Re: [cobalt-security] FW: script kiddie own a cobalt? >was Cobalt RaQ4 Remote root exploit

["Michigan Connect, LLC" <bernie@xxxxxxxxxx>]

Have a question, I have had SolarSpeed install their firewall on two of our
cobalts both RAQ4r's, should we be ok or are we still vuln to this SHP HACK?

Thanks,

Bernie---
----- Original Message -----
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, December 06, 2002 12:14 PM
Subject: RE: [cobalt-security] FW: script kiddie own a cobalt? >was Cobalt
RaQ4 Remote root exploit


> SR> Date: Fri, 06 Dec 2002 15:05:36 +0000
> SR> From: Steve Root
>
>
> SR> Surely that is only once they have a command line / terminal
> SR> prompt though?
>
> No.
>
>
> SR> They would have to get past one of the user passwords first?
>
> Not at all.  A remote root exploit means one runs a magic program
> that "picks the lock" and gives root access.
>
> Check out L0pht, Phrack, 2600, or Google for "stack overflow",
> "format string", and "race conditions".  There are many good
> tutorials that explain how these things work.  Many of them
> assume one is familiar with assembly language and computer
> architecture, though...
>
>
> Eddy
> --
> Brotsman & Dreger, Inc. - EverQuick Internet Division
> Bandwidth, consulting, e-commerce, hosting, and network building
> Phone: +1 (785) 865-5885 Lawrence and [inter]national
> Phone: +1 (316) 794-8922 Wichita
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
> From: A Trap <blacklist@xxxxxxxxx>
> To: blacklist@xxxxxxxxx
> Subject: Please ignore this portion of my mail signature.
>
> These last few lines are a trap for address-harvesting spambots.
> Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
> be blocked.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>