[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Fixing the nasty RaQ Hack

Subject: Re: [cobalt-users] Fixing the nasty RaQ Hack
From: Greg Boehnlein <damin@xxxxxxxx>
Date: Fri Jan 24 09:52:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 24 Jan 2003, Michelle A. Hoyle wrote:

> >From: "Jeff Lasman" <jblists@xxxxxxxxxxxxx>
> >Sent: Tuesday, January 21, 2003 1:26 PM
> >Subject: [cobalt-users] Fixing the nasty RaQ Hack
> >
> >
> >  > Third, upgrade OpenSSL to Version 0.9.7; you can get RPMs from
> >  > ftp://ftp.nacs.net/pub/software/cobalt_raq4
> >  >
> >  >   openssl-0.9.7-1.i386.rpm
> >  >   openssl-0.9.7-1.src.rpm
> >  >   openssl-devel-0.9.7-1.i386.rpm
> >  >   openssl-doc-0.9.7-1.i386.rpm
> 
> 
> I built OpenSSL 0.9.7 myself ages ago on our RaQ and recompiled my 
> copies of OpenSSH, cURL, GPG, and PHP to use it, BUT I didn't patch 
> the openSSL library used by the Apache servers because I was worried 
> about problems with that.   Does this also update the admin and 
> regular web servers or did a Cobalt patch already do this (it's still 
> reporting in its headers the old one)
> 
> Thanks,
> 
> Michelle

Michelle,
	Since I'm responsible for the OpenSSL 0.9.7 RPMS, I'll just point 
out that these will only help applications that are compiled to 
dynamically load the OpenSSL libraries. Cobalt's Apache uses Mod_SSL which 
is statically linked against a 0.9.6 version of OpenSSL. If you were so 
inclined, you COULD re-build the Apache/ModSSL RPMs using the OpenSSL 
0.9.7 RPM that I have posted, but you would also have to install 
Stackguard (http://immunix.org) to eliminate possible Stack Smashing 
exploits in Apache.

My version of OpenSSH is compiled to dynamically load the OpenSSL 
libraries, which is why I built the 0.9.7 RPMS. On the systems that I had 
that were compromised by the Bug-Travel attack, the only thing that I 
could find as a potential remote exploit was via the openssl-too-open 
attack. Your mileage may vary. You'll want to do what is best for your 
system and it's needs.

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST

Follow-Ups:
- Re: [cobalt-users] Fixing the nasty RaQ Hack
  - From: Jeff Lasman

References:
- [cobalt-users] Fixing the nasty RaQ Hack
  - From: Michelle A. Hoyle

Prev by Date: RE: [cobalt-users] Multiple Email Servers
Next by Date: Re: [cobalt-users] libssl.so for openssl 0.9.7 apache module
Previous by thread: [cobalt-users] Fixing the nasty RaQ Hack
Next by thread: Re: [cobalt-users] Fixing the nasty RaQ Hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index