[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
- Subject: Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: Thu, 10 Jan 2002 05:29:13 +0300
- Organization: Average
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 9 Jan 2002 16:09:43 +0000
Nick Drage <nickd@xxxxxxxxx> wrote:
> Excuse me emailing the list with this, but I've just received bounced
> email from security@xxxxxxxxxx and security@xxxxxxx :)
I have a feeling that that this is not just email problem but the
problem of security for Cobalt products at large :-(
Here is my list of outstanding security problems that are not
addressed by any published patches:
Kernel:
ptrace (Local, root access)
[patch for RaQ3 and Qube3 exist but not for other products]
syncookie (Remote, ? not sure how severe)
symlink (Local, DoS)
Glibc:
glob() (Remote, potential DoS)
Apps:
UW imapd (Remote, root access? not sure)
Correct me if I am wrong...
Eugene