[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk

Subject: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
From: "William L. Thomson Jr." <wlt@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Jul 11 10:25:00 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Thu, 2002-07-11 at 09:40, jale@xxxxxxxxxx wrote:
> 
> >I really wonder what this has to do with a developer mailing list.....
> 
> As a "developer" I usually appreciate when people pass on stuff that may 
> save my ass. As a "developer", my end users rely on "me" to keep them safe 
> and out of trouble.

Then as a developer you should be doing your part to inform yourself
without depending on others. Like in a past post of mine on June 18th, I
recommended everyone on this list to sign up for both the CERT advisory
mailing list, and the SANS Institutes list as well.

http://www.cert.org/contact_cert/certmaillist.html
http://www.sans.org/newlook/digests/newsbites.htm

Further more had people taken more time in reading the advisory before
posting to the group you would see it in no way could affect any Cobalt
machine.

No Cobalt machine ships with X, nor do they ship with the Common Desktop
Environment, CDE.

Also if you had done a locate on your machine for the CDE database
server on your machine, rpc.ttdbserverd, it would have returned nothing,
because it's not there.

So by posting it to this list you are not doing any good, at least for
Cobalt Developers. 

Any developer depending on this list for vulnerabilities is in the wrong
place. Now I did make a post to this list a while back about the Apache
vulnerability merely as a request to the Cobalt guys to upgrade to the
latest version of Apache, when addressing the vulnerability.

I requested this as to better keep my development server on the same
page with my XTR. This was ignored, and I have a newer version of Apache
on my development server than on my XTR. Not a major deal, but it could
effect some of the app I am developing. As some will be modules for
Apache.

So I am glad that request was taken into consideration and tossed aside.
Apache was updated sort-of, but remains a 1.3.20 version, where I run
1.3.26 on my development server.

1.3.26 was released on June 8, 2002, and the new version of Apache for
my XTR was made by Cobalt on  Jun 20, 2002. So why 1.3.26 could not be
used is beyond me, I would somewhat understand if there were
compatibility issues, but I am not aware of this being the case.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

Follow-Ups:
- RE: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 MultipleVulnerabilities in CDE ToolTalk
  - From: Jonothon Ortiz
- Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
  - From: Jan Wildeboer

References:
- [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
  - From: jale
- Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
  - From: jale

Prev by Date: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Next by Date: RE: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 MultipleVulnerabilities in CDE ToolTalk
Previous by thread: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Next by thread: RE: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 MultipleVulnerabilities in CDE ToolTalk

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index