[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] [RaQ3i] interesting hack symptoms >> answer to Peter

Subject: [cobalt-security] [RaQ3i] interesting hack symptoms >> answer to Peter
From: Theodore Jones <theoj@xxxxxxxxxxxxx>
Date: Sat, 04 Nov 2000 14:17:52 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> >         Do you mean that I would see a sshd reference in "inetd.conf"?, or a
> >"/bin/login" reference in there also near the end of the file -- that simple?
> you will probably see a line like this: 9035 stream tcp nowait root /bin/sh
> sh -i
> 9035 is the portnumber.. and the /bin/sh sh -i tells inetd to execute a
> root shell when connecting to port 9035..

    I didn't find anything in this regard in the inetd.conf file, so I think I'm
safe on that account.


> >
> >         Does that patch require the installation require the update of
> > OS3?.... I
> >haven't done that one yet because of all the horrors I heard about from other
> >users on the regular cobalt list....
>
> i don't know really.. i installed all patches on a number of cobalts on my
> network, and noting failed.. everything is fine..
> the thing i did the first time, is cloning the cobalt harddrive with norton
> ghost to another 20gb drive.. (while putting the cobalt drive in another pc)
> and then put the cobalt drive back.. and went installing.. at some part, i
> fucked up bigtime (noting to do with updates.. more editing files that i
> shouldn't had..;)
> put the drive in the other pc again.. ran gost.. and put the out-of-the-box
> installation back..;) it's not a simple solution, but i works.. and you can
> test if the cobalt updates will cause any problems.. don't forget that
> opening your cobalt will void you warranty!

    That's a great idea actually, but the server I manage is located about a
thousand miles away!  I would love to be able to do this however, as those
"patches" have caused some cobalters some nightmares.  I have done some
customizations also which I fear would be incompatible with the new patches.  I'm
also going on the suggestion stated previously in this forum that it's best not to
mess with something if it's working stable right now, unless it is >really<
imporant to have the latest and greatest.

Cheers,

~ Theo

Follow-Ups:
- Re: [cobalt-security] [RaQ3i] interesting hack symptoms >> answer to Peter
  - From: Gossi The Dog

References:
- Re: [cobalt-security] [RaQ3i] interesting hack symptoms
  - From: Linking Internet - Peter Batenburg

Prev by Date: [cobalt-security] [Raq3i] securely using rpc.statd and other rpc services
Next by Date: Re: [cobalt-security] [Raq3i] securely using rpc.statd and otherrpc services
Previous by thread: Re: [cobalt-security] [RaQ3i] interesting hack symptoms
Next by thread: Re: [cobalt-security] [RaQ3i] interesting hack symptoms >> answer to Peter

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index