[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: "Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2003 09:06:12 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
shouldnt this be something SUN addresses in a patch sometime?.. perhaps
soon?!
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, March 04, 2003 8:49 AM
Subject: Re: [cobalt-security] Remote Sendmail Header Processing
Vulnerability
> Hi David,
>
> > How come the RaQ3 cannot be uninstalled?
>
> An installed Sendmail consists of several RPMS:
>
> sendmail-cf-8.10.2-C1
> sendmail-doc-8.10.2-C1
> sendmail-conf-8.10.2-C1
> sendmail-8.10.2-C1
>
> (example for the RaQ4)
>
> My package replaces just one of these RPMs - the one with all the binaries
> within:
>
> sendmail-8.10.2-C1 is replaced with sendmail-8.10.2-C1sol1
>
> When the PKG is uninstalled, then the RPM which it brought aboard is
removed.
>
> Of course nobody wants to end up without a working Sendmail, so at the end
of
> the uninstallation process the uninstaller downloads
> sendmail-8.10.2-C1.i386.rpm from ftp.cobalt.com (on the RaQ4) and installs
> it.
>
> The RaQ3 package cannot be uninstalled, because ftp.cobalt.com doesn't
contain
> the sendmail RPM file which should be present on a fully patched RaQ3.
Only
> an older version is readily available from the FTP site.
>
> I didn't want to let the uninstaller revert RaQ3's back to an older
Sendmail
> version than they originally had aboard.
>
> --
>
> With best regards,
>
> Michael Stauber
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>