[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RAQ3 & RAQ4 Hacked...

Subject: RE: [cobalt-security] RAQ3 & RAQ4 Hacked...
From: "Ben Koshy" <ben@xxxxxxxxxxx>
Date: Sun, 31 Mar 2002 16:46:44 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Title: Message

Update: Turns out we isolated it to a newly activated NFS Daemon on that box. Anyone know of vunrenbilities on the NFS Daemon there? Are there patches or security that can be applied?

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Ben Koshy
Sent: March 31, 2002 1:43 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] RAQ3 & RAQ4 Hacked...

I had this group called "Acid Fallz" hack 2 of my servers over the last few months...they are based out of Russian and claim to only do defacements to prove security vunrenbilities... anyway, both servers had all patches applied from Cobalt. All that was done was the index.htm page was replaced with the hacked version and the old page moved to a backup file. A couple months back they did this to one of our RAQ4s, and then yesterday to a RAQ3.

Any idea what hack this could be? I'm at a loss...

Follow-Ups:
- Re: [cobalt-security] RAQ3 & RAQ4 Hacked...
  - From: Gerald Waugh

References:
- [cobalt-security] RAQ3 & RAQ4 Hacked...
  - From: Ben Koshy

Prev by Date: [cobalt-security] Cobalt security resource location (automatic reminder)
Next by Date: Re: [cobalt-security] RAQ3 & RAQ4 Hacked...
Previous by thread: [cobalt-security] RAQ3 & RAQ4 Hacked...
Next by thread: Re: [cobalt-security] RAQ3 & RAQ4 Hacked...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index