[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] poprelay: serious security bug

Subject: RE: [cobalt-security] poprelay: serious security bug
From: "Jim Carey" <ozbcoz@xxxxxxxxxxxxxxxx>
Date: Thu, 5 Jul 2001 07:06:12 +1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Jonathan
> For those running the poprelayd POP-before-relay daemon (including the
> "official" Cobalt release), you should note that a serious bug +
> exploit has
> been posted to BugTraq with specific reference to the Cobalt RaQ3
> (but will
> certainly affect _all_ the RaQ servers running poprelayd):
>
>
http://www.securityfocus.com/templates/archive.pike?mid=194906&threads=0&lis
t=1&end=2001-07-07&start=2001-07-01&fromthread=0&

>The bug + exploit allows anyone to relay mail through the server. We can
>only hope that Cobalt comes out with a remedy for this problem *very*
>quickly.


doesn't this exploit require that they can login under telnet (or SSH). So
first they have to obtain a valid shell userid and password ?

Jim Carey
www.OZbcoz.com discount domain registration
www.iluvoz.com affordable hosting services

Follow-Ups:
- Re: [cobalt-security] poprelay: serious security bug
  - From: Jonathan Michaelson

References:
- [cobalt-security] poprelay: serious security bug
  - From: Jonathan Michaelson

Prev by Date: Re: [cobalt-security] poprelay: serious security bug
Next by Date: Re: [cobalt-security] poprelay: serious security bug
Previous by thread: Re: [cobalt-security] poprelay: serious security bug
Next by thread: Re: [cobalt-security] poprelay: serious security bug

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index