[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] New Sendmail vulnerability :o(
- Subject: Re: [cobalt-security] New Sendmail vulnerability :o(
- From: Harald Kapper <hk@xxxxxxxxxx>
- Date: Mon, 31 Mar 2003 15:09:01 +0200
- Organization: kapper.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 29 Mar 2003 22:46:43 -0800, you wrote:
>>A patch for the XTR will follow soon. A RaQ2 PKG is not planned because the
>>proper SRPM file is not available on ftp.cobalt.com
howdy,
to follow up my post of 4th March 2003, here is a (kind a dirty) raq2-solution:
http://www.knet.at/~hk/raq2/
it's virtually the same way as last time, please read:
http://www.knet.at/~hk/raq2/howto.txt
or follow these steps:
move your existing /usr/sbin/sendmail somewhere safe.
get the sendmail-binary from http://www.knet.at/~hk/raq2/sendmail
after you got it do a "md5sum sendmail" and you should get this:
7dc1877a7de3102a08528ae0b83fe661 sendmail
if not something ugly has happend and please let me know.
and move it to /usr/sbin
chgrp mail /usr/sbin/sendmail
chmod 555 /usr/sbin/sendmail
chmod u+s /usr/sbin/sendmail
do a symlink for /etc/mail/sendmail.cf in case you don't have it:
ln -s /etc/sendmail.cf /etc/mail/sendmail.cf
do restart the daemon:
/etc/rc.d/init.d/sendmail stop
/etc/rc.d/init.d/sendmail start
telnet localhost 25
your should see something like 8.11.6p2 responding.
as always - do this if you know what you're doing, otherwise ask some
wise men to help you along.
best,
Harald Kapper, icq# 36178328 kapper.net, inc.
managing director loeblichgasse 6
chief software development 1090 vienna, .at
tel +43 1 3195500-0, fax +43 1 3195502, hk@xxxxxxxxxx