[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQFuCK

Subject: Re: [cobalt-security] RaQFuCK
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 24 Oct 2002 08:45:27 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 2002-10-24 at 06:11, Scott F wrote:

> Does anyone know of a fix, or if any of the recent
> Cobalt/SUN patches addressed the RaQFuCK hack that
> grabs access from /usr/lib/authenticate and opens a
> shell..?  I just discovered a user who recently found,
> and apparently tried to execute this hack/script on my
> RaQ4 (found scraps of the script and the gmon.out file
> on the system).. I don't permit shell access, and I'm
> not sure if they managed to get a shell with the
> script, and franky I'm not interested in trying the
> script on my only RaQ4 which is in production - but
> I'll be a little hot under the collar if I discover
> this user got a shell and this issue hasn't been
> patched/addressed in any of the recent patches.. This
> exploit has been in the wild for at -least- 3 months
> already.. Has this been addressed/fixed if the RaQ4 is
> fully patched..?  Thanks!

This patch

http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.1-2-15787.pkg

is supposed to fix the issue among other things.  Or, on September 25 I
posted instructions on how to fix the problem by hand:

http://list.cobalt.com/pipermail/cobalt-security/2002-September/006327.html

Eugene

Follow-Ups:
- Re: [cobalt-security] RaQFuCK
  - From: Jay Summers
- Re: [cobalt-security] RaQFuCK
  - From: MC Gonzalez

References:
- [cobalt-security] RaQFuCK
  - From: Scott F

Prev by Date: [cobalt-security] RaQFuCK
Next by Date: Re: [cobalt-security] RaQFuCK
Previous by thread: [cobalt-security] RaQFuCK
Next by thread: Re: [cobalt-security] RaQFuCK

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index