[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] QPOP Vulnerability - Again
- Subject: Re: [cobalt-security] QPOP Vulnerability - Again
- From: Chris Adams <cmadams@xxxxxxxxxx>
- Date: Wed, 19 Jul 2000 09:38:14 -0500
Once upon a time, Jan P Tietze <jptietze@xxxxxxxxxxx> said:
> I called EMEA tech support today (btw - literally NO time spent waiting for a
> technician), and they said Cobalt was working on fix, and that it's going to be
> in the next security update. As to when that update will be released, I was told
> they would find that out for me and send the information by email. As soon as
> (or if at all) I get this information, I will post it to this list.
>
> Apparently, there seems to be no way to force Cobalt into fixing long-known
> broken functionality. A response on this list by Cobalt techies about the QPOP3
> vulnerability would be fine.
They are too busy working on the RaQ4 I guess. That's why it took them
six months to fix things like the RaQ3 email catch-all bug.
They still have not released an official fix to the web site security
hole (originally I was thinking it was just with Front Page sites, but
it is with all sites). With the normal setup, any user on a RaQ can
overwrite all the sites on the RaQ. They tossed a "quick-fix" into the
experimental directory, but they have not really fixed it.
Now there are known security problems with proftpd again - I wonder if
those patches will ever make their way out of Cobalt?
I believe the current version of BIND on the RaQ2 is still open to
security holes as well - they fixed this one for the RaQ1 but not the
RaQ2!
--
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.