[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg

Subject: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
From: Rob van Eijk <rob@xxxxxxxxxxxx>
Date: Wed, 6 Jun 2001 10:24:41 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Check their website first...

>Warning for all 4WebSpace.com users:
Users should not install the Cobalt Kernel update
4.0.1 on their RaQ 3 servers. It can cause serious problems with the
servers, including sending them into infinite rebooting loops.

--
 MCG,
 Rob van Eijk

-----Ursprüngliche Nachricht-----
Von: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]Im Auftrag von Ken Reilly
Gesendet: vrijdag 1 juni 2001 8:16
An: cobalt-security@xxxxxxxxxxxxxxx
Betreff: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg


To: Bill Irwin
     Technical Support Engineer
RE: http://list.cobalt.com/pipermail/cobalt-security/2001-May/001891.html
       Raq3 caught in a reboot loop after Kernel 4.0.1 update

I have two Raq3s. One with CommuniTech.net (CT) and one with 4WebSpace
(4WS). I always add patches to my 4WS Raq, and let it run for a few days
before I patch my other Raq at CT. After applying the kernel update 4.0.1,
my Raq3 was caught in a continual reboot according to 4WS support. They told
me that they rebooted to the ROM kernel, and everything is running just
fine, but I need to do a complete reload of my Raq3 otherwise every time I
reboot, it will get caught in the loop again.

Is there any chance that I can just reverse the patch, and not go through
the time, effort and cost of a reload? If not, what are the security risks,
or differences in running off of the ROM kernel for more than a few days
before I reload the machine?

Below is the information you requested (dated May 1st)
=============================
1 what was installed (ie, third party stuff)
=============================
List of security apps installed
1. LogCheck
2. PortSentry
3. Chkrootkit
4. SSH from ssh.com not OpenSSH
5. PM Firewall install for IP Chains, but it is not running (upgraded IP
chains via RPM)

Other apps installed (a few months ago)
1. Webalizer 1.3 via Cobalt pkg, later uninstalled
2. Webalizer Raq3iRelease 2.00.12-2. A pkg that was announced on the user
list
3. ApacheJServ (Apache-Java Servlet Engine) for Cobalt i386Release 1.1-1
(pkg from Cobalt)
3a. Open Source JSDK for Cobalt i386 Release 1.1-1 (pkg from Cobalt)
The Java packages didn?t seem to work. They were installed months ago.
4. RaQ3-all-CMU Release 1.1-22
5. Urchin for Raq was installed a few months ago, and uninstalled after the
30 day trial.

Security apps were installed from source (my Raq3 at CT was hacked through
Bind a couple months ago and had to be reloaded). Other apps were all pkg
files. I don?t have PHP, MySQL or any of the other popular apps installed.
They are somewhere far down my ?to do? list.

===================================
2 what patches you had installed prior to install?
===================================
I usually wait a couple months before applying patches, for this exact
reason.
Both of my Raq3s were running fine for the past couple months with all
patches up to and including the vixie-cron Update 4.0.1. I had some error
messages ?zcat: stdout: Broken pipe? from the cron.daily after the vixie
update, but nothing major. There was a post on how to fix the error message,
and it had to do with recreating the crond link entries. This fixed the
problem.

Then on May 28th, I first applied 3 patches.
1. Security: Backup Update 4.0.1
2. Security: URL Attack Exposure 4.0.1 and
3. Update: RPM 4.0.1

I then rebooted, because after 3 patches I wanted to make sure the server
was OK before applying a kernel update. The server came up just fine, so I
continued to apply the kernel update.
4. Kernel update 4.0.1

After reboot, I was unable to access my server until 4WS support booted of
the ROM kernel.

======================
3 Any hardware upgrades, etc
======================
I lease the dedicated Raq3 from 4WS, so I?m not aware of any hardware
upgrades besides the memory upgrade from 32 to 128 that I paid for when I
first got my server.


Please reply to the first couple questions regarding a complete server
reload. I would rather not go through the expense of a reload if I don?t
have to. The server has been running just fine for almost a week, but I can?
t reboot.

Feel free to contact me if you have any questions or comments.

Thanks,
Ken Reilly
ken@xxxxxxxxx
Phone (651) 329-7711
Toll Free 1(877) 435-5416
Fax 1(877) 794-0612
http://www.ryron.com

Follow-Ups:
- Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
  - From: Gossi The Dog
- Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
  - From: shimi
- Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
  - From: Bill Irwin

References:
- [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
  - From: Ken Reilly

Prev by Date: RE: [cobalt-security] Might be off topic. Are computers with168.192.x.xsafe from Internet?
Next by Date: AW: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
Previous by thread: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
Next by thread: Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index