[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RaQFuCK
- Subject: Re: [cobalt-security] RaQFuCK
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 24 Oct 2002 08:45:27 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 2002-10-24 at 06:11, Scott F wrote:
> Does anyone know of a fix, or if any of the recent
> Cobalt/SUN patches addressed the RaQFuCK hack that
> grabs access from /usr/lib/authenticate and opens a
> shell..? I just discovered a user who recently found,
> and apparently tried to execute this hack/script on my
> RaQ4 (found scraps of the script and the gmon.out file
> on the system).. I don't permit shell access, and I'm
> not sure if they managed to get a shell with the
> script, and franky I'm not interested in trying the
> script on my only RaQ4 which is in production - but
> I'll be a little hot under the collar if I discover
> this user got a shell and this issue hasn't been
> patched/addressed in any of the recent patches.. This
> exploit has been in the wild for at -least- 3 months
> already.. Has this been addressed/fixed if the RaQ4 is
> fully patched..? Thanks!
This patch
http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.1-2-15787.pkg
is supposed to fix the issue among other things. Or, on September 25 I
posted instructions on how to fix the problem by hand:
http://list.cobalt.com/pipermail/cobalt-security/2002-September/006327.html
Eugene