Cobalt Networks -- Security Advisory -- 01.31.2000 | Linux Today

Cobalt Networks — Security Advisory — 01.31.2000

Written By
Web Webster
Web Webster
Feb 3, 2000

Date: Mon, 31 Jan 2000 09:43:04 -0800
From: Jeff Bilicki jeffb@COBALTNET.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Cobalt Networks — Security Advisory — 01.31.2000

Problem:
For RaQ 1 and RaQ 2:
Through improper permissions checking in
/.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can
change the password of the admin (root) account on the system.

For RaQ 3:
Through improper permissions checking in
/.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can
change the password of any regular user or Site Administrator on
the system, but not admin(root).

Bug and exploit by: Chuck Pitre

Relevant products and architectures

Product          Architecture            Vulnerable
Qube1            MIPS                    No
Qube2            MIPS                    No
RaQ1             MIPS                    Yes
RaQ2             MIPS                    Yes
RaQ3             x86                     Yes

If your system is at risk you can you can downloaded the
relevant package and install it. These are beta versions of the
packages, Cobalt is currently testing these packages.

RaQ 1 –

ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ1-Security-3.6.pkg

RaQ 2 –

ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ2-Security-2.94.pkg

RaQ 3 –

ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ3-Security-2.2.pkg

If you experience any problems with these packages please email
jeffb@cobalt.com or security@cobalt.com.

Jeff Bilicki
Software Engineer
Cobalt Networks

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.