Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks,
--- Herbert Xu [EMAIL PROTECTED] wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning
tree implementation as well so.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody security updates report.
On Mon, Jul 28, 2003 at 09:18:31AM -0500, Andr?s Rold?n wrote: Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. ls -rltu /var/lib/dpkg/info/*list will give you a pretty good indication, then use some regex and dpkg commands to identify the exact version installed. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Thanks
--- Matthijs Mohlmann [EMAIL PROTECTED]
wrote:
Why download the source from RedHat? The source from
debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien
against
it and install the dpkg'ed kernel-source.deb. I
have
been forced to do this in the past to get patches
that
havn't been released or in the main stream kernel
from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED]
wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system?
(In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert
Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED]
writes:
CAN-2003-0552: Jerry Kreuscher discovered
that
the Forwarding table
could be spoofed by sending forged packets
with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's
about
IP.
As usual, Red Hat's advisory is a joke.
*sigh*
If you don't use bridging then it doesn't
affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page:
http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site
design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to [EMAIL PROTECTED] See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel 2.4.21 Forwarding table vulnerability
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks,
--- Herbert Xu [EMAIL PROTECTED] wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table
could be spoofed by sending forged packets with bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect you.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #20: Monitor resolution too high
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group
Re: Kernel 2.4.21 Forwarding table vulnerability
Beware there is also a vulnerability in the spanning
tree implementation as well so.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Woody security updates report.
On Mon, Jul 28, 2003 at 09:18:31AM -0500, Andr?s Rold?n wrote: Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. ls -rltu /var/lib/dpkg/info/*list will give you a pretty good indication, then use some regex and dpkg commands to identify the exact version installed. // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: Kernel 2.4.21 Forwarding table vulnerability
Herbert Xu [EMAIL PROTECTED] writes: CAN-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. Ah, this one. I don't even know if it's about IP. As usual, Red Hat's advisory is a joke. *sigh* If you don't use bridging then it doesn't affect you. Do you know where a detailed advisory can be found? Thanks.
Re: Kernel 2.4.21 Forwarding table vulnerability
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Why download the source from RedHat? The source from debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien against
it and install the dpkg'ed kernel-source.deb. I have
been forced to do this in the past to get patches that
havn't been released or in the main stream kernel from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED] wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system? (In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED] writes:
CAN-2003-0552: Jerry Kreuscher discovered that
the Forwarding table
could be spoofed by sending forged packets with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's about
IP.
As usual, Red Hat's advisory is a joke. *sigh*
If you don't use bridging then it doesn't affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Advice Needed On Recent Rootings
On Tue, Jun 03, 2003 at 10:02:09AM -0400, Phillip Hofmeister wrote: On Mon, 02 Jun 2003 at 03:38:21PM -0500, Adam Majer wrote: With something like sendmail or apache, it only needs to see a very limited part of the file system, so even braking these will not do any real damage. Don't get too over confident about chrooting Apache. One Apache process runs as root. This means if there is an exploit that sends arbitrary code across the shared scoreboard it could be ran as root and break out of the jail. First, sorry for my very late reply :) I'm just reading the messages here now... Anyway, I wasn't talking about chroot. I was talking about grsecurity and ACLs (I think). Then you specify what each process is allowed to do and see (even root cannot get passed that). You can make Apache see only the directories that you want it to see. You can also specify that Apache cannot initiate a connection (except to trusted nameserver for instance) and it can only listen on port 80. With other features of grsecurity like stack randomization, Apache becomes pretty much explot-proof... - Adam
Re: Kernel 2.4.21 Forwarding table vulnerability
When were they patched? And how do I know when they
are patched and when they are available? Is there
somewhere I can find this info? I found the Red Hat
info on Bugtraq but there was no mention of Debian
Source anywhere.
Thanks
--- Matthijs Mohlmann [EMAIL PROTECTED]
wrote:
Why download the source from RedHat? The source from
debian is also
patched with needed patches.
apt-get install kernel-source
On Mon, 2003-07-28 at 19:05, Bruce Banner wrote:
You can download Red Hats
kernel-source-2.4.20-19.9.i386.rpm run alien
against
it and install the dpkg'ed kernel-source.deb. I
have
been forced to do this in the past to get patches
that
havn't been released or in the main stream kernel
from
kernel.org yet.
Peace
--- Phillip Hofmeister [EMAIL PROTECTED]
wrote:
If I do use bridging...is there a patch?
What is the consequences of an unpatched system?
(In
more detail than
below)
On Mon, 28 Jul 2003 at 07:39:53PM +1000, Herbert
Xu
wrote:
Florian Weimer [EMAIL PROTECTED] wrote:
Bruce Banner [EMAIL PROTECTED]
writes:
CAN-2003-0552: Jerry Kreuscher discovered
that
the Forwarding table
could be spoofed by sending forged packets
with
bogus source
addresses the same as the local host.
Ah, this one. I don't even know if it's
about
IP.
As usual, Red Hat's advisory is a joke.
*sigh*
If you don't use bridging then it doesn't
affect
you.
--
Debian GNU/Linux 3.0 is out! (
http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~}
[EMAIL PROTECTED]
Home Page:
http://gondor.apana.org.au/~herbert/
PGP Key:
http://gondor.apana.org.au/~herbert/pubkey.txt
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
http://www.zionlth.org/~plhofmei/key.txt |
gpg --import
--
Excuse #20: Monitor resolution too high
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site
design software
http://sitebuilder.yahoo.com
--
To UNSUBSCRIBE, email to
[EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Re: Kernel 2.4.21 Forwarding table vulnerability
Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI
Re: Kernel 2.4.21 Forwarding table vulnerability
Thanks for the info. I don't like depending on Red Hat for security fixes. I want to rely on Debian for this kind of stuff I just didn't know where to find it. Thanks --- Ulrich Scholler [EMAIL PROTECTED] wrote: Hi Bruce, On Mon Jul 28, 2003 at 11:38:51 -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? I found the Red Hat info on Bugtraq but there was no mention of Debian Source anywhere. You can go to http://packages.qa.debian.org/, search for a package of your choice (for instance kernel-source-2.4.20) and check the Latest News. These contain a brief description of the changes in a package, in the same format as in /usr/share/doc/package/changelog.Debian.gz. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: Advice Needed On Recent Rootings
On Tue, Jun 03, 2003 at 10:01:33AM -0700, Mark Ferlatte wrote: Phillip Hofmeister said on Tue, Jun 03, 2003 at 10:02:09AM -0400: However, for the most part, chrooting is a valid countermeasure/method to compartmentalize. It is a shame that no distribution comes with packages natively created with/for chrooting. I believe that OpenBSD does. Yes it does. Although I don't believe that the way to go is chrooting since it makes it very difficult to ease upgrades. Also, Debian's Bind 9 package is pretty trivial to chroot (although it doesn't by default). Debian's postfix package does chroot by default, although you tend to have to turn it off if you want to use things like postfix-tls or SASL. There are a number of patches in the BTS to make bind work in a chroot environment out of the box, using bind's own chroot functionality. In any case, there are also a number of packages to provide an easy way to setup chroot/restricted environments (makejail and compartment come to mind). In any case I don't think that chrooting is the way to go here, it was built to be used as a testing/programing tool, not really a security tool. There are number of (Linux) patches to provide full compartimentalization of processes in the system which might be the way to go. Just my 2c. Regards Javi pgpAHioJp25By.pgp Description: PGP signature
Re: Kernel 2.4.21 Forwarding table vulnerability
On Mon, Jul 28, 2003 at 11:38:51AM -0700, Bruce Banner wrote: When were they patched? And how do I know when they are patched and when they are available? Is there somewhere I can find this info? You could subscribe to debian-changes@lists.debian.org See http://lists.debian.org/debian-changes/ Marcin PS: please reply _below_ the citation and cut unneeded text. -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
