[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] The nasty RaQ hack...
- Subject: Re: [cobalt-security] The nasty RaQ hack...
- From: "Jelmer Jellema" <lists@xxxxxxxxxxxxxxx>
- Date: Thu, 23 Jan 2003 09:43:59 +0100
- Organization: Spin in het Web (www.spininhetweb.nl)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Jeff,
Thanks for the information, it looks like it's time to upgrade. Question: is
there any information about this hack on bugtrack? I could not find it
there, nore on this list (but it's still quite early overhere) . Or is this
one kept a secret untill we all had a chance to upgrade?
I would like to know if I'm vulnurable, in my specific situation (no
untrusted shell accounts, ports 81 and 444 blocked by ipchains etc.).
It's hard typing with your fingers crossed!
Jelmer
----- Original Message -----
From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, January 21, 2003 8:21 PM
Subject: [cobalt-security] The nasty RaQ hack...
> I'm posting this information to a few of the lists because some fairly
> intelligent people have written me unsure of exactly what they have to
> do to protect agains the nasty hack going around that completely
> destroys all the content on RaQ4s.
>
> You really need to do this. If you can't do it yourself, have someone
> do it for you.
>
> This information comes from various sources, and is presented as a
> simple recipe for your convenience. All liability disclamers in effect
> of course. If you need someone to be responsible for the work, then
> find someone to do it for you.
>
> First of all, according to the docs published for the hack, a quick fix
> is to chmod 755 /usr/lib/authenticate if it's not already set to that.
>
> Second, according to Michael, make sure you've got the latest update for
> apache, patch 15787, from the Cobalt package site.
>
> Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from
> ftp://ftp.nacs.net/pub/software/cobalt_raq4
>
> openssl-0.9.7-1.i386.rpm
> openssl-0.9.7-1.src.rpm
> openssl-devel-0.9.7-1.i386.rpm
> openssl-doc-0.9.7-1.i386.rpm
>
> Fourth, upgrade OpenSSH, either from solarspeed.net
> (http://www.solarspeed.net/downloads/index.php), or from pkgmaster:
> (http://pkgmaster.com/packages/raq/4/). (Required, previous versions of
> SSH may not work properly with the rpm versions of OpenSSL.)
>
> Sixth, make frequent backups; this is nasty and destroys most of the
> content on your RaQ.
>
> Seventh, cross your fingers.
>
> Jeff
> --
> Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
> Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
> Our jblists address used on lists is for list email only
> To contact us offlist: "http://www.nobaloney.net/contactus.html";
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>