[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RaQ2 Sendmail fix

Subject: RE: [cobalt-security] RaQ2 Sendmail fix
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
Date: Mon, 7 Apr 2003 09:11:27 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I found a sendmail 'fix' for the RaQ2 as provided by the people at
> htt://www.raqtweak.com/   or http://www.raqtweak.com/free.php
>
> I don't know these people so I'm hoping that someone here can vouch for
> them. I downloaded the package and installed it on a non-production
> machine...all appears to be fine. I wouldn't have a clue how to go about
> tearing the package apart and auditing it for security. Any insight will
> be greatly appreciated.

I have a little knowledge of them in the sense that I have taken a few of
their pkgs apart for auditing.

In every case that I can think of we found the register_me script activated
which basically sends an email from your RaQ to raqtweak with details of
your server.  It does this behind the scenes so most users don't know it
happens.  I don't think they declare this on their web site and therefore
some people may have chosen to avoid them for this reason.

As to whether the actual patch/mod or upgrade works or not I can't comment.
The guy behind it is Leslie Herps do a search on the groups and see what
comes back.

My 2 cents

Gavin

References:
- [cobalt-security] RaQ2 Sendmail fix
  - From: Diana Brake

Prev by Date: [cobalt-security] RaQ2 Sendmail fix
Next by Date: [cobalt-security] Not great news for Cobalt Users
Previous by thread: [cobalt-security] RaQ2 Sendmail fix
Next by thread: [cobalt-security] Not great news for Cobalt Users

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index