[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Unusual ps command output
- Subject: Re: [cobalt-security] Unusual ps command output
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: 12 Nov 2001 15:56:40 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 2001-11-12 at 15:06, Martín Fiumara wrote:
> I really dont koe about ftp, was just an example, because a frien told me
> about it and show me and example. But also, sendmail version in raq 3 IS
> vulnerable, very vulnerable. I can send example of exploit showing the
> /etc/passwd
> Cobalt should release sendmail updates, version 8.9 is not a new version, is
> it?
I would very much like that. If you could email me with the exploit and
the version of the RPM you are using I would greatly appreciate it. As
far as the version numbers on the services themselves, this can be very
misleading. We attempt to patch the version of the current daemon
rather than update to newer releases on products that are in the field.
This is for many reasons, the most important of which it to keep
expected functionality of the service in sync with the user's
expectations of the appliance.
I want you to have a secure and available server appliance. If you do
feel that there is a security concern with your product, be sure to
contact me and I will be sure that it is addressed by the right group
and that a patch is generated to address the issue.
Jeff
--
Jeff Lovell
Sun Microsystems Inc.