[cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000

["Tony" <isplists@xxxxxxxxxxxx>]

2.97 appears to have been released after the 2.9 mentioned in the global
announce sent out by Thomas Oh.
These are two different patches right?

Cobalt I really wish you'd get your sh*t together and teach your departments
how to communicate with each other so that
official information comes from just ONE damn source.


> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@xxxxxxxxxxxxxxxxx]On Behalf Of Jeff
> Lovell
> Sent: Friday, March 31, 2000 6:46 PM
> To: BUGTRAQ@xxxxxxxxxxxxxxxxx
> Subject: [ Cobalt ] Security Advisory -- 03.31.2000
>
>
> Cobalt Networks -- Security Advisory -- 03.31.2000
>
> Problem:
> RaQ2 and RaQ3 allow remote users to view the contents of
> an .htaccess file contained within a public website.
>
> Relevant products and architectures
> Product         Architecture            Vulnerable
> Qube1           MIPS                    No
> Qube2           MIPS                    No
> RaQ1            MIPS                    No
> RaQ2            MIPS                    Yes
> RaQ3            x86                     Yes
>
> If your system is at risk you can you can downloaded the relevant
> package and install it.  These are beta versions of the packages, Cobalt
> is currently testing these packages.
>
> RaQ 2 -
> ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ2-All-
> Security-Point-2.97.pkg
>
> RaQ 3 -
> ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ3-All-
> Security-Point-2.4.pkg
>
> If you experience any problems with these packages please email
> jlovell@xxxxxxxxxx or security@xxxxxxxxxxx
>
>
> --
> Jeff Lovell
> Software Engineer
> Cobalt Networks, Inc.
>