Re: [cobalt-users] Red Hat Security Advisory - JOE - Are RaQ's at Risk?

[flash22@xxxxxxx]

On Mon, 5 Mar 2001, Craig Napier wrote:

> Just a quick question -
> 
> There's a new Red Hat Security Advisory for "JOE" at 
> http://www.linuxsecurity.com/advisories/redhat_advisory-1182.html. It says 
> RedHat 5.2-7 is at risk, with RPM to update your systems. Last night I 
> discovered a user trying (in vain because I already had the RPM's installed) 
> trying to "exploit" user "joe".... (hundreds of times).. He was such a 
> dumb-ass - I actually traced him back to another account/domain on the 
> system, and NOW THE FUN BEGINS...  (plus I just LOVE those credit cards)…  
> hehehe..
> 
> But my question is: Are the RaQ's (3/4) valuable to this exploit..? I 
> updated my systems with the updated RPM's, but I'm not even sure if this was 
> inside the RaQ's, since they're so hacked-up from Cobalt from the org RedHat 

If he had a clue he would be trying to exploit root ;) 

Cobalts' mods  may in fact make things worse, due to sgid directories,
users sharing
site groups can write things in the web directory that will be belived by
other users...

The Raq2 version seems to have this hole, worse, if root has joe as the
default editor for pine there is a nasty hole via tmp...(not that root
should be sitting aroung reading mail, but..)

There is a patched version of joe that many people are probably still
using (fixes alarm handler , that caused joe to exit 1 second after
starting up) this patched version has this issue ...

Current on cobaltnet for raq2 seems to be  only 2.8.14...

ps: cobalt, how about doing ls -lR >pub/ls-lR.txt , yeash ;)

gsh