Bugtraq mailing list archives

Re: Cobalt RaQ2 - and QUBE2

From: nirs () VIPE TECHNION AC IL (Nir Simionovich (Rin Solo))
Date: Sat, 29 Jan 2000 17:44:43 +0200


Hi Chuck,

On Thu, 27 Jan 2000, Chuck Pitre - Technical Support wrote:

Needles to say that was scary :)
anyhow I rather feel embarrassed about this one (actually I can't believe
I didn't think of it myself)

I've pasted his email to me below.  I have not yet attempted to duplicate
the bug.


  Well, this is not a new thing. Actually, from a test I conducted on the
Cobalt QUBE2 machine, it suffers from serious securiy flaws. For example,
the web GUI interface once initiated with the admin password, would
remember the station you entered from. Thus, if you don't close your
browser, and you change sites, someone can come to your machine, punch up
the QUBE2 admin site, and walla, instant admin.

  Another matter was the fact that the QUBE2 isn't SSL managed. Which made
it very simple for me to go and sniff the passwords out on the network :-)

  I don't want to start commenting on the 2.0.31 kernel that is installed
on this R4000 based machine, but hey, this is not the place. I guess we
all know about flews in Linux 2.0.31 kernel.

  In any case, if you are using the RAQ2 and RAQ3 products, and you have
more information available, please send it over ASAP. Our company is at
the edge of choosing a Linux platform for V-Hosting, and we would like to
hear from people already using it.

Best regards,
  Nir Simionovich
  artNET Experts, Ltd.
  Security & Systems Consultant
  Israel
  http://www.artnet.co.il

Current thread:

Re: S/Key & OPIE Database Vulnerability, (continued)
- - - Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 26)
    - Future of s/key (Re: S/Key & OPIE Database Vulnerability) Frasnelli, Dan (Jan 26)
    - Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
    - "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
    - Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
    - Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
    - Multicast from hell John Watkins (Jan 27)
    - Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
    - Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
    - Tempfile vulnerabilities foo (Jan 30)
    - [FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs] Patrick Oonk (Jan 28)
    - Re: Multicast from hell Omachonu Ogali (Jan 28)
    - FTPPro has weird features - Fwd: Important matter for your abuse department Cedric Amand (Jan 28)
    - New SCO patches... Aaron Sigel (Jan 27)
    - Qpopper security bug Zhodiac (Jan 26)
    - Re: S/Key & OPIE Database Vulnerability Dug Song (Jan 26)
    - Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Jan 26)
    - Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Mnemonix (Jan 26)
    - Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Fredrik Widlund (Jan 30)

(Thread continues...)