[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] poprelay: serious security bug

Subject: Re: [cobalt-security] poprelay: serious security bug
From: "Robbert Hamburg" <rhamburg@xxxxxx>
Date: Wed, 4 Jul 2001 23:03:21 +0200
Organization: www.hava.nl
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> For those running the poprelayd POP-before-relay daemon (including the
> "official" Cobalt release), you should note that a serious bug + exploit
has
> been posted to BugTraq with specific reference to the Cobalt RaQ3 (but
will
> certainly affect _all_ the RaQ servers running poprelayd):
>
>
http://www.securityfocus.com/templates/archive.pike?mid=194906&threads=0&lis
> t=1&end=2001-07-07&start=2001-07-01&fromthread=0&
>
> The bug + exploit allows anyone to relay mail through the server. We can
> only hope that Cobalt comes out with a remedy for this problem *very*
> quickly.
>
> Regards,
> Jonathan
>


Hi,

I don't like what I'm reading here, hope cobalt can fix this very soon.
However in the mean time is there a way to temp shut down pop-before-smtp ??

Cause when I place a check in the box to allow poprelay  and save the check
is gone, so not sure wheter it is running or not. Trial and error is not
secure enough I think.

- Robbert



********************
Your representative:
R. Hamburg CIO
rhamburg@xxxxxxx
0031 15-3640268 (office)
0031 15-3640297 (fax)
0031 61-4246036 (directly)
Visit:
http://www.hava.nl
*******************

____________________________________________________________________________
__
DISCLAIMER:
This emailmessage and any attachment may contain confidential and privileged
material intended for the addressee only. If you are not the addressee, you
are hereby notified that no part of the emailmessage or any attachment may
be
disclosed, copied or distributed, and that any other action related to this
emailmessage or attachment is strictly prohibited, and will be prosecuted as
a criminal offense to the full extent of the law. If you have received this
emailmessage by error, please notify the sender immediately by return
emailmessage, and delete this message. HAVA web- and processdesign
(HAVA.nl), its subsidiaries and/or its employees shall not be liable for the
incorrect or
incomplete transmission of this emailmessage or any attachments, nor
responsible for any delay in receipt.

Follow-Ups:
- Re: [cobalt-security] poprelay: serious security bug
  - From: Jonathan Michaelson

References:
- [cobalt-security] poprelay: serious security bug
  - From: Jonathan Michaelson

Prev by Date: [cobalt-security] poprelay: serious security bug
Next by Date: RE: [cobalt-security] poprelay: serious security bug
Previous by thread: [cobalt-security] poprelay: serious security bug
Next by thread: Re: [cobalt-security] poprelay: serious security bug

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index