[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] BIND & ProFTPD

Subject: [cobalt-security] BIND & ProFTPD
From: Rene Hendrix <rhendrix@xxxxxxx>
Date: Thu, 8 Feb 2001 13:00:06 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

G'Afternoon.

We here at Cobalt wanted to assure you that we are doing everything
possible to get .pkg's out the door for the recent BIND exploit as
well as the recent ProFTPD response to several security holes.

More information about the BIND exploit can be found at http://www.isc.org/
and information about the proftp vulnerabilities can be found at
http://www.securityfocus.com/archive/1/160902

Several of our customers have already been compromised by the BIND
exploit and we expect that many more are still vulnerable. Therefore,
we stongly encourage you to install the following.

Just to recap recent announcements:

BIND:
 pkg's for upgrading BIND are available on ftp://ftp.cobalt.com/ for
 the RaQ4 and RaQ3 

 Locations: 
 ftp://ftp.cobalt.com/pub/packages/raq3/eng/RaQ3-All-Security-4.0.1-9353.pkg
 ftp://ftp.cobalt.com/pub/packages/raq4/eng/RaQ4-All-Security-1.0.1-9353.pkg

 We reccomend that you log onto your server and restat named by hand
 to ensure that the upgrade takes effect. This can be done by logging
 into your server as root and running /usr/sbin/ndc restart

 If you wish to verify the version that is currently running, run
 /usr/sbin/ndc status

 Currently we only have RPMS available for all other products:

 For Qube3 and XTR:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-8.2.3-C1.i386.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-utils-8.2.3-C1.i386.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-devel-8.2.3-C1.i386.rpm

 For RaQ2:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-8.2.3-C2.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-devel-8.2.3-C2.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-utils-8.2.3-C2.mips.rpm

 For Qube1, RaQ1, Qube2:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/bind-4.9.8-C1.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/bind-utils-4.9.8-C1.mips.rpm

 For the above RPMS we reccomend that you log onto your server and
 restat named by hand to ensure that the upgrade takes effect. This
 can be done by logging into your server as root and running
 /usr/sbin/ndc restart

 Again, if you wish to verify the version of named that is currently
 running, run /usr/sbin/ndc status

ProFTPD:

 RPMS are avaiable at ftp://ftp.cobaltnet.com for all products:
 i386: (Qube3, RaQ3, RaQ4, XTR, CacheRaQ4)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/proftpd-1.2.0rc3-C1.i386.rpm

 mips w/ PAM: (RaQ2)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1.mips.rpm

 mips w/o PAM: (RaQ1, Qube2)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1-NOPAM.mips.rpm

As always, the RPMS are experimental and upsupported until the
official pkg is release and posted.

If you have any questions about these upgrades, please contact me
at rhendrix@xxxxxxx

Thanks

-Rene Hendrix

-- 
Rene Hendrix
Sun Microsystems
Server Appliance Business Unit
rhendrix@xxxxxxx

Follow-Ups:
- [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
  - From: Mike Vanecek
- [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
  - From: Mike Vanecek
- [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
  - From: Boon Yeo

Prev by Date: Re: [cobalt-security] ProFTPD issues
Next by Date: Re: [cobalt-security] How can I get back on my box...
Previous by thread: RE: [cobalt-security] How can I get back on my box...
Next by thread: [cobalt-security] Re: [cobalt-users] BIND & ProFTPD

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index