[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] FW: script kiddie own a cobalt? >was Cobalt RaQ4 Remote root exploit
- Subject: RE: [cobalt-security] FW: script kiddie own a cobalt? >was Cobalt RaQ4 Remote root exploit
- From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 06 Dec 2002 09:39:34 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 07:05 AM 12/6/2002, you wrote:
At 17:50 05/12/02 -0600, you wrote:
By the way, it does not allow a hacker into the box, it allows script
kiddies to root the box. Any newbie running mandrake could own a cobalt
in under 5 commands.
(I'm a newbie, but..)
Surely that is only once they have a command line / terminal prompt
though? They would have to get past one of the user passwords first?
Not if they use the remote exploit to get your root password.
Regards
Steve Root
PS - does my name mean that my qube has always be 'root expolited' :)
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security