[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities
- Subject: Re: [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 2 Mar 2002 13:00:35 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Barbar,
> So I'm trying to figure out if our RaQ3/4 machines are
> indeed vulnerable to these posted exploits or not?
> I've read both here and on other lists, that "yes"
> they are vulnerable. Some have even offered temp fix
> solutions;
look at it from this perespective: Who can use the exploits? Only people who
have the username and password to get to the admin GUI.
This limits the risk considerably, don't you think?
To lessen it further you can implement the fixes which Peter mentioned:
http://online.securityfocus.com/archive/1/259135
However, I tried the "exploit script" and opposed to what the guy said who
posted the vulnerabilities it didn't lock up the RaQ4 I've run it against.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer