[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael
- Subject: Re: [cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 5 Nov 2000 16:32:13 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 4 Nov 2000, Theodore Jones wrote:
> Michael,
>
> While I appreciate your alarm, have you >read< any of the compaints and problems
> people have had with the OS3 "update" that came out a while ago in the regular
> list group for users?
Just to add feedback here, one of the first OS updates I installed was
the OS3 one, and it went without problem. Having said that, at that
stage I hadn't customised much on the box.
> I simply cannot afford down time
> because of Cobalt's
> faulty release of patches.
I'm not really sure about 'faulty' - the only obviously wrong update I've
seen so far was the Qpopper beta update for RaQ2's, which killed about 50%
of said RaQ's pop3.
> Since it's working now, and most of the exploits
> I've heard about are of the nature of someone having to >allready< have an
> account on this system, and I don't allow shells except to >very< trusted
> individuals, I feel pretty safe right now.
Do you have php installed? If you do, point your webbrowse at:
http://owned.lab6.com/~gossi/RaQ-security/exploits/bindshell.phps
I've just mocked that up. Save it to a file with a .php extension, upload
it to your raq as a standard user without telnet access, and point your
web browser at the file. It'll put a shell on port 1542 - just telnet to
your raq on that port. It puts another 'inetd' process in the process
list, and uses that to mount a shell. Quickly tested it on my raq3 and it
works. Runs with permissions of apache on the raq, so you have read/write
access to other users web dirs.
Regards,
Gossi The Xmas Dog.