[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg

Subject: RE: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Fri, 27 Apr 2001 19:37:07 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I think you should be scared.This bug is known about one month now. Andother exploits like this exist for kernels lower than 2.2.19 exist. Thesebugs has been discovered many months ago, and it seems like there is stillno fix for cobalt systems.


At 16:35 26-4-2001 -0400, you wrote:

> [admin@xx10 admin]$ ./prak /usr/sbin/traceroute
> bug exploited successfully.
> enjoy!
> bash# id
> bash# uid=0(root) gid=0(root)
> groups=27(admin),10(wheel),110(home),111(site-adm)
> bash# uname -a
> bash# Linux xx10.test.nl 2.2.16C24_III #1 Thu Mar 22 21:17:39 PST 2001
i586
> unknown
> bash#
>
> Yeah, i see its fixed.

This almost scares me.

Follow-Ups:
- Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
  - From: Gergo Soros

Prev by Date: RE: [cobalt-security] logcheck Problem on Raq3?
Next by Date: [cobalt-security] Automated reply from jonathan@xxxxxxxxxxxxx
Previous by thread: RE: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
Next by thread: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index