[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] siteUserMod.cgi [WAS: Fwd: [chuck@xxxxxx: Cobalt RaQ2 - a user ofmine changed my adminpassword..]]]
- Subject: Re: [cobalt-users] siteUserMod.cgi [WAS: Fwd: [chuck@xxxxxx: Cobalt RaQ2 - a user ofmine changed my adminpassword..]]]
- From: Jeff Bilicki <jeffb@xxxxxxxxxxxxx>
- Date: Mon Jan 31 10:23:12 2000
Tony wrote:
>
> I notified Jeff shortly after the original message hit the Bugtraq list last
> Friday night.
> He put some experimental fixes here:
>
> ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/
>
> Keyword is experimental.
If you have one of the older versions, it locks down the siteUserMod.cgi
a little too much, not allowing anyone to run siteUserMod.cgi. There
have been a couple of different revs posted since Friday, it was a long
weekend. You might need to get the patch file if you got a version
that wasn't 100% correct.
RaQ 1
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/siteUserMod.2700R
RaQ 2
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/siteUserMod.2800R
RaQ 3
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/siteUserMod.3000R
[ snip ]
> > > > If this is true, we all got a serious problem!
> > > Das ist wohl war.
> > >
> > > Will anyone summarize this and forward it to Cobalt, as I'm sure they
> > don't
> > > read this list carefully enough to get notice of this bug.
Cobalt does take all security issues seriously, whether they are posted
to cobalt-users, cobalt-developers, BugTraQ, sent to
security@xxxxxxxxxx, etc.
Jeff-