• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Cobalt RaQ2 cgiwrap Vulnerability

Solution:
Cobalt has released patches to adress this problem. The patches are available from the following locations:

Cobalt Networks is dedicated to providing secure platforms.
Accordingly, we have just completed a fix for this bug that is available
in RPM format, which can be found at the following locations:

RaQ 3i (x86)
RPM:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/rpms/cgiwrap-pacifica-3.6.4.C5.i386.rpm
SRPM:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/srpms/cgiwrap-pacifica-3.6.4.C5.src.rpm

RaQ 2 (MIPS)
RPM:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/rpms/cgiwrap-raq2-3.6.4.C5.mips.rpm
SRPM:
ftp://ftp.cobaltnet.com/pub/experimental/secuirty/srpms/cgiwrap-raq2-3.6.4.C5.src.rpm

Cobalt also included the following information in their release:

MD5 sum Package Name
--------------------------------------------------------------------------
701b43ba607edee44c684ac2d428e710 cgiwrap-pacifica-3.6.4.C5.i386.rpm
41b7277afefb199c01a212dc86dab05b cgiwrap-pacifica-3.6.4.C5.src.rpm
0484a11647a3700fa0b9afe431c55d19 cgiwrap-raq2-3.6.4.C5.mips.rpm
5f3b483c352d25b3b11d266811e8b933 cgiwrap-raq2-3.6.4.C5.src.rpm

You can verify each rpm using the following command:
rpm --checksig [package]

To install, use the following command, while logged in as root:
rpm -U [package]

The package file format (pkg) for this fix is currently in testing, and
will be available in the very near future.