[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?

Subject: Re: [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sat Nov 11 13:18:52 2000
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Florian Effenberger wrote:

> What does Vacation Mail Exploit 3.0.1 do exactly? Where is the
> security hole?

It makes it possible for me to log into your RaQ as admin, and su to
root, within a matter of only seconds, after you open an account for me
on your Raq and give me telnet access.  I suppose now that this
loophole's been fixed, I can no longer brag about being able to break
into any RaQ in a matter of seconds <wry grin>.

In other word's it's one of the reasons I've been telling people NOT to
give out telnet access.

While telnet access is a bit safer after this fix is installed, I still
don't recommend giving out telnet access, and for lots of good reasons.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re[2]: [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?
  - From: Florian Effenberger

References:
- [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?
  - From: Florian Effenberger

Prev by Date: Re: [cobalt-users] Re: cobalt-users digest, Vol 1 #1619 - 23 msgs
Next by Date: Re: [cobalt-users] Alcom Colocate - Alcom Colocation Nightmare
Previous by thread: Re[2]: [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?
Next by thread: Re[2]: [cobalt-users] What does Vacation Mail Exploit 3.0.1 do exactly?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index