[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] New poprelayd rpm available

Subject: Re: [cobalt-security] New poprelayd rpm available
From: Jeff Lovell <jlovell@xxxxxxx>
Date: 09 Jul 2001 15:13:39 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 09 Jul 2001 22:33:47 +0100, Gossi The Dog wrote:
>
> I've mirrored it on owned.lab6.com, the URL is;
> 
> http://gossi.users.lab6.com/RaQ-security/files/poprelayd-2.0-4.noarch.rpm

Thanks.

> Out of interest, have you read the rest of the discussion on bugtraq Jeff?
> There's some more discussion on the list about this.

I've been watching the discussion on the list.  I also contacted the
person who filed it offlist.  I was a little disappointed that they
didn't notify us before the posting so we could have reacted to it a
little better.

> There's also the Qube Webmail vuln - I forwarded it to this list from
> bugtraq last week.

We already have a patch for that in the works also.  We are working with
a fix right now.  The vuln against webmail isn't as severe as the
poprelayd bug in that the user is only allowed to read files that he/she
owns, are group readable (assuming they are in the group), and world
readable.  So, it is just as if the user has telnet access.  It isn't
very desirable, but isn't quite a root exploit.

Jeff
-- 
Jeff Lovell
Sun Microsystems Inc.

References:
- Re: [cobalt-security] New poprelayd rpm available
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] New poprelayd rpm available
Next by Date: RE: [cobalt-security] New poprelayd rpm available
Previous by thread: Re: [cobalt-security] New poprelayd rpm available
Next by thread: Re: [cobalt-security] New poprelayd rpm available

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index