Hi Barbar, > So I'm trying to figure out if our RaQ3/4 machines are > indeed vulnerable to these posted exploits or not? > I've read both here and on other lists, that "yes" > they are vulnerable. Some have even offered temp fix > solutions;
look at it from this perespective: Who can use the exploits? Only people who have the username and password to get to the admin GUI. This limits the risk considerably, don't you think? To lessen it further you can implement the fixes which Peter mentioned: http://online.securityfocus.com/archive/1/259135 However, I tried the "exploit script" and opposed to what the guy said who posted the vulnerabilities it didn't lock up the RaQ4 I've run it against. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
