[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] I tried..
- Subject: Re: [cobalt-security] I tried..
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Mon, 24 Jul 2000 21:36:17 +0100 (BST)
On Mon, 24 Jul 2000, WebFusion System Administrator wrote:
> [Original post snipped]
>
> I wonder... you reported this to Cobalt a couple of months ago. Would
> this be, by any chance, the Linux kernel capabilities bug which can be
> demonstrated (and root obtained via) a sendmail exploit?
Yes it is. A patch has been supplied by Cobalt which fixes the issue,
however they haven't actually posted a notice of this on their website
(still), nor actually mentioned it in the page you download it from on the
website (which, in other words, means a majority of ISPs which have
Cobalts remain utterly clueless to the fact they are all ownable by local
users).
The patch I am refering to is the named kernel patch on ftp.cobalt.com.
--
gossi@xxxxxxxxxxxxxxx