[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit

Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
From: "Goade, Matthew" <mgoade@xxxxxxxxxxxxxxx>
Date: Fri, 6 Dec 2002 12:49:52 -0600
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Try the exploit ;-)
It will tell you if it is or is not vulnerable. Keep in mind it will do whatever you tell it to do as root. In other words do not test it with rm -rf /home !

-----Original Message-----
From: Richard Sidlin [mailto:richard@xxxxxxxxxxx]
Sent: Friday, December 06, 2002 12:11 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit


I'm normally up to date with patches but I don't see anything with SHP
listed under my installed software. Should I be looking elsewhere?



Richard Sidlin


> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Jacobs
> Sent: 06 December 2002 17:41
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> At 08:08 AM 12/6/2002, you wrote:
> >Yes, I get that on a telnet session after every visit to the
> Admin cosole on
> >http (web browser)
>
> Really, I do not?!
>
>
> >-----Original Message-----
> >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Darryl Koster
> >Sent: Friday, December 06, 2002 9:06 AM
> >To: cobalt-security@xxxxxxxxxxxxxxx
> >Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> >
> >
> >Has anyone else been seeing the following on their telnet sessions
> >
> >last login by http
> >
> >???
> >
> >It started last night when this hack was announced. I did not have that
> >program installed on my RaQ so when I tried to uninstall it there was a
> >message basically saying, sorry nothing to uninstall. I have
> been watching
> >my logs (all of them) for any sign of weirdness (missing times etc) and
> >there really is nothing. My shell is basically keeping the history of
> >everything I am doing etc. So has anyone seen above (http)?
> >
> >Darryl Koster
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Status Technologies Inc.                   President/Owner
> >"Let Us Help You Get The Status You Deserve!"
> >http://www.statustechnologies.com
> >P: (905) 435-0145  TF (NA) 888-909-9004  F: (905) 435-0873
> >
> >
> >
> >
> >-----Original Message-----
> >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
> >Sent: Friday, December 06, 2002 7:26 AM
> >To: cobalt-security@xxxxxxxxxxxxxxx
> >Subject: Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> >On Thu, 5 Dec 2002, njd 76 wrote:
> >
> > > i was scared you would say that... jeez...
> > >
> > > Well i have a RAQ4 with the SHP installed, since Sun isnt
> going to answer
> > > me... anyone else want to tell me what to do. I am scared to use the
> > > uninstall because some are saying it takes out the imap update.
> > >
> > > Any suggestions on what people like me should do?
> > >
> >
> >apply the SHP_REM patch
> >Which removes it...
> >
> >Gerald
> >--
> >http://frontstreetnetworks.com | http://raqware.com
> >Front Street Networks LLC  | Phone: +1 203-785-0699
> >229 Front Street, Ste. C, New Haven, CT. 06513-3203
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> >
> >
> >_______________________________________________
> >cobalt-security mailing list
> >cobalt-security@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----------------------------------------------------------
> This message has been checked for all known viruses by the
> Help Internet Virus Scanning Service 01707 897111
>
>


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
  - From: Richard Sidlin

Prev by Date: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Next by Date: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Previous by thread: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Next by thread: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index