[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
- Subject: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
- From: "Andres Petralli" <a.petralli@xxxxxxxxxx>
- Date: Sun, 3 Mar 2002 23:11:45 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Michael,
well, if this is detailed information or not is to be argued about. But
well, yes. It is phoning home so that I'm able to track the spreading of
the package.
Look, I compiled this FREE package for everyone to use, now the only
thing I do is tracking who used it. Do you think this is a privacy
violation? I could ask money for it and not give the package to you
until you sign a contract and give me your full name, including your
birthday. Is that a deal to you? Well, the only thing that is
interesting in that e-mail is the kind of hardware people are using, and
this gives me an idea what kind of system I will expect when I'm doing
more of those packages. Your hostname, by the way, is public anyway as
everything is public on the web. And now tell me which information in
this e-mail is sensitive to your privacy?!
Greets,
Andres
> -----Ursprüngliche Nachricht-----
> Von: Michael Stauber [mailto:cobalt@xxxxxxxxxxxxxx]
> Gesendet: Freitag, 1. März 2002 22:02
> An: cobalt-security@xxxxxxxxxxxxxxx
> Betreff: Re: [cobalt-security] Unofficial PHP 4.1.2 PKG available
>
>
> Hi Andreas,
>
> > I was urged to compile a new php 4.1.2. module to fix that
> security bug
> > in earlier versions. I made a nice *.pkg file which
> everyone can get on
> > ftp://ftp.cobalthosting.ch/pub/optional/RaQ3-PHP-4.1.2-1.pkg .
>
> Your package is phoning home.
>
> Beware, anyone: If you install this package, then an email is
> generated and
> sent to a.petralli@xxxxxxxxxx and to register@xxxxxxxxxxxxx,
> including
> detailed information about your server:
>
> <<COBALT RECEPTOR>>
> <<VENDOR VENDOR_NAME = <Cobalthosting.ch, Arpanet AG Switzerland> >>
> <<VENDOR PRODUCT_NAME = <PHP 4.1.2 PKG> >>
> <<VENDOR PRODUCT_VERSION = <1.0> >>
> <<VENDOR PRODUCT_VARIANT = <full version> >>
> <<VENDOR MULTI_SITE = [true] >>
> <<VENDOR EVENT_TYPE = [install] >>
> <<VENDOR MY_CUSTOM_TAG = my custom value >>
>
> <<COBALT REGISTER_VERSION = 1.1.1 >>
> <<COBALT INSTALL_DATE = 3/1/2002 21:57:42 >>
> <<COBALT INSTALL_ZONE = Europe >>
> <<COBALT INSTALL_HOUR = 21 >>
> <<COBALT INSTALL_MINUTES = 57 >>
> <<COBALT INSTALL_MONTH = 3 >>
> <<COBALT INSTALL_DAY = 1 >>
> <<COBALT INSTALL_YEAR = 2002 >>
> <<COBALT HOSTNAME = XXX.XXX.XXX >>
> <<COBALT ADMIN_EMAIL = admin@xxxxxxxxxxx >>
> <<COBALT CPU = 298.807 >>
> <<COBALT CPU_MODEL = AMD-K6(tm) 3D processor >>
> <<COBALT MEMORY = 387336 kB >>
> <<COBALT HARD_DISK_CONFIG = hda1(743466/) hda3(198601/var)
> hda4(8579124/home)
> >>
> <<COBALT RELEASE = release 5.0 (Pacifica) >>
> <<COBALT BUILD = build 3.148 for a 3000R in English >>
> <<COBALT KERNEL_RELEASE = 2.4.17 >>
> <<COBALT KERNEL_VERSION = #1 Fri Feb 1 10:52:03 EST 2002 >>
> <<COBALT IP_ADDR = XXX.XXX.XXX.XXX >>
> <<COBALT MAC_ADDR = 00:10:XX:XX:XX:XX >>
> <<COBALT /RECEPTOR>>
>
> It's nothing malicious and an officially implemented method
> in the PKG
> package standard. However, it's rarely used.
>
> So install at your own risk, indeed! :o/
>
> --
>
> With best regards,
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>