[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2003 16:50:29 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> shouldnt this be something SUN addresses in a patch sometime?.. perhaps
> soon?!
Sure - in an ideal world.
Like any OS vendor Sun was notified about the security hole upfront - back in
the second half of January.
Other Unix / Linux distributors have released their patches either yesterday
or today - because they followed up on the early warnings behind the scene
and had ample time to line up their ducks, to prepared their patches and to
run them through Q&A extensively.
Sun hasn't? Now that sounds familliar. I'm still taking bets on when we see an
official patch. If it's here before the end of the month, then I'd be
surprised. Sun's usual turn around time for patches (in case of critical
holes) is 4-6 weeks - *after* the hole has been announced to the public. In
case of uncritical holes they'll tend to sit 'em out without offering
patches. Go figure.
--
With best regards,
Michael Stauber