[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2003 14:49:46 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi David,
> How come the RaQ3 cannot be uninstalled?
An installed Sendmail consists of several RPMS:
sendmail-cf-8.10.2-C1
sendmail-doc-8.10.2-C1
sendmail-conf-8.10.2-C1
sendmail-8.10.2-C1
(example for the RaQ4)
My package replaces just one of these RPMs - the one with all the binaries
within:
sendmail-8.10.2-C1 is replaced with sendmail-8.10.2-C1sol1
When the PKG is uninstalled, then the RPM which it brought aboard is removed.
Of course nobody wants to end up without a working Sendmail, so at the end of
the uninstallation process the uninstaller downloads
sendmail-8.10.2-C1.i386.rpm from ftp.cobalt.com (on the RaQ4) and installs
it.
The RaQ3 package cannot be uninstalled, because ftp.cobalt.com doesn't contain
the sendmail RPM file which should be present on a fully patched RaQ3. Only
an older version is readily available from the FTP site.
I didn't want to let the uninstaller revert RaQ3's back to an older Sendmail
version than they originally had aboard.
--
With best regards,
Michael Stauber