On Tuesday, March 4, 2003, at 07:53 PM, CDNS Administration wrote:
I too would echo the question, any plans for anyone making a .pkg for the Raq2?
There's already a fix for the Raq2. It was posted by Harald on this very thread.
I wouldn't suggest you wait for someone to roll up a package:
A. Because of the severity of the exploit. B. Because it's relatively easy to fix. C. Because Sun won't release a fix till a month from now.
Here's cut and paste instructions. I provide no warranty, use at your own risk, YMMV, yada, yada, yada.
SSH into your server.
# su - # enter admin password [root root]# cd /home [root home]# wget http://www.knet.at/~hk/raq2/sendmail [root home]# mv sendmail /usr/sbin/sendmail.new [root home]# cd /usr/sbin [root sbin]# cp sendmail sendmail.orig [root sbin]# chgrp mail sendmail.new [root sbin]# chmod 555 sendmail.new [root sbin]# chmod u+s sendmail.new
Check permissions on the new sendmail.
[root sbin]# ls -la sendmail* -r-sr-xr-x 1 root mail 530172 Mar 4 09:19 sendmail -r-sr-xr-x 1 root root 737374 Mar 4 09:17 sendmail.new -r-sr-xr-x 1 root root 737374 Mar 4 09:17 sendmail.orig [root sbin]# mv sendmail.new sendmail [root sbin]# /etc/rc.d/init.d/sendmail stop [root sbin]# /etc/rc.d/init.d/sendmail start
-> check yourself by telnetting to it on port 25 eg. telnet localhost 25 (then type "quit")
It will tell you what version of sendmail is running.
HTH, j
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
