[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] Fixing the nasty RaQ Hack...
- Subject: RE: [cobalt-developers] Fixing the nasty RaQ Hack...
- From: "Peter Lorent" <lorent@xxxxxxxxxxxxxxx>
- Date: Thu Jan 23 02:19:00 2003
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
As to the question which particular service is being hacked: it seems
possible to sniff individual ftp-accounts and get root-access.
Peter
-----Oorspronkelijk bericht-----
Van: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]Namens Ian
Verzonden: donderdag 23 januari 2003 10:50
Aan: cobalt-developers@xxxxxxxxxxxxxxx
Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack...
On 21 Jan 2003 at 11:20, Jeff Lasman wrote:
> I'm posting this information to a few of the lists because some fairly
> intelligent people have written me unsure of exactly what they have to
> do to protect agains the nasty hack going around that completely
> destroys all the content on RaQ4s.
Does anyone know which particular service is being hacked ?
>
> You really need to do this. If you can't do it yourself, have someone
> do it for you.
>
> This information comes from various sources, and is presented as a
> simple recipe for your convenience. All liability disclamers in effect
> of course. If you need someone to be responsible for the work, then
> find someone to do it for you.
>
> First of all, according to the docs published for the hack, a quick fix
> is to chmod 755 /usr/lib/authenticate if it's not already set to that.
Will this have any side affects ? I seem to remember a bit of a
heated discussion about this a while back (might have been on the
security list).
>
> Second, according to Michael, make sure you've got the latest update for
> apache, patch 15787, from the Cobalt package site.
>
> Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from
> ftp://ftp.nacs.net/pub/software/cobalt_raq4
>
> openssl-0.9.7-1.i386.rpm
> openssl-0.9.7-1.src.rpm
> openssl-devel-0.9.7-1.i386.rpm
> openssl-doc-0.9.7-1.i386.rpm
Do we need to update mod_ssl as well ?
I didn't install the 15787 patch because I manually re-compiled
mod_ssl - should I just do it again with the 0.9.7 version of OpenSSL
?
>
> Fourth, upgrade OpenSSH, either from solarspeed.net
> (http://www.solarspeed.net/downloads/index.php), or from pkgmaster:
> (http://pkgmaster.com/packages/raq/4/). (Required, previous versions of
> SSH may not work properly with the rpm versions of OpenSSL.)
>
I recently installed the latest pkgmaster version of OpenSSH, will
installing openssl-0.9.7 break anything ?
> Sixth, make frequent backups; this is nasty and destroys most of the
> content on your RaQ.
>
> Seventh, cross your fingers.
>
> Jeff
Cheers for the warning Jeff.
Ian
--
_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers