[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RaQFuCK
- Subject: [cobalt-security] RaQFuCK
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Wed, 23 Oct 2002 19:11:17 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Greets,
Does anyone know of a fix, or if any of the recent
Cobalt/SUN patches addressed the RaQFuCK hack that
grabs access from /usr/lib/authenticate and opens a
shell..? I just discovered a user who recently found,
and apparently tried to execute this hack/script on my
RaQ4 (found scraps of the script and the gmon.out file
on the system).. I don't permit shell access, and I'm
not sure if they managed to get a shell with the
script, and franky I'm not interested in trying the
script on my only RaQ4 which is in production - but
I'll be a little hot under the collar if I discover
this user got a shell and this issue hasn't been
patched/addressed in any of the recent patches.. This
exploit has been in the wild for at -least- 3 months
already.. Has this been addressed/fixed if the RaQ4 is
fully patched..? Thanks!
__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com