[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities

Subject: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
From: cobalt@xxxxxxxxxxxxx
Date: Fri, 1 Mar 2002 14:55:23 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 1 Mar 2002 at 10:23, cobalt@xxxxxxxxxxxxx wrote:

> c) Denial Of Service.(Exploit Released)

Testes the 'Exploit' against our Raq4i (fully patched):

<begin output>

    C:\downloads>perl -x Cobalt_dos.pl -s xxx.xxx.xxx.xxx

    Cobalt RAQ DoS v4.0 DoS exploit (c)2002.
    Alex Hernandez al3xhernandez@xxxxxxxxxx


    Crash was successful !

</end output>

Tried connecting to admin interface - no problem - still there.

'Crash Successful !' - the Perl script is written to ouput this no matter what happens - not very well 
written 'exploit'.

Logs show:

xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:26 +0000] "GET /cgi-
bin/.cobalt/alert/service.cgi?service=AAA..<snip lots of A's>..AAA" 414 271
xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:45 +0000] "GET /.cobalt/sysManage/index.html HTTP/1.1" 401 
849

The important bits from this are:

414 - Request To Long

then

401 - Unathorized.

So the question is - have they tested this 'exploit' on an unpatched or patched version of the Raq4.

This 'DOS' seems to rely on anonymous logins to the admin interfaces as well.  hmmm...  Does anyone 
here actually allow that ?

Ian

References:
- [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
  - From: cobalt

Prev by Date: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
Next by Date: [cobalt-security] separate admin server
Previous by thread: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
Next by thread: [cobalt-security] NEW Colbalt RAQ4 Bugs & Vulnerabilities?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index