[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] IMPORTANT: Sendmail vulnrability - Sun Cobalt-specific Instructions

Subject: [cobalt-users] IMPORTANT: Sendmail vulnrability - Sun Cobalt-specific Instructions
From: aljuhani <aljuhani@xxxxxxxxx>
Date: Fri Mar 7 12:18:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Instructions below are posted at sun.com regarding patching up sendmail.  The 
instructions were posted on 4th March while the pkgmaster.com package is dated 
a day earlier (3rd of March).  My Question should we use these instructions 
and install RPMs from sun or installing pkgmaster.com package is enough.

Thanks
aljuhani@xxxxxxxxx

==Sun Cobalt RaQs and Qubes Instructions==
As you are aware the Sendmail Consortium has announced a vulnrability to the 
Sendmail MTA that could lead to a remote root exploit

For more information on the vulerability see this CERT advisory


http://www.cert.org/advisories/CA-2003-07.html


Sun Cobalt support recognizes the potential severity of this issue and has 
made available temporary patches, in RPM format, pending the release of a web 
installable package.


RPMs are available at


ftp://ftp-eng.cobalt.com/pub/experimental/security/sendmail/ <server-type>


installation instructions:


telnet or ssh to your server as admin & su - to root


Before the rpms are installed, it is recommended all that the files in 
/etc/mail/ are backed up on the RaQ4/Qube3 and newer.


On the RaQ3, you need to backup the following files:
/etc/virtusertable
/etc/sendmail.cf
/etc/sendmail.cf.master
/etc/aliases
/etc/aliases.majordomo
/etc/mail/access
/etc/sendmail.cw


  
then type the following as root:


cd /home/tmp
ncftp ftp-eng.cobalt.com
cd /pub/experimental/security/sendmail/<your_server_model&gt ;
then mget the following files:
mget *.rpm


quit


rpm -Uvh *.rpm


Then restart sendmail with these commands:
/etc/rc.d/init.d/sendmail stop
killall -9 sendmail
/etc/rc.d/init.d/sendmail start


An update package will be released and placed on the ftp site and web site as 
soon as possible.


Please monitor SunSolve.sun.com, the downloads page and this forum for more 
details


Tony Placilla
Sun Microsystems, Enterprise Services division
======================
 
Above instructions copied from:
http://supportforum.sun.com/cgi-bin/WebX.cgi?13@xxxxxxxxxxxxxxx^0@.eeb7a0d

Prev by Date: Re: [cobalt-users] Rackshak is down
Next by Date: [cobalt-users] RAQ 4 DNS Problem at /var/run/named.pid
Previous by thread: Re: [cobalt-users] Rackshak is down
Next by thread: Re: [cobalt-users] IMPORTANT: Sendmail vulnrability - Sun Cobalt-specific Instructions

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index