[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Possible solution for BIG security hole in RaQ3 server

Subject: Re: [cobalt-security] Possible solution for BIG security hole in RaQ3 server
From: Jeff Lovell <jlovell@xxxxxxxxxx>
Date: Mon, 12 Jun 2000 08:52:22 -0700
Organization: Cobalt Networks, Inc.

Goran Blagus wrote:
> 
> Hello !
> 
> <BAD ENGLISH>
> 
> Here is the post from bugtraq mailing list with program in C which we have
> installed on RaQ3 to prevents abuse of CAP_SETUID vulnerability.
> We have tested this module with two exploits that was early posted to same
> bugtraq list and it works great.
> 
> What we didn't succeed is compiling this program on RaQ2. RaQ2 is also
> affected with this security bug. Any help in compiling this program is
> appriciated.
> 
> </BAD ENGLISH>
> 
> Goran Blagus

2.0.x kernels are not vulnerable to this bug.  ONLY RaQ3 and RaQ3
variants are vulnerable to this bug.

Jeff

References:
- [cobalt-security] Possible solution for BIG security hole in RaQ3 server
  - From: Goran Blagus

Prev by Date: Re: [cobalt-security] Cobalt Security Notice - Linux Kernel -06/09/00
Next by Date: Re: [cobalt-security] Cobalt Security Notice - Linux Kernel - 06/09/00
Previous by thread: [cobalt-security] Possible solution for BIG security hole in RaQ3 server
Next by thread: [cobalt-security] Re: [Qube2] Admin Account/changing admin login and security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index