[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit

Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
From: "Richard Sidlin" <richard@xxxxxxxxxxx>
Date: Fri, 6 Dec 2002 19:17:13 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Mmm. See what you mean. Can you mail me direct or give me some other clue as
to how I know if I need the update?



Richard Sidlin

> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Goade,
> Matthew
> Sent: 06 December 2002 19:12
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> I do not know the legal implications of posting a
> how-to-crack-a-cobalt in a public forum. Sorry!
>
> -----Original Message-----
> From: Richard Sidlin [mailto:richard@xxxxxxxxxxx]
> Sent: Friday, December 06, 2002 1:00 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
>
>
> Sorry to be thick but how do you try the exploit please?
>
>
>
> Richard Sidlin
>
> > -----Original Message-----
> > From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Goade,
> > Matthew
> > Sent: 06 December 2002 18:50
> > To: cobalt-security@xxxxxxxxxxxxxxx
> > Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> > Try the exploit ;-)
> > It will tell you if it is or is not vulnerable. Keep in mind it
> > will do whatever you tell it to do as root. In other words do not
> > test it with rm -rf /home !
> >
> > -----Original Message-----
> > From: Richard Sidlin [mailto:richard@xxxxxxxxxxx]
> > Sent: Friday, December 06, 2002 12:11 PM
> > To: cobalt-security@xxxxxxxxxxxxxxx
> > Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> >
> >
> > I'm normally up to date with patches but I don't see anything with SHP
> > listed under my installed software. Should I be looking elsewhere?
> >
> >
> >
> > Richard Sidlin
> >
> >
> > > -----Original Message-----
> > > From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > > [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul Jacobs
> > > Sent: 06 December 2002 17:41
> > > To: cobalt-security@xxxxxxxxxxxxxxx
> > > Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> > >
> > >
> > > At 08:08 AM 12/6/2002, you wrote:
> > > >Yes, I get that on a telnet session after every visit to the
> > > Admin cosole on
> > > >http (web browser)
> > >
> > > Really, I do not?!
> > >
> > >
> > > >-----Original Message-----
> > > >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > > >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
> > Darryl Koster
> > > >Sent: Friday, December 06, 2002 9:06 AM
> > > >To: cobalt-security@xxxxxxxxxxxxxxx
> > > >Subject: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> > > >
> > > >
> > > >
> > > >
> > > >Has anyone else been seeing the following on their telnet sessions
> > > >
> > > >last login by http
> > > >
> > > >???
> > > >
> > > >It started last night when this hack was announced. I did
> not have that
> > > >program installed on my RaQ so when I tried to uninstall it
> there was a
> > > >message basically saying, sorry nothing to uninstall. I have
> > > been watching
> > > >my logs (all of them) for any sign of weirdness (missing
> times etc) and
> > > >there really is nothing. My shell is basically keeping the history of
> > > >everything I am doing etc. So has anyone seen above (http)?
> > > >
> > > >Darryl Koster
> > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > >Status Technologies Inc.                   President/Owner
> > > >"Let Us Help You Get The Status You Deserve!"
> > > >http://www.statustechnologies.com
> > > >P: (905) 435-0145  TF (NA) 888-909-9004  F: (905) 435-0873
> > > >
> > > >
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: cobalt-security-admin@xxxxxxxxxxxxxxx
> > > >[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
> Gerald Waugh
> > > >Sent: Friday, December 06, 2002 7:26 AM
> > > >To: cobalt-security@xxxxxxxxxxxxxxx
> > > >Subject: Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
> > > >
> > > >
> > > >On Thu, 5 Dec 2002, njd 76 wrote:
> > > >
> > > > > i was scared you would say that... jeez...
> > > > >
> > > > > Well i have a RAQ4 with the SHP installed, since Sun isnt
> > > going to answer
> > > > > me... anyone else want to tell me what to do. I am scared
> to use the
> > > > > uninstall because some are saying it takes out the imap update.
> > > > >
> > > > > Any suggestions on what people like me should do?
> > > > >
> > > >
> > > >apply the SHP_REM patch
> > > >Which removes it...
> > > >
> > > >Gerald
> > > >--
> > > >http://frontstreetnetworks.com | http://raqware.com
> > > >Front Street Networks LLC  | Phone: +1 203-785-0699
> > > >229 Front Street, Ste. C, New Haven, CT. 06513-3203
> > > >
> > > >_______________________________________________
> > > >cobalt-security mailing list
> > > >cobalt-security@xxxxxxxxxxxxxxx
> > > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > >
> > > >
> > > >_______________________________________________
> > > >cobalt-security mailing list
> > > >cobalt-security@xxxxxxxxxxxxxxx
> > > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > >
> > > >
> > > >
> > > >_______________________________________________
> > > >cobalt-security mailing list
> > > >cobalt-security@xxxxxxxxxxxxxxx
> > > >http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > > _______________________________________________
> > > cobalt-security mailing list
> > > cobalt-security@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > > ----------------------------------------------------------
> > > This message has been checked for all known viruses by the
> > > Help Internet Virus Scanning Service 01707 897111
> > >
> > >
> >
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> > ----------------------------------------------------------
> > This message has been checked for all known viruses by the
> > Help Internet Virus Scanning Service 01707 897111
> >
> >
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----------------------------------------------------------
> This message has been checked for all known viruses by the
> Help Internet Virus Scanning Service 01707 897111
>
>

Follow-Ups:
- Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
  - From: Jamie Martino
- Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
  - From: Harald Kapper

References:
- RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
  - From: Goade, Matthew

Prev by Date: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Next by Date: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Previous by thread: RE: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit
Next by thread: Re: [cobalt-security] FW: Cobalt RaQ4 Remote root exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index