[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Colbalt Raq 4 & Raq 3 vulnerability quick fix

Subject: Re: [cobalt-security] Colbalt Raq 4 & Raq 3 vulnerability quick fix
From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
Date: Fri, 1 Mar 2002 14:07:33 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

First of all I have to tell you that Raq3 is affected as well.
Secondly I would like to suggest you a quick and easy fix:

in your dir
    /usr/admserv/cgi-bin/.cobalt/alert
(this is a Raq3 path, I don't have a Raq4 but surely others can supply you
the rught one)
you will find a .htaccess that I have modify as follows

----[start]-------------
# Access file for /usr/admserv/cgi-bin/.cobalt/alert/ (admin  )
order allow,deny
#allow from all
require user admin
Authname CobaltRaQ
Authtype Basic

allow from 127.0.0.1
allow from y.y.y.
allow from x.x.x.x
---[end]-----------------

where y.y.y. is my class c and x.x.x.x is my office gateway.

This solution will not disable the service nor the alert but should stop
exploiting the found vulnerabilities until a proper fix is supplied.


Audric Leperdi

----- Original Message -----
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>; <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, March 01, 2002 10:21 AM
Subject: [cobalt-security] BUGTRAQ: Colbalt-RAQ-v4-Bugs&Vulnerabilities


> Hello,
>
> Just read this:
> http://online.securityfocus.com/archive/1/259015
>
> Summary:
> "Exist three vulnerabilities:
>
> a) Cross Site Scripting.
> b) Traversal vulnerabilities.
> c) Denial Of Service.(Exploit Released)
>
>
> Cobalt's service.cgi incorrectly handles the incoming search parses,
> incoming HTML tags or JavaScript will be included inside the result
without
> them being filtered out for dangerous content. A similar problem occurs
with
> the x.cgi's inclusion of malicious code inside the resulting title
search."
>
> I've done some work looking into this and the exploit doesn't seem to do
> anything on my test RaQ4 and it seems that you need a valid
> username/password to use the CSS and traversal vulns. The travsersal vuln.
> doesn't look as bad as reported because you don't seem to be able to go
> above /usr/admserv/html/ and since the cobalt scripts don't use cookies,
I'm
> not sure I understand how the CSS vuln is significanlty dangerous. So, on
> the face of it is seems quite worrying, but I've not been able to identify
> anything significant in my testing.
>
> Regards,
> Jonathan Michaelson
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] BUGTRAQ: Colbalt-RAQ-v4-Bugs&Vulnerabilities
  - From: Jonathan Michaelson

Prev by Date: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities *** crap ***
Next by Date: [cobalt-security] NEW Colbalt RAQ4 Bugs & Vulnerabilities?
Previous by thread: [cobalt-security] BUGTRAQ: Colbalt-RAQ-v4-Bugs&Vulnerabilities
Next by thread: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index