RE: [cobalt-security] Remote Sendmail Header Processing Vulnerability

["Rick Ewart" <cobalt@xxxxxxxxx>]

Mike - I tried to contact you offlist... I am having a problem with mail
delivery after installing the patch... I need some help as I am stuck.

I posted a message on the users list, as well as to you personally.

Can you help me?

Thanks,
Rick Ewart

> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-
> admin@xxxxxxxxxxxxxxx] On Behalf Of Michael Stauber
> Sent: Tuesday, March 04, 2003 10:50 AM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Remote Sendmail Header Processing
> Vulnerability
> 
> > shouldnt this be something SUN addresses in a patch sometime?..
perhaps
> > soon?!
> 
> Sure - in an ideal world.
> 
> Like any OS vendor Sun was notified about the security hole upfront -
back
> in
> the second half of January.
> 
> Other Unix / Linux distributors have released their patches either
> yesterday
> or today - because they followed up on the early warnings behind the
scene
> and had ample time to line up their ducks, to prepared their patches
and
> to
> run them through Q&A extensively.
> 
> Sun hasn't? Now that sounds familliar. I'm still taking bets on when
we
> see an
> official patch. If it's here before the end of the month, then I'd be
> surprised. Sun's usual turn around time for patches (in case of
critical
> holes) is 4-6 weeks - *after* the hole has been announced to the
public.
> In
> case of uncritical holes they'll tend to sit 'em out without offering
> patches. Go figure.
> 
> --
> 
> With best regards,
> 
> Michael Stauber
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security