Turn on telnet to make sure you can get back in
Dave Smulsky Senior Network Admin [EMAIL PROTECTED] www.thehostworks.com ----- Original Message ----- From: "MC Gonzalez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 27, 2002 5:47 PM Subject: Re: [cobalt-security] RaQFuCK On Wed, 2002-10-23 at 22:45, Eugene Crosser wrote: > On Thu, 2002-10-24 at 06:11, Scott F wrote: > > > Does anyone know of a fix, or if any of the recent > > Cobalt/SUN patches addressed the RaQFuCK hack that > > grabs access from /usr/lib/authenticate and opens a > > shell..? Question regarding this exploit. Does it do anything to ssh? Background: Bosses personal RAQ4 seems to have gotten hit with this. He asked me to check it out. I noticed he didn't have the 15787 patch. He also didn't have the latest and greatest ssh from pkgmaster. I installed the pkgmaster first and now can't get in with ssh. I get the following: Oct 27 17:09:56 www sshd[12146]: log: Connection from xxx.xxx.xxx.xxx port 33599 Oct 27 17:09:56 www sshd[12146]: log: RhostsRsa authentication not available for connections from unprivileged port. Oct 27 17:10:33 www sshd[12146]: fatal: Connection closed by remote host. I am frankly afraid to install the 15787 patch as it requires a reboot and I would hate to not be able to get back into this server :) A google on this error turns up nothing helpful. Thanks in advance! -- Marie Gonzalez _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
