[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] QPOP Vulnerability - Again
- Subject: Re: [cobalt-security] QPOP Vulnerability - Again
- From: Jeff Lovell <jlovell@xxxxxxxxxx>
- Date: Wed, 19 Jul 2000 16:02:36 -0700
- Organization: Cobalt Networks, Inc.
Chris Adams wrote:
> They still have not released an official fix to the web site security
> hole (originally I was thinking it was just with Front Page sites, but
> it is with all sites). With the normal setup, any user on a RaQ can
> overwrite all the sites on the RaQ. They tossed a "quick-fix" into the
> experimental directory, but they have not really fixed it.
Hmm, that should have been posted a while ago. I'll check into that.
> Now there are known security problems with proftpd again - I wonder if
> those patches will ever make their way out of Cobalt?
Yes, there is a recently discovered bug in proftpd, and the proftpd
developers has release 1.2.0rc1. But there is a problem with it the
new version breaks some chmod functionality We are waiting
for the proftpd developers to address this problem.
> I believe the current version of BIND on the RaQ2 is still open to
> security holes as well - they fixed this one for the RaQ1 but not the
> RaQ2!
The NXT bug was not exploitable against 8.2.1, only 8.2 and greater.
Jeff