Hi all, Everyone with a Sun Cobalt Controlstation should pull up the drawbridge and firewall the Apache ports 80, 81, 443 and 444. Or power the thing down as fast as you can.
I just have gotten my ControlStation hacked due to a vulnerability in the GUI. Fortunately my IDS stuff caught it reasonably quick before any damage could be done. The problem is apparently that a particular page in the GUI is accessible without authentication and can be tricked into spawning a rootshell. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
