[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Cobalt Control Station exploit??
- Subject: Re: [cobalt-security] Cobalt Control Station exploit??
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 30 Sep 2003 00:48:48 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Mike,
> There was a quick fury of emails regarding this last week, but I haven't
> seen/heard anything since. Does anyone have any updates?
I've been in email contact with two Sun Cobalt technicians (Anthony Placilla &
Shaun White) on 26th September and forwarded them all the forensics that I
could gather off the compromised ControlStation.
I didn't hear back from them once I had sent them everything, so my best guess
is they're now working on a fix.
I thought about submitting a more detailed writeup to Bugtraq, but I doubt
that it would be in everyones best interest. So that's a no-no until Sun Sun
has it wrapped up thoroughly.
FWIW: I have plugged the hole on my own CS by now and thought about rolling up
a PKG. But like always a patch is also sort of a full disclosure and will
point the wrong people into a direction which many CS users won't like. After
all, most of the CS users might neither be aware of the problem or that an
unofficial fix is available. So I rather leave that to Sun and hope that the
proper patch is speedily available on BlueLinQ.
--
With best regards,
Michael Stauber