[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] raq 550 observations (Was: VHOST over two IP's?)

Subject: [cobalt-security] raq 550 observations (Was: VHOST over two IP's?)
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 03 Oct 2002 09:28:11 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 2002-10-03 at 02:24, Gerald Waugh wrote:

> <off-list>
> I want to buy a raq550, where did you get yours? 
> </off-list>

Yesterday I installed 550 software on a raq3, and there are good news
and bad news, and both are on-topic on this list ;)

The good news is that the system comes with openssl package installed,
and everything is linked *dynamically* against openssl shared
libraries.  "Everything" is ssh (it comes with the system), mod_ssl,
wget, and possibly some other utilities.

The bad news is that openssl is ancient, and that shared libraries use
soversion 1.  Because native openssl distribution use soversion 0, and
recent redhat RPMs - soversion 2, there is no straight way to upgrade. 
You will have to either create symlinks by hand in /usr/lib and pray
that ldconfig does not break them on the next run, or tweak SRMP spec
file and soversion patch.  Also, ssh insists on specific openssl library
version and will not work if you replace shared library with a newer
version.  This is less of a problem because you will want to reinstall
openssh anyway: shipped version is 2.9.something :-(

Of course some of the recent openssl bugs *may* be non-exploitable on a
'550 due to it's stack overflow prevention hacks, but I would not bet on
that...  and bringing it up to date looks even harder than older raq's.

On a bright side, the system apparently comes with a stack overflow
protection hack (non-executable stack patch?  Don't know exectly) and
some intrusion detection thing based on IP traffic analysis.

Another observation (offtopic): '550 web interface is even more fragile
than that of older products.  Once you switch to another tab in your
browser and then come back, you find yourself on the section entry
screen instead of the screen that you left.  May be a browser bug but
IMO good web interface should not rely on such subtleties.

Eugene

P.S. If you try to do the same as I did, don't forget that you'd most
certainly need to reprogram flash bios.

Follow-Ups:
- [cobalt-security] Re: raq 550 observations (Was: VHOST over two IP's?)
  - From: Chris Adams

References:
- RE: [cobalt-security] New SSL Patch -- did anything happen ?
  - From: Graeme Fowler
- [cobalt-security] VHOST over two IP's?
  - From: David Smulsky
- Re: [cobalt-security] VHOST over two IP's?
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] HELP ME - IM NEWBEE
Next by Date: Re: [cobalt-security] HELP ME - IM NEWBEE
Previous by thread: Re: [cobalt-security] VHOST over two IP's?
Next by thread: [cobalt-security] Re: raq 550 observations (Was: VHOST over two IP's?)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index