I really dont koe about ftp, was just an example, because a frien told me about it and show me and example. But also, sendmail version in raq 3 IS vulnerable, very vulnerable. I can send example of exploit showing the /etc/passwd Cobalt should release sendmail updates, version 8.9 is not a new version, is it?
----- Original Message ----- From: "Jeff Lovell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 12, 2001 7:44 PM Subject: Re: [cobalt-security] Unusual ps command output > On Mon, 2001-11-12 at 13:51, Mart�n Fiumara wrote: > > I mean that the patches that cobalt releases are not as updated as i would > > like: for example, the raq3 with all the patches aplied has serious > > vulnerabilities in some default services, ftp for example. An d these > > vulnerabilities leads to a root shell :( > > Can you point me to where you believe that 1.2.2rc1 version has a root > exploit? I do believe that version later than 1.2.1 are safe unless > mod_sql is used for authentication, which is not enabled on our version > of proftpd. > > Jeff > -- > Jeff Lovell > Sun Microsystems Inc. > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
