On 1 Mar 2002 at 10:23, [EMAIL PROTECTED] wrote:
> c) Denial Of Service.(Exploit Released)
Testes the 'Exploit' against our Raq4i (fully patched):
<begin output>
C:\downloads>perl -x Cobalt_dos.pl -s xxx.xxx.xxx.xxx
Cobalt RAQ DoS v4.0 DoS exploit (c)2002.
Alex Hernandez [EMAIL PROTECTED]
Crash was successful !
</end output>
Tried connecting to admin interface - no problem - still there.
'Crash Successful !' - the Perl script is written to ouput this no matter what happens
- not very well
written 'exploit'.
Logs show:
xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:26 +0000] "GET /cgi-
bin/.cobalt/alert/service.cgi?service=AAA..<snip lots of A's>..AAA" 414 271
xxx.xxx.xxx.xxx - - [01/Mar/2002:14:30:45 +0000] "GET /.cobalt/sysManage/index.html
HTTP/1.1" 401
849
The important bits from this are:
414 - Request To Long
then
401 - Unathorized.
So the question is - have they tested this 'exploit' on an unpatched or patched
version of the Raq4.
This 'DOS' seems to rely on anonymous logins to the admin interfaces as well. hmmm...
Does anyone
here actually allow that ?
Ian
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
