[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: Exploit in Security 3.0.1-6650

Subject: [cobalt-users] Re: Exploit in Security 3.0.1-6650
From: Rod Todd <rodd_todd_1999@xxxxxxxxx>
Date: Wed Sep 20 17:02:29 2000

Does this affect Qube2's and Raq2's, and how do we
disable NSF to stop NSF attacks.

Also, off subject, found an exploit that if anyone
typed www.qube2.com:81/.cobalt/groupList/ , all the
current group names, user names, all account info, and
all other user restricted Cobalt GUI templates HTML
can be seen.  For the list of users, it is
.../.cobalt/AddUser/, and so on for each GUI HTML
page.  We did  a Chmod go-rwx to limit the files to
only be rwx by User, but still anyone from a browser
who types in the URLs can see all the groups and
users, and can even attempt to change the default size
of groups, though it does not actually take effect.
Any clues why the Chmod command is not working (are we
doing something wrong?), and is there any way to patch
this up?
Cheers 

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Prev by Date: RE: [cobalt-users] cannot block email address (RaQ2)
Next by Date: Re: [cobalt-users] Qube 2 filesystem is getting full
Previous by thread: RE: [cobalt-users] Help! : Raq2 Broken Control Panel
Next by thread: [cobalt-users] Modular Log Analyzer

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index