[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] New Sendmail vulnerability :o(
- Subject: [cobalt-security] New Sendmail vulnerability :o(
- From: Barbara <thebizworkers@xxxxxxxxx>
- Date: Sun, 30 Mar 2003 01:13:40 -0800 (PST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hey Michael,
Just a quick follow-up to my last post to give you
some feedback.. It looks like (as best as I can tell)
I'm still running the Solarspeed previously patched
version of sendmail -hence the RPM showing up as:
sendmail-8.10.2-C1sol1
I'm thinking the latest patch (sol2) tried to grab and
roll-back to the Cobalt RPM's (for some reason), but
it wasn't able to get to the Cobalt FTP server because
of my firewall -so it left the sol1 version in place..
I'm still not sure/clear why it would try and do so,
but apparently it tried (hence the message I recv'd
while trying to upgrade to sol2).. I don't have
mailscanner or really anything else installed on the
RaQ4 - except neomail and webalizer (from pkgmaster),
as well as your BIND/Qpopper and Sendmail patches..
The only other pkgs installed have been official
Cobalt pkg's. I was looking over the scripts in the
sol2 pkg - and I don't have the Cobalt patch 16402
installed (heck I can't even find it on Cobalt's site
-did they pull it..?)
Just giving some feed-back on my setup/experience..
I'm trying to see where/why the script failed and
tried to fall back to Cobalt's RPM's -when it was
already running sendmail-8.10.2-C1sol1...? I'm
-thinking- (that's always dangerous) that I probably
could just try and reinstall the pkg again and it
might go in now since the sendmail-8.10.2-C1sol1
uninstaller and md5 scripts/files have been removed..
But I'll hold off until tomorrow to play with it a bit
more.. It's late and I'm tired and don't want to be
pulling an all nighter (just in case)... :-)
Thanks again..!
Barbara
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com