[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: Security Alert on MIPS based Cobalts
- Subject: [cobalt-security] Re: Security Alert on MIPS based Cobalts
- From: Rod Todd <rodd_todd_1999@xxxxxxxxx>
- Date: Sat, 7 Oct 2000 14:11:09 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>If you leave port 81 open to the net and use a MIPS
>based Cobalt server, Raq 1 and 2? Qubes etc...
>you may leave yourself open to compromises....
My favorite on the Qubes :
www.domain.com:81/.cobalt/groupList
It shows all the groups and if you click on a group,
it shows you who all the names of members. No wonder
someone told me that he could find out who was on my
machine even if we turned off Finger and Who. Is
there any way to prevent people from snooping our
users and groups without deleting the page?
>Try this www.yourdomain.com:81./cobalt
We received an error page.
>others are
>shared
When we do this:
http://www.ementor.com:81/.cobalt/shared/
we receive : Index of /.cobalt/shared which shows one
file:
blank.html
>www.yourdomain.com:81/.cobalt/install
We get a blank page
www.yourdomain.com:81/cobalt/siteManage
>images
When we do this:
http://www.ementor.com:81/.cobalt/images/
we receive : Index of /.cobalt/images
all the images shown from the images directory.
>help
http://www.ementor.com:81/.cobalt/help/
shows 3 help files
>error
Shows nothing
>appletData
http://www.ementor.com:81/.cobalt/appletData/
We receive :
webUsage-home.dat file, which shows a bunch of numbers
when opened.
>about
http://www.ementor.com:81/.cobalt/about/
shows a Qube2 banner page
Our Software On The Cobalt Server:
Cobalt OS Release 4.0
Cobalt Qube2 Update Release 1.0
MFG message patch Release 1.0
Shell History Patch Release 1.1
Since our machine will be a stand alone server, is
there anyway to plug up the HTML pages, mabye via TCP
wrappers allowing only a particular IP to access port
:81?
Cheeri'o
..........RT
>You must use the main Domain not a virtual domain on
>a server
>I found it on my Qube 2...Real Cute!!!
>I do not let port 81 to connect outside my LAN.
>so I have access to all the port 81 admin functions
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/