Re: [cobalt-users] Potential DoS ??????

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Daniel Pumphrey wrote:

> I was setting up myself as an admin user on a test cobalt and went back into
> my user settings to add telent access.  Well I check the telnet access
> checkbox, but didn't enter a password and hit the submit button. By default
> the GUI does not enter anything into the passwd text boxes of the form.

By default, if you don't enter anything into the two password fields the
gui does NOT update the password; it stay what it was.  At least that's
what it does on all the RaQs I've ever worked on; ymmv.  I just verified
it; I know it works this way.

> I
> realized it pretty quickly but then decided that the GUI would just prompt
> me to to go back and enter my password, but it didn't.

Nope, it just doesn't update the password.

> Then the browser started prompting me for my credentials and would not
> accept them - by then I had a pretty good idea what had probably happened.
> I can no longer access any web (port 80), ftp (port 21), telnet (port 23) to
> the box.  I get connection refused each and every time.  I imagine that the
> GUI munged the /etc/hosts.allow and /etc/hosts.deny files.  I can however
> connect to the box via SMTP (port 25).

Don't know why this happened, presuming a RaQ2 or RaQ3 (the only models
I've tested in) but not because you didn't type in a password.

> So first thing in the morning when I get to the office I will be slapping on
> a serial cable and hoping the serial interface will come up.

What did you ever find out?

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205