[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Cobalt Control Station exploit??

Subject: Re: [cobalt-security] Cobalt Control Station exploit??
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Tue, 30 Sep 2003 00:48:48 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Mike,

> There was a quick fury of emails regarding this last week, but I haven't
> seen/heard anything since. Does anyone have any updates?

I've been in email contact with two Sun Cobalt technicians (Anthony Placilla & 
Shaun White) on 26th September and forwarded them all the forensics that I 
could gather off the compromised ControlStation. 

I didn't hear back from them once I had sent them everything, so my best guess 
is they're now working on a fix.

I thought about submitting a more detailed writeup to Bugtraq, but I doubt 
that it would be in everyones best interest. So that's a no-no until Sun Sun 
has it wrapped up thoroughly.
 
FWIW: I have plugged the hole on my own CS by now and thought about rolling up 
a PKG. But like always a patch is also sort of a full disclosure and will 
point the wrong people into a direction which many CS users won't like. After 
all, most of the CS users might neither be aware of the problem or that an 
unofficial fix is available. So I rather leave that to Sun and hope that the 
proper patch is speedily available on BlueLinQ.

-- 

With best regards,

Michael Stauber

References:
- [cobalt-security] Cobalt Control Station exploit??
  - From: Mike Jeffers

Prev by Date: [cobalt-security] Cobalt Control Station exploit??
Next by Date: [cobalt-security] Cobalt security resource location (automatic reminder)
Previous by thread: [cobalt-security] Cobalt Control Station exploit??
Next by thread: [cobalt-security] OpenSSL Advisory?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index