[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Exploit in Security 3.0.1-6650

Subject: Re: [cobalt-users] Exploit in Security 3.0.1-6650
From: "Graeme Fowler" <graeme.f@xxxxxxxxxxxxxxx>
Date: Wed Sep 20 11:04:43 2000

[I'm sending this again, the original went missing...]

Earlier today, Dan asked:
> Is there somewhere we could find a reference to the exploit? (No luck
at
> CERT).

and Florian quoted the Cobalt updates page as saying:
> Update: All Security 3.0.1-6650
> The rpc.statd daemon contains a security hole that could lead to a
> user being able to gain root permission. Version 0.1.9.1 of the
> nfs-utils package corrects the problem. There is no known exploit for
> the security hole in rpc.statd.

WHAT?

Stating that there are no known exploits for that package is like
stating that the moon is made of cheese, or that the GB Olympic team
will obviously collect more gold medals in Sydney than the USA team ;-)

IMHO it is irresponsible for anyone to say things like that when a quick
search of any half-decent computer security site would show otherwise:

http://www.securityfocus.com/advisories/2540

and for those of you with time, experience and a spare machine or two to
play with:

http://www.securityfocus.com/bid/1480

amongst others. The whole bunch of NFS packages on many architectures
has been flawed and widely exploited for a long time. Many of the old
holes are fixed, but the distributed nature of NFS means that there will
always be people out there trying to find exploits for this kind of
package.

In the last six months or so I have seen about thirty machines (not all
RaQs, sited at various companies, providers or educational institutions)
which have been compromised by this exploit.

Stating that there is no known exploit is only going to encourage a
false sense of security amongst Cobalt users.

Regards,

Graeme Fowler
Systems Administrator
graeme.f@xxxxxxxxxxxxxxx

***************************************************************
WebFusion Internet Solutions Ltd.
The UK's Largest Web Hosting Company
http://www.webfusion.co.uk
***************************************************************
>
>
>
> --- Original Message ---
> >From: "Arsalan Mahmud" <arsalan@xxxxxxxxxxxx>
> >To: <cobalt-users@xxxxxxxxxxxxxxx>
> >Subject: Re: [cobalt-users] new RaQ3 update available
> >Date: Wed, 20 Sep 2000 18:46:00 +0500
> >charset="iso-8859-1"
> >Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>
> >Hi,
> >  I have installed it already and guess what... there is a public
exploit
> >for it.
> >
> >Arsalan
> >Nexus Technologies
> >
>  ...
> >> a new RaQ3 update is available from
> >> http://www.cobalt.com/support/download/raq3.eng.html :
> >>
> >> Update: All Security 3.0.1-6650
> ...
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] Exploit in Security 3.0.1-6650
  - From: Dom Latter

References:
- [cobalt-users] Exploit in Security 3.0.1-6650
  - From: Dan

Prev by Date: Re: [cobalt-users] Exploit in Security 3.0.1-6650
Next by Date: Re: [cobalt-users] RaQ3 DNS Email issue
Previous by thread: Re: [cobalt-users] Exploit in Security 3.0.1-6650
Next by thread: Re: [cobalt-users] Exploit in Security 3.0.1-6650

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index