Re: [SECURITY] [DSA 2134-1] Upcoming changes in advisory format
On Sat, Dec 18, 2010 at 01:08:07PM +0100, Moritz Muehlenhoff wrote: > Traditionally Debian security advisories have included MD5 check sums > of the updated packages. This was introduced at a time when apt didn't > exist yet and BIND was at version 4. > > Since apt cryptographically enforces the integrity of the archive for > quite some time now, we've decided to finally drop the hash values > from our advisory mails. thanks for all your work on the security team! i'm glad to hear this! > We'll also change some details of the advisory format in the upcoming > months. i'm curious about some of the possible changes in the format. namely: will new advisories be in a machine parseable format? will it include a list of affected binary packages (in addition to source packages)? what other information will it include? some of this could make it much easier to script checks for security available or completed updates on medium to large networks. thanks again. live well, vagrant -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101219004747.gp17...@talon.fglan
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
On Sat, Dec 18, 2010 at 4:25 PM, Andrew McGlashan wrote: > Oh and HP's iLO might need an "advanced" license for virtual media to work, > not sure about that yet. I picked up a nice DL380 G4 with the advanced iLO > license already installed. Yup, I've also discovered that one day when we reinstalled a machine and discovered too late that the broadcom network controller needs firmware. Then we discovered you need a license to use the usb-stick image upload trick... which prompts the question: If I already paid for the hardware, why in the blazes cripple it unless I pay you more? But now I'm ranting :-) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktik0q-m3nr1v+m9cfbat1nkjsf+cyrjfh=gg_...@mail.gmail.com
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Andrew McGlashan wrote: nebka:# scp -pr /saved-data-dir r...@infected-machine:/data-dir Umm, correction scp -pr r...@infected-machine:/data-dir /saved-data-dir Oh and HP's iLO might need an "advanced" license for virtual media to work, not sure about that yet. I picked up a nice DL380 G4 with the advanced iLO license already installed. Yep, the virtual media is an advanced license feature, just looked up the manuals (PDF search). Sure is handy though. Cheers -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d0cc70b.70...@affinityvision.com.au
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Thomas Krichel wrote: Andrew McGlashan writes Thomas Krichel wrote: chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps So, in effect, did you possibly give away your root password or pass phrase key for the netbka machine? Yup. After killing the "dropbear" process. Perhaps it would have been better to work from from a non-infected machine; do the scp of such files or better still just backup the data. nebka:# scp -p /usr/bin/ps r...@infected-machine:/usr/bin/ps and/or nebka:# scp -pr /saved-data-dir r...@infected-machine:/data-dir rsync might be an option too... Perhaps even use a live-cd or work in a chroot to offer as much protection as possible for the non-infected machine. You've also got to hope that scp or any other programs/binaries you rely on themselves aren't infected on the compromised machine in a way that might cause further issues. I wouldn't be that trusting, I wouldn't be either, but what is man to do who is not a security expert to do? you already know you were compromised -- best to re-install clean if you ask me. yeah, but I have no physical access to the infected box and must keep its data. I reinstalled all the packages. psutils was the one that got aptitude stymied. If you have no physical access, do you have a way to nuke and re-install? Is it VPS or similar? Something I've discovered as a really good feature of HP's iLO is the ability to mount an ISO from a local / trusted source and boot a machine remotely using the virtually mounted CD/DVD -- that gives you a whole new level of access without the need for actual physical access. You can work with a console remotely too in this case. Once it is running, you could install ssh server, set a password and use it in a more traditional way. Of course, it won't help if the machine doesn't have iLO or is a VPS itself -- but there might be similar methods with a VPS. Oh and HP's iLO might need an "advanced" license for virtual media to work, not sure about that yet. I picked up a nice DL380 G4 with the advanced iLO license already installed. Cheers -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d0cc44e.7050...@affinityvision.com.au
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Andrew McGlashan writes > Thomas Krichel wrote: > >chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get > >-y install --reinstall procps > > So, in effect, did you possibly give away your root password or pass > phrase key for the netbka machine? Yup. After killing the "dropbear" process. > I wouldn't be that trusting, I wouldn't be either, but what is man to do who is not a security expert to do? > you already know you were compromised > -- best to re-install clean if you ask me. yeah, but I have no physical access to the infected box and must keep its data. I reinstalled all the packages. psutils was the one that got aptitude stymied. Cheers, Thomas Krichelhttp://openlib.org/home/krichel http://authorclaim.org/profile/pkr1 skype: thomaskrichel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101218140403.ga11...@openlib.org
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Thomas Krichel wrote: chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps So, in effect, did you possibly give away your root password or pass phrase key for the netbka machine? I wouldn't be that trusting, you already know you were compromised -- best to re-install clean if you ask me. In the Windows world, my advice is the same, no matter how well you clean things, there is always the possibility that something nasty will remain undetected; it isn't worth that risk IMHO. Cheers -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d0cbddd.2060...@affinityvision.com.au
Re: exim4 router problems since 2 days / sucpicous process "zinit" is pstree
Izak Burger writes > Nothing exciting ... If you need excitement come over here. I had a box infected by the DSA-2131 vulnerabilty. It wouldn't resinstall psutils, griping not having permission to cp /bin/ps or somethnig. I copied chattr from another box, nebka, with the same architecture. Then I did chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y install --reinstall procps for all every binary (here ps) procps did succesively complain it could not install. This solved the issue after a whole bunch of iterations. Cheers, Thomas Krichelhttp://openlib.org/home/krichel http://authorclaim.org/profile/pkr1 skype: thomaskrichel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101218135042.ga11...@openlib.org
libopensc: protect for possible buffer overflows from rogue cards.
Package: libopensc2 Version: 0.11.4-5+lenny1 Tags: security Severity: critical Hi, a buffer overflow vulnerability was detected in libopensc. For details please see this press article (German: [1], English: [2]) and the detailed report[3] including a proof-of-concept by MWR InfoSecurity[4]. The OpenSC developers have released a patch which should fix this vulnerability[5]. If Debian isn't affected by this vulnerability or if it has already been fixed, please don't hesitate to downgrade or close this bug. Best regards Alexander Kurtz [1] http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner-rootet-1154599.html [2] http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html [3] http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf [4] http://www.mwrinfosecurity.com/index.php [5] https://www.opensc-project.org/opensc/changeset/4913 signature.asc Description: This is a digitally signed message part