Is this a hacking attempt?
I was running Wheezy Iceweasel with vanilla 3.14 kernel with grsec. I tried to play video on YouTube with gnash plugin but Iceweasel crashed with alike messages execution attempt in ... Terminating task /usr/lib/iceweasel/iceweasel Full log can be found on http://paste.lisp.org/+343V Kind regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150120124007.06ee2...@eunet.rs
Re: Is this a hacking attempt?
Hi there On Tue, Jan 20, 2015 at 12:40:07PM +0100, Marko Randjelovic wrote: I was running Wheezy Iceweasel with vanilla 3.14 kernel with grsec. I tried to play video on YouTube with gnash plugin but Iceweasel crashed with alike messages execution attempt in ... Terminating task /usr/lib/iceweasel/iceweasel Full log can be found on http://paste.lisp.org/+343V I could not find DNS entries for the pastebin... But do you get similar issues withthe flashplugin-nonfree pakage? Cheers Tomasz Ciolek -- Tomasz M. Ciolek *** tmc at vandradlabs dot com dot au *** GPG Key ID: 0x41C4C2F0 GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0 Key available on good key-servers *** signature.asc Description: Digital signature
Re: Is this a hacking attempt?
Le 2015-01-20 12:40, Marko Randjelovic a écrit : I was running Wheezy Iceweasel with vanilla 3.14 kernel with grsec. I tried to play video on YouTube with gnash plugin but Iceweasel crashed with alike messages execution attempt in ... Terminating task /usr/lib/iceweasel/iceweasel Full log can be found on http://paste.lisp.org/+343V Hi, My understanding from the grsec logs you pasted is that gnash tried to allocate more memory than your RLIMIT-MEMLOCK limit (65536), and this is the reason why gnash crashed. I wouldn't hint this is sufficient to conclude in hacking. Flash is known well enough for eating a lot of memory at times. I would suggest either to try playing similar flash from trusted sources (good luck finding them though, maybe @adobe.com - One might also believe youtube.com is a trusted source ) and see if the plugin crashes on them too ; or maybe to raise limit progressively to see where it is accepted. As a side note, youtube supports HTML5, and if your browser had no flash support at all but HTML5 support, then you, your grsec kernel, and all kittens in the world could just be delighted and still have youtube content played fine. Cheers, Vincent -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/01628a71ffdcbbaab3e6816de3861...@raceme.org
Re: Is this a hacking attempt?
On Tue, 20 Jan 2015 17:52:05 +0100 Vincent Deffontaines vinc...@gryzor.com wrote: Le 2015-01-20 12:40, Marko Randjelovic a écrit : I was running Wheezy Iceweasel with vanilla 3.14 kernel with grsec. I tried to play video on YouTube with gnash plugin but Iceweasel crashed with alike messages execution attempt in ... Terminating task /usr/lib/iceweasel/iceweasel Full log can be found on http://paste.lisp.org/+343V Hi, My understanding from the grsec logs you pasted is that gnash tried to allocate more memory than your RLIMIT-MEMLOCK limit (65536), and this is the reason why gnash crashed. I wouldn't hint this is sufficient to conclude in hacking. Flash is known well enough for eating a lot of memory at times. I would suggest either to try playing similar flash from trusted sources (good luck finding them though, maybe @adobe.com - One might also believe youtube.com is a trusted source ) and see if the plugin crashes on them too ; or maybe to raise limit progressively to see where it is accepted. I tried to raise limit some time ago, but I was unsuccessful. Do you know how to do it? As a side note, youtube supports HTML5, and if your browser had no flash support at all but HTML5 support, then you, your grsec kernel, and all kittens in the world could just be delighted and still have youtube content played fine. Fortunately, this works, but there are sites where doesn't. Cheers, Vincent -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150120194203.1380e...@eunet.rs
Re: Is this a hacking attempt?
On Wed, Jan 21, 2015 at 2:42 AM, Marko Randjelovic wrote: Fortunately, this works, but there are sites where doesn't. Do you have any examples of sites that still need Flash? Obviously flash game sites still need it but surely almost all of the web has moved away from it at this point? -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6G-1TdS8UXqcCvupPWjw=tc+zrmwwukr+cmlmxaccr...@mail.gmail.com
Re: [SECURITY] [DSA 3134-1] sympa security update
hej, du har säkert sett -uffe On 20.1.2015 22:51, Salvatore Bonaccorso wrote: - Debian Security Advisory DSA-3134-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2015 http://www.debian.org/security/faq - Package: sympa A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user. For the stable distribution (wheezy), this problem has been fixed in version 6.1.11~dfsg-5+deb7u2. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 6.1.23~dfsg-2. We recommend that you upgrade your sympa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -- Ulf Pensar Chefplanerare/Datasäkerhetschef Datacentralen Tel: +358 050-5643735 Hanken Svenska handelshögskolan Biblioteksgatan 16 Box 287, 65101 VASA, FINLAND -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bf45b6.30...@hanken.fi
Re: Is this a hacking attempt?
On Tue, Jan 20, 2015 at 07:42:03PM +0100, Marko Randjelovic wrote: My understanding from the grsec logs you pasted is that gnash tried to allocate more memory than your RLIMIT-MEMLOCK limit (65536), and this is the reason why gnash crashed. I wouldn't hint this is sufficient to conclude in hacking. Flash is known well enough for eating a lot of memory at times. I would suggest either to try playing similar flash from trusted sources (good luck finding them though, maybe @adobe.com - One might also believe youtube.com is a trusted source ) and see if the plugin crashes on them too ; or maybe to raise limit progressively to see where it is accepted. I tried to raise limit some time ago, but I was unsuccessful. Do you know how to do it? I believe that man 5 limits.conf helps. signature.asc Description: Digital signature