Re: [cobalt-users] More Cobalt Hacks

[Jeff Lovell <jlovell@xxxxxxxxxx>]

andy wrote:
> 
> HI all
> Is there a fix for these 2 cobalt hacks
> http://black.box.sk/issue.php3?article=cobalt.txt&issue=9   ????
> 

This issue has already been addressed indirectly through two
separate patches.

First it should be noted that SSI is NOT turned on by default
as this article stated.  This may be the practice of the particular
ISP that is reselling the Cobalt boxes.

The issues with the "shell access" bug is a little more complicated
that the author leads you on to believe.  Once the bindshell is 
compiled, the user is able to obtain 'httpd' access.

Before the Frontpage patch (RaQ3-All-System-3.0.1-6168.pkg and
RaQ2-All-System-2.98-6168.pkg), virtual sites were owned by user
'httpd' and thus were vulnerable to the above mention attack.
This patch changes ownership of Frontpage enabled sites to user
'nobody' thus preventing this type of attack.

The second issue that is involved in this article, is where
proper security checks were not made when attempting to bypass
Javascript security checks.  This has already been addressed
in the following update: RaQ2-All-Security-Point-2.96.pkg

The author of the article doesn't mention enough information
about what updates he has applied or what products he has
tested this on.  We have attempted to reproduce the second
issue without success.

If you have more information, or have any questions please
feel free to ask.

Jeff
-- 
Jeff Lovell
Cobalt Networks, Inc.