[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] BUGTRAQ: Colbalt-RAQ-v4-Bugs&Vulnerabilities

Subject: [cobalt-security] BUGTRAQ: Colbalt-RAQ-v4-Bugs&Vulnerabilities
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Fri, 1 Mar 2002 09:21:05 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,

Just read this:
http://online.securityfocus.com/archive/1/259015

Summary:
"Exist three vulnerabilities:

a) Cross Site Scripting.
b) Traversal vulnerabilities.
c) Denial Of Service.(Exploit Released)


Cobalt's service.cgi incorrectly handles the incoming search parses,
incoming HTML tags or JavaScript will be included inside the result without
them being filtered out for dangerous content. A similar problem occurs with
the x.cgi's inclusion of malicious code inside the resulting title search."

I've done some work looking into this and the exploit doesn't seem to do
anything on my test RaQ4 and it seems that you need a valid
username/password to use the CSS and traversal vulns. The travsersal vuln.
doesn't look as bad as reported because you don't seem to be able to go
above /usr/admserv/html/ and since the cobalt scripts don't use cookies, I'm
not sure I understand how the CSS vuln is significanlty dangerous. So, on
the face of it is seems quite worrying, but I've not been able to identify
anything significant in my testing.

Regards,
Jonathan Michaelson

Follow-Ups:
- Re: [cobalt-security] Colbalt Raq 4 & Raq 3 vulnerability quick fix
  - From: Audric Leperdi

Prev by Date: Re: [cobalt-security] extra detail on the ssl redirection problem
Next by Date: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
Previous by thread: [cobalt-security] pro's and cons of not letting GUI change root password
Next by thread: Re: [cobalt-security] Colbalt Raq 4 & Raq 3 vulnerability quick fix

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index