Free PKG file downloads for the Sun Cobalt Raq/Qube server appliances

Please note:

All packages and files on this page are provided under the following terms and conditions:

• They are provided **AS IS**
• Without warranty or support of any kind
• Without the implied suitability of merchantability
• Without the implication that they are error free
• Without the implication that they can be uninstalled
• Without the implication that they will cause no conflicts

In short: These packages work for us, they might not work for you. If you do not accept the above mentioned risks, terms and conditions, then please look elsewhere. Thank you.

This Clam AV PKGs are only for the users of our AV-Suite. Do NOT use it, if you do not have our AV-Suite installed.

This Clam AV PKGs will uninstall any present Clam AV RPM it finds and will remove the directory /home/clamav. Then it will install Clam AV 0.87 and will update the virus definitions to the most current version.

This PKGs can be cleanly installed through the GUI interface and on the Qube3, XTR and RaQ550 it can also be uninstalled cleanly from the GUI interface.

As all our Clam AV versions this one installs in /home/clamav and is statically compiled against the latest available versions of zlib and libbz2. 

These PKGs can be used with any AV-Suite newer than AV-Suite-3.0.0. If you have an AV-Suite older than that, then please consider upgrading. 

RaQ3 & RaQ4 notice: This PKG should install fine now, even if prior versions of Clam AV are present.

Reboot Required: No
Sends registration email: No

If you have OpenSSH from PKGmaster.com installed, then you may have to uninstall it first. 

OpenSSH enables you to connect securely (encrypted) to your Sun Cobalt appliance. This Package Contains both client and Server software.

This package is statically compiled against openssl-0.9.7g and zlib-1.2.3 and has privilege-separation enabled.

Also, we now changed "PermitRootLogin" in /etc/ssh/sshd_config to "no", so root cannot login directly through SSH anymore. If you need root logins through SSH you might want to change that line. Afterwards you need to restart SSHd for the change to take effect.

Reboot Required: No
Sends registration email: No

This Clam AV PKGs are only for the users of our AV-Suite. Do NOT use it, if you do not have our AV-Suite installed.

This Clam AV PKGs will uninstall any present Clam AV RPM it finds and will remove the directory /home/clamav. Then it will install Clam AV 0.86.2 and will update the virus definitions to the most current version.

This PKGs can be cleanly installed through the GUI interface and on the Qube3, XTR and RaQ550 it can also be uninstalled cleanly from the GUI interface.

As all our Clam AV versions this one installs in /home/clamav and is statically compiled against the latest available versions of zlib and libbz2. 

These PKGs can be used with any AV-Suite newer than AV-Suite-3.0.0. If you have an AV-Suite older than that, then please consider upgrading. 

RaQ3 & RaQ4 notice: This PKG should install fine now, even if prior versions of Clam AV are present.

Reboot Required: No
Sends registration email: No

If you have our Bind-8.3.3.pkg, Bind-8.3.4, Bind-8.4.3 installed, then please upgrade it with this PKG.

This PKG for the RaQ3 and RaQ4 upgrades the DNS server to BIND-8.4.6 by replacing the standard BIND-8.2.3 present on the RaQs. It will not affect your DNS records present on the server. This Bind-8.4.6 is supposed to fix multiple vulnerabilities. The latest one discovered recently allows a DOS attack agains the DNS server and Bind-8.4.6 was released to fix those issues.

Please note: 

• This PKG upgrades Bind to a newer version than the one which is usually found on a RaQ3 or RaQ4. Therefore you will have to skip future Sun Cobalt patches which target Bind - or there might be conflicts.
  
• If you have any older version of the RaQport Bind installed, then please upgrade to Bind-8.4.6 with this PKG.
  
• If the new PKG refuses to be installed through the GUI, then remove the file /var/lib/cobalt/RaQ34-Solarspeed.net-Bind-*.md5lst and try again.

Reboot Required: No
Sends registration email: No

ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for Unix that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers.

Impact:

An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites.

The full text of the advisory is available here and here.

This PKGs install ProFTPD-1.2.8p - a patched version which was released to counter this vulnerability.

Please note (VERY IMPORTANT!): 

This packages cannot be uninstalled and have NOT been extensively tested. When the official ProFTPD patch from Sun Cobalt arrives, then you will have problems. I can already guarantee that.

This is due to the nature of changes between the ProFTPD versions that Sun Cobalt uses (which are older ones) and the new ProFTPD-1.2.8p.

The most noteable changes are are the "AllowChmod" directive in /etc/proftpd.conf. This function is still used by Sun Cobalt, but no longer supported in ProFTPD-1.2.8p. To allow chmod from a FTP client one now has to use the following config option in /etc/proftpd.conf:

<Limit SITE_CHMOD>
       AllowAll
</Limit>

So upon installation this PKGs will make a copy of your existing /etc/proftpd.conf and will name it /etc/proftpd.conf.pre-1.2.8p-SOL1. Then it will make the appropriate changes to /etc/proftpd.conf to comment out the lines which contain "AllowChmod". It will also add the three lines as shown above to allow chmod's.

However, this procedure might fail if you have already modified these options manually. In this case you might end up with a dead FTP server.

So this package modifies /etc/proftpd.conf in a way that it is MOST LIKELY that a fixed ProFTPD delived by an official Sun Cobalt PKG will not work properly. Unless you copy /etc/proftpd.conf.pre-1.2.8p-SOL1 back to /etc/proftpd.conf. But that is not really an option either, as the addition or deletion of sites might have added, modified or deleted virtual host containers in /etc/proftpd.conf.

Bottom Line:

This PKGs are only for the impatient power users who are able to either manually edit /etc/proftpd.conf once a Sun Cobalt PKG comes out which fixes ProFTPD. Or for those users who willingly want to skip future Sun Cobalt PKGs which contain ProFTPD updates.

Reboot Required: No
Sends registration email: No

Another vulnerability in Sendmail was announced today which could lead to a root exploit. These patches fix all three recent vulnerabilities which were found in Sendmail:

a.) A "Remote Header Processing Vulnerability" in Sendmail. Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. The full details of this vulnerability are outlined in ISS X-Force's Advisory. This was fixed with Sun Cobalt Patch 16402 and 16429.

b.) Michal Zalewski found a vulnerability in Sendmail versions 8.12.8 and prior which could possibly lead to a remote root exploit. The findings are outline here. This was fixed with Sun Cobalt Patch 16429.

c.) NEW: Michal Zalewski found a vulnerability in Sendmail versions 8.12.9 and prior, which could possibly lead to a remote root exploit. The findings are outline here.

The PKGs above were built with the patches which the Sendmail consortium released to address this issue (patch a / patch b / patch c).

Please note: 

a.) This packages cannot be uninstalled. When the official Sendmail patch from Sun Cobalt arrives, then you can simply install it over this RaQport package without problems.

b.) MailScanner: If you have MailScanner installed (the one NOT from RaQport - ours is fine), then you might have to restart MailScanner manually from the command line after applying this patch. Additionally you might have to delete the subdirectories in /home/spool/mqueue/

c.) It does not matter if you already have the Sun Cobalt patch 16402 or 16429 installed or not. But make sure that you install our patch after you installed 16402 and 16429.

d.) If you have a Qube3 or RaQ550 and the package fails to install, then please confirm that the checkbox "Package must be authenticated" (in BluelinQ / Settings) is NOT checked.

Reboot Required: No
Sends registration email: No

This package is a repackaged version of the official Sun Cobalt RaQ4-All-Security-2.0.1-15959.pkg. It fixes multiple buffer overruns in Postgresql. In addition, Postgresql debugging is now disabled by default.

However, this patch does not contain the PHP upgrade which is usually included in the official Sun Cobalt RaQ4-All-Security-2.0.1-15959.pkg!

Therefore this patch can be installed just fine on servers which have a third party PHP installation - like the RaQport PHP or the one from PKGmaster.com. See our news article about this matter for more information.

If you do not have a third party PHP installation, then do not install this patch - use the official Sun Cobalt patch instead! (The official patch can be found here).

Reboot Required: YES
Sends registration email: No

Three weeks after the last vulnerability in Sendmail was announced another root exploit one has been found in Sendmail. These patches fix both vulnerabilities:

a.) A "Remote Header Processing Vulnerability" in Sendmail. Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. The full details of this vulnerability are outlined in ISS X-Force's Advisory.

b.) Michal Zalewski found a vulnerability in Sendmail versions 8.12.8 and prior which could possibly lead to a remote root exploit. The findings are outline here.

The PKGs above were built with the patches which the Sendmail consortium released to address this issue (patch a / patch b).

The Qube3, RaQ4, XTR and the RaQ550 PKG are fully uninstallable. The RaQ2 and RaQ3 package cannot be uninstalled.

Please note: 

a.) RaQ3 and RaQ4 only: If you have the first unofficial Sendmail patch installed, then remove the listfile /var/lib/cobalt/RaQ*-Solarspeed.net-Sendmail-*.md5lst first:

rm /var/lib/cobalt/RaQ*-Solarspeed.net-Sendmail-*.md5lst

Then install the new package either from the GUI or the command line.

b.) If you have MailScanner installed (the one NOT from RaQport - ours is fine), then you might have to restart MailScanner manually from the command line after applying this patch. 

c.) It does not matter if you already have the Sun Cobalt patch 16402 installed or not. But make sure that you install our patch after you installed 16402.

d.) If you have a RaQ550 and the package fails to install, then please confirm that the checkbox "Package must be authenticated" (in BluelinQ / Settings) is NOT checked.

Post release update: The Qube3 and RaQ550 packages (and RPM files) have been renamed to avoid possible problems during the installation.

Reboot Required: No
Sends registration email: No

A vulnerability was discovered in Qpopper-4.0.4 which could lead to a potential exploit. By default Sun Cobalt RaQs are not vulnerable to this discovered exploit, but people who installed our free Qpopper-4.0.4 for the RaQ3 and RaQ4 should install this PKG as soon as possible.Please note: If you have our Qpopper-4.0.4 installed, then delete the file /var/lib/cobalt/RaQ34-Solarspeed.net-Qpopper-4.0.4.md5lst first.

Qpopper is the POP2/POP3 service installed on the RaQs. On an up to date patched RaQ Qpopper-3.0.2 is installed. The newer Qpopper-4.0.5 is much faster and (opposed to Qpopper-3.0.2) supports APOP properly. Works fine with POP-before-SMTP, too.

Please note: Once you have this PKG file installed and plan to use APOP for an account, then you might need to change/update the password for this account through the Admin Interface. Afterwards APOP will work just fine for that account.

Reboot Required: No
Sends registration email: No

The RaQ3 and RaQ4 usually use the University of Washington IMAP version 4rev1 v12.264. A vulnerability exists in version 12.264 of the University of Washington IMAPd server (UM-IMAP), implementing IMAP4rev1. This weakness could allow a logged in user to execute arbitrary code. As far as is known this does not allow the user to get root access, instead the code or shell is executed with the user's privileges. This PKG installs IMAP-2001a (2001.315) which has this vulnerability fixed and comes with many enhancements. Works fine with POP-before-SMTP, too.

Reboot Required: No
Sends registration email: No

This PKG installs phpMyAdmin-2.2.6 and enables it for all virtual websites. Each of your virtual sites will have a browser based admin interface for MySQL at http://[sitename]/phpmyadmin/The URLs are password protected and login is only granted to those who login with a valid MySQL username and password. Requirements: PHP and MySQL.

Reboot Required: No
Sends registration email: No

If you work a lot on the shell through SSH and know the old Norton Commander for DOS, then you'll love Midnight Commander. All file operations are just a few keystrokes away. The included editor, ftp client and the search and replace functions make it an extremely useful addition for anyone who has to spend more than a few minutes on the shell.Once this PKG is installed anyone with shell access can type "mc" in their console and Midnight Commander will open up. Please note: Some of the most useful functions of Midnight Commander are only available through the F2 to F10 keys. Not all types of terminal and not all SSH or Telnet clients support the use of these function keys. In that case use the ESC key and then press the corresponding number to simulate the F-key. Example: For F10 press ESC 0, for F4 press ESC 4

Reboot Required: No
Sends registration email: No

More downloads >>