[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities

Subject: Re: [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sat, 2 Mar 2002 13:00:35 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Barbar,

> So I'm trying to figure out if our RaQ3/4 machines are
> indeed vulnerable to these posted exploits or not?
> I've read both here and on other lists, that "yes"
> they are vulnerable. Some have even offered temp fix
> solutions;

look at it from this perespective: Who can use the exploits? Only people who 
have the username and password to get to the admin GUI. 

This limits the risk considerably, don't you think? 

To lessen it further you can implement the fixes which Peter mentioned:
http://online.securityfocus.com/archive/1/259135

However, I tried the "exploit script" and opposed to what the guy said who 
posted the vulnerabilities it didn't lock up the RaQ4 I've run it against.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities
  - From: Barbara

Prev by Date: Re: [cobalt-security] cracklib question
Next by Date: Re: [cobalt-security] chkrootkit keeps complaining about hidden processes
Previous by thread: [cobalt-security] Colbalt-RAQ-v4-Bugs&Vulnerabilities
Next by thread: [cobalt-security] cracklib question

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index