[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] FIX - can't su to root, email stopped working, gui stopped working, postgres database is down, virtual sites disappeared
- Subject: Re: [cobalt-users] FIX - can't su to root, email stopped working, gui stopped working, postgres database is down, virtual sites disappeared
- From: baltimoremd@xxxxxxxxxxxxxxx
- Date: Fri Mar 1 20:47:24 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Sat, 2 Mar 2002, CBartkowiak wrote:
> Yesterday my RaQ went nucking futs. I'm gonna post the symptoms, the
> fix (found via the archives), some bitching, and a little secret that
> I never previously wanted to divulge.
>
>
> Here's the little secret I never wanted to divulge before.
> I've known for quite a long time now that there is a backdoor built
> into the Cobalt SSH2 package.
Not sure if I'd call it a back door...since it's so obviously
documented(g).
One of the first things I did when installing the SSH2 package was to look
at the config files and test whether or not root could log in.
>
> The SSH2 backdoor either needs to be publicized, or fixed. It's a
> security hole. I just publicized it, y'all can decide whether you
> want to fix it or not.
Na...I don't think we need yet another "Benevolent Despot" Cobalt induced
disability...but, as with so many other things, we need documentation.
With documentation you wouldn't have been so surprized, and could have
closed the root login if you desired...but in this case, it appears root
login may have been to your advantage.
And of course, now that you can login as root...you can also ftp in as
root(g).
Thom
baltimoremd@xxxxxxxxxxxxxxx Thom LaCosta K3HRN Webmaster
http://www.baltimoremd.com/cobaltfacts/
Home of the CobaltFacts Web Ring - cobalt-ot and hosting-biz mailing lists