[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] New Exploit?

Subject: Re: [cobalt-security] New Exploit?
From: David Kennedy CISSP <david.kennedy@xxxxxxx>
Date: Wed, 19 Dec 2001 07:58:03 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

-----BEGIN PGP SIGNED MESSAGE-----

At 09:11 AM 12/11/01 +0100, Taco Scargo wrote:
>The latest kernel for RaQ 4 is 2.2.16C28. This version includes the
>patch to  close the above mentioned rule. So either you hadn't
>installed the latest kernel  (which was posted on September 20,
>2001) or you didn't reboot after  installation.

It might have been useful had the cobalt-announce item on this
mentioned it was a security-related patch.

>=======================================
>Software Updates For Sun Cobalt RaQ 4
>=======================================
>RaQ4-All-Kernel-1.0.1-2.216C28III: Special Characters 1.0.1
>Requires Reboot: YES
>MD5 Check Sum: dad1efe8427613aa4830f85068529647
>
>Kernel C24 and C27 would not allow the system to switch to the
>correct disk after a RAID failure. To correct this a new modutils
>has been included for the gen III Kernel so that the bandwidth
>module could correctly load automatically after a reboot.Also
>included in the update is the fix for the sysctl negative offset bug
>as well as the ptrace setuid bug.
>
>

Compare the above to:

>=======================================
>Software Updates For Sun Cobalt RaQ 4
>=======================================
>RaQ4-All-Security-1.0.1-10749: Running Bind as Named 1.0.1
>Requires Reboot: YES
>MD5 Check Sum: 6551930df28b21af5ba2d457ef2a2f0f
>
>This patch addresses an issue with the way named is run on Sun
>Cobalt Server Appliances.  Currently, named is run with root
>permissions, this patch adds a user named 'named', and installs new
>initscripts to startup named with the proper arguments to run as the
>user named.
>

The first notice looks to correct a few bugs.  The second clearly
tells administrators there's a security issue to be fixed.  Some
administrators put different priorities on security patches versus
bug-fixes that may not apply to their environments.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: hacker=cybercriminal--the definition changed; get over it

iQCVAwUBPCCO2fGfiIQsciJtAQEjGAP7BswVaJ2/+yvq9PG5+vZQ8W/Ii7xWTpuF
Z3nkVX+FKC5MY1TsrEXswH4w+W293OIs6RGyB6lsSVb/HSH15spLjlQ8j2XqXEIA
F3k0/JrL9RqZ6YuJVq9JEcJWcvPWXCJuxv18sRffwsP8y6NPll8RaUm/9MCe6QnC
YTbboqtf4nc=
=MAb4
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.

References:
- Re: [cobalt-security] New Exploit?
  - From: Taco Scargo

Prev by Date: [cobalt-security] Unknown authentication mechanism: twinkie
Next by Date: [cobalt-security] DNS denied update from external IP address
Previous by thread: Re: [cobalt-security] New Exploit?
Next by thread: Re: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index