Rackshack.net issued a security warning about Raq compromises. Mainly telling sysadmins to update their Raqs with the latest patches. I've installed all patches, including those requiring a re-boot, without any difficulty. The easiest way to update your machine is to use the URL fetch feature of the control panel.


Snippets from the email.
Recently there has been an increase in server compromises; this problem is due to the lack of installations of recent security patches for the RaQs.

....

We strongly recommend and urge our customers to ensure that the most recent and up to date patches are installed on your RaQs.
These patches can be found at: www.cobalt.com/support/download and select your RaQ model from the download menu.

Aloha
yeah got this email also
allready up to date
but amazed they posted it
wonder if other rack hosts have done that ???

We strongly recommend and urge our customers to ensure that the most recent and up to date patches are installed on your RaQs.

I find this slightly bad advice actually. If anyone has followed the history of the patches and problems, this is not exactly the same advice I would give. But that's just me.

Originally posted by Chicken
We strongly recommend and urge our customers to ensure that the most recent and up to date patches are installed on your RaQs.

I find this slightly bad advice actually. If anyone has followed the history of the patches and problems, this is not exactly the same advice I would give. But that's just me.

it seems like fairly solid advice to me. What would your recommendation be as far as security issues with the raq?

David

I have been using Cobalt Products for 4 years, and like Chicken suggests, I would wait until the patches have been released for 4-5 weeks as time and time again they have released security updates that have had major flaws in them.

Some of these bugs have rendered the server completely inoperable.

I have been using RAQ's for 4 years

The thought the first RAQ was released in first Quarter of '99, RAQ2 in third Quarter '99

Apologies that should read "Cobalt Products".

Originally posted by cgisupp
I have been using Cobalt Products for 4 years, and like Chicken suggests, I would wait until the patches have been released for 4-5 weeks as time and time again they have released security updates that have had major flaws in them.

Some of these bugs have rendered the server completely inoperable.

I don't think the email was sent to tell people to install brand new released patches ... but to get current with the existing cobalt patches. That was my interpretation. From what you are saying it seems like it is not always a good idea to install a patch as soon as it comes out ...

David

Wait about 4-6 weeks to install a cobalt patch, they usually make a security hole while blocking another one, and they have been known for releaseing security fixes for their security fixes.....

After 4-6 weeks, usually they have it bugged out...

at what point do we install the patch...
since the security fix for a security fix might have a security hole!
confusing to me ...

I try to install patches the fix root exploits as soon as possible. If Cobalt already has a patch, then most likely, there are scanners looking for the exploit. Buffer overruns of programs that run as root are easy to exploit -- takes about 5 minutes to gain root by redirecting identd to open a new port with a shell.

I would recommend installing patches that fix buffer overruns and potential root exploits within a week of their release. I would rather have a new unknown security hole than a well publicized one.

With regard to patch stability, I have been fortunate in that most recent patches have functioned without too many issues. Fortunately, we have a dedicated development box, so we can test everything before going live.

If you have a heavily modified Raq or have modified any of the parts the patch is updating, you should do a bit of research first. If I have installed or updated something manually, I do not later try to update it with a pkg file. Package managment utilities (pkg, rpm, etc.) often have their own schemes about file placement. Directory trees are rarely the same between standard tar distributed and rpm-based packages. If you have installed something manually, then you should updated it manually -- this is a good way to avoid some problems.




Note, some patches may not be necessary to install right away. Many security patches are to prevent those already with shell accounts from executing commands or programs to which they should not have access. These types of patches can be installed much later if all of your users are trusted.

I do not think you can use a blanket statement like *all* patches. Some need to be installed immediatally.

Ex... RaQ3-All-Security-4.0.2-9353.pkg

For those who waited 6 weeks, many got hammered by this DNS exploit. OLM and others can attest to this. We had two boxes cracked within the same week waiting for this patch to come out. Right when it was released, we installed it and haven't had trouble since.

However, for most patches, it is a good idea to wait. If not, you may have issues like your box stuck in constant reboot after an install. Remember for about a day or two, Cobalt said "sorry for the earlier version of this patch and the errors it may caused". Maybe they should have wrote that to our 150 customers on a box in contant reboot that were down for 5 hours.

hi, I got that email too. Can you tell me which patch to start with? they have so many patches there, and I have to apply them in chronical order, right?


thanks.

Originally posted by diyoha
I don't think the email was sent to tell people to install brand new released patches ... but to get current with the existing cobalt patches.

David, I'm not sure what else this would mean:

We strongly recommend and urge our customers to ensure that the most recent and up to date patches are installed on your RaQs.

- ??? Seems that is exactly what they are suggesting.

Keep in mind there is not exact rule to this. The benefits of installing a new patch may outweigh the risk, but just be aware that Cobalt has released (and then removed quickly), some patches that did disable the machines. I'd be particularly careful if you've added any non-cobalt pkgs, or done modifications (as these may has a unpleasant and unexpected effect).

It is a good idea to at least check the mailing list (even ask yourself), about a particular update.

wht -
Instructions are posted at the top of the update page for your model.