[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: "Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>
- Date: Tue, 4 Mar 2003 13:12:07 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Totally agree.. But someone hadda get the ball rolling, we all know there
some SUN programmer that trolls the list looking at what we say.. maybe
their boss will get a glance of it and stick the broom stick up a little
farther..
----- Original Message -----
From: "paul jacobs" <paul@xxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, March 04, 2003 12:56 PM
Subject: Re: [cobalt-security] Remote Sendmail Header Processing
Vulnerability
> At 06:06 AM 3/4/2003, you wrote:
>
> >shouldnt this be something SUN addresses in a patch sometime?.. perhaps
> >soon?!
>
> hahahahahahahahahahahahahahahahahahahahahahahahahaha
> ROFLMOL.
> It will be stuck in "QC" for 3 months before they release it.
>
> Windows 2003 will be out before SUN comes out with this patch....
> Thanks for the patch Michael...
>
>
> >----- Original Message -----
> >From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
> >To: <cobalt-security@xxxxxxxxxxxxxxx>
> >Sent: Tuesday, March 04, 2003 8:49 AM
> >Subject: Re: [cobalt-security] Remote Sendmail Header Processing
> >Vulnerability
> >
> >
> > > Hi David,
> > >
> > > > How come the RaQ3 cannot be uninstalled?
> > >
> > > An installed Sendmail consists of several RPMS:
> > >
> > > sendmail-cf-8.10.2-C1
> > > sendmail-doc-8.10.2-C1
> > > sendmail-conf-8.10.2-C1
> > > sendmail-8.10.2-C1
> > >
> > > (example for the RaQ4)
> > >
> > > My package replaces just one of these RPMs - the one with all the
binaries
> > > within:
> > >
> > > sendmail-8.10.2-C1 is replaced with sendmail-8.10.2-C1sol1
> > >
> > > When the PKG is uninstalled, then the RPM which it brought aboard is
> >removed.
> > >
> > > Of course nobody wants to end up without a working Sendmail, so at the
end
> >of
> > > the uninstallation process the uninstaller downloads
> > > sendmail-8.10.2-C1.i386.rpm from ftp.cobalt.com (on the RaQ4) and
installs
> > > it.
> > >
> > > The RaQ3 package cannot be uninstalled, because ftp.cobalt.com doesn't
> >contain
> > > the sendmail RPM file which should be present on a fully patched RaQ3.
> >Only
> > > an older version is readily available from the FTP site.
> > >
> > > I didn't want to let the uninstaller revert RaQ3's back to an older
> >Sendmail
> > > version than they originally had aboard.
> > >
> > > --
> > >
> > > With best regards,
> > >
> > > Michael Stauber
> > >
> > > _______________________________________________
> > > cobalt-security mailing list
> > > cobalt-security@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> Best Regards,
> Paul Jacobs / SR. Network Manager
> Microsoft MCP 2000 / Cisco Certified
> Design / Install / Troubleshoot / Optimize /
> Security of WANs / LANs / Data Recovery
> Mon. - Fri. 9AM - 5PM (619)336-1400
> http://www.adv-data.com
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>