[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security Alert on MIPS based Cobalts
- Subject: Re: [cobalt-security] Security Alert on MIPS based Cobalts
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Sat, 7 Oct 2000 02:14:50 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Franklin S. Werren" <fswerren@xxxxxxxxxxxx> wrote
> Hello All;
>
> If you leave port 81 open to the net and use a MIPS
> based Cobalt server, Raq 1 and 2? Qubes etc...
> you may leave yourself open to compromises....
>
> I did not find it on a Intel base RAQ3i
> I did not check a RAQ 2 but I suspect it is the same
>
> Try this www.yourdomain.com:81./cobalt
I get "Invalid syntax" from the browser
I get "forbidden" at www.yourdomain.com:81/.cobalt [Raq2]
I get "file not found" at www.yourdomain.com:81/.cobalt [Qube2]
> www.yourdomain.com:81/.cobalt/install
This one comes up with the "login" script [RaQ2]
Comes up with the install software page on a [Qube2] (still ask for password
though)
> www.yourdomain.com:81/cobalt/siteManage
This one comes up with "file not found"
I get "forbidden with www.yourdomain.com:81/.cobalt/siteManage [RaQ2]
I get "file not found" [Qube2]
Is your software up-to-date?
< snip>
> I found it on my Qube 2...Real Cute!!!
> I do not let port 81 to connect outside my LAN.
> so I have access to all the port 81 admin functions
>
> I like my Qube but I think Cobalt has been real sloppy
> with a proven OS like RedHat Linux.