I totally agree with you Leo, 2 years ago when I got a cobalt and joined this list I used my real email name etc.
Everytime a exploit came out and Cobalt finally came out a update, people would post "You try that update yet?" Bam, a hack knows that your system is not patched. And guess what, here they come, knocking through the crack in that backdoor. So I have now opted to remain anon. Yes, it is a shame that cobalt takes so long to come out with a update, if they even do. Sun comme out with a "official" PHP update yet? Nope, the updates at pkgmaster.com don't count they are not official. Remember using unofficial packages is a violation of the warranty, using them will void the warranty. Well mine has been violated 10 fold! Joe Message: 5 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 14 Mar 2002 06:29:38 +0100 Subject: [cobalt-security] SUN don't care about security update ? Reply-To: [EMAIL PROTECTED] Hello, I'm very disapointed for the sun attitude about security upgrade of the cobalt. When there is important holes (like in PHP these days), they MUST provide upgrade in the hours like all Linux, *BSD, Unix system have do. If you install unoficial packages, you can loose warranty, and if I have choosed the cobalt is to have a minimum administration: warning from sun on security issue, and a link to a package that correct the problem. But no, you go at the official download page and you see nothing... no security hole, no problem. And once you'll be hacked who pay ? I thinked cobalt was a good solution for an easy management for non expert admin, but now I have already moved all my importants sites on a FreeBSD secured machine (without easy management). In the future I will probably user FreeBSD-Webmin to replace this sun unsuported thing. Reguards Leo --__--__-- Message: 6 From: "John Adair" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: [cobalt-security] Am I missing something here Date: Wed, 13 Mar 2002 23:06:23 -0500 Reply-To: [EMAIL PROTECTED] The SSHd the attacker uploaded most likely has a backdoor in it. - - - Opinions expressed do not necessarily represent the views of my employer. This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone, fax or e-mail to the sender without delay. Return this message or delete this message and any attachment from your system as per our request. If you are not the intended recipient you must not copy this message or attachments or disclose the contents to any other person. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Brett Wright > Sent: Wednesday, March 13, 2002 10:41 PM > To: [EMAIL PROTECTED] > Subject: Re: [cobalt-security] Am I missing something here > > > > At 18:10 13/03/02 +0000, you wrote: > >Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! > >One was even hacked then taken down to be reloaded on a saturday > >afternoon and by the saturday night had been done again. > > ... > > ... > Maybe a packet sniffer on a local network, seems weird that > the "HACKER" > makes the box more expolitable by change the version of ssh > on a box he has > already hacked. > > thats what id be looking for > > Maybe im wrong > > Regards > Brett > > > >-- > >Regards > > > >Steve Mansfield > >Technical Manager > >[EMAIL PROTECTED] > >www.getreal.co.uk > > > >Real Data Services Ltd 117-119 Marlborough Road Romford Essex RM7 8AP > >[Office] +44 [0] 1708 704433 [Fax] +44 [0] 1708 748859 > [Mobile] +44 [0] > >7973 864677 > > > >www.be-an-isp.com www.isdn4free.co.uk http://signup.getreal.co.uk > >*************************************************************************** ************* > > The information contained in this E-mail is confidential and solely for > the intended > addressee(s). Unauthorised reproduction, disclosure, modification, > and/or distribution > of this email may be unlawful. If you have received this email in error, > please notify > the sender immediately and delete it from your system. > > Real Data Services does not accept legal responsibility for the contents > of this message > if it has reached you via the Internet, as Internet communications are > not secure. > Any opinions expressed are those of the author and are not necessarily > endorsed by the > Real Data Services. > > Recipients are advised to apply their own virus checks to this message > on delivery. > >*************************************************************************** ************* > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security --__--__-- Message: 7 Date: Wed, 13 Mar 2002 22:10:46 -0600 To: [EMAIL PROTECTED] From: David Lucas <[EMAIL PROTECTED]> Subject: Re: [cobalt-security] Am I missing something here Reply-To: [EMAIL PROTECTED] At 12:10 PM 3/13/2002, you wrote: >Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! >One was even hacked then taken down to be reloaded on a saturday >afternoon and by the saturday night had been done again. They have been a >mixture of raq3 & 4's which have all been fully patched to the hilt and >with a few other security features added to the backend. WHAT'S GOING ON >WITH THESE THINGS!! > >Behind a firewall they are fairly safe ( but getting them to work in the >first place is a nightmare ), but without that security they are about as >safe as a drunk with a box of matches. A brand spanking new raq4 went on >to the network yesterday and by this morning it was about as useful as a >chocolate teapot. Someone had got root access, taken off the latest >patches and put his own version of SSH on the box. I am fully aware of a >stint last year when even a cobalt engineer told me that there had been a >spate of hacks that they didn't know how to fix!!!! > >Not that i expect too much of an answer from this email, but if there is a >group of people that should know about these issues it's the mailing list >and COBALT themselves. Does anybody at Cobalt ( sorry, i should say SUN ) >actually care!!! > > >-- >Regards Have you fired anyone lately? --__--__-- Message: 8 From: "Steve Werby" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: [cobalt-security] email forwarding aliases for non-users Date: Wed, 13 Mar 2002 23:45:37 -0500 Reply-To: [EMAIL PROTECTED] "Mez" <[EMAIL PROTECTED]> wrote: > Can someone explain in simple terms (if possible) how to create email > forwarding aliases for users not on the server. > I am using an RAQ3 and I want to be able to add forwarding addresses. > > E.G. > > [EMAIL PROTECTED] (domain.com is hosted on my raq3) to forward to [EMAIL PROTECTED] > But user "bob" does NOT exist on my server > > Is this possible at all, if so could someone point me in the right direction > for setting it up John, this isn't really security-related, probably best suited for cobalt-users, but... Your example is confusing b/c you don't mention a username and you used "bob" in both the server and external email address and then say bob doesn't exist. But I think you're saying that there is *not* a user on the server and you want to keep it that way, but fwd email for a specific email address to an external location. OK. Add the following to the bottom of /etc/mail/virtusertable: # Tab between two parts below [EMAIL PROTECTED] dummyuser1 Then type: makemap hash /etc/mail/virtusertable.db < /etc/virtusertable Then add the following to the bottom of /etc/mail/aliases: dummyuser1 [EMAIL PROTECTED] Then type: newaliases Done. Enjoy! -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ --__--__-- Message: 9 From: "Herby K" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: [cobalt-security] Am I missing something here Date: Thu, 14 Mar 2002 09:36:28 +0100 Reply-To: [EMAIL PROTECTED] > I have had a lot of ssh protocol 1 scans > You are running ONLY protocol 2 aren't you? > And you are running 3.1p1 > -- > Gerald Waugh > New Haven, Connecticut USA :/ haha sorry to say but - we were hacked 2 days bevore the 3.1p1 was released... This was the time were all the .tar.gz .rpm and deb file were updated - but not at cobalt for raq (3) :( But this is not the first time of bad support - in the meantime i regret that we had choosen this system. rgds Herby --__--__-- Message: 10 From: "Mark Anderson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: [cobalt-security] New Vulnerability - zlib - Red Hat is vulnerable Date: Thu, 14 Mar 2002 09:44:56 -0000 Reply-To: [EMAIL PROTECTED] I may be wrong in this assumption - but a patch issued by Cobalt will only deal with dynamically linked binaries. Those that are statically linked with an older version of zlib will still be vulnerable won't they ? Mark. --__--__-- Message: 11 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 14 Mar 2002 10:42:42 -0000 Subject: Re: [cobalt-security] New Vulnerability - zlib - Red Hat is vulnerable Reply-To: [EMAIL PROTECTED] On 13 Mar 2002 at 10:11, Rick Ewart wrote: > Anyone seen this? > http://www.kb.cert.org/vuls/id/368819 > > Here's the text... Any idea if Cobalts are vulnerable as Red Hat 6.2 is? > Also, don't freak out - apparently nobody has seen it actually exploited > yet. > There is a list of apps affected by this at: http://www.gzip.org/zlib/apps.html There is also a link to a perl script which will check for statically linked binaries: http://cert.uni-stuttgart.de/files/fw/find-zlib Results from this script on Raq4i: /bin rpm /sbin install-info /usr/bin mysql mysqladmin mysqldump mysqlimport mysqlshow mysqltest rpm2cpio /usr/sbin mysqld pppdump No other directories checked yet... Ian --__--__-- Message: 12 From: "Audric Leperdi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Thu, 14 Mar 2002 11:53:30 +0100 Subject: [cobalt-security] unoficial PHP 4.1.2 PKG bugged? Reply-To: [EMAIL PROTECTED] Installed your PHP 4.1.2 pkg on a fully patched RaQ3i. No probs with the installation. Now: some existing PHP program don't run anymore. Find out the problem: ereg*() functions behave erratically and if replaced with pereg*() functions works. It seems that after some ereg parsing memory gets corrupted. Anyone with the same problem? I tried to download the src and compile it myself but it wont do I need to upgrade the compiler? tnx Audric --__--__-- Message: 13 From: "Audric Leperdi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Thu, 14 Mar 2002 12:17:13 +0100 Subject: [cobalt-security] New Qube3 VPN support Reply-To: [EMAIL PROTECTED] I tried to test the new VPN function in the Qube3 available after the latest OS update. I tried to connect 2 Qube3 in two different locations, both are doing NAT and no tunnel seems to start. I read the FAQ at freeswan.org and saw the problems with NAT. Is the Qube3 affected as well? Audric --__--__-- Message: 14 From: Michael Stauber <[EMAIL PROTECTED]> Organization: Stauber Multimedia Design To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] SUN don't care about security update ? Date: Thu, 14 Mar 2002 14:24:58 +0100 Reply-To: [EMAIL PROTECTED] Hi Leo, > I'm very disapointed for the sun attitude about security upgrade of the > cobalt. When there is important holes (like in PHP these days), they MUST > provide upgrade in the hours like all Linux, *BSD, Unix system have do. SUN/Cobalt sure hasn't the ressources to do this. SUN might have it, the Cobalt division perhaps hasn't. Todays patch for the RaQ3 is a prime example to that: RaQ3-All-Security-4.0.1-13453.pkg (Glibc update). It fixes a glibc vulnerability which was published on 17th December 2001. Whoops: It took SUN/Cobalt almost to the day *three months* to release the patch. Sure, glibc is no trivial matter to mess with, but the recent zlib issue is of similar scale as it affects a wide spread set of applications, binaries and libraries. Well, maybe we can expect a patch for that in three months as well? Oh my ... what a perespective. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer --__--__-- Message: 15 From: "Kai r. s., euroweb as" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Thu, 14 Mar 2002 14:32:11 +0100 Subject: [cobalt-security] Percent Used: 607 % Reply-To: [EMAIL PROTECTED] Hi, I got this warning from one of the cobalt raq4r servers: "is very near or over the disk space limit allocated on the Sun Cobalt server. Once the quota limit is reached, no more data can be stored. Consider moving some data to another location or increasing the limit. Quota Limit: 35.00 MB Quota Used: 212.74 MB Percent Used: 607 %" How is this posible? and could this be a indicator to a hack? Another customer reported this strange error message when trying to change disk quota: "A root web must first be enabled in the Site Settings menu" I have allso got a message like this for some time back. Anybody knows what it is? Regards Kai R Schantz Euroweb AS Norway ---------------------------- --__--__-- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security End of cobalt-security Digest _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
