Cobalt Raq Security Vulnerabilities - February

CVE-1999-0408

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

CVE-1999-0831

Denial of service in Linux syslogd via a large number of connections.

CVE-2000-0117

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).