pptpd
Hello, am I missing an update of pptpd? Today an exploit has been posted to bugtraq. LLAP, Martin pgppU3JLXm4yJ.pgp Description: PGP signature
Re: Cryptoswap -- was Re: raw disk access
On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote: Andreas == Andreas Kotes [EMAIL PROTECTED] writes: [...] Andreas here's how I understand it: [...] Andreas patch-int is all of the above combined, for (optional) Andreas compilation into the kernel. That would have been my guess too. BTW, I've also grepped through the cryptoapi and cryptoloop sources, and they seem to be only allocating memory at initialization and in the digest functions too (which would be expected). Yay! I guess I'll be setting up encrypted swap soon! :-) Is it possible to use swsusp and crypto-swap? I'ld say no, because there is no way for the kernel to get the key before swsusp resumes. It there any other way to do this? Regards, Martin pgpluKYMtpl44.pgp Description: PGP signature
Security update of libpng[23]
Hello, an apt-get update apt-get upgrade -dy today brought me new libpng[23]-Packages from security.debian.org for woody/stable, but I can't find an advisory for them. What changes were made? Regards, Martin
Re: Security update of libpng[23]
I thought I had subscribed to dsa. I got an Advisory just after I sent my mail out, perhaps I had been just to impatient. I was a little bit nervous because of that openssh problem I think ;-) Thanks! Regards, Martin On Thu, Aug 01, 2002 at 05:03:30PM +0200, Dirk Hartmann wrote: Hi, --On Thursday, August 01, 2002 16:50:16 +0200 Martin Hermanowski [EMAIL PROTECTED] wrote: an apt-get update apt-get upgrade -dy today brought me new libpng[23]-Packages from security.debian.org for woody/stable, but I can't find an advisory for them. What changes were made? maybe you should subscribe to debian-security-announce too. Here the Head of the Advisory: - --- --- Debian Security Advisory DSA 140-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 1st, 2002 - --- --- Package: libpng2, libpng3 Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konquerer and various others make use of these libraries. - Dirk -- Dirk Hartmann, Netzworkadministration #PGP-Key available Verlag Heinz Heise GmbH Co KG, Helstorferstr. 7, D-30625 Hannover E-Mail: [EMAIL PROTECTED] - Tel.: +49 511 5352 494 - FAX: +49 511 5352 479 - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
You need the mppe-kernel-modul *and* a patch for the pppd. It would be really nice if there were .deb's Martin On Tue, Apr 30, 2002 at 08:43:21AM -0700, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PPTP with Encryption
You need the mppe-kernel-modul *and* a patch for the pppd. It would be really nice if there were .deb's Martin On Tue, Apr 30, 2002 at 08:43:21AM -0700, Anne Carasik wrote: Last time I checked, PPTP comes with encryption. All you have to do is configure it. From Freshmeat: PoPToP About: PoPToP is a PPTP server for use in PPTP VPN environments. The current release version supports Windows 95/98/NT/2000 PPTP clients and PPTP Linux clients. With the relevant patches, PoPToP supports Windows PPTP clients with the full range of encryption and authentication features. From apt-cache: pptpd - PoPToP Point to Point Tunneling Server I don't think you should have any patching to do. :) The home page for poptop is at http://www.poptop.org. -Anne On Tue, Apr 30, 2002 at 10:54:24AM -0400, Derek J. Balling wrote: Does anyone have a nice simple HOWTO on how to add encryption to the pptpd daemon, so that windows VPN users can connect using encryption? Preferred methods do NOT include patching things, if possible, because I'd like to not have to re-patch things every time new upgrades come out. Has anyone built all the necessary items simply as .deb's? D -- +-+-+ | [EMAIL PROTECTED] | Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood - Julius Caesar Act 3, Scene 1 | +-+-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
zlib ssh
On bugtraq I read something about openssh being vulnerable to the doube-free bug. On my woody boxes, I installed the updated zlib1g from unstable and restarted sshd. Is this enough to be protected? Yours, Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
zlib ssh
On bugtraq I read something about openssh being vulnerable to the doube-free bug. On my woody boxes, I installed the updated zlib1g from unstable and restarted sshd. Is this enough to be protected? Yours, Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `--
xdm
Moin I noticed that xdm behaves different if I enter a non-existing username of if I enter a wrong password. In the last case, there is a short pause. Knowing that it is possible to find valid usernames. I do not think that this pause is a good idea. Correct me if I'm wrong. Regards, Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
xdm
Moin I noticed that xdm behaves different if I enter a non-existing username of if I enter a wrong password. In the last case, there is a short pause. Knowing that it is possible to find valid usernames. I do not think that this pause is a good idea. Correct me if I'm wrong. Regards, Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `--
Re: aargh... I am being asked to change to SuSE
Should this be on the list or per mail only? On Mon, Jul 16, 2001 at 11:03:41AM +0300, Juha Jäykkä wrote: (off topic) Anyone care to help me: I need some _strong_ points in favour of Debian, against SuSE. No crap, please. I need to presuade my superiors to turn from RH to Debian instead of SuSE as they would like to do. I need strong evidence in favour of Debian if I am to succeed in enforcing it. I do not know SuSE myself, so I cannot fight them (they do not know Debian, but they are the ones who decide - they do not need to) alone. I only care for security/administrability issues now. Thanks for enduring me. From the point of security updates, SuSE ist terrible. E.g., now you won't get an updated version of sudo for an one-year-old SuSE6.4, you would have to upgrade the whole installation or compile sudo yourself. The apt-get - system makes *much* less work. HTH Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aargh... I am being asked to change to SuSE
Should this be on the list or per mail only? On Mon, Jul 16, 2001 at 11:03:41AM +0300, Juha Jäykkä wrote: (off topic) Anyone care to help me: I need some _strong_ points in favour of Debian, against SuSE. No crap, please. I need to presuade my superiors to turn from RH to Debian instead of SuSE as they would like to do. I need strong evidence in favour of Debian if I am to succeed in enforcing it. I do not know SuSE myself, so I cannot fight them (they do not know Debian, but they are the ones who decide - they do not need to) alone. I only care for security/administrability issues now. Thanks for enduring me. From the point of security updates, SuSE ist terrible. E.g., now you won't get an updated version of sudo for an one-year-old SuSE6.4, you would have to upgrade the whole installation or compile sudo yourself. The apt-get - system makes *much* less work. HTH Martin -- PGP/GPG encrypted mail preferred, see header ,-- | Nur tote Fische schwimmen mit dem Strom `--
pptp with mschap
Hi! I'm using potato, and I tried to set up an pptp server. I had no problems getting it to work without encryption, but I'd like to have authentification through MS CHAP and encryption with MPPE. Any hints? Yours, Martin -- This email is subject to copyright and is intended only for the person(s) named. You may not disclose the contents of this email to other person(s) or take copies of it without the permission of the author. PGP/GPG encrypted mail preferred, my public-key is availabe at http://empyreum.de/pgp-keys/MH.asc - ID: 1FEA0DF4 - the fingerprint is 3A8B 6A9A 3353 8CE7 9C95 31C8 0277 FA58 1FEA 0DF4