[14466] in bugtraq
[ Cobalt ] Security Advisory -- 03.31.2000
daemon@ATHENA.MIT.EDU (Jeff Lovell)
Fri Mar 31 21:00:56 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38E546D8.7C0711DF@cobalt.com>
Date: Fri, 31 Mar 2000 16:46:16 -0800
Reply-To: Jeff Lovell <jlovell@COBALT.COM>
From: Jeff Lovell <jlovell@COBALT.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Cobalt Networks -- Security Advisory -- 03.31.2000
Problem:
RaQ2 and RaQ3 allow remote users to view the contents of
an .htaccess file contained within a public website.
Relevant products and architectures
Product Architecture Vulnerable
Qube1 MIPS No
Qube2 MIPS No
RaQ1 MIPS No
RaQ2 MIPS Yes
RaQ3 x86 Yes
If your system is at risk you can you can downloaded the relevant
package and install it. These are beta versions of the packages, Cobalt
is currently testing these packages.
RaQ 2 -
ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ2-All-Security-Point-2.97.pkg
RaQ 3 -
ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ3-All-Security-Point-2.4.pkg
If you experience any problems with these packages please email
jlovell@cobalt.com or security@cobalt.com.
--
Jeff Lovell
Software Engineer
Cobalt Networks, Inc.
