Re: raw disk access
What you're asking for is trivially available on all Linux systems. Through the "/dev" filesystem, the kernel makes many hardware devices available to ordinary programs. For example, if you had mounted your target disk as the secondary master hard drive, you could create an image of the disk by doing: cp /dev/hdc ~/disk-image Or search a floppy disk for intelligible-looking strings: strings /dev/fd0 | less Note: speaking from experience, it's *very* important to pipe the results to less - you wouldn't believe how many false-positives you get in 1.44MB of data :) You could also make an image of a single partition and mount the image: fdisk -l /dev/hdb (to examine the partition table) cat /dev/hdb1 > ~/disk-image mount -o ro,loop ~/disk-image /mnt/misc It is traditional to use "dd" for direct hardware access because it supports even very complex operations - e.g. to look for text between the 27th and 33rd megabyte from the fourth partition of a SCSI disk, logging your output to "logfile", do: dd if=/dev/sda4 bs=1M skip=27 count=6 | strings | tee logfile | less It's a common trick to backup a system by pointing tar straight at a device: tar jcvvf /dev/tape /home/* The program "file" (yes, it is a confusing name) can be used to diagnose many common file formats, though you have to trick it into looking beyond the fact that it's looking at a device instead of a normal file: cat /dev/cdrom | file If you intend to examine ext2 filesystems which have had files recently deleted, you should look at 'debugfs', and the various undeletion-related HOWTOs available from the LDP. Of course, the other side of the forensic coin is also well represented under Linux. To destroy a file with little or no trace, do: shred The "/dev" filesystem is an example of the general Unix philosophy that "everything is either a file or a process". This simple, universal rule makes it possible to use the full range of standard Unix tools everywhere - for example, I can use "cat" record sound from my microphone and (using inetd) I can create a message-of-the-day server with "echo" :-) This simplicity even extends to the source-code level. If you do choose to write your own tools, you need only open a device like any other file. The only thing you need to know is that some devices are "character special files", which means that they can't be randomly accessed (e.g. it makes no sense to seek to the 5th byte in /dev/mouse). Good luck! - Andrew Sayers pgpxkDdK5Y9Mn.pgp Description: PGP signature
Re: raw disk access
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. Low level tools are no trick at all. If you are root or root has given you access (recomended), you can use any normal tools (dd, grep, perl) on the appropriate /dev/hd* or /dev/sd* . You can mount the filesystem read-only if you don't want to access deleted files, etc. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html "Text is a way we cheat time." -- Patrick Nielsen Hayden
Re: raw disk access
Is the `dd` command what you are looking for (in combination with /dev/loop?), or is there some requirement that wasn't mentioned in your message? viv <[EMAIL PROTECTED]> writes: > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). -- /* Dale Southard Jr. [EMAIL PROTECTED] 925-422-1463 fax 422-9429 */ /* Computer Scientist, Advanced Simulation and Computing Program */ /* L-073, Lawrence Livermore National Lab, Livermore CA 94551 */
Re: raw disk access
man dd On Tue, 7 Jan 2003, viv wrote: > Hi. > > As a Debian user, i am posting to this list first in the hopes > that what i am looking for can be found as a Debian package. > > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). > > If it helps, i am running with the latest 'unstable' packages. > > Many thanks. > > -- > viv <[EMAIL PROTECTED]> > [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF
Re: TCP port 6352?
Josh Carroll <[EMAIL PROTECTED]> writes: > Having failed to find any information about TCP port 6352 via google > or /etc/services, I figured I'd ask here. I'm seeing an awful lot of > dropped packets on this port recently, and I'm curious if anyone > else has seen this. If so, what purpose does TCP port 6352 serve > (either in the *nix domain or windows if known), and should it be a > concern. Below is an example of the dropped packets I'm seeing. According to http://www.portsdb.org/bin/portsdb.cgi?portnumber=6352 they are in the range used for Cisco AUX/TTY/VTY, whatever that is. -- Olaf MeeuwissenEPSON KOWA Corporation, ECS GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 Penguin's lib! -- I hack, therefore I am -- LPIC-2
raw disk access
Hi. As a Debian user, i am posting to this list first in the hopes that what i am looking for can be found as a Debian package. i am looking for forensics tools that can be used in computer crime investigations, and am particularly interesting in a tool that provides raw drive (hard, floppy, CD, DVD, etc.) access in order to create complete and accurate drive images. If such a tool does not exist within Debian, is anyone aware of any application (GPLed, please) that does? Failing that, i am willing to write my own tool, if necessary, and would appreciate any pointers to good reference material (raw drive access and how to work with the images created). If it helps, i am running with the latest 'unstable' packages. Many thanks. -- viv <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
Re: raw disk access
What you're asking for is trivially available on all Linux systems. Through the "/dev" filesystem, the kernel makes many hardware devices available to ordinary programs. For example, if you had mounted your target disk as the secondary master hard drive, you could create an image of the disk by doing: cp /dev/hdc ~/disk-image Or search a floppy disk for intelligible-looking strings: strings /dev/fd0 | less Note: speaking from experience, it's *very* important to pipe the results to less - you wouldn't believe how many false-positives you get in 1.44MB of data :) You could also make an image of a single partition and mount the image: fdisk -l /dev/hdb (to examine the partition table) cat /dev/hdb1 > ~/disk-image mount -o ro,loop ~/disk-image /mnt/misc It is traditional to use "dd" for direct hardware access because it supports even very complex operations - e.g. to look for text between the 27th and 33rd megabyte from the fourth partition of a SCSI disk, logging your output to "logfile", do: dd if=/dev/sda4 bs=1M skip=27 count=6 | strings | tee logfile | less It's a common trick to backup a system by pointing tar straight at a device: tar jcvvf /dev/tape /home/* The program "file" (yes, it is a confusing name) can be used to diagnose many common file formats, though you have to trick it into looking beyond the fact that it's looking at a device instead of a normal file: cat /dev/cdrom | file If you intend to examine ext2 filesystems which have had files recently deleted, you should look at 'debugfs', and the various undeletion-related HOWTOs available from the LDP. Of course, the other side of the forensic coin is also well represented under Linux. To destroy a file with little or no trace, do: shred The "/dev" filesystem is an example of the general Unix philosophy that "everything is either a file or a process". This simple, universal rule makes it possible to use the full range of standard Unix tools everywhere - for example, I can use "cat" record sound from my microphone and (using inetd) I can create a message-of-the-day server with "echo" :-) This simplicity even extends to the source-code level. If you do choose to write your own tools, you need only open a device like any other file. The only thing you need to know is that some devices are "character special files", which means that they can't be randomly accessed (e.g. it makes no sense to seek to the 5th byte in /dev/mouse). Good luck! - Andrew Sayers msg08397/pgp0.pgp Description: PGP signature
Re: raw disk access
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. Low level tools are no trick at all. If you are root or root has given you access (recomended), you can use any normal tools (dd, grep, perl) on the appropriate /dev/hd* or /dev/sd* . You can mount the filesystem read-only if you don't want to access deleted files, etc. -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html "Text is a way we cheat time." -- Patrick Nielsen Hayden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: raw disk access
Is the `dd` command what you are looking for (in combination with /dev/loop?), or is there some requirement that wasn't mentioned in your message? viv <[EMAIL PROTECTED]> writes: > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). -- /* Dale Southard Jr. [EMAIL PROTECTED] 925-422-1463 fax 422-9429 */ /* Computer Scientist, Advanced Simulation and Computing Program */ /* L-073, Lawrence Livermore National Lab, Livermore CA 94551 */ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: raw disk access
man dd On Tue, 7 Jan 2003, viv wrote: > Hi. > > As a Debian user, i am posting to this list first in the hopes > that what i am looking for can be found as a Debian package. > > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). > > If it helps, i am running with the latest 'unstable' packages. > > Many thanks. > > -- > viv <[EMAIL PROTECTED]> > [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: TCP port 6352?
Josh Carroll <[EMAIL PROTECTED]> writes: > Having failed to find any information about TCP port 6352 via google > or /etc/services, I figured I'd ask here. I'm seeing an awful lot of > dropped packets on this port recently, and I'm curious if anyone > else has seen this. If so, what purpose does TCP port 6352 serve > (either in the *nix domain or windows if known), and should it be a > concern. Below is an example of the dropped packets I'm seeing. According to http://www.portsdb.org/bin/portsdb.cgi?portnumber=6352 they are in the range used for Cisco AUX/TTY/VTY, whatever that is. -- Olaf MeeuwissenEPSON KOWA Corporation, ECS GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 Penguin's lib! -- I hack, therefore I am -- LPIC-2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
raw disk access
Hi. As a Debian user, i am posting to this list first in the hopes that what i am looking for can be found as a Debian package. i am looking for forensics tools that can be used in computer crime investigations, and am particularly interesting in a tool that provides raw drive (hard, floppy, CD, DVD, etc.) access in order to create complete and accurate drive images. If such a tool does not exist within Debian, is anyone aware of any application (GPLed, please) that does? Failing that, i am willing to write my own tool, if necessary, and would appreciate any pointers to good reference material (raw drive access and how to work with the images created). If it helps, i am running with the latest 'unstable' packages. Many thanks. -- viv <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
Re: Updated OPENSSL package for Debian?
On Tue, 7 Jan 2003, Adrian 'Dagurashibanipal' von Bidder wrote: > Some might feel more comfortable with installing a package from testing > than with modifying version checks in a configure script. But I agree > that I probably should have said that testing, of course, does not have > security support as do the stable versions. But there's also woody-proposed-updates: , | # apt-cache policy openssl | openssl: | Installed: 0.9.6g-0.woody.1 | Candidate: 0.9.6g-0.woody.1 | Version Table: | *** 0.9.6g-0.woody.1 0 | 500 http://ftp.uk.debian.org woody-proposed-updates/main Packages | 100 /var/lib/dpkg/status | 0.9.6c-2.woody.1 0 | 500 http://debian.axis.se woody/updates/main Packages | 0.9.6c-2 0 | 500 http://debian.axis.se woody/main Packages ` Cheers, Cristian
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 15:23, Adrian 'Dagurashibanipal' von Bidder wrote: > On Tue, 2003-01-07 at 19:16, Noah L. Meyerhans wrote: > > On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von > > Bidder wrote: > > > So the version from testing should do. You may want to download the > > > source package and compile it yourself to avoid having to upgrade > > > dependencies (I don't know, just speculating). > > > > Why tell him that? What the hell is wrong with the version of openssl > > from security.debian.org? There are no known security vulnerabilities > > there. > > > > Advising somebody to install packages from *testing* to get security > > updates is very unwise. Doing so would prevent them from getting a new > > version of the package in the event that it's updated by the security > > team again. > > Some might feel more comfortable with installing a package from testing > than with modifying version checks in a configure script. But I agree > that I probably should have said that testing, of course, does not have > security support as do the stable versions. > > cheers > -- vbi Depending on when the notice came out, Testing may be the *WORST* choice for security fixes - very few packages have moved from Unstable to Testing for a couple months now, due to conversion to GCC 3.2 in Sid among other things, and Security updates are generally only made to Stable, Old-Stable, and Unstable - which then propogates to Testing. Because of this roadblock in Sid, Sarge is noticeably behind on security fixes. If you want to build from up-to-date sources with the hope of the security fix for anything, go to Sid, otherwise, use security.debian.org and stay with the Debian practice of back-porting security fixes whenever necessary. -- Mark L. Kahnt, FLMI/M, ALHC, HIA, AIAA, ACS, MHP ML Kahnt New Markets Consulting Tel: (613) 531-8684 / (613) 539-0935 Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
TCP port 6352?
Having failed to find any information about TCP port 6352 via google or /etc/services, I figured I'd ask here. I'm seeing an awful lot of dropped packets on this port recently, and I'm curious if anyone else has seen this. If so, what purpose does TCP port 6352 serve (either in the *nix domain or windows if known), and should it be a concern. Below is an example of the dropped packets I'm seeing. Thanks in advance, Josh Jan 7 14:45:54 deblin kernel: PACKET DROPPED: IN=ppp0 OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=25183 DF PROTO=TCP SPT=2979 DPT=6352 WINDOW=8760 RES=0x00 SYN URGP=0
Re: Updated OPENSSL package for Debian?
On Tue, 7 Jan 2003, Adrian 'Dagurashibanipal' von Bidder wrote: > Some might feel more comfortable with installing a package from testing > than with modifying version checks in a configure script. But I agree > that I probably should have said that testing, of course, does not have > security support as do the stable versions. But there's also woody-proposed-updates: , | # apt-cache policy openssl | openssl: | Installed: 0.9.6g-0.woody.1 | Candidate: 0.9.6g-0.woody.1 | Version Table: | *** 0.9.6g-0.woody.1 0 | 500 http://ftp.uk.debian.org woody-proposed-updates/main Packages | 100 /var/lib/dpkg/status | 0.9.6c-2.woody.1 0 | 500 http://debian.axis.se woody/updates/main Packages | 0.9.6c-2 0 | 500 http://debian.axis.se woody/main Packages ` Cheers, Cristian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 15:23, Adrian 'Dagurashibanipal' von Bidder wrote: > On Tue, 2003-01-07 at 19:16, Noah L. Meyerhans wrote: > > On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von Bidder >wrote: > > > So the version from testing should do. You may want to download the > > > source package and compile it yourself to avoid having to upgrade > > > dependencies (I don't know, just speculating). > > > > Why tell him that? What the hell is wrong with the version of openssl > > from security.debian.org? There are no known security vulnerabilities > > there. > > > > Advising somebody to install packages from *testing* to get security > > updates is very unwise. Doing so would prevent them from getting a new > > version of the package in the event that it's updated by the security > > team again. > > Some might feel more comfortable with installing a package from testing > than with modifying version checks in a configure script. But I agree > that I probably should have said that testing, of course, does not have > security support as do the stable versions. > > cheers > -- vbi Depending on when the notice came out, Testing may be the *WORST* choice for security fixes - very few packages have moved from Unstable to Testing for a couple months now, due to conversion to GCC 3.2 in Sid among other things, and Security updates are generally only made to Stable, Old-Stable, and Unstable - which then propogates to Testing. Because of this roadblock in Sid, Sarge is noticeably behind on security fixes. If you want to build from up-to-date sources with the hope of the security fix for anything, go to Sid, otherwise, use security.debian.org and stay with the Debian practice of back-porting security fixes whenever necessary. -- Mark L. Kahnt, FLMI/M, ALHC, HIA, AIAA, ACS, MHP ML Kahnt New Markets Consulting Tel: (613) 531-8684 / (613) 539-0935 Email: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
TCP port 6352?
Having failed to find any information about TCP port 6352 via google or /etc/services, I figured I'd ask here. I'm seeing an awful lot of dropped packets on this port recently, and I'm curious if anyone else has seen this. If so, what purpose does TCP port 6352 serve (either in the *nix domain or windows if known), and should it be a concern. Below is an example of the dropped packets I'm seeing. Thanks in advance, Josh Jan 7 14:45:54 deblin kernel: PACKET DROPPED: IN=ppp0 OUT= MAC= SRC=a.b.c.d DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=25183 DF PROTO=TCP SPT=2979 DPT=6352 WINDOW=8760 RES=0x00 SYN URGP=0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 19:16, Noah L. Meyerhans wrote: > On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von > Bidder wrote: > > So the version from testing should do. You may want to download the > > source package and compile it yourself to avoid having to upgrade > > dependencies (I don't know, just speculating). > > Why tell him that? What the hell is wrong with the version of openssl > from security.debian.org? There are no known security vulnerabilities > there. > > Advising somebody to install packages from *testing* to get security > updates is very unwise. Doing so would prevent them from getting a new > version of the package in the event that it's updated by the security > team again. Some might feel more comfortable with installing a package from testing than with modifying version checks in a configure script. But I agree that I probably should have said that testing, of course, does not have security support as do the stable versions. cheers -- vbi -- featured product: SpamAssassin - http://spamassassin.org signature.asc Description: This is a digitally signed message part
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 19:16, Noah L. Meyerhans wrote: > On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > > So the version from testing should do. You may want to download the > > source package and compile it yourself to avoid having to upgrade > > dependencies (I don't know, just speculating). > > Why tell him that? What the hell is wrong with the version of openssl > from security.debian.org? There are no known security vulnerabilities > there. > > Advising somebody to install packages from *testing* to get security > updates is very unwise. Doing so would prevent them from getting a new > version of the package in the event that it's updated by the security > team again. Some might feel more comfortable with installing a package from testing than with modifying version checks in a configure script. But I agree that I probably should have said that testing, of course, does not have security support as do the stable versions. cheers -- vbi -- featured product: SpamAssassin - http://spamassassin.org signature.asc Description: This is a digitally signed message part
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Tue, Jan 07, 2003 at 10:56:58AM -0500, Raymond Wood wrote: > > We recommend that you upgrade your xpdf package. > [snip] > > Does anyone know if the 'xpdf-i' is affected by this also, or > not? xpdf-i in woody is a dummy package, as the standard xpdf package now implements the same functionality. However, xpdf-i 0.90-8 in potato likely _is_ affected by this vulnerability and needs to be fixed. I'll investigate this shortly. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: Updated OPENSSL package for Debian?
Miles Beck wrote: Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? ~/Net_SSLeay.pm-1.21$ perl Makefile.PL Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.6c installed in /usr openssl-0.9.6d and earlier versions have security flaws, see advisory at www.openssl.org, upgrading to openssl-0.9.6g is recommended. Hi Don't worry about this message. As far as I know, all security fixes have been backported from 0.9.6g to the woody version. From a security point of view, both packages are equal. Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Tue, Jan 07, 2003 at 10:56:58AM -0500, Raymond Wood wrote: > > We recommend that you upgrade your xpdf package. > [snip] > > Does anyone know if the 'xpdf-i' is affected by this also, or > not? xpdf-i in woody is a dummy package, as the standard xpdf package now implements the same functionality. However, xpdf-i 0.90-8 in potato likely _is_ affected by this vulnerability and needs to be fixed. I'll investigate this shortly. -- - mdz
Re: FW: Updated OPENSSL package for Debian?
Miles Beck wrote: Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? ~/Net_SSLeay.pm-1.21$ perl Makefile.PL Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.6c installed in /usr openssl-0.9.6d and earlier versions have security flaws, see advisory at www.openssl.org, upgrading to openssl-0.9.6g is recommended. Hi Don't worry about this message. As far as I know, all security fixes have been backported from 0.9.6g to the woody version. From a security point of view, both packages are equal. Marcel
Re: FW: Updated OPENSSL package for Debian?
On Tue, 07 Jan 2003 at 08:00:11AM -0700, Miles Beck wrote: > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. What date is on the advisory? Is it fixed by one of these Debian changelog entries? openssl (0.9.6c-2.woody.1) stable-security; urgency=low * Update to asn1 fix corrects bounds checking error. -- Michael Stone <[EMAIL PROTECTED]> Sat, 03 Aug 2002 08:08:15 -0400 openssl (0.9.6c-2.woody.0) stable-security; urgency=low * SECURITY: patch for various overflows (upstream security patch 0.9.6d->0.9.6e) -- Michael Stone <[EMAIL PROTECTED]> Mon, 29 Jul 2002 21:34:41 -0400 Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #131: Monitor VLF leakage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: Updated OPENSSL package for Debian?
On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > So the version from testing should do. You may want to download the > source package and compile it yourself to avoid having to upgrade > dependencies (I don't know, just speculating). Why tell him that? What the hell is wrong with the version of openssl from security.debian.org? There are no known security vulnerabilities there. Advising somebody to install packages from *testing* to get security updates is very unwise. Doing so would prevent them from getting a new version of the package in the event that it's updated by the security team again. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpNmjsjTfTed.pgp Description: PGP signature
Re: FW: Updated OPENSSL package for Debian?
On Tue, Jan 07, 2003 at 05:08:23PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > So the version from testing should do. You may want to download the > source package and compile it yourself to avoid having to upgrade > dependencies (I don't know, just speculating). Why tell him that? What the hell is wrong with the version of openssl from security.debian.org? There are no known security vulnerabilities there. Advising somebody to install packages from *testing* to get security updates is very unwise. Doing so would prevent them from getting a new version of the package in the event that it's updated by the security team again. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg08385/pgp0.pgp Description: PGP signature
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Tue, Jan 07, 2003 at 10:56:58AM -0500, Raymond Wood wrote: > Does anyone know if the 'xpdf-i' is affected by this also, or > not? apt-cache show xpdf-i gave me the following lines: This is a dummy package required to ensure your xpdf is upgraded to the latest xpdf package if you previously had xpdf-i installed. It is safe to remove this package after installation. So there should be no problem I think.
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Tue, Jan 07, 2003 at 10:56:58AM -0500, Raymond Wood wrote: > Does anyone know if the 'xpdf-i' is affected by this also, or > not? apt-cache show xpdf-i gave me the following lines: This is a dummy package required to ensure your xpdf is upgraded to the latest xpdf package if you previously had xpdf-i installed. It is safe to remove this package after installation. So there should be no problem I think. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FW: Updated OPENSSL package for Debian?
On Tue, 07 Jan 2003 at 08:00:11AM -0700, Miles Beck wrote: > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. What date is on the advisory? Is it fixed by one of these Debian changelog entries? openssl (0.9.6c-2.woody.1) stable-security; urgency=low * Update to asn1 fix corrects bounds checking error. -- Michael Stone <[EMAIL PROTECTED]> Sat, 03 Aug 2002 08:08:15 -0400 openssl (0.9.6c-2.woody.0) stable-security; urgency=low * SECURITY: patch for various overflows (upstream security patch 0.9.6d->0.9.6e) -- Michael Stone <[EMAIL PROTECTED]> Mon, 29 Jul 2002 21:34:41 -0400 Regards, -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #131: Monitor VLF leakage
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 16:00, Miles Beck wrote: > Hello, > > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended [EMAIL PROTECTED]:~/.fortune$ apt-cache policy openssl openssl: Installed: (none) Candidate: 0.9.6g-6 Version Table: 0.9.6g-10 0 500 http://syydelaervli unstable/main Packages 0.9.6g-6 0 700 http://syydelaervli testing/main Packages 0.9.6c-2.woody.1 0 600 http://syydelaervli stable/updates/main Packages 0.9.6c-2 0 600 http://syydelaervli stable/main Packages So the version from testing should do. You may want to download the source package and compile it yourself to avoid having to upgrade dependencies (I don't know, just speculating). cheers -- vbi -- this email is protected by a digital signature: http://fortytwo.ch/gpg signature.asc Description: This is a digitally signed message part
Re: Updated OPENSSL package for Debian?
> Hello, > > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. > > Thanks Forgot to mention I am using Woody.
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Mon, Jan 06, 2003 at 05:22:48PM +0100, Martin Schulze remarked: > -- > Debian Security Advisory DSA 222-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > January 6th, 2003 http://www.debian.org/security/faq > -- > > Package: xpdf > Vulnerability : integer overflow > Problem-Type : local, remote > Debian-specific: no > CVE Id : CAN-2002-1384 > > iDEFENSE discovered an integer overflow in the pdftops filter from the > xpdf package that can be exploited to gain the privileges of the > target user. This can lead to gaining privileged access to the 'lp' > user if thee pdftops program is part of the print filter. > > For the current stable distribution (woody) this problem has been > fixed in version 1.00-3.1. > > For the old stable distribution (potato) this problem has been > fixed in version 0.90-8.1. > > For the unstable distribution (sid) this problem has been > fixed in version 2.01-2. > > We recommend that you upgrade your xpdf package. [snip] Does anyone know if the 'xpdf-i' is affected by this also, or not? TIA, Raymond pgpZf65vtyf1b.pgp Description: PGP signature
Re: FW: Updated OPENSSL package for Debian?
On Tue, 2003-01-07 at 16:00, Miles Beck wrote: > Hello, > > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended avbidder@altfrangg:~/.fortune$ apt-cache policy openssl openssl: Installed: (none) Candidate: 0.9.6g-6 Version Table: 0.9.6g-10 0 500 http://syydelaervli unstable/main Packages 0.9.6g-6 0 700 http://syydelaervli testing/main Packages 0.9.6c-2.woody.1 0 600 http://syydelaervli stable/updates/main Packages 0.9.6c-2 0 600 http://syydelaervli stable/main Packages So the version from testing should do. You may want to download the source package and compile it yourself to avoid having to upgrade dependencies (I don't know, just speculating). cheers -- vbi -- this email is protected by a digital signature: http://fortytwo.ch/gpg signature.asc Description: This is a digitally signed message part
Re: FW: Updated OPENSSL package for Debian?
On Tue, Jan 07, 2003 at 08:00:11AM -0700, Miles Beck wrote: > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? Yes, 0.9.6c-2.woody.1. It contains all the security fixes present in openssl-0.9.6g. > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. This perl module is being stupid. It is merely checking the version string and basing its idea of the security of openssl on that. The security problems it thinks are present are not, in fact, present. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpvBCgTrNR0r.pgp Description: PGP signature
Re: Updated OPENSSL package for Debian?
> Hello, > > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? > > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. > > Thanks Forgot to mention I am using Woody. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
On Mon, Jan 06, 2003 at 05:22:48PM +0100, Martin Schulze remarked: > -- > Debian Security Advisory DSA 222-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > January 6th, 2003 http://www.debian.org/security/faq > -- > > Package: xpdf > Vulnerability : integer overflow > Problem-Type : local, remote > Debian-specific: no > CVE Id : CAN-2002-1384 > > iDEFENSE discovered an integer overflow in the pdftops filter from the > xpdf package that can be exploited to gain the privileges of the > target user. This can lead to gaining privileged access to the 'lp' > user if thee pdftops program is part of the print filter. > > For the current stable distribution (woody) this problem has been > fixed in version 1.00-3.1. > > For the old stable distribution (potato) this problem has been > fixed in version 0.90-8.1. > > For the unstable distribution (sid) this problem has been > fixed in version 2.01-2. > > We recommend that you upgrade your xpdf package. [snip] Does anyone know if the 'xpdf-i' is affected by this also, or not? TIA, Raymond msg08381/pgp0.pgp Description: PGP signature
Re: FW: Updated OPENSSL package for Debian?
On Tue, Jan 07, 2003 at 08:00:11AM -0700, Miles Beck wrote: > Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? Yes, 0.9.6c-2.woody.1. It contains all the security fixes present in openssl-0.9.6g. > ~/Net_SSLeay.pm-1.21$ perl Makefile.PL > Checking for OpenSSL-0.9.6g or newer... > You have OpenSSL-0.9.6c installed in /usr > openssl-0.9.6d and earlier versions have security flaws, see advisory at > www.openssl.org, upgrading to openssl-0.9.6g is recommended. This perl module is being stupid. It is merely checking the version string and basing its idea of the security of openssl on that. The security problems it thinks are present are not, in fact, present. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg08380/pgp0.pgp Description: PGP signature
ssh and lastlog
Hi, as far as I can see, one can get at least 2 out of the following 3 items: * sshd Privilege Separation * /var/log/wtmp not world readable * users get a lastlog message at ssh login Am I right here? One could also enable the sshd UseLogin option to get the login lastlog message, but I'm not shure about the security implications. This would also break X11 forwarding. Thanks for any comment. Cheers, Thomas
FW: Updated OPENSSL package for Debian?
Hello, Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? ~/Net_SSLeay.pm-1.21$ perl Makefile.PL Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.6c installed in /usr openssl-0.9.6d and earlier versions have security flaws, see advisory at www.openssl.org, upgrading to openssl-0.9.6g is recommended. Thanks
ssh and lastlog
Hi, as far as I can see, one can get at least 2 out of the following 3 items: * sshd Privilege Separation * /var/log/wtmp not world readable * users get a lastlog message at ssh login Am I right here? One could also enable the sshd UseLogin option to get the login lastlog message, but I'm not shure about the security implications. This would also break X11 forwarding. Thanks for any comment. Cheers, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FW: Updated OPENSSL package for Debian?
Hello, Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c? ~/Net_SSLeay.pm-1.21$ perl Makefile.PL Checking for OpenSSL-0.9.6g or newer... You have OpenSSL-0.9.6c installed in /usr openssl-0.9.6d and earlier versions have security flaws, see advisory at www.openssl.org, upgrading to openssl-0.9.6g is recommended. Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]