[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] I tried..

Subject: Re: [cobalt-security] I tried..
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2000 21:36:17 +0100 (BST)

On Mon, 24 Jul 2000, WebFusion System Administrator wrote:

> [Original post snipped]
> 
> I wonder... you reported this to Cobalt a couple of months ago. Would
> this be, by any chance, the Linux kernel capabilities bug which can be
> demonstrated (and root obtained via) a sendmail exploit?

Yes it is.  A patch has been supplied by Cobalt which fixes the issue,
however they haven't actually posted a notice of this on their website
(still), nor actually mentioned it in the page you download it from on the
website (which, in other words, means a majority of ISPs which have
Cobalts remain utterly clueless to the fact they are all ownable by local
users).

The patch I am refering to is the named kernel patch on ftp.cobalt.com.
--
gossi@xxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-security] I tried..
  - From: Gossi The Dog
- RE: [cobalt-security] I tried..
  - From: Matthias Pigulla

References:
- Re: [cobalt-security] I tried..
  - From: WebFusion System Administrator

Prev by Date: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
Next by Date: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
Previous by thread: RE: [cobalt-security] I tried..
Next by thread: Re: [cobalt-security] I tried..

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index