[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
- Subject: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 1 Mar 2002 15:27:38 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Alex,
I've seen the message on Bugtraq as well an did some testing on a RaQ4.
> Exist three vulnerabilities:
>
> a) Cross Site Scripting.
> b) Traversal vulnerabilities.
Irrelevant. When you try the "exploit" URLs you still are asked for username
and password (admin and/or siteadmin), so there is little danger of this
leading to any sort of exploitation.
> c) Denial Of Service.(Exploit Released)
> Exploit Code DoS Cobalt4_DoS.pl
I just tried the script as well. Same as above: The targeted page is behind
the username and password protection of the Admin GUI. As long as someone
hasn't gotten around it by supplementing username and password the script
won't do anything. I even wrote a loop which infinitely calls the script and
watched what it did to the RaQ. "TOP" reported an increased memory usage
(2.3%) for the admin server, but that was to be expected.
I then outright removed the .htaccess file from
/usr/admserv/cgi-bin/.cobalt/alert so that the exploit script could
unchallenged access service.cgi and guess what?
It did nothing. The RaQ continued humming along perfectly well.
In my opinion this Alex Hernandez (who reported the "exploits")
should get a clue before he starts wasting our time. :o)
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer