Re: Security scanner
Dnia 24-01-2006, wto o godzinie 02:47 +0100, Bernd Eckenfels napisał(a): > Package: smb-nat > Priority: extra > Section: admin Thanks! This is exactly what I was looking for... -- Jaroslaw Tabor <[EMAIL PROTECTED]>
unsubscribe
unsubscribe On Jan 24, 2006, at 10:33 AM, Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 953-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 24th, 2006 http://www.debian.org/ security/faq - -- Package: flyspray Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-3334 Debian Bug : 335997 Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitary script code into the index page. The old stable distribution (woody) does not contain flyspray. For the stable distribution (sarge) this problem has been fixed in version 0.9.7-2.1. For the testing (etch) and unstable distribution (sid) this problem has been fixed in version 0.9.8-5. We recommend that you upgrade your flyspray package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/f/flyspray/ flyspray_0.9.7-2.1.dsc Size/MD5 checksum: 603 b939804b2e4c9c69392cf1c98d0a0997 http://security.debian.org/pool/updates/main/f/flyspray/ flyspray_0.9.7-2.1.diff.gz Size/MD5 checksum:18274 aa63664cac0470f94f00b8feda00057a http://security.debian.org/pool/updates/main/f/flyspray/ flyspray_0.9.7.orig.tar.gz Size/MD5 checksum: 347441 9fab03b57e7946f60efc441f2c9b7c4f Architecture independent components: http://security.debian.org/pool/updates/main/f/flyspray/ flyspray_0.9.7-2.1_all.deb Size/MD5 checksum: 343272 d40f8bf3e2e47a762481cf2ed58dcd3b These files will probably be moved into the stable distribution on its next update. - -- --- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/ stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD1lbjW5ql+IAeqTIRAtvIAJ9Xc/OXlxlooe3fYoxpHFdZ2vBb/QCfUj6i QwgzDfL5IVqTB15e20XuVkY= =tpjE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-announce- [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: resolver uses the search list before other address families
On Tue, Jan 24, 2006 at 05:00:09PM +0100, Ludovic Drolez wrote: I think that this bug (#343140) could also be a security problem. No, it's not. Let the bug live or die on its own merits without waving the security flag. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: resolver uses the search list before other address families
Hi, I think that this bug (#343140) could also be a security problem. Indeed, lots of IPv6 DNS queries related to internal hosts are then blindly forwarded to the root servers or to bind's "forwarders". So someone on the Internet will be able to discover your LAN hosts. To stop this information leak there could be a few solutions: - tell the libc6 not to try IPv6 DNS queries, or try IPv4 before IPv6 (resolv.conf option ?) - or configure bind to filter IPv6 queries - or finding a nice iptables rule which stops IPv6 queries. Cheers, Ludovic. -- http://www.palmopensource.com - The PalmOS open source portal http://www.drolez.com - Personal site -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Removing email addresses from gpg-key?
On Tue, Jan 24, 2006 at 01:54:24PM +, Jonathan McDowell wrote: > You want to revoke the uids (revuid) rather than deleting them; there's > no way you can delete them off other people's keyrings, or the > keyservers, so you mark them as deleted instead by revoking them. Thanks for that. Obvious once you said it too! I've revoked the obsolete email addresses and uploaded again now. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Security scanner
On Tue, Jan 24, 2006 at 12:16:43AM +0100, Jaroslaw Tabor wrote: > Hi all! > > Has anyone know a network scanner I can run on Debian to search LAN for > unprotected windows shares ? Or maybe something looking for simple > passwords ? I'd like to automate discovering stupid users, leaving full > access to their C:\. Check out 'smb-nat' (Nat = Netbios Audit Tool) and 'nbtscan' for that purpose (both available in Debian). Or, as said here, you can use Nessus (you probably will need the full plugin feed for that). You could even use the Samba tools for that purpose, after reading how SMB works and how you can enumerate shares from remote hosts (using null accounts, for example) Regards Javier signature.asc Description: Digital signature
Re: Removing email addresses from gpg-key?
On Tue, Jan 24, 2006 at 01:29:00PM +, Steve Kemp wrote: > I'm trying to remove a couple of obsolete email addresses from my GPG key. Revoke them (revuid), send the key to a keyserver and then you can remove the uids. -- Petri Latvala signature.asc Description: Digital signature
Re: Removing email addresses from gpg-key?
On Tue, Jan 24, 2006 at 01:29:00PM +, Steve Kemp wrote: > I'm trying to remove a couple of obsolete email addresses from my GPG key. > > Using the "deluid" command available after running "gpg --edit-key" works > successfully. But once I upload my modified key to various keyservers I > see the identities be re-added by the keyserver at debian.org: ... > Here we see "new user IDs:2" - and as this suggests the removed IDs > are back! I dont want them anymore! > > What can I do in this case? Is it just a matter of being more patient > after uploading the key. Or should I report a bug to the Debian keyring > pseudo-package? You want to revoke the uids (revuid) rather than deleting them; there's no way you can delete them off other people's keyrings, or the keyservers, so you mark them as deleted instead by revoking them. J. -- jid: [EMAIL PROTECTED] OK, if we can't have a tour, can we at least have a look around? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Removing email addresses from gpg-key?
I'm trying to remove a couple of obsolete email addresses from my GPG key. Using the "deluid" command available after running "gpg --edit-key" works successfully. But once I upload my modified key to various keyservers I see the identities be re-added by the keyserver at debian.org: After removing some identities: [EMAIL PROTECTED]:~$ gpg --list-key CD4C0D9D pub 1024D/CD4C0D9D 2002-05-29 uid Steve Kemp <[EMAIL PROTECTED]> uid Steve Kemp <[EMAIL PROTECTED]> uid Steve Kemp <[EMAIL PROTECTED]> sub 2048g/AC995563 2002-05-29 Now I upload the key to various servers. *time passes* Finally I refresh it: [EMAIL PROTECTED]:~$ gpg --keyserver keyring.debian.org --recv-keys CD4C0D9D gpg: requesting key CD4C0D9D from hkp server keyring.debian.org gpg: key CD4C0D9D: "Steve Kemp <[EMAIL PROTECTED]>" 2 new user IDs gpg: key CD4C0D9D: "Steve Kemp <[EMAIL PROTECTED]>" 23 new signatures gpg: Total number processed: 1 gpg: new user IDs: 2 gpg: new signatures: 23 Here we see "new user IDs:2" - and as this suggests the removed IDs are back! I dont want them anymore! What can I do in this case? Is it just a matter of being more patient after uploading the key. Or should I report a bug to the Debian keyring pseudo-package? Steve --
New Email
This is my new Email's address -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Info
Hi, This is my new Email What is the way for deleting the former address : [EMAIL PROTECTED] ? Thank you -- Saffer Olivier 30 rue de Gemeroye 5580 Rochefort Belgium Tel: (+32)084/21.03.84 Gsm: (+32)0497/25.25.51 Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]