[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
- Subject: Re: [cobalt-security] FWD: Colbalt-RAQ-v4-Bugs&Vulnerabilities
- From: cobalt@xxxxxxxxxxxxx
- Date: Fri, 1 Mar 2002 14:55:23 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 1 Mar 2002 at 10:23, cobalt@xxxxxxxxxxxxx wrote:
> c) Denial Of Service.(Exploit Released)
Testes the 'Exploit' against our Raq4i (fully patched):
<begin output>
C:\downloads>perl -x Cobalt_dos.pl -s xxx.xxx.xxx.xxx
Cobalt RAQ DoS v4.0 DoS exploit (c)2002.
Alex Hernandez al3xhernandez@xxxxxxxxxx
Crash was successful !
</end output>
Tried connecting to admin interface - no problem - still there.
'Crash Successful !' - the Perl script is written to ouput this no matter what happens - not very well
written 'exploit'.
Logs show:
xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:26 +0000] "GET /cgi-
bin/.cobalt/alert/service.cgi?service=AAA..<snip lots of A's>..AAA" 414 271
xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:45 +0000] "GET /.cobalt/sysManage/index.html HTTP/1.1" 401
849
The important bits from this are:
414 - Request To Long
then
401 - Unathorized.
So the question is - have they tested this 'exploit' on an unpatched or patched version of the Raq4.
This 'DOS' seems to rely on anonymous logins to the admin interfaces as well. hmmm... Does anyone
here actually allow that ?
Ian