[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Security Alert on MIPS based Cobalt Servers
- Subject: Re: [cobalt-users] Security Alert on MIPS based Cobalt Servers
- From: flash22@xxxxxxx
- Date: Wed Oct 11 15:34:03 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 6 Oct 2000, Franklin S. Werren wrote:
> Hello All;
>
> If you leave port 81 open to the net and use a MIPS
> based Cobalt server, Raq 1 and 2? Qubes etc...
> you may leave yourself open to compromises....
>
> I did not find it on a Intel base RAQ3i
> I did not check a RAQ 2 but I suspect it is the same
No, the raq2 has .htaccess files in most of these directories, and
directory indexing is turned off , so it will refuse to list ....
Since i was sorta bored i did a test...a few minor surproses tho
in .cobalt/
about/ Readable (index.html) has a default home page (who cares?)
admin/ .htaccess (refused)
alert/ .htaccess
appletData/ Readable, only contains raw site usage data...(?)
cpuUsage/ .htaccess
diskUsage/ .htaccess
error/ Readable, but these are the error pages you get anyhow...
help/ Readable, nothing really important in here tho
images/ Readable, but there's just stray icons here
info/ Readable, tells world what OS version,CPU,ram u have
install/ Readable, lists installed software and security patches, this
one is kinda not good, tho trying to install from here
fails, as cgi-bin is protected, and some of the
javascript is missing (tho that could probabl be worked
around by someone clever)
javaScript/ .htaccess
network/ .htaccess
personal/ Readable, (a little shaky imho) but all the links out
seem to be protected
reboot/ .htaccess
register/ .htaccess (guess you can't register till you own it ;)
services/ .htaccess
shared/ Readable, but on Raq2 there's only blank.html here...
shutdown/ .htaccess
siteAdd/ siteDefaults/, siteList/, siteManage/ sysSettings/, wizard/
all .htaccess protected
Only siteManage contains sub directories, and they all have .htaccess
files also...
in the admin cgi-bin/
Interestingly, the top level directory isn't protected, and there are
things that you can run without authentication, tho funny things happen
cpuUsage runs and displays info, then asks for password (oops)
telnetUsage works (big deal)
message/ you can run things here, but they are unhappy and bomb out
install/ annoyingly, you can run the install script, but it does verify
access and refuses after a while...
everything else in cgi-bin/*/ has a .htaccess file...
in /icons/ everything is readable, but this is the same icons directory
that is serverwide as an alias...
There is no /cobalt/ alias on the Raq2....
Note: above from machine running OS 4.0 + patches to 2.97
Short version, i think cobalt actully did a reasonable job of plugging the
holes on the raq2's...tho i wish the machines didn't leak information
quite so much...
>
> I like my Qube but I think Cobalt has been real sloppy
> with a proven OS like RedHat Linux.
Well, if you read the security sites you might not think RedHat is all
that proven, 6.2 has been (cr)hacked like there's no tomorrow due to
several
nasty root exploitable holes, i know of 2 major sites that got trashed..
Gordon