Date: Mon, 31 Jan 2000 09:43:04 -0800
From: Jeff Bilicki jeffb@COBALTNET.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Cobalt Networks — Security Advisory — 01.31.2000
Problem:
For RaQ 1 and RaQ 2:
Through improper permissions checking in
/.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can
change the password of the admin (root) account on the system.
For RaQ 3:
Through improper permissions checking in
/.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can
change the password of any regular user or Site Administrator on
the system, but not admin(root).
Bug and exploit by: Chuck Pitre
Relevant products and architectures
Product Architecture Vulnerable Qube1 MIPS No Qube2 MIPS No RaQ1 MIPS Yes RaQ2 MIPS Yes RaQ3 x86 Yes
If your system is at risk you can you can downloaded the
relevant package and install it. These are beta versions of the
packages, Cobalt is currently testing these packages.
RaQ 1 –
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ1-Security-3.6.pkg
RaQ 2 –
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ2-Security-2.94.pkg
RaQ 3 –
ftp://ftp.cobaltnet.com/pub/experimental/security/siteUserMod/RaQ3-Security-2.2.pkg
If you experience any problems with these packages please email
jeffb@cobalt.com or security@cobalt.com.
Jeff Bilicki
Software Engineer
Cobalt Networks