Hi Eugene, > Kernel: > ptrace (Local, root access)
Just out of curiosity: Do you know a (working!) exploit for the present RaQ4 kernel in that regards? I'm not asking for the gory details and just want to know if ptrace is still an issue there. I thought it was no longer, at least not with 2.2.16C28_III on the RaQ4. > syncookie (Remote, ? not sure how severe) Well, that's a general problem with many Linux distributions. > Glibc: > glob() (Remote, potential DoS) I guess most of the kernel and proftpd issues can be traced back to underlying glibc issues. However, from a technical point of view a glibc replacement is a pretty tough cookie. To bad that "make world" is not an option here. :o( > Apps: > UW imapd (Remote, root access? not sure) I was wondering about that one as well the other week and asked here if someone know if the imapd version the Cobalts use is vulnerable as well. I tried two exploits on my RaQ3 and a RaQ4 and couldn't get them to work. If you find more info on the matter (again, not the gory details, just if it's exploitable or not), then I'm sure many here would appreciate to know about that. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
