[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
- Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
- From: "Richard Sidlin" <richard@xxxxxxxxxxx>
- Date: Fri, 6 Dec 2002 18:10:52 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I'm normally up to date with patches but I don't see anything with SHP
listed under my installed software. Should I be looking elsewhere?
Richard Sidlin
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Jacobs
> Sent: 06 December 2002 17:41
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> At 08:08 AM 12/6/2002, you wrote:
> >Yes, I get that on a telnet session after every visit to the
> Admin cosole on
> >http (web browser)
>
> Really, I do not?!
>
>
> >-----Original Message-----
> >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Darryl Koster
> >Sent: Friday, December 06, 2002 9:06 AM
> >To: cobalt-security@xxxxxxxxxxxxxxx
> >Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> >
> >
> >Has anyone else been seeing the following on their telnet sessions
> >
> >last login by http
> >
> >???
> >
> >It started last night when this hack was announced. I did not have that
> >program installed on my RaQ so when I tried to uninstall it there was a
> >message basically saying, sorry nothing to uninstall. I have
> been watching
> >my logs (all of them) for any sign of weirdness (missing times etc) and
> >there really is nothing. My shell is basically keeping the history of
> >everything I am doing etc. So has anyone seen above (http)?
> >
> >Darryl Koster
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Status Technologies Inc. President/Owner
> >"Let Us Help You Get The Status You Deserve!"
> >http://www.statustechnologies.com
> >P: (905) 435-0145 TF (NA) 888-909-9004 F: (905) 435-0873
> >
> >
> >
> >
> >-----Original Message-----
> >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
> >Sent: Friday, December 06, 2002 7:26 AM
> >To: cobalt-security@xxxxxxxxxxxxxxx
> >Subject: Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> >On Thu, 5 Dec 2002, njd 76 wrote:
> >
> > > i was scared you would say that... jeez...
> > >
> > > Well i have a RAQ4 with the SHP installed, since Sun isnt
> going to answer
> > > me... anyone else want to tell me what to do. I am scared to use the
> > > uninstall because some are saying it takes out the imap update.
> > >
> > > Any suggestions on what people like me should do?
> > >
> >
> >apply the SHP_REM patch
> >Which removes it...
> >
> >Gerald
> >--
> >http://frontstreetnetworks.com | http://raqware.com
> >Front Street Networks LLC | Phone: +1 203-785-0699
> >229 Front Street, Ste. C, New Haven, CT. 06513-3203
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----------------------------------------------------------
> This message has been checked for all known viruses by the
> Help Internet Virus Scanning Service 01707 897111
>
>