[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-users] Server Hacked?]

Subject: Re: [[cobalt-users] Server Hacked?]
From: Ariel Manzur <punto@xxxxxxxxxxxx>
Date: Mon Feb 14 12:02:12 2000

At 17:13 13/02/2000 +0100, you wrote:
>> how is it possible for anybody to get the passwd file form a RaQ ? Is this
>> a
>> RaQ1 problem or can this also happen on a RaQ2 ?
>
>raq1 doesn't have any shadowed passwords (very! big security hole)
>and anybody with telnet can grep the /etc/passwd file 
>raq3 got shadowed passwords

I don't know about raq1, but if you upload a .shtml file on a RaQ2 with this:

<!--#exec cmd="cat /etc/passwd" -->

you get the content of /etc/passwd on the browser. RaQ2 has shadowed
passwords, so there's no much problem.. I don't know if this works on a raq1..

Bye..

Ariel.

References:
- Re: [[cobalt-users] Server Hacked?]
  - From: Luc Schiltz

Prev by Date: [cobalt-users] [RAQ2] Sendmail not logging, but is delivering!
Next by Date: [cobalt-users] Re: [RAQ2] Sendmail not logging, but is delivering!
Previous by thread: Re: [[cobalt-users] Server Hacked?]
Next by thread: Re: [[cobalt-users] Server Hacked?]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index