[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SUN don't care about security update ?
- Subject: Re: [cobalt-security] SUN don't care about security update ?
- From: "Joe Boise" <my_hidden_email@xxxxxxxxx>
- Date: Thu, 14 Mar 2002 09:21:38 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I totally agree with you Leo, 2 years ago when I
got a cobalt and joined this list I used my real email
name etc.
Everytime a exploit came out and Cobalt finally came
out a update, people would post
"You try that update yet?"
Bam, a hack knows that your system is not patched.
And guess what, here they come, knocking through the
crack in that backdoor.
So I have now opted to remain anon.
Yes, it is a shame that cobalt takes so long to come out
with a update, if they even do. Sun comme out with
a "official" PHP update yet? Nope, the updates at
pkgmaster.com don't count they are not official.
Remember using unofficial packages is a violation
of the warranty, using them will void the warranty.
Well mine has been violated 10 fold!
Joe
Message: 5
From: cobalt-security@xxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx
Date: Thu, 14 Mar 2002 06:29:38 +0100
Subject: [cobalt-security] SUN don't care about security update ?
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
Hello,
I'm very disapointed for the sun attitude about security upgrade of the cobalt.
When there is important holes (like in PHP these days), they MUST provide
upgrade in the hours like all Linux, *BSD, Unix system have do. If you install
unoficial packages, you can loose warranty, and if I have choosed the cobalt
is to have a minimum administration: warning from sun on security issue, and
a link to a package that correct the problem.
But no, you go at the official download page and you see nothing... no
security hole, no problem. And once you'll be hacked who pay ? I thinked
cobalt was a good solution for an easy management for non expert admin,
but now I have already moved all my importants sites on a FreeBSD secured
machine (without easy management). In the future I will probably user
FreeBSD-Webmin to replace this sun unsuported thing.
Reguards
Leo
--__--__--
Message: 6
From: "John Adair" <J.Adair@xxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: RE: [cobalt-security] Am I missing something here
Date: Wed, 13 Mar 2002 23:06:23 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
The SSHd the attacker uploaded most likely has a backdoor in it.
- - -
Opinions expressed do not necessarily represent the views of my employer.
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone, fax or e-mail to the sender without delay. Return this
message or delete this message and any attachment from your system as per
our request. If you are not the intended recipient you must not copy this
message or attachments or disclose the contents to any other person.
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
> Brett Wright
> Sent: Wednesday, March 13, 2002 10:41 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Am I missing something here
>
>
>
> At 18:10 13/03/02 +0000, you wrote:
> >Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!!
> >One was even hacked then taken down to be reloaded on a saturday
> >afternoon and by the saturday night had been done again.
> > ...
> > ...
> Maybe a packet sniffer on a local network, seems weird that
> the "HACKER"
> makes the box more expolitable by change the version of ssh
> on a box he has
> already hacked.
>
> thats what id be looking for
>
> Maybe im wrong
>
> Regards
> Brett
>
>
> >--
> >Regards
> >
> >Steve Mansfield
> >Technical Manager
> >slm@xxxxxxxxxxxxx
> >www.getreal.co.uk
> >
> >Real Data Services Ltd 117-119 Marlborough Road Romford Essex RM7 8AP
> >[Office] +44 [0] 1708 704433 [Fax] +44 [0] 1708 748859
> [Mobile] +44 [0]
> >7973 864677
> >
> >www.be-an-isp.com www.isdn4free.co.uk
http://signup.getreal.co.uk
>
>***************************************************************************
*************
>
> The information contained in this E-mail is confidential and solely for
> the intended
> addressee(s). Unauthorised reproduction, disclosure, modification,
> and/or distribution
> of this email may be unlawful. If you have received this email in error,
> please notify
> the sender immediately and delete it from your system.
>
> Real Data Services does not accept legal responsibility for the contents
> of this message
> if it has reached you via the Internet, as Internet communications are
> not secure.
> Any opinions expressed are those of the author and are not necessarily
> endorsed by the
> Real Data Services.
>
> Recipients are advised to apply their own virus checks to this message
> on delivery.
>
>***************************************************************************
*************
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
--__--__--
Message: 7
Date: Wed, 13 Mar 2002 22:10:46 -0600
To: cobalt-security@xxxxxxxxxxxxxxx
From: David Lucas <david@xxxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] Am I missing something here
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
At 12:10 PM 3/13/2002, you wrote:
>Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!!
>One was even hacked then taken down to be reloaded on a saturday
>afternoon and by the saturday night had been done again. They have been a
>mixture of raq3 & 4's which have all been fully patched to the hilt and
>with a few other security features added to the backend. WHAT'S GOING ON
>WITH THESE THINGS!!
>
>Behind a firewall they are fairly safe ( but getting them to work in the
>first place is a nightmare ), but without that security they are about as
>safe as a drunk with a box of matches. A brand spanking new raq4 went on
>to the network yesterday and by this morning it was about as useful as a
>chocolate teapot. Someone had got root access, taken off the latest
>patches and put his own version of SSH on the box. I am fully aware of a
>stint last year when even a cobalt engineer told me that there had been a
>spate of hacks that they didn't know how to fix!!!!
>
>Not that i expect too much of an answer from this email, but if there is a
>group of people that should know about these issues it's the mailing list
>and COBALT themselves. Does anybody at Cobalt ( sorry, i should say SUN )
>actually care!!!
>
>
>--
>Regards
Have you fired anyone lately?
--__--__--
Message: 8
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] email forwarding aliases for non-users
Date: Wed, 13 Mar 2002 23:45:37 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
"Mez" <mez@xxxxxxx> wrote:
> Can someone explain in simple terms (if possible) how to create email
> forwarding aliases for users not on the server.
> I am using an RAQ3 and I want to be able to add forwarding addresses.
>
> E.G.
>
> bob@xxxxxxxxxx (domain.com is hosted on my raq3) to forward to
bob@xxxxxxxxx
> But user "bob" does NOT exist on my server
>
> Is this possible at all, if so could someone point me in the right
direction
> for setting it up
John, this isn't really security-related, probably best suited for
cobalt-users, but...
Your example is confusing b/c you don't mention a username and you used
"bob" in both the server and external email address and then say bob doesn't
exist. But I think you're saying that there is *not* a user on the server
and you want to keep it that way, but fwd email for a specific email address
to an external location. OK.
Add the following to the bottom of /etc/mail/virtusertable:
# Tab between two parts below
bob@xxxxxxxxxx dummyuser1
Then type:
makemap hash /etc/mail/virtusertable.db < /etc/virtusertable
Then add the following to the bottom of /etc/mail/aliases:
dummyuser1 bob@xxxxxxxxx
Then type:
newaliases
Done. Enjoy!
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--__--__--
Message: 9
From: "Herby K" <mad1.z@xxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] Am I missing something here
Date: Thu, 14 Mar 2002 09:36:28 +0100
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
> I have had a lot of ssh protocol 1 scans
> You are running ONLY protocol 2 aren't you?
> And you are running 3.1p1
> --
> Gerald Waugh
> New Haven, Connecticut USA
:/ haha
sorry to say but - we were hacked 2 days bevore the 3.1p1 was released...
This was the time were all the .tar.gz .rpm and deb file were updated - but
not at cobalt for raq (3)
:(
But this is not the first time of bad support - in the meantime i regret
that we had choosen this system.
rgds
Herby
--__--__--
Message: 10
From: "Mark Anderson" <cronus@xxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] New Vulnerability - zlib - Red Hat is vulnerable
Date: Thu, 14 Mar 2002 09:44:56 -0000
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
I may be wrong in this assumption - but a patch
issued by Cobalt will only deal with dynamically
linked binaries. Those that are statically linked
with an older version of zlib will still be vulnerable
won't they ?
Mark.
--__--__--
Message: 11
From: cobalt@xxxxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx
Date: Thu, 14 Mar 2002 10:42:42 -0000
Subject: Re: [cobalt-security] New Vulnerability - zlib - Red Hat is vulnerable
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
On 13 Mar 2002 at 10:11, Rick Ewart wrote:
> Anyone seen this?
> http://www.kb.cert.org/vuls/id/368819
>
> Here's the text... Any idea if Cobalts are vulnerable as Red Hat 6.2 is?
> Also, don't freak out - apparently nobody has seen it actually exploited
> yet.
>
There is a list of apps affected by this at:
http://www.gzip.org/zlib/apps.html
There is also a link to a perl script which will check for statically linked binaries:
http://cert.uni-stuttgart.de/files/fw/find-zlib
Results from this script on Raq4i:
/bin
rpm
/sbin
install-info
/usr/bin
mysql
mysqladmin
mysqldump
mysqlimport
mysqlshow
mysqltest
rpm2cpio
/usr/sbin
mysqld
pppdump
No other directories checked yet...
Ian
--__--__--
Message: 12
From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Thu, 14 Mar 2002 11:53:30 +0100
Subject: [cobalt-security] unoficial PHP 4.1.2 PKG bugged?
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
Installed your PHP 4.1.2 pkg on a fully patched RaQ3i. No probs with the
installation.
Now: some existing PHP program don't run anymore.
Find out the problem:
ereg*() functions behave erratically and if replaced with pereg*() functions
works.
It seems that after some ereg parsing memory gets corrupted.
Anyone with the same problem? I tried to download the src and compile it
myself but it wont do I need to upgrade the compiler?
tnx
Audric
--__--__--
Message: 13
From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Thu, 14 Mar 2002 12:17:13 +0100
Subject: [cobalt-security] New Qube3 VPN support
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
I tried to test the new VPN function in the Qube3 available after the latest
OS update.
I tried to connect 2 Qube3 in two different locations, both are doing NAT
and no tunnel seems to start. I read the FAQ at freeswan.org and saw the
problems with NAT. Is the Qube3 affected as well?
Audric
--__--__--
Message: 14
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Organization: Stauber Multimedia Design
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] SUN don't care about security update ?
Date: Thu, 14 Mar 2002 14:24:58 +0100
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
Hi Leo,
> I'm very disapointed for the sun attitude about security upgrade of the
> cobalt. When there is important holes (like in PHP these days), they MUST
> provide upgrade in the hours like all Linux, *BSD, Unix system have do.
SUN/Cobalt sure hasn't the ressources to do this. SUN might have it, the
Cobalt division perhaps hasn't. Todays patch for the RaQ3 is a prime example
to that: RaQ3-All-Security-4.0.1-13453.pkg (Glibc update). It fixes a glibc
vulnerability which was published on 17th December 2001.
Whoops: It took SUN/Cobalt almost to the day *three months* to release the
patch.
Sure, glibc is no trivial matter to mess with, but the recent zlib issue is
of similar scale as it affects a wide spread set of applications, binaries
and libraries. Well, maybe we can expect a patch for that in three months as
well? Oh my ... what a perespective.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer
--__--__--
Message: 15
From: "Kai r. s., euroweb as" <kai@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Thu, 14 Mar 2002 14:32:11 +0100
Subject: [cobalt-security] Percent Used: 607 %
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
Hi,
I got this warning from one of the cobalt raq4r servers:
"is very near or over the disk space limit allocated on the Sun Cobalt
server.
Once the quota limit is reached, no more data can be stored. Consider
moving
some data to another location or increasing the limit.
Quota Limit: 35.00 MB
Quota Used: 212.74 MB
Percent Used: 607 %"
How is this posible? and could this be a indicator to a hack?
Another customer reported this strange error message when trying to change
disk quota:
"A root web must first be enabled in the Site Settings menu"
I have allso got a message like this for some time back. Anybody knows what
it is?
Regards
Kai R Schantz
Euroweb AS
Norway
----------------------------
--__--__--
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
End of cobalt-security Digest