Sun Microsystems continues to battle operating system vulnerabilities in its doomed line of Cobalt appliance servers....
Administrators should upgrade to prevent remote exploits that could include cracking private keys, exposing confidential data, spoofing identities, escalating privileges, executing arbitrary code and denial of service.
Sun is still providing software updates, even though it's no longer selling the Cobalt line. In December, Sun moved its Cobalt appliance server brand to the "end-of-life" section.
Perhaps the most serious vulnerability is a heap-based buffer overflow in rsync. Remote attackers can use this to gain access to a system or execute arbitrary code. Sun has fixes for RaQ 550, Qube 3 and RaQ 4.
A defect in gnupg incorrectly creates El Gamal sign and encrypt keys using the same key component. This could allow an attacker to get the private key from a signature, which could be used to spoof identities and decrypt confidential data. Fixes are available for Qube 3, RaQ 550 and RaQ XTR.
An integer overflow in the ls program in the fileutils or coreutils packages can render applications that use ls, including wu-ftpd, vulnerable to remote exploitation. Attackers could cause a denial of service on the server. There are fixes for RaQ XTR, RaQ 550, Qube 3 and RaQ 4.
Finally, an update is available for an unspecified vulnerability in IPtables on RaQ 550.
Many ISPs use Cobalt application servers. Only a month ago, Sun released fixes for problems with BIND, slocate, tcpdump, apache, ProFTPD and PostgreSQL. Sun plans to continue providing a knowledgebase and support forum for Cobalt RaQ 550 until 2007.