[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail

Subject: Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail
From: "Zeffie" <cobaltlist@xxxxxxxx>
Date: Fri Sep 19 02:06:08 2003
Organization: http://www.zeffie.com/
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Maybe you should test their OpenSSH package before knocking it ?

I don't need to do that?  do you understand the concept?

> The SolarSpeed company home page is located at
spammer.
LOL :)

> If you don't trust us Europeans, doesn't that cause you problems ?

you don't understand the concept... i have no problem with Europeans.  if it
helps change it to "I can't trust some guy (I think) living in the "south
pole" (I think) (in a red suit)

it's an issue...  it's often very easy to backdoor software...  I even built
a su program that sends the ip and passwd away in the mail for the next time
the /bin/su dialog comes around...  it took about an hour.  If you give root
to people you don't know your just asking to be part of a huge attack...
Thats my feeling these days...

>
> Red Hat had patches out for both OpenSSH and Sendmail *the same day*.
> Quite a difference!

same day and the next day....  ya... that was fun...  not..  in most cases
they are the source that sun depends on...

> Sun hasn't even issued a security bulletin yet, and they usually do
Solaris
> first. Like someone else suggested, they are probably relying on
Stackguard
> catching the buffer overflows while they prepare updates, in a month or
so.
> Then again, they haven't updated the version for Sun Linux 5.0 either ?
> (which doesn't have any stackguard. Fortunately Red Hat RPMS work there)

the sun linux follows plain redhat as far as I have seen...

??  I still have people call and they don't have ssh installed :(  I know
people that never install updates.. any of them....   and they seem to
live...  I don't know why????????

> I'm not more fond of advertising than the next guy, and I do wish that
> more people released their sources/patches (including us too, that is)
> but you can't really blame anyone for trying? Just Sun, for not trying.

have a good one...

Zeffie
734-454-9117
http://www.zeffie.com/
Home of Worlds Largest collection of raq4 rpms

Follow-Ups:
- Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail
  - From: Anders
- Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail
  - From: E.B. Dreger

References:
- Re: [cobalt-users] OT brief note on: CERT Advisory CA-2003-25Buffer Overflow in Sendmail
  - From: Anders

Prev by Date: Re: [cobalt-users] PHP/sending mail from address
Next by Date: Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail
Previous by thread: Re: [cobalt-users] OT brief note on: CERT Advisory CA-2003-25Buffer Overflow in Sendmail
Next by thread: Re: [cobalt-users] OT brief note on: CERT AdvisoryCA-2003-25Buffer Overflow in Sendmail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index