[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
the Bug-Travel Attack (Was: Re: [cobalt-developers] Fixing the nasty RaQ Hack...)
- Subject: the Bug-Travel Attack (Was: Re: [cobalt-developers] Fixing the nasty RaQ Hack...)
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sat Jan 25 21:19:01 2003
- Organization: nobaloney.net
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
cbtrussell wrote:
> Pardon my ignorance...the unavailability of the list(s) the last few days
> makes this alert seem a bit out of place/disjointed.
>
> Has a new exploit been discovered in the past few days? I haven't heard
> about anything new.
Brandon, this is about two weeks old, and has been discussed on other
lists...
Greg Boehnlein wrote it up after he and I started talking when he and
one of my clients got attacked by it. He calls it the Bug-Travel
attack, which I believe it it's official name. He posted his original
write-up to cobalt-security and Bruce Timberlake forwarded it to
cobalt-users.
Since I don't know how to search cobalt-security, may I suggest you
check the original post, as forwarded by Bruce Timberlake, here:
http://list.cobalt.com/pipermail/cobalt-users/2003-January/085074.html
I wrote up my simple cookbook when some people started contacting me
offlist and asking me what to do to fix their RaQs.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";