[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: RE: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: "Rick Ewart" <cobalt@xxxxxxxxx>
- Date: Tue, 4 Mar 2003 10:54:11 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Mike - I tried to contact you offlist... I am having a problem with mail
delivery after installing the patch... I need some help as I am stuck.
I posted a message on the users list, as well as to you personally.
Can you help me?
Thanks,
Rick Ewart
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-
> admin@xxxxxxxxxxxxxxx] On Behalf Of Michael Stauber
> Sent: Tuesday, March 04, 2003 10:50 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Remote Sendmail Header Processing
> Vulnerability
>
> > shouldnt this be something SUN addresses in a patch sometime?..
perhaps
> > soon?!
>
> Sure - in an ideal world.
>
> Like any OS vendor Sun was notified about the security hole upfront -
back
> in
> the second half of January.
>
> Other Unix / Linux distributors have released their patches either
> yesterday
> or today - because they followed up on the early warnings behind the
scene
> and had ample time to line up their ducks, to prepared their patches
and
> to
> run them through Q&A extensively.
>
> Sun hasn't? Now that sounds familliar. I'm still taking bets on when
we
> see an
> official patch. If it's here before the end of the month, then I'd be
> surprised. Sun's usual turn around time for patches (in case of
critical
> holes) is 4-6 weeks - *after* the hole has been announced to the
public.
> In
> case of uncritical holes they'll tend to sit 'em out without offering
> patches. Go figure.
>
> --
>
> With best regards,
>
> Michael Stauber
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security