On Thu, 2002-10-24 at 06:11, Scott F wrote: > Does anyone know of a fix, or if any of the recent > Cobalt/SUN patches addressed the RaQFuCK hack that > grabs access from /usr/lib/authenticate and opens a > shell..? I just discovered a user who recently found, > and apparently tried to execute this hack/script on my > RaQ4 (found scraps of the script and the gmon.out file > on the system).. I don't permit shell access, and I'm > not sure if they managed to get a shell with the > script, and franky I'm not interested in trying the > script on my only RaQ4 which is in production - but > I'll be a little hot under the collar if I discover > this user got a shell and this issue hasn't been > patched/addressed in any of the recent patches.. This > exploit has been in the wild for at -least- 3 months > already.. Has this been addressed/fixed if the RaQ4 is > fully patched..? Thanks!
This patch http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.1-2-15787.pkg is supposed to fix the issue among other things. Or, on September 25 I posted instructions on how to fix the problem by hand: http://list.cobalt.com/pipermail/cobalt-security/2002-September/006327.html Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
