[ilugd] Re: delete files log
Hello, I tried this thing but the output gets off my head. Could someone please explain me how to infer this output. c SM5T /usr/share/rhn/up2date_client/rhnDefines.pyc SM5T /usr/share/rhn/up2date_client/rhnErrata.pyc SM5T /usr/share/rhn/up2date_client/rhnHardware.pyc SM5T /usr/share/rhn/up2date_client/rhnPackageInfo.pyc SM5T /usr/share/rhn/up2date_client/rhnreg.pyc SM5T /usr/share/rhn/up2date_client/rollbacks.pyc SM5T /usr/share/rhn/up2date_client/rpcServer.pyc SM5T /usr/share/rhn/up2date_client/rpmSource.pyc SM5T /usr/share/rhn/up2date_client/rpmUtils.pyc SM5T /usr/share/rhn/up2date_client/transaction.pyc SM5T /usr/share/rhn/up2date_client/up2date.pyc SM5T /usr/share/rhn/up2date_client/up2dateAuth.pyc SM5T /usr/share/rhn/up2date_client/up2dateBatch.pyc SM5T /usr/share/rhn/up2date_client/up2dateErrors.pyc SM5T /usr/share/rhn/up2date_client/up2dateLog.pyc SM5T /usr/share/rhn/up2date_client/up2dateMessages.pyc SM5T /usr/share/rhn/up2date_client/up2dateUtils.pyc SM5T /usr/share/rhn/up2date_client/wrapper.pyc SM5T /usr/share/rhn/up2date_client/wrapperUtils.pyc ...T c /usr/share/fonts/default/Type1/fonts.dir L... /usr/lib/libglide3.so.3 SM5T /usr/share/redhat-config-network/netconfpkg/Control.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCCallback.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCCipe.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCCompression.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCDevice.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCDeviceList.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCDialup.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCHardwareList.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCProfileList.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCWireless.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NC_functions.pyc SM5T /usr/share/redhat-config-network/netconfpkg/NCisdnhardware.pyc SM5T /usr/share/redhat-config-network/netconfpkg/__init__.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/ADSLInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/CipeInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/DialupDruid.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/EthernetHardwareDruid.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/EthernetInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/GUI_functions.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/GenericInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/InterfaceCreator.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/IsdnInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/ModemInterface.pycSM5T /usr/share/redhat-config-network/netconfpkg/gui/NewInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/NewInterfaceDialog.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/TokenRingHardwareDruid.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/TokenRingInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/WirelessInterface.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/__init__.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/cipeconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/ctcconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/deviceconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/devicetype.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/dialupconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/dslconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/editadress.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/editdomain.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/edithosts.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/ethernetconfig.pycSM5T /usr/share/redhat-config-network/netconfpkg/gui/ethernethardware.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/exception.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/hardwaretype.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/isdnhardware.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/modemconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/provider.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/providerdb.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/sharedtcpip.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/tokenringconfig.pyc SM5T /usr/share/redhat-config-network/netconfpkg/gui/tokenringhardware.pyc SM5T
[ilugd] wlan system
Hello everybody, I am working on a wlan system where i need to design three things NAS, Radius for authentication and access point on flash disk. I need help. If any body is interesetd and has a knowledge on thsi work a priori please continue the dialogue. Thanks in advance regards manish On Thursday 04 September 2003 11:04, [EMAIL PROTECTED] wrote: Send ilugd mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://frodo.hserus.net/mailman/listinfo/ilugd or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of ilugd digest... Please trim replies before posting. Today's Topics: 1. (fwd) exim remote heap overflow, probably not exploitable (Raj Mathur) 2. Re: delete files log (Raj Mathur) 3. (fwd) [COMMERCIAL] Site proformance manager requirement (Raj Mathur) 4. Re: [LIH](fwd) exim remote heap overflow, probably not exploitable (Suresh Ramasubramanian) 5. Re: Help reg. use of Wine thr. Linux (MALKIAT BENIPAL) 6. RE: Re: python perl programming. thanks! ([EMAIL PROTECTED]) 7. RE: Re: python perl programming. thanks! (Kedar Dash) 8. Re: Re: python perl programming. thanks! (Umesh C Joshi) -- Message: 1 Date: Thu, 4 Sep 2003 07:38:00 +0530 From: Raj Mathur [EMAIL PROTECTED] Subject: [ilugd] (fwd) exim remote heap overflow, probably not exploitable To: [EMAIL PROTECTED], [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii [please upgrade if you use Exim v4.21 -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Nick Cleaton [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: exim remote heap overflow, probably not exploitable Date: Mon, 1 Sep 2003 07:00:34 +0100 Exim (www.exim.org) is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon. The overflow is very limited, and in my opinion it's probably not exploitable. However, it's possible that this will prove to be exploitable for arbitrary command execution on some platforms in some circumstances. Patches: http://www.exim.org/pipermail/exim-announce/2003q3/94.html Full details coming soon to vuln-dev. -- Regards, Manish Singh Software Engineer Consilnet India Pvt Ltd Ph: 011 26868293/94/95 ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Re: python perl programming. thanks!
+++ Kedar Dash [03/09/03 22:24 -0700]: Can you please send me some of the resource link to learn python. URL: http://www.python.org Newsgroup: com.lang.python Book: Try the Core Python Programming by Wesley Chun (Pearson Education) - Sandip -- Sandip Bhattacharyahttp://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Re: delete files log
+++ Manish Singh [04/09/03 13:03 +0530]: Hello, I tried this thing but the output gets off my head. Could someone please explain me how to infer this output. c SM5T /usr/share/rhn/up2date_client/rhnDefines.pyc SM5T /usr/share/rhn/up2date_client/rhnErrata.pyc SM5T /usr/share/rhn/up2date_client/rhnHardware.pyc SM5T /usr/share/rhn/up2date_client/rhnPackageInfo.pyc SM5T /usr/share/rhn/up2date_client/rhnreg.pyc SM5T /usr/share/rhn/up2date_client/rollbacks.pyc SM5T /usr/share/rhn/up2date_client/rpcServer.pyc [..] Read the man pages of rpm. It states: ... S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mis-match L readLink(2) path mis-match U User ownership differs G Group ownership differs T mTime differs ... - Sandip P.S. Please, please, trim your replies before posting. Your post had the complete ilugd digest at the end. -- Sandip Bhattacharyahttp://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Re: python perl programming. thanks!
+++ Sandip Bhattacharya [04/09/03 11:52 +0530]: +++ Kedar Dash [03/09/03 22:24 -0700]: Can you please send me some of the resource link to learn python. URL: http://www.python.org Newsgroup: com.lang.python Typo: should be comp.lang.python - Sandip -- Sandip Bhattacharyahttp://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Link Aggregation for Ethernet
Hi, Does anybody on the list has any idea on howto implement Link Aggregation using two Lan Cards, under linux. Any pointers. Kapil Sethi ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] (no subject)
hi i m doing RHCE fron Mahan computer services . Now i want to purchase a good reference book for it. Can u suggest a good book that cover all the topics of RHCE. also my problem is that i m the only guy doing RHCE in mahan.so i want to meet some guys who r good in linux so we could discuss RHCE,linux and my problems. neone living in west delhi can contct me at [EMAIL PROTECTED] bye Anubhav Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets on Air Sahara Flights at Prices Lower Than Before. Just log on to http://airsahara.indiatimes.com and Bid Now ! ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] Re: python perl programming. thanks!
On Thursday 04 September 2003 12:17 pm, you wrote: +++ Sandip Bhattacharya [04/09/03 11:52 +0530]: +++ Kedar Dash [03/09/03 22:24 -0700]: Can you please send me some of the resource link to learn python. URL: http://www.python.org Newsgroup: com.lang.python Typo: should be comp.lang.python well, there's more to it. you can download a complete free and freedom-based pdf book, which you may print, or read on-screen, that teaches you python. it is called 'Thinking in Python' written by a respected college professor. you can also download the complete documentation for python, a helpful tutorial, both in html and pdf, and these written by no less than the creator of python. find all of these at python.org in the section documentation or support section ( i don't remember which one). finally, to begin using python, you could use emacs or vim, though for the newbie i recommend idle, the integrated python editor. within this, you can find help, pop-up help on commands and syntax, and a whole lot of other goodies. of course, nothing beats a good, organic, zero-watts consumption, wood-paper book. :-) LL ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
RE: [ilugd] Link Aggregation for Ethernet
If you are referring to Teaming .. Try out ians modules from Intel.. They work for most Intel Cards .. There was one more co. that had these, can't recall the name.. Will mail later. -js $ -Original Message- $ From: [EMAIL PROTECTED] $ [mailto:[EMAIL PROTECTED] $ g] On Behalf Of Kapil Sethi $ Sent: Thursday, September 04, 2003 3:51 PM $ To: The Linux-Delhi mailing list $ Subject: [ilugd] Link Aggregation for Ethernet $ $ $ Hi, $ $ Does anybody on the list has any idea on howto implement Link $ Aggregation using two Lan Cards, under linux. $ $ Any pointers. $ $ Kapil Sethi $ $ $ ___ $ ilugd mailing list $ [EMAIL PROTECTED] $ http://frodo.hserus.net/mailman/listinfo/ilugd $ ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] cds required
Hi Manav, Manav == Manav Arora [EMAIL PROTECTED] writes: Manav hi, i require latest cds of red hat linux 9 pls contact me Manav at Manav [EMAIL PROTECTED] Manav bye manav Manav Win TVs, Bikes, DVD players and more!Click onYahoo! India Manav Promos ___ Manav ilugd mailing list [EMAIL PROTECTED] Manav http://frodo.hserus.net/mailman/listinfo/ilugd I'm outlining the methodology if you want to get CDs from me. If you have other resources (e.g. Dhruv Gami and Sandip Bhattacharya are willing to cut CDs for people in East Delhi, or have a look at the resources section at http://linux-delhi.org/), please use those since I consider my time expensive and am primarily charging for that. I have the following CDs available: Debian GNU/Linux Woody 3.0r17 CDs Red Hat Linux 9 binaries3 CDs Red Hat Linux 8.0 binaries 3 CDs Red Hat Linux 7.3 binaries 3 CDs Knoppix 3.2 1 CD GNU/Linux Utils for Education (GLUE)1 CD Lycoris Linux 1 CD GNUWinII 2.1 (GNU Utilities for Windows)1 CD TheOpenCD (GNU Utilities for Windows) 1 CD Dyne:Bolic Radio Linux 1 CD MoviX2 0.2.21 CD FIRE (Forensic and Intrusion Recovery Environment) 0.3.5b 1 CD The charge for each CD is Rs. 50. So if you want RH Linux 8.0 (3 CDs), it will cost you Rs 150 for the CDs, apart from any other charges. Now, how do you get the CDs? Simplest method is to give me a call and pick up the CDs from me in Munirka (South Delhi). You can call me at 26161387 or 9811066460, tell me when you're coming and I'll make the CDs in front of your eyes: they'll be absolutely fresh! If you do that, please bring (a) cash for the CDs and (b) some envelope or other protective material to carry them in. Sorry, I don't have CD covers. If you can't come to Munirka for any reason, you can still get the CDs but it will cost you a bit more and will take a little longer. Here's the methodology: 1. Send me a PERSONAL e-mail giving your details (your name, address and contact phone number) and the list of CDs you want. Do NOT send the mail to the mailing list, otherwise you are likely to get flamed! 2. I will reply to that mail and ask you to send a money order to my address. The value of the MO would Rs. 50 per CD requested plus Rs 100 to cover handling, shipping, finding and buying soft CD covers, etc. 3. Send the MO. 4. I will ship the CDs to you by courier to the address you have given. This will be done within 2 days of receiving the MO. You can send a TMO if you're in a hurry. I'm not sure how much it costs to ship CDs by courier. Nor am I too sure about the availability of soft CD covers, where to find them and how much they cost, so I'm estimating Rs 100 will cover those and my time and pain. If the costs of courier/covers are significantly higher the Rs 100 may go up. I will not ship CDs by courier without advance payment. Finally, I request those people who have a working infrastructure to step up and make it easier and cheaper for people to get CDs. I am a free-lance consultant and do not have a full-fledged office with lots of people handling shipping and mail, so I have to do everything myself. If you do have an office, people to burn CDs and people to ship them, I'd be glad if you take this task off my hands. Remember, if you have technical problems with the CDs (how to setup Red Hat, how to get a root shell in Knoppix, etc) please do not contact this list or me for a solution. The Linux-Delhi and Linux-India-Help lists are meant specifically for asking and answering these sort of questions. Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Wget download options
Hi there all, i am having a problem is there any sol.. say i have a script a .pl file invoking a wget command to download a series of files , say my file is located at /home/sohel/download and if the cron is firing it whatever is downloaded , gets downloaded to /home/sohel .. now is there a way to get the downloaded files to /home/sohel/download at they are being downloaded ... plz advise Thanks in advance, Sohel -- ___ !\---/! .--. 0-|o_o |-0 ! |:_/ | ! // \ \ (| FSF | ) /'\_/`\ \___)=(___/ +---+ | Sohel Shaheen Mallik | | Tathya Dot Com Pvt. Ltd. (http://www.tathya.com) | | E-mail: [EMAIL PROTECTED] | | WWW: http://sohel.fateback.com| | ICQ :: 165534383 | | Phone: +91 033 2573 4224/8041 | | Mon-Fri(9:30-6:30 IST) | Sat :: 9:30-1:30 IST | +---+ ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] Wget download options
i just tried this out.. i think you might be downloading a BIG file. (or else a simple change in the script could do the job...) but i think what needs to be done is a simple mv /home/sohel/file /home/sohel/download/file why this works is because all file accesses work on the inodes and NOT on the file name / location. therefore unlike DOS/win, a move can be done even though someone is writing to that file... (infact a tcpdump -i eth1 testfile ; mv testfile dir/testfile just worked for me...) just that if the downloading is being continued some other time (a part download) then you'd need to change the script once the current running program stops...) hope this helps. affly robins On Thu, 2003-09-04 at 17:52, Sohel Shaheen Mallik wrote: Hi there all, i am having a problem is there any sol.. say i have a script a .pl file invoking a wget command to download a series of files , say my file is located at /home/sohel/download and if the cron is firing it whatever is downloaded , gets downloaded to /home/sohel .. now is there a way to get the downloaded files to /home/sohel/download at they are being downloaded ... ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] W3C Holds Ad Hoc Meeting on Recent Court Decision
Another big reminder on how seriously imparing the patent granting process is ... - Sandip http://www.w3.org/2003/08/patent W3C Holds Ad Hoc Meeting on Recent Court Decision, Launches Public Discussion List By now, most of those reading this know of the recent court case of Eolas v. Microsoft in regards to US Patent 5,838,906. The patent claims to cover mechanisms for embedding objects within distributed hypermedia documents, where at least some of the object's data is located external to the document, and there is a control path to the object's implementation to support user interaction with the object. The implementation can be local or distributed across a network, and is automatically invoked based upon type information in the document or associated with the object's data. See the patent claims for details and for the precise scope of the patent. This patent may potentially have implications for the World Wide Web in general, including specifications from W3C. In the near term, Microsoft has indicated to W3C that they will very soon be making changes to its Internet Explorer browser software in response to this ruling. These changes may affect a large number of existing Web pages. W3C does not yet have any indication of what action, if any, other vendors of Web tools might take. In the longer term, should the court decision be upheld in its current form, some participants suggested that other action might be required. W3C has made efforts to contact the patent holder to determine their future intentions, but has not received any reply. W3C believes that it is important for the Web community to begin now to consider and contribute to the range of technical options available. [...] -- Sandip Bhattacharyahttp://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] Re: Hotwire blocks ICMP everywhere?
+++ Cypress Solutions [28/08/03 21:47 -0700]: * Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer. * Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic. * Attempts to remove W32.Blaster.Worm. Sorry. I read this reply only now. Thanks for the information. But I wonder if there is a different way to solve this problem. Fromt he description of the virus, it only attacks the class B address of the network that it is in. So it is possible that the router for the cable network: 1. Doesn't itself respond to pings. 2. Lets through ICMP pings to IP addresses outside its class B C addresses? I have seen a copy of this virus in action in the LAN and I have seen the havoc it causes. However, putting blanket bans on ICMP makes life real difficult. Also, I have no clue why traceroute is not working either? I thought traceroute only uses UDP probes to a very high (generally unused port) by default. How has it been affected by these? - Sandip -- Sandip Bhattacharyahttp://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] (fwd) leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01
[Please upgrade if you use leafnode -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Matthias Andree [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01 Date: Thu, 4 Sep 2003 03:19:04 +0200 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 leafnode-SA-2003:01.fetchnews-hang Topic: potential denial of service in leafnode Announcement: leafnode-SA-2003:01 Writer: Matthias Andree Version:1.01 Announced: 2003-09-04 Category: main Type: potential denial of service Impact: fetchnews hangs, no new fetchnews/texpire processes can be started Credits:Joshua Crawford (for sending a precise bug report) Danger: medium: - only one process will clog memory since leafnode-1.9.20 bug can hang for an extended amount of time - no privilege escalation through this bug Affects:leafnode 1.9.3 (1999) up to 1.9.41 (2003) Not affected: leafnode 1.9.42 and newer Default install: affected. Introduced: between 1999-03-03 and 1999-07-15 (no precise date found) 1999-07-15 07:49leafnode 1.9.3 announced by Cornelius Krasel Corrected: 2003-06-20 22:57:48 UTC (CVS) - committed corrected version 2003-06-27 11:29leafnode 1.9.42 released 0. Release history 2003-09-02 1.00 initial announcement 2003-09-04 1.01 mention leafnode 1.9.43 in body text, drop appendix A 1. Background leafnode is a store-and-forward proxy for Usenet news, is uses the network news transfer protocol (NNTP). It consists of several collaborating programs, the server part is usually started by inetd, xinetd or tcpserver, the client part is usually started by cron or manually. This security announcement pertains to leafnode-1, the stable branch. The leafnode-2 development branch has not yet seen a stable release, so it is not subject to security announcements. 2. Problem description A vulnerability was found in the fetchnews program (the NNTP client) that may under some circumstances cause wait for input that never arrives, fetchnews hangs. This hang does not cost CPU. This bug was not deemed security relevant at first, but as it can be triggered from the outside, by providing malformatted (non-RFC-1036) Usenet news articles, and because it then stops unattended systems from functioning, it was decided to release this security announcement. 3. Impact As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs will terminate immediately. This means that the news base will no longer be updated, older articles will no longer expire, until the hanging fetchnews process gets unstuck, usually through a manual kill command or a reboot. 4. Workaround No reliable workaround possible. NOTE: Killing fetchnews before completion leaves stale data on disk and is therefore not deemed reliable, although it relieves the immediate cannot start texpire or fetchnews condition. 5. Solution Upgrade your leafnode package to version 1.9.42 or later. At this time, leafnode 1.9.43 is the up-to-date stable release. Note that leafnode 1.9.X versions are deemed stable, and it is usually best to go for the latest released 1.9.X version to have all the other bug fixes as well. No broken-out version of this patch will be provided, distributors are urged to update to the latest leafnode version. leafnode 1.9.43 is available from sourceforge: http://sourceforge.net/project/showfiles.php?group_id=57767release_id=182196 This policy of not providing a broken-out patch may generate a conflict with some distribution's post-release update policies. As the current leafnode maintainer, I do not have financial and time ressources to provide support for any but the latest released version. People keep reporting bugs about leafnode-1.9.33, 1.9.24 or 1.9.19, which is a waste of time for the user and the leafnode maintainer. 6. Solution details revision 1.111 date: 2003/06/20 22:57:48; author: emma; state: Exp; lines: +10 -4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/VpMCvmGDOQUufZURApo+AKCdn6Cgaf58vShPQiMdHq5Me7LHLACfXnlm hccjEwCoz7vi/MQe3SoV5IQ= =G03p -END PGP SIGNATURE- -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
[ilugd] (fwd) Stunnel-3.x Daemon Hijacking
[Please upgrade or use a vendor back-ported fix if you use Stunnel 3.x -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Steve Grubb [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Stunnel-3.x Daemon Hijacking Date: 3 Sep 2003 16:32:29 - Product: Stunnel Versions:= 3.24, 4.00 URL: http://stunnel.mirt.net Impact: Daemon Hijacking Bug class: Leaked Descriptor Vendor notified: Yes Fix available: Yes Date:09/03/03 Issue: == Stunnel leaks a critical file descriptor that can be used to takeover (hijack) stunnel's service. Details: Recently, several vendors updated Stunnel-3.22 to fix a remote denial of service caused by the SIGCHLD handler doing memory allocation. This wasn't the worst problem with Stunnel-3.22 in my opinion. About a year ago, I did a code review and found the signal handler problems and reported it. I then ran env_audit against Stunnel to see if there were any other problems. Unfortunately, I found a couple leaked file descriptors. One of these is the file descriptor returned by listen. The bug was caused by not making a call to fcntl with the CLOEXEC flag to prevent the leak of a privileged file descriptor. Shortly after the problem was reported, Stunnel-4.01 was released. A month later I looked at 3.22 and saw that it was leaking the same things as 4.00 was. I have not tested versions prior to 3.22, but I suspect the bug is in anything lower than 3.22, too. Even though the 4.x branch had the file descriptor leak fixed, no fix was back ported to the 3.x branch (which is still widely used). It should be noted that the 4.x series is a major revision with dramatic changes in syntax. Impact: === If Stunnel is used to tunnel any local program which could provide shell access, such as telnet, then the user's shell will also have the listen descriptor leaked to it. This means that any user with shell access could hijack the Stunnel server. Also, if you have a service whose transport layer is being encrypted by Stunnel and it is exploitable, it can be used to hijack the Stunnel server. Chrooting the service and dropping privileges may not be enough since the listening descriptor is leaked right to the child. Once they have taken over the service, they could spoof the service and collect passwords, credit cards, or other privileged information. They could also redirect the service to a different machine to run programs they don't have privileges for on the compromised machine. Exploit: The technique is simple. 1) Fork so that stunnel can't find you when it dies. 2) Send stunnel a SIGUSR2. Unhandled signals generally kill programs. Since you are a child of stunnel, the OS will deliver the signal. 3) Select on the leaked descriptor and start serving pages. At the end of this advisory is a proof-of-concept program that you can run under Stunnel. It is assumed that Stunnel is providing you shell-like access (Telnet over SSL, for example), or that the program lauched via Stunnel has some exploitable condition that allows you to run arbitrary code. To run the POC code, you can execute it directly as the local program (-l argument) for Stunnel : /usr/sbin/stunnel -s nobody -g nobody -D 7 -p /etc/ssl/certs/stunnel.pem -o /tmp/stunnel.log -P /tmp/stunnel.pid -d -l /opt/stunnel-sploit/leak-sploit -- leak-sploit Then connect to stunnel like: lynx https://localhost: The first time, you will get a message saying Unexpected network read error followed by Document can't be accessed. Then connect again. The second time, you will see the You're owned message. Doing a ps -ef shows that stunnel is long gone and replaced by the example application...even though user group were nobody. Sure its a bit contrived, but illustrates the concept. Solution: = The solution to this problem is to upgrade Stunnel to 3.26 or 4.04 depending on your current deployment. Both Michal Trojnara and Brian Hatch were very good people to work with to fix this problem and it was done in a timely manner. This announcement is mostly to motivate vendors to roll out the upgrades and administrators to apply them. To see if you are vulnerable, you can use the env_audit program. It comes with directions for testing Stunnel in the examples directory. http://www.web-insights.net/env_audit Best Regards, Steve Grubb The code #include stdio.h #include stdlib.h #include unistd.h #include signal.h #include errno.h #include sys/select.h #include netinet/in.h #include openssl/ssl.h /* * The basic scheme goes like this: * 1) Get rid of the parent * 2) init the openssl library * 3) start handling requests */ /* You may need to adjust these next 3 items */ #define LISTEN_DESCRIPTOR 6 #define CERTF /opt/stunnel-sploit/foo-cert.pem #define KEYF /opt/stunnel-sploit/foo-cert.pem static