[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Bad RaQ3-All-Security-3.0.1-8061.pkg ??

Subject: Re: [cobalt-developers] Bad RaQ3-All-Security-3.0.1-8061.pkg ??
From: robert <rob@xxxxxxxxxxxxxxx>
Date: Thu Mar 29 13:36:01 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

everyone look in /tmp for ramen.tgz...

also do a ps aux | grep .sh ...
look for hack.sh, etc etc...

there's a major vulnerability in bind that can be exploited.
i realize there's been previous notices...

i left a raq4 open (i didnt upgrade the bind on it) and it was exploited
this is a DDoS exploit. it scans RANDOM CLASS B NETWORKS! and it finds all 
exploitable servers in the random class b nets.

please check your server. this is a variant of the ramen exploit... it
replaces index.html files with a new index.html that says "Kill all the
Japanese!" 

so um, check this out... immediately. you don't notice until your virutal
host customers call up and say "what the hell." 

just a little FYI.

Robert Abraham, CEO 
HyperAccess.net
http://www.hyperaccess.net

On Thu, 29 Mar 2001, Jack Lavender wrote:

> I have attempted to install  RaQ3-All-Security-3.0.1-8061.pkg from
> /home/packages directory
> 
> So I un-tar'd it
> (mkdir temp; cd temp;
> tar -xvzf ../RaQ3-All-Security-3.0.1-8061.pkg)
> 
> and then checked out the rpms
> 
> [admin@www RPMS]$ rpm --checksig *
> glibc-2.1.3-21.i386.rpm: size md5 GPG NOT OK
> glibc-devel-2.1.3-21.i386.rpm: size md5 GPG NOT OK
> glibc-profile-2.1.3-21.i386.rpm: size md5 GPG NOT OK
> 
> The error message in /var/cobalt/adm.log:
> 
> Installing glibc-2.1.3-21.i386.rpm
> warning: /etc/localtime created as /etc/localtime.rpmnew
> warning: /etc/nsswitch.conf created as /etc/nsswitch.conf.rpmnew
> warning: /etc/rpc saved as /etc/rpc.rpmsave
> can't rename /lib/libpthread-0.8.so to /lib/libpthread-0.8.so-RPMDELETE:
> Operation not permitted
> unpacking of archive failed on file /lib/libpthread-0.8.so: cpio: unlink
> failed - Operation not permitted
> 4015 Problem installing package component: glibc-2.1.3-21.i386.rpm
> RPMS already installed:
> 
> 
> I am not sure what to do next, any suggestions?
> 
> Thanks in advance,
> jack lavender
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
> 

-- 

Robert Abraham, CEO
HyperAccess.NET
50 N. Walkup Ave
Top Floor
Crystal Lake, IL 60014
815.356.3983 - Office
815.621.5282 - Cell

References:
- [cobalt-developers] Bad RaQ3-All-Security-3.0.1-8061.pkg ??
  - From: Jack Lavender

Prev by Date: [cobalt-developers] Bad RaQ3-All-Security-3.0.1-8061.pkg ??
Next by Date: [cobalt-developers] Is telnet & FTP automaticialy open for users?
Previous by thread: [cobalt-developers] Bad RaQ3-All-Security-3.0.1-8061.pkg ??
Next by thread: [cobalt-developers] Is telnet & FTP automaticialy open for users?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index