[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQFuCK

Subject: Re: [cobalt-security] RaQFuCK
From: MC Gonzalez <mgonzalez@xxxxxxxxxx>
Date: 27 Oct 2002 15:47:50 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, 2002-10-23 at 22:45, Eugene Crosser wrote:
> On Thu, 2002-10-24 at 06:11, Scott F wrote:
> 
> > Does anyone know of a fix, or if any of the recent
> > Cobalt/SUN patches addressed the RaQFuCK hack that
> > grabs access from /usr/lib/authenticate and opens a
> > shell..? 

Question regarding this exploit.  Does it do anything to ssh?  

Background:
Bosses personal RAQ4 seems to have gotten hit with this.  He asked me to
check it out.  I noticed he didn't have the 15787 patch.  He also didn't
have the latest and greatest ssh from pkgmaster.  I installed the
pkgmaster first and now can't get in with ssh.  I get the following:

Oct 27 17:09:56 www sshd[12146]: log: Connection from xxx.xxx.xxx.xxx
port 33599
Oct 27 17:09:56 www sshd[12146]: log: RhostsRsa authentication not
available for connections from unprivileged port.
Oct 27 17:10:33 www sshd[12146]: fatal: Connection closed by remote
host.

I am frankly afraid to install the 15787 patch as it requires a reboot
and I would hate to not be able to get back into this server :)

A google on this error turns up nothing helpful.

Thanks in advance!

-- 
Marie Gonzalez

Follow-Ups:
- Re: [cobalt-security] RaQFuCK
  - From: MC Gonzalez
- Re: [cobalt-security] RaQFuCK
  - From: David Smulsky

References:
- [cobalt-security] RaQFuCK
  - From: Scott F
- Re: [cobalt-security] RaQFuCK
  - From: Eugene Crosser

Prev by Date: Re: [cobalt-security] Different relaying denied question
Next by Date: Re: [cobalt-security] RaQFuCK
Previous by thread: Re: [cobalt-security] RaQFuCK
Next by thread: Re: [cobalt-security] RaQFuCK

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index