[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] QPOP Vulnerability - Again
- Subject: Re: [cobalt-security] QPOP Vulnerability - Again
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Tue, 18 Jul 2000 19:48:59 +0100 (BST)
On Mon, 17 Jul 2000 john@xxxxxxxxxxxx wrote:
>
> Will there be a patch for the QPOP vulnerabilities? I sent a message to
> Cobalt support several weeks ago and posted a message here as well but I've
> not heard anything further. I noticed that there was a message on Bugtraq
> recently announcing the problem as well.
>
> Thanks!
>
> _John
Ditto on this question. I think its also amusing how Cobalt have wrapped
the Linux capabilites kernel patch in a patch to elimate named problems,
but not actually documented this on the website anywhere.
One has to wonder how many exploitable RaQ systems are connected to the
internet, with well known security problems that admins aren't even aware
of...
In fact, all of them running POP, thinking about it, since theres no patch
for the known QPOPPER problems.
--
http://www.cobalt.com/support/download/raq3.eng.html
"Update: All Kernel i386 1.1
Solves a problem that was introduced with the kernel update included in
RaQ3-Update-OS-3.0. The symptom was that the DNS server would not start if
the machine was assigned more than sixty IP addresses."
--
http://www.cobalt.com/support/security/index.html
Last updated February 4th 2000.
--
http://www.cobalt.com/support/download/index.html
"Cobalt Security Notices
As part of our on-going effort to provide high quality, secure products,
Cobalt Networks, Inc. issues proactive updates that are designed to
improve the security of all Cobalt server appliances."
Indeed.
--
gossi the dog
email: gossi@xxxxxxxxxxxxxx
irc: gossi in #markthomas (efnet / irc.ins.net.uk)