[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: Sendmail bug fix.

Subject: [cobalt-users] Re: Sendmail bug fix.
From: Peter Frederick <pfred@xxxxxxxxx>
Date: Tue Mar 4 05:45:50 2003
Organization: Indiana Packers Corporation
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Tue, 4 Mar 2003 13:57:51 +0100, you wrote:

>For RaQ3
>http://ns2.solarspeed.net/downloads/RaQ3-Sendmail-8.9.3C7sol1.pkg
>
>For RaQ4
>http://ns2.solarspeed.net/downloads/RaQ4-Sendmail-8.10.2-C1sol1.pkg
>
>For RaQ550
>http://ns2.solarspeed.net/downloads/RaQ550-Sendmail-8.11.6-1C4sol1.pkg
>
>RaQXTR
>http://ns2.solarspeed.net/downloads/RaQXTR-Sendmail-8.10.2-C1sol1.pkg
>
>Cube3
>http://ns2.solarspeed.net/downloads/Qube3-Sendmail-8.10.2-C2sol1.pkg
>
>This PKGs fix a "Remote Header Processing Vulnerability" in Sendmail. 
>Attackers may remotely exploit this vulnerability to gain "root" or 
>superuser control of any vulnerable Sendmail server. The full details 
>of this vulnerability are outlined in ISS X-Force's Advisory.
>
>The PKGs above were built with a patch that the Sendmail consortium 
>released to address this issue.
>
>The Qube3, RaQ4, XTR and the RaQ550 PKG are fully uninstallable. The 
>RaQ3 package cannot be uninstalled.

I installed it successfully on a fully 'Sun' patched Qube3 OS6.4 with no
problems apart from the fact that you have to go into BlueLinQ Settings
Advanced and turn off Verification. Verify the md5sum manually against the
Solarspeed.net md5sum. It matched fine for me!

Thanks to Solarspeed.net for being so quick to post the fix (including the
Qube3 one!) - I appreciate it!

Peter

PS Don't forget to turn verification back on again when you are done!

>
>Reboot Required: No
>Sends registration email: No
>
>On Tuesday, March 4, 2003, at 01:42 PM, Mikkel Blankholm Nielsen wrote:
>
>> How do i fix the sendmail exploit on a RaQ 3 ?
>>
>> --
>> Mikkel Blankholm Nielsen
>> WicTech Internet ApS
>>
>>
>>
>> _____________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>_____________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users

-- 
Peter Frederick
MIS Director, Indiana Packers Corp, Delphi IN
Phone: (765) 564-9705   Fax: (765) 564-3684
Work: pfred@xxxxxxxxx   (Qube3 Professional running 6.4)
============================================================================
'Tis better to light one candle than to curse the darkness a thousand times!

References:
- [cobalt-users] Sendmail bug fix.
  - From: Mikkel Blankholm Nielsen
- Re: [cobalt-users] Sendmail bug fix.
  - From: René Mølsted

Prev by Date: Re: [cobalt-users] Control Station
Next by Date: [cobalt-users] PkgMaster RaQ3 Sendmail fix uninstallable?
Previous by thread: Re: [cobalt-users] Sendmail bug fix.
Next by thread: RE: [cobalt-users] Sendmail bug fix.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index