[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] The nasty RaQ hack...

I'm posting this information to a few of the lists because some fairly
intelligent people have written me unsure of exactly what they have to
do to protect agains the nasty hack going around that completely
destroys all the content on RaQ4s.

You really need to do this.  If you can't do it yourself, have someone
do it for you.

This information comes from various sources, and is presented as a
simple recipe for your convenience.  All liability disclamers in effect
of course.  If you need someone to be responsible for the work, then
find someone to do it for you.

First of all, according to the docs published for the hack, a quick fix 
is to chmod 755 /usr/lib/authenticate if it's not already set to that.

Second, according to Michael, make sure you've got the latest update for 
apache, patch 15787, from the Cobalt package site.

Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from 
ftp://ftp.nacs.net/pub/software/cobalt_raq4

  openssl-0.9.7-1.i386.rpm
  openssl-0.9.7-1.src.rpm
  openssl-devel-0.9.7-1.i386.rpm
  openssl-doc-0.9.7-1.i386.rpm

Fourth, upgrade OpenSSH, either from solarspeed.net 
(http://www.solarspeed.net/downloads/index.php), or from pkgmaster: 
(http://pkgmaster.com/packages/raq/4/).  (Required, previous versions of 
SSH may not work properly with the rpm versions of OpenSSL.)

Sixth, make frequent backups; this is nasty and destroys most of the 
content on your RaQ.

Seventh, cross your fingers.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";