On Wed, 23 Feb 2005 [EMAIL PROTECTED] wrote : >Send ilugd mailing list submissions to > ilugd@lists.linux-delhi.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://frodo.hserus.net/mailman/listinfo/ilugd >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at > [EMAIL PROTECTED] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of ilugd digest..." > > >Please trim replies before posting. > >Today's Topics: > > 1. (fwd) [SECURITY] [ GLSA 200502-28 ] PuTTY: Remote code > execution (Raj Mathur) > 2. (fwd) [SECURITY] iDEFENSE Security Advisory 02.21.05: > Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication > Buffer Overflow Vulnerability (Raj Mathur) > 3. ilugd meet in march - venue and misc (T.Meyarivan) > 4. nagios (Narender Hooda) > 5. Re: nagios (Pankaj kaushal) > 6. hi all (Guntupalli Karunakar) > 7. Re: hi all (Gaurav Vaish) > 8. Re: Re: [ilugd] how to install Red Hat linux (Ajay Mulwani) > 9. Creating Mysql DB in specified directory??? (santosh dubey) > 10. Re: hi all (Pankaj kaushal) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Tue, 22 Feb 2005 08:14:26 +0530 > From: Raj Mathur <[EMAIL PROTECTED]> >Subject: [ilugd] (fwd) [SECURITY] [ GLSA 200502-28 ] PuTTY: Remote > code execution >To: ilugd@lists.linux-delhi.org, > linux-india-help@lists.sourceforge.net >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii > >[Please upgrade if you use Putty on any platform -- Raju] > >This is an RFC 1153 digest. >(1 message) >---------------------------------------------------------------------- > >Mime-Version: 1.0 >Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" >Content-Disposition: inline >Message-ID: <[EMAIL PROTECTED]> > From: Luke Macken <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, > [EMAIL PROTECTED] >Subject: [ GLSA 200502-28 ] PuTTY: Remote code execution >Date: Mon, 21 Feb 2005 16:01:26 -0500 > > >--ew6BAiZeqk4r7MaW >Content-Type: text/plain; charset=us-ascii >Content-Disposition: inline > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Gentoo Linux Security Advisory GLSA 200502-28 >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: Normal > Title: PuTTY: Remote code execution > Date: February 21, 2005 > Bugs: #82753 > ID: 200502-28 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >Synopsis >======== > >PuTTY was found to contain vulnerabilities that can allow a malicious >SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP >clients. > >Background >========== > >PuTTY is a popular SSH client, PSCP is a secure copy implementation, >and PSFTP is a SSH File Transfer Protocol client. > >Affected packages >================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 net-misc/putty < 0.57 >= 0.57 > >Description >=========== > >Two vulnerabilities have been discovered in the PSCP and PSFTP clients, >which can be triggered by the SFTP server itself. These issues are >caused by the improper handling of the FXP_READDIR response, along with >other string fields. > >Impact >====== > >An attacker can setup a malicious SFTP server that would send these >malformed responses to a client, potentially allowing the execution of >arbitrary code on their system. > >Workaround >========== > >There is no known workaround at this time. > >Resolution >========== > >All PuTTY users should upgrade to the latest version: > > # emerge --sync > # emerge --ask --oneshot --verbose ">=net-misc/putty-0.57" > >References >========== > > [ 1 ] PuTTY vulnerability vuln-sftp-readdir > > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html > [ 2 ] PuTTY vulnerability vuln-sftp-string > > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html > [ 3 ] CAN-2005-0467 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0467 > [ 4 ] iDEFENSE Advisory > > http://www.idefense.com/application/poi/display?id=201&type=vulnerabilities > >Availability >============ > >This GLSA and any updates to it are available for viewing at >the Gentoo Security Website: > > http://security.gentoo.org/glsa/glsa-200502-28.xml > >Concerns? >========= > >Security is a primary focus of Gentoo Linux and ensuring the >confidentiality and security of our users machines is of utmost >importance to us. Any security concerns should be addressed to >[EMAIL PROTECTED] or alternatively, you may file a bug at >http://bugs.gentoo.org. > >License >======= > >Copyright 2005 Gentoo Foundation, Inc; referenced text >belongs to its owner(s). > >The contents of this document are licensed under the >Creative Commons - Attribution / Share Alike license. > >http://creativecommons.org/licenses/by-sa/2.0 > >--ew6BAiZeqk4r7MaW >Content-Type: application/pgp-signature >Content-Disposition: inline > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.6 (GNU/Linux) > >iD8DBQFCGkwlRsm3eDkOu7kRAmb+AJ41OpoJYi2orGhnaOz+Plpi3pn/9gCfVA1g >u6X5P8X4RpoDusKLtdf6qH8= >=X7OP >-----END PGP SIGNATURE----- > >--ew6BAiZeqk4r7MaW-- > >------------------------------ > >End of this Digest >****************** > >-- >Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ > GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F > It is the mind that moves > > > >------------------------------ > >Message: 2 >Date: Tue, 22 Feb 2005 08:19:26 +0530 > From: Raj Mathur <[EMAIL PROTECTED]> >Subject: [ilugd] (fwd) [SECURITY] iDEFENSE Security Advisory 02.21.05: > Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer > Overflow Vulnerability >To: ilugd@lists.linux-delhi.org, > linux-india-help@lists.sourceforge.net >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii > >[Updated curl packages should be available for Linux distributions >soon; please upgrade if you use curl with NTLM authentication on any >platform -- Raju] > >This is an RFC 1153 digest. >(1 message) >---------------------------------------------------------------------- > >Message-ID: <[EMAIL PROTECTED]> > From: "iDEFENSE Labs" <[EMAIL PROTECTED]> >To: <bugtraq@securityfocus.com>, <[EMAIL PROTECTED]> >Subject: iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor >cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability >Date: Mon, 21 Feb 2005 15:38:53 -0500 > >Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer >Overflow Vulnerability > >iDEFENSE Security Advisory 02.21.05: >www.idefense.com/application/poi/display?id=202&type=vulnerabilities >February 21, 2005 > >I. BACKGROUND > >cURL is a command line tool for transferring files with URL syntax, >supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. >More information about cURL and libcURL is available from: > > http://curl.haxx.se/ > >II. DESCRIPTION > >Remote exploitation of a stack-based buffer overflow in various Unix / >Linux vendors implementations of cURL could allow for arbitrary code >execution on the targeted host. > >An exploitable stack-based buffer overflow condition exists when using >NT Lan Manager (NTLM) authentication. The problem specifically exists >within Curl_input_ntlm() defined in lib/http_ntlm.c. Within this >function an unsigned stack-based character array of size 256, buffer[], >is passed to the Curl_base64_decode() routine defined in lib/base64.c as >can be seen here: > > size_t size = Curl_base64_decode(header, (char *)buffer); > >The Curl_base64_decode() routine relies on the calling function to >validate the decoded length. This function base64 decodes and copies >data directly from the HTTP reply of a server to the destination buffer, >in this case buffer[]. An attacker can construct a long base64 encoded >malicious payload that upon decoding will overflow the 256 byte static >buffer and overwrite the saved EIP. This in turn can lead to arbitrary >code execution. > >III. ANALYSIS > >Successful exploitation allows remote attackers to execute arbitrary >code >under the privileges of the target user. Exploitation requires that an >attacker either coerce or force a target to connect to a malicious >server using NTLM authentication. > >IV. DETECTION > >iDEFENSE has confirmed the existence of this vulnerability in cURL >version 7.12.1. It is suspected that prior versions are affected as >well. >Any application built using a vulnerable version libcURL will also be >affected. > >V. WORKAROUND > >Replace the static buffer allocation on line 106 in lib/http_ntlm.c: > > unsigned char buffer[256]; > >With a dynamic buffer allocation: > > unsigned char *buffer = (unsigned char *)malloc(strlen(header)); > >and recompile cURL. > >VI. VENDOR RESPONSE > >No vendor response received. > >VII. CVE INFORMATION > >A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not >been assigned yet. > >VIII. DISCLOSURE TIMELINE > >12/21/2004 Initial vendor notification - No response >02/10/2005 Secondary vendor notification - No response >02/21/2005 Public disclosure > >IX. CREDIT > >infamous41md[at]hotpop.com is credited with this discovery. > >Get paid for vulnerability research >http://www.idefense.com/poi/teams/vcp.jsp > >X. LEGAL NOTICES > >Copyright (c) 2005 iDEFENSE, Inc. > >Permission is granted for the redistribution of this alert >electronically. It may not be edited in any way without the express >written consent of iDEFENSE. If you wish to reprint the whole or any >part of this alert in any other medium other than electronically, please >email [EMAIL PROTECTED] for permission. > >Disclaimer: The information in the advisory is believed to be accurate >at the time of publishing based on currently available information. Use >of the information constitutes acceptance for use in an AS IS condition. >There are no warranties with regard to this information. Neither the >author nor the publisher accepts any liability for any direct, indirect, >or consequential loss or damage arising from use of, or reliance on, >this information. > > >------------------------------ > >End of this Digest >****************** > >-- >Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ > GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F > It is the mind that moves > > > >------------------------------ > >Message: 3 >Date: Tue, 22 Feb 2005 09:41:22 +0530 > From: "T.Meyarivan" <[EMAIL PROTECTED]> >Subject: [ilugd] ilugd meet in march - venue and misc >To: ilugd@lists.linux-delhi.org >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="ISO-8859-1"; format=flowed > >hoi > planning to hold the meet in MAIT (maharaja agrasen > institute of technology) - preferably on the third > saturday of march (or even sunday if its possible) > > those from MAIT - please stand up and start the > negotiations with the college/etc (prof suresh > chandra would definitely be interested - so - best > to talk to him) > > start the process.. > > > > > > > >------------------------------ > >Message: 4 >Date: Tue, 22 Feb 2005 12:20:44 +0530 > From: Narender Hooda <[EMAIL PROTECTED]> >Subject: [ilugd] nagios >To: ilugd@lists.linux-delhi.org >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII > >Hi all, > >I want that nagios send alerts by SMS to cell phone. >If anyone have any ideas plese guide me. > >thanks in advance >Narender > > > >------------------------------ > >Message: 5 >Date: Tue, 22 Feb 2005 17:18:56 +0530 > From: Pankaj kaushal <[EMAIL PROTECTED]> >Subject: Re: [ilugd] nagios >To: Narender Hooda <[EMAIL PROTECTED]>, The Linux-Delhi mailing > list <ilugd@lists.linux-delhi.org> >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii; format=flowed > >Narender Hooda wrote: > > Hi all, > > > > I want that nagios send alerts by SMS to cell phone. > > If anyone have any ideas plese guide me. > >Well! there are many ways... the easiest and cheapest is to use the >email gateway of your service provider. > >In the nagios contacts.cfg config where you write the email write the >cellphone's email address.. [EMAIL PROTECTED] > >the other method is to get a sms gateway. another method could be to >attach a cellphone to the server and send messaged from the cellphone >via an api the cellphone vendor provides. > >Cheers! >Pankaj. >-- >Always do right. This will gratify some people and astonish the rest. > >pub 1024D/94C525E2 2003-02-16 > Fingerprint=7A60 AE0C C773 2CD2 74E3 29F4 EEFD CD6D 94C5 25E2 > > > >------------------------------ > >Message: 6 >Date: Tue, 22 Feb 2005 18:32:21 +0530 > From: Guntupalli Karunakar <[EMAIL PROTECTED]> >Subject: [ilugd] hi all >To: ilugd@lists.linux-delhi.org >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII > >Hi all, > I arrived in delhi today. For a whoami , I am Karunakar , >coordinating IndLinux project (http://www.indlinux.org). Will be based >in Delhi for few months working from Sarai. > So now i am officially ilugd member ;-) > >Karunakar > > > >------------------------------ > >Message: 7 >Date: Tue, 22 Feb 2005 18:49:49 +0530 > From: Gaurav Vaish <[EMAIL PROTECTED]> >Subject: Re: [ilugd] hi all >To: The Linux-Delhi mailing list <ilugd@lists.linux-delhi.org> >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII > >Hi Karunakar, > > > in Delhi for few months working from Sarai. > > Welcome to Delhi. Well, I'm in B'lore right now but still, I can >welcome you. ;-) > > And.. welcome to Sarai. I haven't been to Sarai for more than 1 >year now... but I can bet it still will be a cool place to do cool >thinks. > > Best wishes for your future ventures! And haan.. say my Hi to Mary! >If you still don't know him, you will (read: must) meet him. :-D > >-- >Cheers, >Gaurav Vaish >http://www.mastergaurav.org >http://mastergaurav.blogspot.com >-------------------------------- > > > >------------------------------ > >Message: 8 >Date: Wed, 23 Feb 2005 02:15:53 +0530 > From: Ajay Mulwani <[EMAIL PROTECTED]> >Subject: Re: Re: [ilugd] how to install Red Hat linux >To: Arhant Jain <[EMAIL PROTECTED]> >Cc: The Linux-Delhi mailing list <ilugd@lists.linux-delhi.org> >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=US-ASCII > >Both the links are working fine. > >If you are able to access rediffmail, there is no reason for these >links to be unavailable... anyway pls. wait a response from someone >else as I don't have ready documentation available. > >Alternatively, if you want to try; just boot the machine from first CD >and online help is available on the left panel of the installation >windows. > >Ajay > > > > > > > >On 22 Feb 2005 18:32:58 -0000, Arhant Jain <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > Thanks, > > I am sorry to write you that the links are not active. I am getting a > > message "Cannot find Server". > > Pl. help me. > > bye > > > > > > On Sat, 19 Feb 2005 Ajay Mulwani wrote : > > > > >For recommended partitioning scheme refer... > > >http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/install-guide/s1-diskpartitioning.html#S2-DISKPARTRECOMMEND > > > > > >... and the complete install guide is available at: > > >http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/install-guide/ > > > > > >Ajay > > > > > > > > >On 18 Feb 2005 18:42:06 -0000, Arhant Jain <[EMAIL PROTECTED]> > > wrote: > > > > Hi all, > > > > I m a new learner of linux. > > > > I have 2 GB primary partition and 32 GB extended having 4 logical drives > > and rest is unused by DOS. > > > > Pl. guide me how to partition for linux and the size of each one. > > > > bye > > > > > > > > _______________________________________________ > > > > ilugd mailinglist -- ilugd@lists.linux-delhi.org > > > > http://frodo.hserus.net/mailman/listinfo/ilugd > > > > Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi > > http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ > > > > > > > > > > > > > > > > > >------------------------------ > >Message: 9 >Date: Tue, 22 Feb 2005 20:41:10 -0800 (PST) > From: santosh dubey <[EMAIL PROTECTED]> >Subject: [ilugd] Creating Mysql DB in specified directory??? >To: ilugd@lists.linux-delhi.org >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii > >Dear Sys Admin.... > >Is it possible to create a mysql DB at specified >position such as /home/skdubey/db/. >if yes then how...? >I will be thankful for your answer.... > >have a nice day. >skdubey > > > >__________________________________ >Do you Yahoo!? >Yahoo! Mail - Easier than ever with enhanced search. Learn more. >http://info.mail.yahoo.com/mail_250 > > > >------------------------------ > >Message: 10 >Date: Wed, 23 Feb 2005 10:29:26 +0530 > From: Pankaj kaushal <[EMAIL PROTECTED]> >Subject: Re: [ilugd] hi all >To: The Linux-Delhi mailing list <ilugd@lists.linux-delhi.org> >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii; format=flowed > >Guntupalli Karunakar wrote: > > Hi all, > > I arrived in delhi today. For a whoami , I am Karunakar , > > coordinating IndLinux project (http://www.indlinux.org). Will be based > > in Delhi for few months working from Sarai. > > So now i am officially ilugd member ;-) >Welcome aboad! :) > >We(are there more of us speak up?) are considering a Linux-delhi >bangalore chapter /*tongue in cheek*/ what do you say gaurav? > >Cheers! >Pankaj >-- >Always do right. This will gratify some people and astonish the rest. > >pub 1024D/94C525E2 2003-02-16 > Fingerprint=7A60 AE0C C773 2CD2 74E3 29F4 EEFD CD6D 94C5 25E2 > > > >------------------------------ > >_______________________________________________ >ilugd mailing list >ilugd@lists.linux-delhi.org >http://frodo.hserus.net/mailman/listinfo/ilugd > > >End of ilugd Digest, Vol 23, Issue 26 >************************************* _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
