[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?

Subject: Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: Thu, 10 Jan 2002 05:29:13 +0300
Organization: Average
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 9 Jan 2002 16:09:43 +0000
Nick Drage <nickd@xxxxxxxxx> wrote:

> Excuse me emailing the list with this, but I've just received bounced
> email from security@xxxxxxxxxx and security@xxxxxxx :)

I have a feeling that that this is not just email problem but the
problem of security for Cobalt products at large :-(

Here is my list of outstanding security problems that are not
addressed by any published patches:

        Kernel:
ptrace          (Local, root access)
        [patch for RaQ3 and Qube3 exist but not for other products]
syncookie       (Remote, ? not sure how severe)
symlink         (Local, DoS)

        Glibc:
glob()          (Remote, potential DoS)

        Apps:
UW imapd        (Remote, root access? not sure)

Correct me if I am wrong...

Eugene

Follow-Ups:
- Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
  - From: Michael Stauber

References:
- [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
  - From: Nick Drage

Prev by Date: Re: [cobalt-security] SSHd
Next by Date: Re: [cobalt-security] SSHd
Previous by thread: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?
Next by thread: Re: [cobalt-security] any Security Team contact addresses at Cobalt or Sun?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index