[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] QPOP Vulnerability - Again

Subject: Re: [cobalt-security] QPOP Vulnerability - Again
From: Jeff Lovell <jlovell@xxxxxxxxxx>
Date: Wed, 19 Jul 2000 16:02:36 -0700
Organization: Cobalt Networks, Inc.

Chris Adams wrote:
> They still have not released an official fix to the web site security
> hole (originally I was thinking it was just with Front Page sites, but
> it is with all sites).  With the normal setup, any user on a RaQ can
> overwrite all the sites on the RaQ.  They tossed a "quick-fix" into the
> experimental directory, but they have not really fixed it.

Hmm, that should have been posted a while ago.  I'll check into that.

> Now there are known security problems with proftpd again - I wonder if
> those patches will ever make their way out of Cobalt?

Yes, there is a recently discovered bug in proftpd, and the proftpd
developers has release 1.2.0rc1.  But there is a problem with it the
new version breaks some chmod functionality  We are waiting
for the proftpd developers to address this problem.

> I believe the current version of BIND on the RaQ2 is still open to
> security holes as well - they fixed this one for the RaQ1 but not the
> RaQ2!

The NXT bug was not exploitable against 8.2.1, only 8.2 and greater.

Jeff

Follow-Ups:
- Re: [cobalt-security] QPOP Vulnerability - Again
  - From: Chris Adams

References:
- Re: [cobalt-security] QPOP Vulnerability - Again
  - From: Gossi The Dog
- Re: [cobalt-security] QPOP Vulnerability - Again
  - From: Jan P Tietze
- Re: [cobalt-security] QPOP Vulnerability - Again
  - From: Chris Adams

Prev by Date: Re: [cobalt-security] QPOP Vulnerability - Again
Next by Date: Re: [cobalt-security] QPOP Vulnerability - Again
Previous by thread: Re: [cobalt-security] QPOP Vulnerability - Again
Next by thread: Re: [cobalt-security] QPOP Vulnerability - Again

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index