[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ550] openwebmail pkg

Subject: Re: [cobalt-users] [RaQ550] openwebmail pkg
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Date: Mon Dec 23 07:39:23 2002
Organization: BRTNet.org
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I never had a single problem with openwebmail.  I didn't install
> the latest version though, I am running 1.71

FYI, there were some exploits mentioned about 1.71 on bugtraq last 
week: http://online.securityfocus.com/archive/1/303997

"Remote exploitation of several errors within the Openwebmail scripts 
could allow a remote attacker to execute arbitrary commands with the 
superuser permissions. Although this requires attacker to be able to 
put 2 files on target system (i.e. via ftp or if he has local shell 
access), this is a very serious vulnerability and should be taken 
seriously."

IV. RECOMENDATIONS

"Temporary disable using of openwebmail until patch will be released 
by the vendor or fix openwebmail-shared.pl..."

They have some fixes you can try yourself, but I'd say just upgrade...

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Byu6vLA2hUZ9kgwRAlwAAJ9wwkchqc/vLwVXEUo3kL0Q9aVoXwCdGrif
eb5lzpUJdXMDy1FoBhvaOjU=
=vhN3
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [cobalt-users] [RaQ550] openwebmail pkg
  - From: Gerald Waugh

References:
- [cobalt-users] [RaQ550] openwebmail pkg
  - From: Gerald Waugh
- Re: [cobalt-users] [RaQ550] openwebmail pkg
  - From: Bill Gibbs

Prev by Date: RE: [cobalt-users] [RaQ550] openwebmail pkg
Next by Date: Re: [cobalt-users] Rom Upgrade
Previous by thread: Re: [cobalt-users] [RaQ550] openwebmail pkg
Next by thread: Re: [cobalt-users] [RaQ550] openwebmail pkg

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index