[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
- Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
- From: "Goade, Matthew" <mgoade@xxxxxxxxxxxxxxx>
- Date: Fri, 6 Dec 2002 13:12:27 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I do not know the legal implications of posting a how-to-crack-a-cobalt in a public forum. Sorry!
-----Original Message-----
From: Richard Sidlin [mailto:richard@xxxxxxxxxxx]
Sent: Friday, December 06, 2002 1:00 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Sorry to be thick but how do you try the exploit please?
Richard Sidlin
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Goade,
> Matthew
> Sent: 06 December 2002 18:50
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> Try the exploit ;-)
> It will tell you if it is or is not vulnerable. Keep in mind it
> will do whatever you tell it to do as root. In other words do not
> test it with rm -rf /home !
>
> -----Original Message-----
> From: Richard Sidlin [mailto:richard@xxxxxxxxxxx]
> Sent: Friday, December 06, 2002 12:11 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> I'm normally up to date with patches but I don't see anything with SHP
> listed under my installed software. Should I be looking elsewhere?
>
>
>
> Richard Sidlin
>
>
> > -----Original Message-----
> > From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Jacobs
> > Sent: 06 December 2002 17:41
> > To: cobalt-security@xxxxxxxxxxxxxxx
> > Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> > At 08:08 AM 12/6/2002, you wrote:
> > >Yes, I get that on a telnet session after every visit to the
> > Admin cosole on
> > >http (web browser)
> >
> > Really, I do not?!
> >
> >
> > >-----Original Message-----
> > >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
> Darryl Koster
> > >Sent: Friday, December 06, 2002 9:06 AM
> > >To: cobalt-security@xxxxxxxxxxxxxxx
> > >Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> > >
> > >
> > >
> > >
> > >Has anyone else been seeing the following on their telnet sessions
> > >
> > >last login by http
> > >
> > >???
> > >
> > >It started last night when this hack was announced. I did not have that
> > >program installed on my RaQ so when I tried to uninstall it there was a
> > >message basically saying, sorry nothing to uninstall. I have
> > been watching
> > >my logs (all of them) for any sign of weirdness (missing times etc) and
> > >there really is nothing. My shell is basically keeping the history of
> > >everything I am doing etc. So has anyone seen above (http)?
> > >
> > >Darryl Koster
> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >Status Technologies Inc. President/Owner
> > >"Let Us Help You Get The Status You Deserve!"
> > >http://www.statustechnologies.com
> > >P: (905) 435-0145 TF (NA) 888-909-9004 F: (905) 435-0873
> > >
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Gerald Waugh
> > >Sent: Friday, December 06, 2002 7:26 AM
> > >To: cobalt-security@xxxxxxxxxxxxxxx
> > >Subject: Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> > >
> > >
> > >On Thu, 5 Dec 2002, njd 76 wrote:
> > >
> > > > i was scared you would say that... jeez...
> > > >
> > > > Well i have a RAQ4 with the SHP installed, since Sun isnt
> > going to answer
> > > > me... anyone else want to tell me what to do. I am scared to use the
> > > > uninstall because some are saying it takes out the imap update.
> > > >
> > > > Any suggestions on what people like me should do?
> > > >
> > >
> > >apply the SHP_REM patch
> > >Which removes it...
> > >
> > >Gerald
> > >--
> > >http://frontstreetnetworks.com | http://raqware.com
> > >Front Street Networks LLC | Phone: +1 203-785-0699
> > >229 Front Street, Ste. C, New Haven, CT. 06513-3203
> > >
> > >_______________________________________________
> > >cobalt-security mailing list
> > >cobalt-security@xxxxxxxxxxxxxxx
> > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > >
> > >_______________________________________________
> > >cobalt-security mailing list
> > >cobalt-security@xxxxxxxxxxxxxxx
> > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > >
> > >
> > >_______________________________________________
> > >cobalt-security mailing list
> > >cobalt-security@xxxxxxxxxxxxxxx
> > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> > ----------------------------------------------------------
> > This message has been checked for all known viruses by the
> > Help Internet Virus Scanning Service 01707 897111
> >
> >
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----------------------------------------------------------
> This message has been checked for all known viruses by the
> Help Internet Virus Scanning Service 01707 897111
>
>
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security