[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] RAQ4 - Security Problems

Subject: Re: [cobalt-developers] RAQ4 - Security Problems
From: Michael Stauber <devel@xxxxxxxxxxxxxx>
Date: Thu May 2 19:36:53 2002
Organization: SOLARSPEED.NET
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Hi ToPPi,

> 1) sendmail upgrade to current version
> - Problem: 8.10.2 is vulnerable to the -bt overflow hack

Hmm ... are you by chance refering to this bug?
http://www.securiteam.com/unixfocus/5KQ040A1RI.html

If so, then that's apparently fixed in 8.10.2 on the RaQ4. See the excerpt 
from sendmail.spec in the sendmail-8.10.2-C1.SRPM:

------------------------------------------------------
Name: sendmail
Version: 8.10.2
Release: C1
[SNIP]
Packager: Duncan Laurie <duncan@xxxxxxxxxx>

%changelog
* Sat Jun 16 2000 Duncan Laurie <duncan@xxxxxxxxxx> 8.10.2-C1
- update to workaround security problem in linux kernel
------------------------------------------------------

> 3) imap2 upgrade to current version
> - Problem UW-IMAP is vulnerable to a lot of overflow hacks wich could cause
> an attacker to get a shell

An inofficial and unsupported Imap and Qpopper upgrade as PKG file is 
available here:

http://www.solarspeed.net/index.php?topic=downloads&menu=0

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- [cobalt-developers] RAQ4 - Security Problems
  - From: ToPPi

Prev by Date: Sendmail request for comments (Was: Re: [cobalt-developers] RAQ4 - Security Problems)
Next by Date: [cobalt-developers] Webalizer 2.0.10-1 / FrontPage
Previous by thread: Re: Sendmail request for comments (Was: Re: [cobalt-developers] RAQ4 - Security Problems)
Next by thread: [cobalt-developers] ProFTP : connection closed (?)

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index