[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] QPOP Vulnerability - Again
- Subject: Re: [cobalt-security] QPOP Vulnerability - Again
- From: Jeff Lovell <jlovell@xxxxxxxxxx>
- Date: Wed, 19 Jul 2000 16:00:37 -0700
- Organization: Cobalt Networks, Inc.
Chris Adams wrote:
> They still have not released an official fix to the web site security
> hole (originally I was thinking it was just with Front Page sites, but
> it is with all sites). With the normal setup, any user on a RaQ can
> overwrite all the sites on the RaQ. They tossed a "quick-fix" into the
> experimental directory, but they have not really fixed it.
Hmm, that should have been posted a while ago. I'll check into that.
> Now there are known security problems with proftpd again - I wonder if
> those patches will ever make their way out of Cobalt?
And the offical release by proftpd breaks chmod. We are waiting
for proftpd to address this problem.
> I believe the current version of BIND on the RaQ2 is still open to
> security holes as well - they fixed this one for the RaQ1 but not the
> RaQ2!
The NXT bug was not exploitable against 8.2.1, only 8.2 and greater.
Jeff