[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Cobalt Security Advisory - 07.25.2000 - Qpopper (Version 2)

Subject: [cobalt-users] Cobalt Security Advisory - 07.25.2000 - Qpopper (Version 2)
From: Jeff Lovell <jlovell@xxxxxxxxxx>
Date: Tue Jul 25 21:21:42 2000
Organization: Cobalt Networks, Inc.

--------------------------------------------------

  Cobalt Security Update Advisory - 07.24.2000

--------------------------------------------------
Abstract:

Package Name:                              qpopper
Date:                                July 24, 2000
Platforms Affected:        RaQ1, RaQ2, RaQ3, Qube1

--------------------------------------------------
Description:

Qpopper 2.53 and older may permit an attacker who has 
access to a valid account to obtain a shell with group-id
'mail', potentially allowing read/write access to all mail. 

The previous version of this update requested that you install
the Qube2 OS Update 3.0 to recieve the current version of
qpopper for the Qube2.  The version shipping of the Qube2
does not support the logging needed for pop-before-smtp.
To update to the current version, please install Update 3.0,
then install the pkg listed below.

Qube2 OS Update 3.0:
ftp://ftp.cobalt.com/pub/packages/qube2/eng/Qube2-en-OSUpdate-3.0.pkg

These packages will safely install over the previous experimental
release.

--------------------------------------------------
Location:

RaQ3
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ3-Qpopper-Expr-2.pkg
RaQ2
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ2-Qpopper-Expr-2.pkg
RaQ1
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/RaQ1-Qpopper-Expr-2.pkg
Qube2:
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/Qube2-Qpopper-Expr-2.pkg
Qube1
ftp://ftp.cobaltnet.com/pub/experimental/security/qpopper/Qube1-Qpopper-Expr-2.pkg

--------------------------------------------------
Verification: (md5sum)

md5sum                            package
------                            -------
3f6bf8d893e501ed4881e61652b4012f  Qube1-Qpopper-Expr-2.pkg
676eb1c51f9db4f8aaaa1e5e5147caea  Qube2-Qpopper-Expr-2.pkg
5294b435bb8213c1c2b3c0f88add056e  RaQ1-Qpopper-Expr-2.pkg
2b3523bd32d08d35ce1353eb3f79079a  RaQ2-Qpopper-Expr-2.pkg
6ff43562a4df1fea9e24a79334d01367  RaQ3-Qpopper-Expr-2.pkg

---------------------------------------------------
Correspondence:

If have any comments about this update or have any
technical issues directly relating to this update
please contact Cobalt Security <security@xxxxxxxxxx>



-- 
Jeff Lovell
Cobalt Networks, Inc.

Prev by Date: Re: [cobalt-users] FTP Default Directory
Next by Date: [cobalt-users] second hard drive
Previous by thread: [cobalt-users] raq3 crashing [samba and netatalk]
Next by thread: [cobalt-users] Importing zone files to DNS

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index