknown! [FR]
    FreeBSD / Nmap (1/2) [FR]
    FreeBSD / Nmap (2/2) [FR]
    telnetd [FR]
    ftpd [FR]
    Apache [FR]
    Bind [FR]
    Lukemftpd [FR]
    OpenSSH [FR]
    PHP [FR]
    Qpopper [FR]
    Sendmail [FR]
    Sendmail / Smtpscan [FR]
    Sendmail / Smtpmap [FR]

  Work in progress:
  Fingerprints analyzers [FR]

Software
  Ports [FR]
  HeV project

Links
  BSD sites in french [FR]
  BSD systems list [FR]
  Projects of the month [FR]

Search
  with Google's logo

  on this site:
  
  on BSD contents:
  

Powered by Unknown !

Qpopper

Les serveurs POP3, tels que Qpopper, affichent spontanément certaines informations sensibles : 

# telnet localhost 110
+OK Qpopper (version 4.0.4) at herisson.maison starting.  <2151.1035447649@herisson.maison>
CAPA
+OK Capability list follows
TOP
USER
LOGIN-DELAY 0
EXPIRE 0
UIDL
RESP-CODES
AUTH-RESP-CODE
X-MANGLE
X-MACRO
X-LOCALTIME Wed, 23 Oct 2002 23:20:53 +0200
IMPLEMENTATION Qpopper-version-4.0.4
.
QUIT
+OK Pop server at herisson.maison signing off.

Ces affichages peuvent-être partiellement débrayés en utilisant l'option --enable-shy lors de la compilation du serveur : 

[...]
# ./configure --help
[...]
 --enable-shy             Hide qpopper version number
[...]
# ./configure --enable-shy [...]
# make
[...]

Mais le serveur peut encore divulguer son type et sa version aux utilisateurs authentifiés : 

# telnet localhost 110
+OK ready  <4123.1035447924@herisson.maison>
CAPA
+OK Capability list follows
TOP
USER
LOGIN-DELAY 0
EXPIRE 0
UIDL
RESP-CODES
AUTH-RESP-CODE
X-MANGLE
X-MACRO
X-LOCALTIME Wed, 23 Oct 2002 23:25:28 +0200
.
USER test
+OK Password required for test.
PASS test
+OK test has 0 visible messages (0 hidden) in 0 octets.
CAPA
+OK Capability list follows
TOP
USER
LOGIN-DELAY 0
EXPIRE 0
UIDL
RESP-CODES
AUTH-RESP-CODE
X-MANGLE
X-MACRO
X-LOCALTIME Wed, 23 Oct 2002 23:25:37 +0200
IMPLEMENTATION Qpopper-version-4.0.4
.
QUIT
+OK Pop server at herisson.maison signing off.

Ces fuites d'informations peuvent être évitées en appliquant un patch (testé avec Qpopper 4.0.4) dans le répertoire racine du code source du produit : 

[...]
# ./configure --enable-shy [...]
# patch < qpopper.patch
# make
[...]

Après application du patch, le serveur se comporte comme suit : 

# telnet localhost 110
+OK ready  <6084.1035448127@herisson.maison>
USER test
+OK Password required for test.
PASS test
+OK test has 0 visible messages (0 hidden) in 0 octets.
CAPA
+OK Capability list follows
TOP
USER
LOGIN-DELAY 0
EXPIRE 0
UIDL
RESP-CODES
AUTH-RESP-CODE
X-MANGLE
X-MACRO
X-LOCALTIME Wed, 23 Oct 2002 23:29:03 +0200
.
QUIT
+OK Pop server at herisson.maison signing off.
[ French flag Version française | Legal information [FR] | About us [FR] | Manifesto [FR] | Privacy & usage charter [FR] | Contact us | Comments on this page ]
[ FreeBSD ring | Sites list | Go to: previous 5 - previous one - random pick - next one - next 5 ]