[no subject]

 Stay Tuned ...



-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of WebFusion System
Administrator
Sent: Monday, July 24, 2000 12:09 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] I tried..

[Original post snipped]

I wonder... you reported this to Cobalt a couple of months ago. Would
this be, by any chance, the Linux kernel capabilities bug which can be
demonstrated (and root obtained via) a sendmail exploit?

This particular bug did the rounds of Bugtraq regulars (amongst others)
for several days before it became 'public' knowledge, in order to give
the Linux (Note: NOT Cobalt, RedHat, Mandrake, SuSE etc etc) kernel
maintainers chance to get patches into the source tree. AFAIK those
patches were released at about the same time as the bug became 'public'
and Linux vendors then went off and most of them released either a
sendmail workaround (as did Cobalt, IIRC) or a kernel update. Or both.

The way you've described this sounds just like that. The way you've
described this has also left all of the regular readers of this list,
including those at Cobalt, utterly clueless as to the type of exploit
you're referring to.

If I were you I'd publish [better details of the exploit], or be damned
;-)

Best Wishes,

Graeme Fowler
Systems Administrator
graeme.f@xxxxxxxxxxxxxxx

***************************************************************
WebFusion Internet Solutions Ltd.
The UK's Largest Web Hosting Company
http://www.webfusion.co.uk
***************************************************************


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security