[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] REMOVE SH

Subject: [cobalt-users] REMOVE SH
From: netergy Training <cobaltlist@xxxxxxxxxxx>
Date: Mon Dec 9 04:55:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

As I am sure most people will know, Sun posted a Security HardeningPatch. It is great in that it warns of port scans and buffer overflows.

Later they released a remove tool but said this was only because theSHP could cause the var directory to fill up with log files.

What they did not mention was that under certain circumstances a rootexploit could happen.


What is more, a script has been publicised doing this.


From the script authors website:

5-12-2002 : I've decided that i'm not going to disclose any of
            my findings related to cobalt security research anymore.
            The main reason for this action are my negative thoughts
            about the way sun cobalt handles security issues.
            With this decision comes my last public cobalt exploit.

            Cobalt RaQ4 Remote root Exploit - raqrewt.c
            Affected : All Cobalt RaQ4 server appliances
            with the Security Harderning Package (SHP) installed.

The answer, remove SHP immediately. It is VERY dangerous to keep it. Ifyou are a member of this list and you use a RaQ 4 to send mail, someonehas probably already targeted you.


If anyone wants any further info, contact me off-list.

Prev by Date: [cobalt-users] [RaQ4,550] Installing a RAQ4 ISO on a 550?
Next by Date: [cobalt-users] Problem with admin interface after reinstalling php
Previous by thread: Re: [cobalt-users] [RaQ4,550] Installing a RAQ4 ISO on a 550?
Next by thread: [cobalt-users] Problem with admin interface after reinstalling php

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index