Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability

["Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>]

shouldnt this be something SUN addresses in a patch sometime?.. perhaps
soon?!


----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, March 04, 2003 8:49 AM
Subject: Re: [cobalt-security] Remote Sendmail Header Processing
Vulnerability


> Hi David,
>
> > How come the RaQ3 cannot be uninstalled?
>
> An installed Sendmail consists of several RPMS:
>
> sendmail-cf-8.10.2-C1
> sendmail-doc-8.10.2-C1
> sendmail-conf-8.10.2-C1
> sendmail-8.10.2-C1
>
> (example for the RaQ4)
>
> My package replaces just one of these RPMs - the one with all the binaries
> within:
>
> sendmail-8.10.2-C1 is replaced with sendmail-8.10.2-C1sol1
>
> When the PKG is uninstalled, then the RPM which it brought aboard is
removed.
>
> Of course nobody wants to end up without a working Sendmail, so at the end
of
> the uninstallation process the uninstaller downloads
> sendmail-8.10.2-C1.i386.rpm from ftp.cobalt.com (on the RaQ4) and installs
> it.
>
> The RaQ3 package cannot be uninstalled, because ftp.cobalt.com doesn't
contain
> the sendmail RPM file which should be present on a fully patched RaQ3.
Only
> an older version is readily available from the FTP site.
>
> I didn't want to let the uninstaller revert RaQ3's back to an older
Sendmail
> version than they originally had aboard.
>
> --
>
> With best regards,
>
> Michael Stauber
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>