Hi Alex, I've seen the message on Bugtraq as well an did some testing on a RaQ4.
> Exist three vulnerabilities: > > a) Cross Site Scripting. > b) Traversal vulnerabilities. Irrelevant. When you try the "exploit" URLs you still are asked for username and password (admin and/or siteadmin), so there is little danger of this leading to any sort of exploitation. > c) Denial Of Service.(Exploit Released) > Exploit Code DoS Cobalt4_DoS.pl I just tried the script as well. Same as above: The targeted page is behind the username and password protection of the Admin GUI. As long as someone hasn't gotten around it by supplementing username and password the script won't do anything. I even wrote a loop which infinitely calls the script and watched what it did to the RaQ. "TOP" reported an increased memory usage (2.3%) for the admin server, but that was to be expected. I then outright removed the .htaccess file from /usr/admserv/cgi-bin/.cobalt/alert so that the exploit script could unchallenged access service.cgi and guess what? It did nothing. The RaQ continued humming along perfectly well. In my opinion this Alex Hernandez (who reported the "exploits") should get a clue before he starts wasting our time. :o) -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
