Hi all, > The problem is apparently that a particular page in the GUI is accessible > without authentication and can be tricked into spawning a rootshell.
I just finished my forensics on the rooted ControlStation and this is indeed pretty bad. The nature of the exploit easily reveals the admin passwords of all monitored servers to the attacker. Shell access is not required and a browser is enough for this hack. Does someone have an email address @sun where I can report this? I called the toll free US number, got directed to use their webpage and am now stuck in that maze without the ability to report anything there. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
