[13608] in bugtraq
Re: Cobalt RaQ2 - and QUBE2
daemon@ATHENA.MIT.EDU (Nir Simionovich (Rin Solo))
Mon Jan 31 14:15:36 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10001291737550.27284-100000@vipe.technion.ac.il>
Date: Sat, 29 Jan 2000 17:44:43 +0200
Reply-To: "Nir Simionovich (Rin Solo)" <nirs@VIPE.TECHNION.AC.IL>
From: "Nir Simionovich (Rin Solo)" <nirs@VIPE.TECHNION.AC.IL>
X-To: Chuck Pitre - Technical Support <chuck@OA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.10.10001271725040.97978-100000@cerebus.oanet.com>
Hi Chuck,
On Thu, 27 Jan 2000, Chuck Pitre - Technical Support wrote:
> Needles to say that was scary :)
> anyhow I rather feel embarrassed about this one (actually I can't believe
> I didn't think of it myself)
>
> I've pasted his email to me below. I have not yet attempted to duplicate
> the bug.
Well, this is not a new thing. Actually, from a test I conducted on the
Cobalt QUBE2 machine, it suffers from serious securiy flaws. For example,
the web GUI interface once initiated with the admin password, would
remember the station you entered from. Thus, if you don't close your
browser, and you change sites, someone can come to your machine, punch up
the QUBE2 admin site, and walla, instant admin.
Another matter was the fact that the QUBE2 isn't SSL managed. Which made
it very simple for me to go and sniff the passwords out on the network :-)
I don't want to start commenting on the 2.0.31 kernel that is installed
on this R4000 based machine, but hey, this is not the place. I guess we
all know about flews in Linux 2.0.31 kernel.
In any case, if you are using the RAQ2 and RAQ3 products, and you have
more information available, please send it over ASAP. Our company is at
the edge of choosing a Linux platform for V-Hosting, and we would like to
hear from people already using it.
Best regards,
Nir Simionovich
artNET Experts, Ltd.
Security & Systems Consultant
Israel
http://www.artnet.co.il
