[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] poprelay: serious security bug
- Subject: Re: [cobalt-security] poprelay: serious security bug
- From: "Jonathan M. Slivko" <jslivko@xxxxxxxxxxxxx>
- Date: Mon, 9 Jul 2001 15:12:53 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
What is the exact nature of this bug in poprelay? -- Jonathan
--
Jonathan M. Slivko <jslivko@xxxxxxxxxxxxx>
Head Systems Administrator, 4EverMail Hosting Services
"I don't speak for anybody but myself - that's enough trouble."
On 9 Jul 2001, Jeff Lovell wrote:
> On 04 Jul 2001 21:49:16 +0100, Jonathan Michaelson wrote:
> >
> > For those running the poprelayd POP-before-relay daemon (including the
> > "official" Cobalt release), you should note that a serious bug + exploit has
> > been posted to BugTraq with specific reference to the Cobalt RaQ3 (but will
> > certainly affect _all_ the RaQ servers running poprelayd):
> >
> > http://www.securityfocus.com/templates/archive.pike?mid=194906&threads=0&lis
> > t=1&end=2001-07-07&start=2001-07-01&fromthread=0&
> >
> > The bug + exploit allows anyone to relay mail through the server. We can
> > only hope that Cobalt comes out with a remedy for this problem *very*
> > quickly.
>
> Ugh. I just got this email, and I am working on a patch right now.
>
> We recieved no notification of this exploit before it was posted
> to Bugtraq. http://www.wiretrip.net/rfp/policy.html describes the
> notification policy, which was not followed in this case.
>
> I apologize for this lack communication and the ability to provide
> you with a patch in a timely fashion. I will try to get a patch
> available as soon as possible.
>
> Jeff
>
> --
> Jeff Lovell
> Sun Microsystems Inc.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>