Re: [ilugd] SIMPLE QUERIES, ANSWER IT
Hi Akshat, Akshat == A K S H A T A_K_S_H_A_T writes: Akshat Dear Friends, Thanks for reading this message. Akshat I think no one is available here to help other, every one Akshat just read messages and no reply is sent.??? Not really. Sometimes people won't answer because the answer is a simple google search. Sometimes no one knows the answer. Sometimes people are too busy to answer. Sometimes people know the answer, aren't too busy but don't answer because they feel that abominations like ``u'' and ``bcoz'' and ``2day'' have no relevance in an English mailing list (I know I do :). Sometimes you actually get an answer! Akshat QUERIES:- Akshat Q1)Whenever we SSH some machine it ask for password, but Akshat what we have to do such that it will not ask the password Akshat . http://www.google.com/search?q=ssh+without+password Akshat Q2)How we can connect to internet using Tata Indicom Akshat phone. No idea. Apparently no one has tried that, or hasn't succeeded, or something. Akshat Q3)How to import windows address book in linux mozilla Akshat address book and window netescape mail to linux mozilla Akshat mail. http://www.google.com/search?num=50hl=enlr=ie=UTF-8q=mozilla+windows+address+book+import+linuxbtnG=Search Akshat Q4)Please tell me the source from where I can get Akshat LPI,SAIR,COMPTIA certification dumps question. http://www.google.com/search?num=50hl=enlr=ie=UTF-8q=lpi+certification+sample+question+paperbtnG=Search I'm sure you would be able to find similar URL's for the other certifications. See? It's that simple! Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] SIMPLE QUERIES, ANSWER IT
On Tuesday 13 July 2004 11:24 am, Raj Mathur wrote: Not really. Sometimes people won't answer because the answer is a simple google search. Sometimes no one knows the answer. Sometimes people are too busy to answer. Sometimes people know the answer, aren't too busy but don't answer because they feel that abominations like ``u'' and ``bcoz'' and ``2day'' have no relevance in an English mailing list (I know I do :). Sometimes you actually get an answer! [...] Akshat Q4)Please tell me the source from where I can get Akshat LPI,SAIR,COMPTIA certification dumps question. Raj, you forgot another possibility. There are people who dislike the attitude of people ... like when searching/asking for brain-dumps to certifications exams, instead of, dammit, studying for it. They dont answer either. - Sandip -- Sandip Bhattacharya sandip (at) puroga.com Puroga Technologies Pvt. Ltd. Work: http://www.puroga.comHome: http://www.sandipb.net GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sony Handycam DCR-HC30 on Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 08 Jul 2004 1:59 pm, AJ Anupam Jain said: AJ I'm having problems using the handycam on Mandrake 10.0. With other USB AJ storage devices, eg. when using a USB memory stick, an HDD icon pops up as AJ soon as I plug it in my USB slot. But nothing happens with the camcorder. AJ AJ usb 1-1: new full speed USB device using address 2 AJ drivers/usb/core/usb.c: registered new driver hiddev AJ drivers/usb/core/usb.c: registered new driver hid AJ drivers/usb/input/hid-core.c: v2.0:USB HID core driver AJ usb 1-1.4: new full speed USB device using address 3 AJ usb 1-1.4: device not accepting address 3, error -110 AJ usb 1-1.4: new full speed USB device using address 4 AJ usb 1-1.4: device not accepting address 4, error -110 AJ usb 1-1.4: new full speed USB device using address 5 AJ usb 1-1.4: device not accepting address 5, error -110 AJ usb 1-1.4: new full speed USB device using address 6 AJ usb 1-1.4: device not accepting address 6, error -110 usb hub driver is failing. seems to be an interrupt issue. check whether you are actually getting interrupts from the device. you've given too less information. which kernel? which modules? which motherboard? what host controller? lsusb output cat /proc/interrupts have you posted to linux-usb-users ? if not, post there with all relevant information. AJ AJ Please advise.. AJ Also once I get the above stuff to work, which linux software can I use to AJ capture the video stream? dvgrab kino Bhaskar - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x01D5671C iD8DBQFA84ZxN1/UFgHVZxwRAvnwAJoD8n2OJVriAj2KWH+sKjakez0imACeN4yf gbrVHDRchQlRs9Is5Es6F2E= =9xz3 -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Postfix - help me!!!
- Original Message - From: khurshid iqbal [EMAIL PROTECTED] To: Amit Sharma [EMAIL PROTECTED]; The Linux-Delhi mailing list [EMAIL PROTECTED] Sent: Tuesday, 13 July, 2004 11:00 AM Subject: Re: [ilugd] Postfix - help me!!! hi, the fact is that u have mailer working on loop back and u r trying to get response from network. try using nmap network ip and see if mailer working there (open port 25). ok if not get postfix on that wire also. hope this helps [snip] yes port 25 is missing here is output : [EMAIL PROTECTED] root]# nmap 192.168.1.19 Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-07-13 12:25 IST Interesting ports on quantumindia.com (192.168.1.19): (The 1651 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 23/tcpopen telnet 110/tcp open pop-3 111/tcp open rpcbind 143/tcp open imap 1026/tcp open LSA-or-nterm 1/tcp open snet-sensor-mgmt how do i open port 25 now!!!, service postfix is already up and running : [EMAIL PROTECTED] root]# service postfix status master (pid 2147) is running... amit ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] [COMMERCIAL] Require J2EE professionals
Hi! Every one There is an opening for a J2EE programmers in gurgaon Experience: min.3yrs Place of work: Gurgaon deserving candidate can negotiate Package starting from Rs.1 Lks to 6 Lks per annum. Vacancies : 20 No. Those intrested, Please mail your CV's accross OFF LIST PLEASE, thank you. Nitin Chandra __ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Sendmail/PHP upgrade doubt
Hi all, We have a RH 7.3 server with sendmail 8.11.6 I would like to upgrade sendmail to 8.12.10 keeping all other packages same.. Is it possible ?? i want to use only the rpm for sendmail 8.12.10 If i browse security and errata pages for RH, i find that for RH 7.3 the version is only 8.11.6-27.73..so the doubt... regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] mail relay
hello all, we have a qmail based mail server, and recently it is showing lots of outgoing mails (some kind of spam which is using our server as relayserver). The allowed IP list in /etc/tcp.smtp is very restricted. What could be the cause of this issue, and suggested possible remedies. tushar ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Wireless Internet Access
Hi, Let me share with you that I have a Reliance cellular phone (Samsung sch-191) and I used to connect to the Intenet through it from my linux (redhat9) box. If you go to the relianceinfo.com site, I think they have scripts for both models (LG as well as Samsung). You do have to tweak the scripts as they dont work rightaway ( like most scripts!). One think you have to do is to activate the phone as a modem (costs you 200/- a month). = catch ya later (Ive gotta UnWire Life!!!) shiv __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Syslog filtering
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've a couple of servers without monitors attached. My present way of monitoring system logs on them is ssh. I want to implement Syslogs remote logging facility onto those machines so that I can monitor all the logs on my Linux Desktop client. Following is the procedure I follow: Put *.* on all servers and do remote logging to my syslog monitoring machine. On Server: *.* @my_syslog_monitor_machine How can I, on my syslog machine, filter the syslog messages on the basis of hosts. I mean I want logs from server a to be redirected to /dev/tty2, server b to /dev/tty3 and so on. Any suggestions would be of great help. rrs -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFA874G4Rhi6gTxMLwRAkS7AJ0bDNjwu0Bjbt1rd6EpXnUZIkGGwACfbMsU /E270qoNblzkzvR7xwzctqM= =Zlsg -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] mail relay
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 13 Jul 2004, Tushar Gupta wrote: hello all, we have a qmail based mail server, and recently it is showing lots of outgoing mails (some kind of spam which is using our server as relayserver). The allowed IP list in /etc/tcp.smtp is very restricted. What could be the cause of this issue, and suggested possible remedies. tushar try ordb.org rrs -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFA89Q44Rhi6gTxMLwRAltDAJ41CcWnyDJXg4ZKHUiM9Gzpt3kUBgCgk2uB G6Re1ExFl/5jTadf88mY9zE= =weHZ -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Hunt for the Missing Speakers (Corrections)
The previous mail was written in a hurry, hence, I do hereby make the following Corrections: belong to me. The Guitar resurfaced at Niyams home, but the speakers are still missing.. The Guitar was in the safe housekeeping of Raj Mathur (not Niyam) but the speakers are still missing... .. SO, Please can somebody locate my speakera for .. speaker(s) with an s. Amitabh Yahoo! India Careers: Over 65,000 jobs online Go to: http://yahoo.naukri.com/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail/PHP upgrade doubt
dear anil you can use the following rpm command rpm -Uvh senmail-uodated version i hope this would work from saurabh --- anil bindal [EMAIL PROTECTED] wrote: Hi all, We have a RH 7.3 server with sendmail 8.11.6 I would like to upgrade sendmail to 8.12.10 keeping all other packages same.. Is it possible ?? i want to use only the rpm for sendmail 8.12.10 If i browse security and errata pages for RH, i find that for RH 7.3 the version is only 8.11.6-27.73..so the doubt... regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ Yahoo! India Careers: Over 65,000 jobs online Go to: http://yahoo.naukri.com/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail/PHP upgrade doubt
dear anil you can use the following rpm command rpm -Uvh senmail-uodated version i hope this would work from saurabh --- anil bindal [EMAIL PROTECTED] wrote: Hi all, We have a RH 7.3 server with sendmail 8.11.6 I would like to upgrade sendmail to 8.12.10 keeping all other packages same.. Is it possible ?? i want to use only the rpm for sendmail 8.12.10 If i browse security and errata pages for RH, i find that for RH 7.3 the version is only 8.11.6-27.73..so the doubt... regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ Yahoo! India Careers: Over 65,000 jobs online Go to: http://yahoo.naukri.com/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail/PHP upgrade doubt
Anil, Try up2date; that is the easiest way to update your packages , if you want greater flexibility try; yum (http://linux.duke.edu/projects/yum/) . Else simply download the package and run an rpm -U. Cheers, On 13 Jul 2004 14:30:51 +0530, anil bindal [EMAIL PROTECTED] wrote: Hi all, We have a RH 7.3 server with sendmail 8.11.6 I would like to upgrade sendmail to 8.12.10 keeping all other packages same.. Is it possible ?? i want to use only the rpm for sendmail 8.12.10 If i browse security and errata pages for RH, i find that for RH 7.3 the version is only 8.11.6-27.73..so the doubt... regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Sendmail/PHP upgrade doubt
you MAY not be able to upgrade, as now Redhat is no more supporting 7.X you may want to try out other rpm sites available on the net. -shekhar. - Original Message - From: anil bindal [EMAIL PROTECTED] Date: 13 Jul 2004 14:30:51 +0530 To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [ilugd] Sendmail/PHP upgrade doubt Hi all, We have a RH 7.3 server with sendmail 8.11.6 I would like to upgrade sendmail to 8.12.10 keeping all other packages same.. Is it possible ?? i want to use only the rpm for sendmail 8.12.10 If i browse security and errata pages for RH, i find that for RH 7.3 the version is only 8.11.6-27.73..so the doubt... regards anil ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] mail relay
On Tuesday 13 July 2004 16:20, Tushar Gupta wrote: hello all, we have a qmail based mail server, and recently it is showing lots of outgoing mails (some kind of spam which is using our server as relayserver). The allowed IP list in /etc/tcp.smtp is very restricted. What could be the cause of this issue, and suggested possible remedies. which qmail version are you running? do you run qmailctl cdb after making changes in /etc/tcp.smtp ?? See logs from where are these mails are coming ...? tail -f /var/log/qmail/smtpd/current -- Yash tushar ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Linux Delhi July meet
On Mon, 12 Jul 2004 19:07:21 +0530, Raj Shekhar [EMAIL PROTECTED] wrote: Hello all With a heavy heart I regret to inform you all that the much hyped up Girls in Linux which was to be organized by LL has been canceled. heavy heart? you sound more like you're heart-broken [grin] okay, i emerge from the land of the dead, to share with friends on this mailing list, that i have been rather busy past few months and have not been responding to stuff here, though i have been 'lurking' and reading mails. looks like i have another few weeks of this busy spell. also, for a few months, i faced problems with the mailing-list's rather aggressive and pro-active [when i doubt, shoot] kind of anti-spam measures. so have just switched to a gmail account and resolved that for a moment. finally, the 'women in gnulinux' [and please note, not girls in linux] talk,event was not organized by me, was and is still being coordinated by me. the actual talk and event will be handled by the various women in gnulinux, who else? unfortuately, the lead people, like alolita sharma, are busy travelling outta the country at that time, as are the other busy at this time. so, i have decided to postpone this to august, or september, or october, or november, or dec, or jan, or feb, or march... [grin] until it happens the right way. meanwhile, nothing stops others from organizing a similar meet. as part of my research, i have discovered whole movements across the world dedicated to 'women in gnulinux' do a google to find more. perhaps the women lurking on this mailing list could find inspiration and resource-pointers on how to organize a meet. briefly, may i recommend: 1) a meet preferably at a girl's college, else a co-ed college, university [more activities in the student community, the better it is for the community] 2) women to volunteer to present the talks, the technical sessions.; 3) working women and professionals from the industry to talk about women in gnuloinux: the work, the work environment, the opportunities, etc. it's that simple. Since we could not allow the geeks to sit idle on the 3rd Sunday of the month (18th July), it was decided after painful research (there was not much research, but it was painful) that we will have an Open Forum in this meet. argh! [snip] If you would like to give a presentation in this meet, then do put in an email giving the topic of your talk. whether for this meet, or the next, may i recommend a name and a topic for the next meet: 'sound and even music-authoring in gnulinux' by VIVEK KHURANA. [all right everyone, a big hand for vivek.] he has put in several hundred man hours of research into all aspects of digital sound and music under gnulinux, and even solved some tricky troubleshoots, worked the mailing lists and more. he has a goldmine of information to share. quite inspiring too. am sure amitabh trehan could also offer a session for this topic. [which is why he needs help locating his speakers]. let the drum-rolls begin, in hydrogen (!). :-) LL ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Wireless Internet Access
hi there i tried to configure the TATA INDICOM connection on windows, you would not need the cd's installer.. here are the settings/parameters that i set on windows 98(without running the setup) --Modem: standard 33600 bps, prefer com 1 or com2 (ie try installing )--Phone number: #777--extra initialization string:AT+CRM=1do the settings with your tata phone as mentioned on your cd coverand get connected..but the speed is not really 115K... hope this helps.. bye:-) Thoughts from the sender... 4. AUM...(A)ction,(U)tterness,(M)ind 3. Please visit www.urday.com for your spiritual awakening. 2. Practise yoga every morning at 5:00 am on Aastha TV. 1. know me more if u got nothing else to do while surfing... http://www.geocities.com/rohitsz ---Anytime you feel i need to understand a concept before i am eligible to get an answer i would be happy to know- - Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] [OFF-TOPIC] where to get .ogg hindi songs?
Greetings to all, i am using Fedora Core-1. the problem i am facing is that the fedora release has rendered my mp3 collection useless! i am ready to use xmms player but then where can i find these songs? where to find indian songs? i googled but got links to sites which had songs i had seen for the first time. kindly provide links/sources of cd's where i can get .ogg'ed format songs(hindi). PS: i am ruling out the option of converting mp3 into ogg(if that's possible) coz that would be breaking the rulez! thanks! Thoughts from the sender... 4. AUM...(A)ction,(U)tterness,(M)ind 3. Please visit www.urday.com for your spiritual awakening. 2. Practise yoga every morning at 5:00 am on Aastha TV. 1. know me more if u got nothing else to do while surfing... http://www.geocities.com/rohitsz ---Anytime you feel i need to understand a concept before i am eligible to get an answer i would be happy to know- __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] (fwd) [SECURITY] Advisory 12/2004: PHP strip_tags() bypass vulnerability
[Please upgrade PHP -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Stefan Esser [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [Full-Disclosure] Advisory 12/2004: PHP strip_tags() bypass vulnerability Date: Wed, 14 Jul 2004 00:55:25 +0200 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP strip_tags() bypass vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [EMAIL PROTECTED] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A binary safety problem within PHP's strip_tags() function may allow injection of arbitrary tags in Internet Explorer and Safari browsers Risk: Moderate Vendor Status: Vendor has released a bugfixed version. Reference: http://security.e-matters.de/advisories/122004.html Overview: PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. According to Security Space PHP is the most popular Apache module and is installed on about 50% of all Apaches worldwide. This figure includes of course only those servers that are not configured with expose_php=Off. During an audit of the PHP source code a binary safety problem in the handling of allowed tags within PHP's strip_tags() function was discovered. This problem may allow injection of f.e. Javascript in Internet Explorer and Safari browsers. Details: Many sites stop XSS attacks by striping unsafe HTML tags from the user's input. PHP scripts usually implement this functionality with the strip_tags() function. This function takes a optional second parameter to specify tags that should not get stripped from the input. $example = strip_tags($_REQUEST['user_input'], bis); Due to a binary safety problem within the allowed tags handling attacker supplied tags like: \0script or s\0cript will pass the check and wont get stripped. (magic_quotes_gpc must be Off) In a perfect world this would be no dangerous problem because such tags are either in the allowed taglist or should get ignored by the browser because they have no meaning in HTML. In the real world however MS Internet Explorer and Safari filter '\0' characters from the tag and accept them as valid. Quite obvious that this can not only lead to a number of XSS issues on sites that filter dangerous tags with PHP's strip_tags() but also on every other site that filters them with pattern matching and is not necessary running PHP. According to tests: - Opera - Konqueror - Mozilla - Mozilla Firefox - Epiphany are NOT affected by this. Proof of Concept: e-matters is not going to release an exploit for this vulnerability to the public. Disclosure Timeline: 26. June 2004 - Problem found and fixed in CVS 14. July 2004 - Public Disclosure CVE Information: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. Recommendation: Because Internet Explorer is out of all reason still the most used browser fixing this problem within your PHP version is strongly recommended. GPG-Key: http://security.e-matters.de/gpg_key.asc pub 1024D/3004C4BC 2004-05-17 e-matters GmbH - Securityteam Key fingerprint = 3FFB 7C86 7BE8 6981 D1DA A71A 6F7D 572D 3004 C4BC Copyright 2004 Stefan Esser. All rights reserved. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFA9Ic7b31XLTAExLwRAq6eAJ4j5AomlAJUhEHoDmLwCk4RqvJlVgCgqIN7 D9N75IutqIcoce4xqJTw6XQ= =Q5NT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] RE: [PLUG] [Gnu-gyan] GNU-Gyan Pune
Hi, Devendra Laulkar, from MIT,Pune. Living near MIT, Kothrud. ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] [Gnu-gyan] College Website is ready.
Hi Warren and Kapil, As we have said to complete the website for our college, we have completed it So what are the further porceedings. Do inform us. Bye. aktrips. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now! ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] RE: [Gnu-gyan] PHP book
Hi, I recently got the book 'PHP5 and MySQL Bible' by Tim Conerse and Joyce Park for around Rs. 400. Its quite a good book, which gives a practical examples in developing a database enabled website. Devendra. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of aktrips007 Sent: Sunday, July 11, 2004 12:22 AM To: [EMAIL PROTECTED] Subject: [Gnu-gyan] Hello There! Hi Frndz, Actually i m searching for the proper manuals and tutorials about PHP. The manuals which i got over some standard sites are not enough. So is there any one who can the crisis for me. Or suggest me any book which includes complete stuff. _ Indiatimes Email now powered by APIC Advantage. Help! http://email.indiatimes.com/apic/ http://imaround.indiatimes.com/IMaround/presencefr.mss?userid=aktrips00 7 My Presence http://email.indiatimes.com/apic/userpage.html Help Click on the image to chat with me http://www.tellyourprice.indiatimes.com ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Re: RE: [Gnu-gyan] PHP book
Dear All, Could you please remove my email id from this list? - Original Message - From: trip alk [EMAIL PROTECTED] Date: Monday, July 12, 2004 10:59 pm Subject: RE: [Gnu-gyan] PHP book Hi Devendra, Thanx for replying me and suggesting the book. My problem is that i have already created a website with Mysql database which registers user, allows login and other database stuffs. I wan't some other features to be included like adding user photos, registering sessions(i have gone through some books for seesion but i m not satisfied), etc. So if this book has these additional feature please write to me. Thanx Bye For now. Aktrips. __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan With best regards, B. Thangaraju Dr. B. Thangaraju Bangalore, India. Tel : +91-80-23608739 (Residence) Cell: +91-9845747951 ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] (fwd) [SECURITY] Advisory 11/2004: PHP memory_limit remote vulnerability
[Please upgrade if you're using PHP with memory_limit enabled -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Stefan Esser [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability Date: Wed, 14 Jul 2004 00:53:29 +0200 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: PHP memory_limit remote vulnerability Release Date: 2004/07/14 Last Modified: 2004/07/14 Author: Stefan Esser [EMAIL PROTECTED] Application: PHP = 4.3.7 PHP5 = 5.0.0RC3 Severity: A vulnerability within PHP allows remote code execution on PHP servers with activated memory_limit Risk: Critical Vendor Status: Vendor has released a bugfixed version. Reference: http://security.e-matters.de/advisories/112004.html Overview: PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. According to Security Space PHP is the most popular Apache module and is installed on about 50% of all Apaches worldwide. This figure includes of course only those servers that are not configured with expose_php=Off. During a reaudit of the memory_limit problematic it was discovered that it is possible for a remote attacker to trigger the memory_limit request termination in places where an interruption is unsafe. This can be abused to execute arbitrary code on remote PHP servers. Details: On the 28th June 2004 Gregori Guninski released his advisory about a possible remote DOS vulnerability within Apache 2 (CAN-2004-0493). This vulnerability allows tricking Apache 2 into acception arbitrary sized HTTP headers. Guninski and many others rated this bug as Low Risk for 32bit systems, but they did not take into account that such a bug could have a huge impact on 3rd party modules. After his advisory was released I reaudited PHP's memory_limit request termination, because this bug made it possible to reach the memory_limit at places that were never meant to be interrupted. After a possible exploitation path for Apache 2 servers was discovered and a working exploit was created, similar pathes were found and added to the proof of concept exploit that allowed exploitation of NON Apache 2 servers. (f.e. Apache 1.3.31) The idea of the exploit is simple. When PHP allocates a block of memory it first checks in the cache of free memory blocks for a block of the same size. If such a block is found it is taken from the cache otherwise PHP checks if an allocation would violate the memory_limit. In that case the request shutdown is triggered through zend_error(). (PHP 4.3.7 aborts after the violating memory block is allocated) PHP contains several places where such an interruption is unsafe. An example for such places are those where Zend HashTables are allocated and initialised. This is performed in 2 steps and the initialisation step itself allocates memory before important members are correctly initialised. An attacker that is able to trigger the memory_limit abort within zend_hash_init() and is additionally able to control the heap before the HashTable itself is allocated, is able to supply his own HashTable destructor pointer. Several places within PHP where found where this action is performed on HashTables that actually get destructed by the request shutdown. One of such places is f.e. within the fileupload code, but is only triggerable on Apache 2 servers that are vulnerable to CAN-2004-0493, another one is only reachable if variables_order was changed to have the E in the end, a third one is within session extension which is activated by default but the vulnerability can not be triggered if the session functionality is not used. A fourth place is within the implementation of the register_globals functionality. Although this is deactivated by default since PHP 4.2 it is activated on nearly all servers that have to ensure compatibility with older scripts. Other places might exist in not default activated or 3rd party extensions. All mentioned places outside of the extensions are quite easy to exploit, because the memory allocation up to those places is deterministic and quite static throughout different PHP versions. The only unknown entity is the size of the environment vars array. But that is usually small and can be bruteforced with some kind of binary search algorithm. Additionally this information could leak to an attacker through an open
[ilugd] RE: [Gnu-gyan] PHP book
Hi Devendra, Thanx for replying me and suggesting the book. My problem is that i have already created a website with Mysql database which registers user, allows login and other database stuffs. I wan't some other features to be included like adding user photos, registering sessions(i have gone through some books for seesion but i m not satisfied), etc. So if this book has these additional feature please write to me. Thanx Bye For now. Aktrips. __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail ___ Gnu-gyan mailing list [EMAIL PROTECTED] http://listas.hipatia.info/mailman/listinfo/gnu-gyan ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] connecting to the net with fedora core-1 and (probably) a winmodem.
Greetings to all.
I installed FC1 a few days ago, i am unable to connect to the net.
i encountered the following problem.
Using KPPP when i 'setup' the connection, on querying modem i get following results.
/dev/ttys0--no modem found
/dev/ttys1--no modem found
/dev/ttys2--modem busy.
/dev/ttys3--no modem found
i am also having windows 98 as second OS. here the modem is installed on COM4.
--modem specifications--
DIGICOM/Creative Modem Blaster V90 PCI DI5655
--query modem result from Windows--
Identifier DSMODEM\DSI0428
ATl1 000
ATl2 RXF2-V90A
ATl3 V4.43.012-T-PI
ATl4 Creative Modem Blaster V.90 PCI DI5655
ATl5 OK
ATl6 DS1820/DS1821
ATl7 OK
AT +FCLASS=? 0,1,2,8
the drivers for this modem are available for MS windows at
http://www.esstech.com/techsupp/drivers.shtm#comm [second row]
but no such support for linux exists.
also i searched http://65.70.147.202:8080/gromitkc/pci_list.html [from linmodem.org],
the modem is listed under DIGICOM SYSTEMS (2/3 down the page 800x600 pixel).but on
futhur going thru the links, the page seems missing or have been moved.
i got the scanModem utility from linmodem.org and posted at [EMAIL PROTECTED] but got
mail-failed reply.. i am putting here the result of ModemData.txt(if you are familiar
with scanModem)..
---OUTPUT of MODEMDATA.TXT--
--S T A R T--
The most recent update of scanModem accessed at
http://linmodems.technion.ac.il/packages/scanModem.gz
should ALWAYS be used!! Current UPDATE=2004 June 22
URLs to cogent advice are regularly entered and updated, and your problem may be
solved therein.
If further help is needed, send a description of your problem to: [EMAIL PROTECTED]
with this ModemData.txt Attached, using the following in the email Subject Line:
scanModem, redhat kernel 2.4.22-1.2115.nptl
Always send this ENTIRE ModemData.txt. It includes subtle diagnostic ouputs needed to
best guide you.
If your PC is a laptop, please provide Make and Modem information.
For instructions to UNSUBSCRIBE from [EMAIL PROTECTED],
send an email to: [EMAIL PROTECTED]
-- System information
redhat Fedora Core release 1 (Yarrow)
on System with processor: i686
supported by kernel: 2.4.22-1.2115.nptl
assembled with compiler: 3.2.3
no gcc compiler installed
A /dev/modem symbolic link is not set.
COMM services are not active
PPP support module bsd_comp.o not found!
PPP support module zlib_deflate.o not found!
Resident PPP support modules are properly uncompressed .
=== Fedora code changes ===
SmartLink slmodem-2.9.n, Lucent/Agere DSP, Intel537 drivers are already Fedora
competent. For usage of winmodems with the kernel-2.4.nn Fedora releases a change in
the serial-like driver code of WinModems is necessary.
See for guidance: http://hepunx.rl.ac.uk/~wmurray/pctel/pctel.html
Basically , the line:
if ((tty-count == 1) (state-count != 1)) {
should be changed into:
if (atomic_read(tty-count) == 1 state-count != 1) {
This works in the ltmodem code too. See
http://linmodems.technion.ac.il/archive-third/msg02360.html
An error about rs_close during compiling is a signature that the fedora fix is
needed
Beginning with Fedora 2 kernel-2.6.6-1.427, kernel-headers needed for compiling
drivers are provide at: /lib/modules/kernel-version/build/
redhat is not yet providing pre-compiled drivers for WinModems
An AC'97 modem codec was not detected
Path to lspci is: /sbin/lspci
- lspci scan
PCI_bus
00:00.0 Host bridge: Intel Corp. 82845 845 (Brookdale) Chipset Host Bridge (rev 04)
00:01.0 PCI bridge: Intel Corp. 82845 845 (Brookdale) Chipset AGP Bridge (rev 04)
00:1e.0 PCI bridge: Intel Corp. 82801BA/CA/DB/EB PCI Bridge (rev 05)
00:1f.0 ISA bridge: Intel Corp. 82801BA ISA Bridge (LPC) (rev 05)
00:1f.1 IDE interface: Intel Corp. 82801BA IDE U100 (rev 05)
00:1f.2 USB Controller: Intel Corp. 82801BA/BAM USB (Hub #1) (rev 05)
00:1f.3 SMBus: Intel Corp. 82801BA/BAM SMBus (rev 05)
00:1f.4 USB Controller: Intel Corp. 82801BA/BAM USB (Hub #2) (rev 05)
00:1f.5 Multimedia audio controller: Intel Corp. 82801BA/BAM AC'97 Audio (rev 05)
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV100 QY [Radeon
7000/VE]
02:0b.0 Communication controller: ESS Technology ES2898 Modem (rev
03)-
Modem candidates are at PCI_buses: 02:0b.0
Providing detail for device at PCI_bus 02:0b.0
with vendor-ID:device-ID
:
Class 0780: 125d:2898 Communication controller: ESS Technology ES2898 Modem (rev 03)
SubSystem 148d:1030 DIGICOM Systems, Inc.: Unknown device 1030
Flags: fast devsel, IRQ 10
I/O ports at dff0 [size=8]
Capabilities: [c0] Power Management version 2
Internal_test: ./scanModem test 125d:2898 148d:1030 redhat 2.4.22-1.2115.nptl 3
=== Checking 125d through chipset providers and modem assemblers
