RE: [cobalt-security] URGENT Hacking - QPOP and RaQ2 the Fix!

["malcolm" <malcolm@xxxxxxxxxxx>]

there is a fix for qpop (RaQ2 MIPS)

it was on one of the 2.x patchs that have since been superceded by Security
Patch 3

I would suggest downloading the V3 patch (8MB ish) onto your Windows desktop
renaming it xxxxxxx.zip and using www.winzip.com to unpack it to a folder on
your desktop
the construction of the cobalt PKG includes a folder called RPM
inside you will find version 3.02 (i think) of qpop
which you can then upload to the server and manually install from telnet (as
root)
using something like:
rpm -Uvi xxxxx
to upgrade(U) the qpop rpm on the system
done!
now any external queries of qpop will not even return the version number
just QPOPP(?)
that'll stop all the recent issues

however if root has been compromised the only fix is a format! You knew that
was coming :)



-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeff Lovell
Sent: 06 September 2000 00:32
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] URGENT Hacking


Gossi The Dog wrote:

> the issue.  The classic example is thats there's still no patch for
> qpopper, and so all Cobalt RaQ's are remotely ownable.  And its been this
> way for months now.  Hopefully one day Cobalt will realise they need
> somebody to be looking at things like this, or they are going to get some
> seriously bad PR :\

What product are you using?

http://www.cobalt.com/support/download/raq3.eng.html (6579)
http://www.cobalt.com/support/download/raq2.eng.html (OS Update 3)
http://www.cobalt.com/support/download/raq1.eng.html (6579)


Jeff
--
Jeff Lovell
Cobalt Networks, Inc.

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security