The Web    Google
Cobalt RaQ 4 Security Flaw Detected

Cobalt RaQ 4 Security Flaw Detected
December 12, 2002
Ryan NaraineBy

There is a remotely exploitable security hole in Sun Microsystems' (Quote, Chart) Cobalt RaQ 4 server appliances and the CERT Coordination Center is warning that exploitation could lead to the code execution with superuser privileges.

A security advisory from CERT/CC warned of the vulnerability in Cobalt RaQ 4 servers running Sun's Security Hardening Package (SHP) and recommended server administrators apply vendor patches immediately. Alternatively, admins are urged to block access to the administrative httpd server (typically ports 81/TCP and 444/TCP) at the network perimeter.

Sun confirmed the remote root exploit if the SHP is installed (it does not install by default but many users choose to install it) and issued instructions on how to remove the flawed SHP patch.

The vulnerability was detected in a CGI script that did not properly filter input on the server. CERT/CC said the security flaw occurs because overflow.cgi does not adequately filter input destined for the email variable. "Because of this flaw, an attacker can use a POST request to fill the email variable with arbitrary commands. The attacker can then call overflow.cgi, which will allow the command the attacker filled the email variable with to be executed with superuser privileges," it warned.

The center warned that an exploit was publicly available and might already be circulating.

  • 8/3: Scaner-A Worm Uses Port 445
  • 5/19: Webloin Trojan Downloads DLL File
  • Feds Bag Warez Convictions
  • 9/3: Forbot-M Worm Has Trojan Functions
  • 7/19: Rbot-DX Spreads to Remote Shares
  • Is a Job in Security the Cure for Job Insecurity?
  • Virus Alert: Worm Uses Own SMTP Engine to Spread
  • 4/13: Spybot-NLX Worm Has DDoS Abilities
  • U.S. Bows to Europe as New Spam King
  • 11/30: SymbOS/Skulls-B is a Trojan
  • 10/29: Beagle@mm!CPL Detects Worms
  • Security Camera Related Information