[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RAQ3 vulnerabilities

Subject: Re: [cobalt-security] RAQ3 vulnerabilities
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Mon, 3 Dec 2001 20:48:36 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Nico,

> <Slightly OT>
> In a sense, this scares me (I am easily scared ;-P). Anyone with physical
> access to a RaQ[*] can boot it with a different (outdated?) kernel without
> keyboard/cable/terminal/password check. Yikes!

Someone with physical access to the server (Cobalt RaQ, E15K, Pentium box ... 
doesn't matter) can do anything with it. That's an eventuality which you have 
to live with when you can't guard the server yourself and have it colocation 
somewhere. Preferably in the hands of a colo-center you trust. ;o)

> Do you know if this kernel includes networking support?

I'd be surprised if it hasn't. The hacked site (see begining of this topic) 
seems to online even with the ROM kernel, so it must have network support.

-- 

With best regards

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Nico Meijer
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Parker Morse

References:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Nico Meijer

Prev by Date: Re: [cobalt-security] who should own the /home/sites/home/users and /home/sites/home/web ?
Next by Date: Re: [cobalt-security] RAQ3 vulnerabilities
Previous by thread: Re: [cobalt-security] RAQ3 vulnerabilities
Next by thread: Re: [cobalt-security] RAQ3 vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index