[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Unusual ps command output
- Subject: Re: [cobalt-security] Unusual ps command output
- From: Martín Fiumara <martinfiumara@xxxxxxxxxxx>
- Date: Mon, 12 Nov 2001 20:06:12 -0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I really dont koe about ftp, was just an example, because a frien told me
about it and show me and example. But also, sendmail version in raq 3 IS
vulnerable, very vulnerable. I can send example of exploit showing the
/etc/passwd
Cobalt should release sendmail updates, version 8.9 is not a new version, is
it?
----- Original Message -----
From: "Jeff Lovell" <jlovell@xxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, November 12, 2001 7:44 PM
Subject: Re: [cobalt-security] Unusual ps command output
> On Mon, 2001-11-12 at 13:51, Martín Fiumara wrote:
> > I mean that the patches that cobalt releases are not as updated as i
would
> > like: for example, the raq3 with all the patches aplied has serious
> > vulnerabilities in some default services, ftp for example. An d these
> > vulnerabilities leads to a root shell :(
>
> Can you point me to where you believe that 1.2.2rc1 version has a root
> exploit? I do believe that version later than 1.2.1 are safe unless
> mod_sql is used for authentication, which is not enabled on our version
> of proftpd.
>
> Jeff
> --
> Jeff Lovell
> Sun Microsystems Inc.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>