WebMaster wrote:
> > > (pureftpd is more secure than proftpd)
>
> it s because we can read on pureftpd.org:
>
> "the number of root exploits found since the very first released
> version is zero"
>
> we can t read things like that on postfix.org and proftpd.org
You definitly need to check out v
hello Bastian,
> http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
waaa... thanks a lot for those informations :-)
perhaps you know a "qmailadmin" for postfix?
(i searched a lot and find none, like for your qmail-bugs file :-P)
thanks in advance
Ivan Rambeau
FranceOnLin
hello Joey,
> You definitly need to check out vsftpd then. It's got "very secure" it
> it's _name_, so it must be secure!
good joke :-)
i do not just read what is written on web sites...
is openbsd a secure distrib?
there is one alternative to proftpd in this distrib: pureftpd!
;-)
-
I apologize but have to response for the following..
Quoting Lupe Christoph <[EMAIL PROTECTED]>:
> Correct me if I'm wrong, but don't we expect people who run unstable to
> diagnoseproblems themselves?
> If they can't they should be running stable
> or at least testing?
..or actually don't know
WebMaster wrote:
> > > (pureftpd is more secure than proftpd)
>
> it s because we can read on pureftpd.org:
>
> "the number of root exploits found since the very first released
> version is zero"
>
> we can t read things like that on postfix.org and proftpd.org
You definitly need to check out
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
> On Wednesday, 02 October 2002, at 20:21:26 +0200,
> jernej horvat wrote:
>
> > so to you a reward is proof of security ? :-]
> At least not for me. But a reward offered 5 years ago that not only
> hasn't been awarded, but e
Debian testing and unstable use it too..
-- Missatge transmès --
Subject: Re: Squirrel Mail 1.2.7 XSS Exploit
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
From: "Jason Munro" <[EMAIL PROTECTED]>
To:
DarC KonQuesT said:
> Sorry if you receive two of these.
>
> DarC KonQu
On Wed, 2002-10-02 at 21:13, Lupe Christoph wrote:
> Correct me if I'm wrong, but don't we expect people who run unstable to
> diagnoseproblems themselves? If they can't they should be running stable
> or at least testing?
Excuse me sir !
But well, if I run unstable and I find a strange problem
This one time, Lupe Christoph wrote:
> Correct me if I'm wrong, but don't we expect people who run unstable to
> diagnoseproblems themselves? If they can't they should be running stable
> or at least testing?
I think there's nothing wrong with helping someone out, no matter
which group they're run
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Unstable is not just a name...
Lupe Christoph
On Wednesday, 2002-10-02 at 09:44:38 -0700, Anne Carasik wrote:
> This one time, Alex
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
> so to you a reward is proof of security ? :-]
>
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even has not even been asked for, maybe is a
proof of a piece of software without g
On Wednesday, 02 October 2002, at 19:19:50 +0200,
WebMaster wrote:
> there is a .deb for postfix and not for qmail?
> (qmail is more secure than postfix)
>
Redistribution terms for qmail prevent it from being packaged in binary
form whenever the binary is not the exact result of a compilation fro
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
> On Wednesday, 02 October 2002, at 20:21:26 +0200,
> jernej horvat wrote:
>
> > so to you a reward is proof of security ? :-]
> At least not for me. But a reward offered 5 years ago that not only
> hasn't been awarded, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Ralf Dreibrodt writes:
>Hello withoutrealname,
>WebMaster wrote:
>> > well, the software is just about one year old, right?
>> > so there probably aren't a lot of people who u
Debian testing and unstable use it too..
-- Missatge transmès --
Subject: Re: Squirrel Mail 1.2.7 XSS Exploit
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
From: "Jason Munro" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
DarC KonQuesT said:
> Sorry if you receive two of these
Hello withoutrealname,
WebMaster wrote:
>
> > well, the software is just about one year old, right?
> > so there probably aren't a lot of people who use it, so there aren't
> > lot of attacks.
> > just wait one and two years and there probably will be some bugs.
>
> no
>
> qmail...
i was talki
hello Ralf,
> well, the software is just about one year old, right?
> so there probably aren't a lot of people who use it, so there aren't
> lot of attacks.
> just wait one and two years and there probably will be some bugs.
no
"
As of October 2001, more than 70 reachable IP addresses are r
On Wed, 2002-10-02 at 21:13, Lupe Christoph wrote:
> Correct me if I'm wrong, but don't we expect people who run unstable to
> diagnoseproblems themselves? If they can't they should be running stable
> or at least testing?
Excuse me sir !
But well, if I run unstable and I find a strange problem
> so to you a reward is proof of security ? :-]
lol, of course not :-P
(i searched vulnerabilies and exploits and fine none)
Ivan Rambeau
FranceOnLine
This one time, Lupe Christoph wrote:
> Correct me if I'm wrong, but don't we expect people who run unstable to
> diagnoseproblems themselves? If they can't they should be running stable
> or at least testing?
I think there's nothing wrong with helping someone out, no matter
which group they're ru
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Unstable is not just a name...
Lupe Christoph
On Wednesday, 2002-10-02 at 09:44:38 -0700, Anne Carasik wrote:
> This one time, Ale
And the winner is .
> just a guess:
> What about disabling all "session"-entries except the first in the
> /etc/pam.d/shh like this:
Marcus !!
Wünderbar ! :)
It works when I disable other session entries.
Thanks a lot to all of you, I'm really happy to come back to ssh (telnet
sucks
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
> so to you a reward is proof of security ? :-]
>
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even has not even been asked for, maybe is a
proof of a piece of software without
On Wednesday, 02 October 2002, at 19:19:50 +0200,
WebMaster wrote:
> there is a .deb for postfix and not for qmail?
> (qmail is more secure than postfix)
>
Redistribution terms for qmail prevent it from being packaged in binary
form whenever the binary is not the exact result of a compilation fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 20:09, WebMaster wrote:
> we can t read things like that on postfix.org and proftpd.org
so to you a reward is proof of security ? :-]
eod.
news.comp.os.linux.security:
"It is not STUPID to compare anything to anything.
thanks a lot for all your answers
;-)
Ivan Rambeau
FranceOnLine
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
> In March 1997, I offered $500 to the first person to publish a
> verifiable security hole in the latest version of qmail...
> My offer still stands. Nobody has found any security holes in qmail.
> it s because we can read on pureftpd.
hello David,
if i wrote this:
> > (qmail is more secure than postfix)
it s because we can read on qmail.org:
"
In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail...
My offer still stands. Nobody has found any security holes in
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
> hello Kourosh,
>
> > There are .debs for qmail. The debs are not official because
> > qmail apparently doesn't adhere to Debain Policy.
>
>
> what do you mean by debian policy? (under gnu/gpl?)
>
>
>
> Ivan Rambeau
> Fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Ralf Dreibrodt writes:
>Hello withoutrealname,
>WebMaster wrote:
>> > well, the software is just about one year old, right?
>> > so there probably aren't a lot of people who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 19:19, WebMaster wrote:
> there is a .deb for postfix and not for qmail?
djb knows it better then the rest of the globe so you may not redistribute
binaries of his "free/open" sw.
you have this package that migh help yo
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
> hello Kourosh,
>
> > There are .debs for qmail. The debs are not official because
> > qmail apparently doesn't adhere to Debain Policy.
>
>
> what do you mean by debian policy? (under gnu/gpl?)
google -> debian dfsg
Jesse
--
Jesus
hello Kourosh,
> There are .debs for qmail. The debs are not official because
> qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
WebMaster wrote:
> hello,
>
> when i posted this question to debian-user-french
> i had no (good) answers.
>
> perhaps somebody here could explain me why:
>
> there is a .deb for postfix and not for qmail?
The license, or lack thereof does not allow binary redistribution which
alters the way qmail
Hello withoutrealname,
WebMaster wrote:
>
> > well, the software is just about one year old, right?
> > so there probably aren't a lot of people who use it, so there aren't
> > lot of attacks.
> > just wait one and two years and there probably will be some bugs.
>
> no
>
> qmail...
i was talk
Ivan,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
The .debs can be found at http://smarden.org/pape/Debian
I don't know about pureftpd so can't comment. =)
Regards.
Kourosh
On Wed, Oct 02, 2002 at 07:19:50PM +0200, WebMaster
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
there is a .deb for proftpd and not for pureftpd?
(pureftpd is more secure than proftp
hello Ralf,
> well, the software is just about one year old, right?
> so there probably aren't a lot of people who use it, so there aren't
> lot of attacks.
> just wait one and two years and there probably will be some bugs.
no
"
As of October 2001, more than 70 reachable IP addresses are
Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
> At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
> >did you check all module invoked in /etc/pam.d/ssh can be found
> >in /lib/security/ ?
>
> Yes it can be found.
>
> here, take a look :
Hi,
just a guess:
What about disabling all
This one time, Alexis Sukrieh wrote:
> Well, again it is not the solution for me !
> It is yet turned off
Hmmm.. not sure.
> is this a common problem ??? I'm surprised in the way that every
> intelligent solutions you all provide to me are ineffectvie...
Hmmm.. try apt-get remove --purge o
> so to you a reward is proof of security ? :-]
lol, of course not :-P
(i searched vulnerabilies and exploits and fine none)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
And the winner is .
> just a guess:
> What about disabling all "session"-entries except the first in the
> /etc/pam.d/shh like this:
Marcus !!
Wünderbar ! :)
It works when I disable other session entries.
Thanks a lot to all of you, I'm really happy to come back to ssh (telnet
sucks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 20:09, WebMaster wrote:
> we can t read things like that on postfix.org and proftpd.org
so to you a reward is proof of security ? :-]
eod.
news.comp.os.linux.security:
"It is not STUPID to compare anything to anything
thanks a lot for all your answers
;-)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
> In March 1997, I offered $500 to the first person to publish a
> verifiable security hole in the latest version of qmail...
> My offer still stands. Nobody has found any security holes in qmail.
> it s because we can read on pureftpd
hello David,
if i wrote this:
> > (qmail is more secure than postfix)
it s because we can read on qmail.org:
"
In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail...
My offer still stands. Nobody has found any security holes i
At 17:25 02/10/2002 +0200, Giacomo Mulas wrote:
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an unpr
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
> hello Kourosh,
>
> > There are .debs for qmail. The debs are not official because
> > qmail apparently doesn't adhere to Debain Policy.
>
>
> what do you mean by debian policy? (under gnu/gpl?)
>
>
>
> Ivan Rambeau
> F
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 19:19, WebMaster wrote:
> there is a .deb for postfix and not for qmail?
djb knows it better then the rest of the globe so you may not redistribute
binaries of his "free/open" sw.
you have this package that migh help y
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an unprivileged user. Is PAMAuthenticationViaKbdInt
enabl
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
> hello Kourosh,
>
> > There are .debs for qmail. The debs are not official because
> > qmail apparently doesn't adhere to Debain Policy.
>
>
> what do you mean by debian policy? (under gnu/gpl?)
google -> debian dfsg
Jesse
--
Jesu
hello Kourosh,
> There are .debs for qmail. The debs are not official because
> qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a su
WebMaster wrote:
> hello,
>
> when i posted this question to debian-user-french
> i had no (good) answers.
>
> perhaps somebody here could explain me why:
>
> there is a .deb for postfix and not for qmail?
The license, or lack thereof does not allow binary redistribution which
alters the way qmai
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
Yes it can be found.
here, take a look :
__
poseidon:/etc/pam.d# cat /etc/pam.d/ssh
#%PAM-1.0
auth require
Ivan,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
The .debs can be found at http://smarden.org/pape/Debian
I don't know about pureftpd so can't comment. =)
Regards.
Kourosh
On Wed, Oct 02, 2002 at 07:19:50PM +0200, WebMaster
Hi Alexis,
Did you setup /etc/pam.d/ssh?
-Anne
This one time, Alexis Sukrieh wrote:
> Hehe :)
>
> yes, but before mailing here, I've supposed that there was a missing
> packagedependance in unstable and I look for pam* stuff.
>
> I found those ones
>
> libpam-modules - Pluggable Authenticati
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
c++, Tonio
En réponse à Anne Carasik <[EMAIL PROTECTED]>:
> Hi there,
>
> This might provide a clue:
> debug1: PAM setting tty to \"/dev/pts/3\"
> PAM session setup failed[28]: Module is unknown
>
> -Anne
>
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
there is a .deb for proftpd and not for pureftpd?
(pureftpd is more secure than proft
Hehe :)
yes, but before mailing here, I've supposed that there was a missing
packagedependance in unstable and I look for pam* stuff.
I found those ones
libpam-modules - Pluggable Authentication Modules for PAM
libpam0g - Pluggable Authentication Modules library
and I installed it.
I also i
Hi there,
This might provide a clue:
debug1: PAM setting tty to "/dev/pts/3"
PAM session setup failed[28]: Module is unknown
-Anne
This one time, Alexis Sukrieh wrote:
> here is the full output
>
> ( I've turned UsePrivilegeSeparation to "no" )
>
>
>
Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
> At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
> >did you check all module invoked in /etc/pam.d/ssh can be found
> >in /lib/security/ ?
>
> Yes it can be found.
>
> here, take a look :
Hi,
just a guess:
What about disabling all
here is the full output
( I've turned UsePrivilegeSeparation to "no" )
___
poseidon:~# sshd -ddd
debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-2
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type
Kill your sshd. Run it in debugging mode (it will not
fork a process):
# sshd -ddd
Open another window, now run the client in verbose mode:
$ ssh -vvv [EMAIL PROTECTED]
Then email us the output. :) Otherwise, this is really difficult
to troubleshoot.
-Anne
This one time, Alexis Sukrieh wrot
This one time, Alexis Sukrieh wrote:
> Well, again it is not the solution for me !
> It is yet turned off
Hmmm.. not sure.
> is this a common problem ??? I'm surprised in the way that every
> intelligent solutions you all provide to me are ineffectvie...
Hmmm.. try apt-get remove --purge
You're right, it was set to yes but after putting it to 'no', the same
problem is still there...
At 16:11 02/10/2002 +0200, you wrote:
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
"UsePrivilegeSeparation no"
Alexis Sukrieh (sukria), <[EMAIL PROTECTED]>
.
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
"UsePrivilegeSeparation no"
Cheers.
On Wed, 2002-10-02 at 16:00, Alexis Sukrieh wrote:
> Hello there :)
>
> I run debian unstable.
>
> I've just upgraded to the latest ssh package and I cannot connect to my box
>
Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor using ssh.
I've set up telnet to test it and it works fine with telnet.
First, here is the output when user try to connect to the box :
At 17:25 02/10/2002 +0200, Giacomo Mulas wrote:
> since openssh v3.3 was released, I never got it to work well with
>PAM. I think it has something to do with privilege separation, whereby
>the listening daemon is unable to use PAM due to insufficient privileges,
>since it is running as an
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an unprivileged user. Is PAMAuthenticationViaKbdInt
enab
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
>did you check all module invoked in /etc/pam.d/ssh can be found
>in /lib/security/ ?
Yes it can be found.
here, take a look :
__
poseidon:/etc/pam.d# cat /etc/pam.d/ssh
#%PAM-1.0
auth require
Hi Alexis,
Did you setup /etc/pam.d/ssh?
-Anne
This one time, Alexis Sukrieh wrote:
> Hehe :)
>
> yes, but before mailing here, I've supposed that there was a missing
> packagedependance in unstable and I look for pam* stuff.
>
> I found those ones
>
> libpam-modules - Pluggable Authenticat
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
c++, Tonio
En réponse à Anne Carasik <[EMAIL PROTECTED]>:
> Hi there,
>
> This might provide a clue:
> debug1: PAM setting tty to \"/dev/pts/3\"
> PAM session setup failed[28]: Module is unknown
>
> -Anne
Hehe :)
yes, but before mailing here, I've supposed that there was a missing
packagedependance in unstable and I look for pam* stuff.
I found those ones
libpam-modules - Pluggable Authentication Modules for PAM
libpam0g - Pluggable Authentication Modules library
and I installed it.
I also in
Hi there,
This might provide a clue:
debug1: PAM setting tty to "/dev/pts/3"
PAM session setup failed[28]: Module is unknown
-Anne
This one time, Alexis Sukrieh wrote:
> here is the full output
>
> ( I've turned UsePrivilegeSeparation to "no" )
>
>
> ___
here is the full output
( I've turned UsePrivilegeSeparation to "no" )
___
poseidon:~# sshd -ddd
debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-2
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type
Kill your sshd. Run it in debugging mode (it will not
fork a process):
# sshd -ddd
Open another window, now run the client in verbose mode:
$ ssh -vvv user@host
Then email us the output. :) Otherwise, this is really difficult
to troubleshoot.
-Anne
This one time, Alexis Sukrieh wrote:
> Yo
You're right, it was set to yes but after putting it to 'no', the same
problem is still there...
At 16:11 02/10/2002 +0200, you wrote:
>You need to turn off UsePrivilegeSeparation
>in your /etc/ssh/sshd_config file.
>
>"UsePrivilegeSeparation no"
Alexis Sukrieh (sukria), <[EMAIL PROTECTED]>
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
"UsePrivilegeSeparation no"
Cheers.
On Wed, 2002-10-02 at 16:00, Alexis Sukrieh wrote:
> Hello there :)
>
> I run debian unstable.
>
> I've just upgraded to the latest ssh package and I cannot connect to my box
>
Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor using ssh.
I've set up telnet to test it and it works fine with telnet.
First, here is the output when user try to connect to the box :
_
79 matches
Mail list logo