Hi all,
A CRITICAL SECURITY FLAW in BlueOnyx 5210R has been found, which allows
privilege escalation of users that are not jailed. You are urged to
install the BlueOnyx 5210R security updates ASAP.
Affected Platforms:
BlueOnyx 5210R on CentOS 8
Type of vulnerability:
=
Hi Maurice,
> Now if I ssh to the box as a regular user with ssh access, I can become
> root without entering *any* password at all!
When I saw *this* message at 15:05 GMT-5 I took the BlueOnyx mailing
list sever offline to perform damage control.
CRITICAL VULNERABILITY that allows ROOT access t
Hi Michael,
On 05-03-20 19:45, Michael Stauber wrote:
But he can become root by using "su root-alter-admin" and entering his
*own* password.
Thank you for a thorough explanation.
But still I am not comfortable with it :-)
The root-admin has no password set in /etc/shadow on (this) 5210R; on
Hi Maurice,
> On both 5209R and 5210R I see a user-account 'root-admin'. I believe
> this is something for blueonyx?
>
> On 5209R, in /etc/shadow the password hash of this user is the same as
> for the user root.
> On 5210R however, this user seems to be without password (no hash in
> /etc/shadow
i need to add a v6 range to
"Allow Cache access from these Networks" in the DNS config
the gui only allows v4 ranges as a short term work around i have manually
added it to named.conf and done a chattr +i on the file
dont know how much effort it would take to make this field v6 capable
--
Op
On Mon March 2 2020 12:34, Michael Stauber wrote:
> Hi Larry,
>
> > What is the best way to delete all intermediate certs ?
>
> On the SSL GUI page. Click the button "Manage Certificate Authorities"
> and there you have the intermediates.
Michael,
Really appreciate your answers, but so far none
Hi Michael,
Just trying to understand what is going on here, just to be on the safe
side.
On both 5209R and 5210R I see a user-account 'root-admin'. I believe
this is something for blueonyx?
On 5209R, in /etc/shadow the password hash of this user is the same as
for the user root.
On 5210R
Hi Michael,
On 05-03-20 00:05, Michael Stauber wrote:
Indeed. There is no "php-imap" RPM for CentOS 8. At least not from the
official mirrors. I'll look into this, but for the meantime we can for
sure say that Z-Push won't work on 5210R until that's solved.
Too bad. Thanks for the clarificat
Morning Michael,
> Basically it's like this: They had a bug in the verification process for SSL
> certificates which affected certs with validity for multiple different
> domains.
I have just tried to add an LE cert (5209R) and got a kick back:
[Thu Mar 5 09:15:03 GMT 2020] Verify finished, st