[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] Fixing the nasty RaQ Hack...
- Subject: RE: [cobalt-developers] Fixing the nasty RaQ Hack...
- From: "Ian" <cobalt@xxxxxxxxxxxxx>
- Date: Thu Jan 23 04:25:05 2003
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
On 23 Jan 2003 at 11:15, Peter Lorent wrote:
> As to the question which particular service is being hacked: it seems
> possible to sniff individual ftp-accounts and get root-access.
> Peter
The hacker has to have the ability to place a sniffer on your
network first ( or any network between you and the server ).
You should not ftp as root/admin anyway. Create an unprivileged
account and ftp to this. You can then move the files via ssh. Or
just use sftp in the first place.
> -----Oorspronkelijk bericht-----
> Van: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]Namens Ian
> Verzonden: donderdag 23 januari 2003 10:50
> Aan: cobalt-developers@xxxxxxxxxxxxxxx
> Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack...
>
>
> On 21 Jan 2003 at 11:20, Jeff Lasman wrote:
>
> > I'm posting this information to a few of the lists because some fairly
> > intelligent people have written me unsure of exactly what they have to
> > do to protect agains the nasty hack going around that completely
> > destroys all the content on RaQ4s.
>
> Does anyone know which particular service is being hacked ?
>
>
> >
> > You really need to do this. If you can't do it yourself, have someone
> > do it for you.
> >
> > This information comes from various sources, and is presented as a
> > simple recipe for your convenience. All liability disclamers in effect
> > of course. If you need someone to be responsible for the work, then
> > find someone to do it for you.
> >
> > First of all, according to the docs published for the hack, a quick fix
> > is to chmod 755 /usr/lib/authenticate if it's not already set to that.
>
> Will this have any side affects ? I seem to remember a bit of a
> heated discussion about this a while back (might have been on the
> security list).
>
> >
> > Second, according to Michael, make sure you've got the latest update for
> > apache, patch 15787, from the Cobalt package site.
> >
> > Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from
> > ftp://ftp.nacs.net/pub/software/cobalt_raq4
> >
> > openssl-0.9.7-1.i386.rpm
> > openssl-0.9.7-1.src.rpm
> > openssl-devel-0.9.7-1.i386.rpm
> > openssl-doc-0.9.7-1.i386.rpm
>
> Do we need to update mod_ssl as well ?
>
> I didn't install the 15787 patch because I manually re-compiled
> mod_ssl - should I just do it again with the 0.9.7 version of OpenSSL
> ?
>
> >
> > Fourth, upgrade OpenSSH, either from solarspeed.net
> > (http://www.solarspeed.net/downloads/index.php), or from pkgmaster:
> > (http://pkgmaster.com/packages/raq/4/). (Required, previous versions of
> > SSH may not work properly with the rpm versions of OpenSSL.)
> >
>
> I recently installed the latest pkgmaster version of OpenSSH, will
> installing openssl-0.9.7 break anything ?
>
> > Sixth, make frequent backups; this is nasty and destroys most of the
> > content on your RaQ.
> >
> > Seventh, cross your fingers.
> >
> > Jeff
>
> Cheers for the warning Jeff.
>
> Ian
> --
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers