[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQFuCK

Subject: Re: [cobalt-security] RaQFuCK
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Oct 2002 11:56:31 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 07:11 PM 10/23/2002, you wrote:

Greets,

Does anyone know of a fix, or if any of the recent
Cobalt/SUN patches addressed the RaQFuCK hack that
grabs access from /usr/lib/authenticate and opens a
shell..?  I just discovered a user who recently found,
and apparently tried to execute this hack/script on my
RaQ4 (found scraps of the script and the gmon.out file
on the system).. I don't permit shell access, and I'm
not sure if they managed to get a shell with the
script, and franky I'm not interested in trying the
script on my only RaQ4 which is in production - but
I'll be a little hot under the collar if I discover
this user got a shell and this issue hasn't been
patched/addressed in any of the recent patches.. This
exploit has been in the wild for at -least- 3 months
already.. Has this been addressed/fixed if the RaQ4 is
fully patched..?  Thanks!


No fix that I know of yet, but then it takes sun months to patch something.

__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Prev by Date: RE: [cobalt-security] port 3731
Next by Date: [cobalt-security] Mail Server - User Password Rejected
Previous by thread: [cobalt-security] RaQFuCK
Next by thread: [cobalt-security] lcd-menu

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index