Re: [ilugd] Linux Asia 2005
Hi all Raj Mathur wrote: Let's meet up on Sunday if that suits everyone, or 90% of everyone and thrash things out in detail. Venue can be decided later today (Friday) -- Munirka if no other place. How about IHC lawns as the venue for this meet, -- Shehjar WWW: http://users.sarai.net/~shehjar BLOG: http://blog.sarai.net/users/shehjar ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Linux Asia 2005
what we mean by free , is that volunteers will get the chance to join the conferences or not which is titled to be 1250 bucks for students, As i remember it was free last year. On Fri, 14 Jan 2005 14:30:53 +0530, Shehjar Tikoo [EMAIL PROTECTED] wrote: Hi all Raj Mathur wrote: Let's meet up on Sunday if that suits everyone, or 90% of everyone and thrash things out in detail. Venue can be decided later today (Friday) -- Munirka if no other place. How about IHC lawns as the venue for this meet, -- Shehjar WWW: http://users.sarai.net/~shehjar BLOG: http://blog.sarai.net/users/shehjar ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] Gmail Account
Hi all, I have a gmail account in spare anyone wants mail me onlist ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] G-mail account
hello mr gaurav, i am new in our linux assosiation . if u got any extra invitation then send it to me. thanks. yours truly, shailendra. Yahoo! India Matrimony: Find your life partneronline. ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Gmail Account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gaurav == Gaurav Mishra [EMAIL PROTECTED] writes: Gaurav Hi all, I have a gmail account in spare anyone wants mail Gaurav me onlist Don't start those idiotic threads again please. THIS IS NOT A GMAIL ACCOUNT SHARING LIST. Get that into your heads and go mess up some other place. - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFB5/FHyWjQ78xo0X8RAk93AJ9eYqb2dZKUGnRvzmvUhvMvDpkiLgCePvtY XI3Tkg6alFQqy0biP681Upw= =i4nd -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Gmail Account
Gaurav == Gaurav Mishra [EMAIL PROTECTED] writes: Gaurav Hi all, I have a gmail account in spare anyone wants mail Gaurav me onlist Don't start those idiotic threads again please. Yup, We already had so much spam relating to GMail... THIS IS NOT A GMAIL ACCOUNT SHARING LIST. Please form some yahoo-group/google-group sort of for such activity! spare the list. makuchaku --- http://makuchaku.blogspot.com #gnutech [at] nl.chatjunkies.org --- Linux... Life... Freedom... ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] (fwd) [SECURITY] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
[Please upgrade exim4 again -- Raju]
This is an RFC 1153 digest.
(1 message)
--
MIME-Version: 1.0
Content-class: urn:content-classes:message
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 8bit
Message-ID: [EMAIL PROTECTED]
From: customer service mailbox [EMAIL PROTECTED]
To: bugtraq@securityfocus.com, [EMAIL PROTECTED]
Subject: iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer
Overflow Vulnerability
Date: Fri, 14 Jan 2005 12:45:28 -0500
Exim dns_buld_reverse() Buffer Overflow Vulnerability
iDEFENSE Security Advisory 01.14.05
www.idefense.com/application/poi/display?id=183type=vulnerabilities
January 14, 2005
I. BACKGROUND
Exim is a mail transfer agent (MTA) for Unix systems similar to
sendmail. More information is available at the following URL:
http://www.exim.org/
II. DESCRIPTION
Local exploitation of a buffer overflow vulnerability in Exim 4.41 may
allow execution of arbitrary commands with elevated privileges.
The problem specifically exists in the dns_build_reverse() function. The
function fails to check the length of a string which it copies into a
fixed length buffer. This string is user controlled and passed into the
program from a command line option.
The following example demonstrates an input that will crash Exim:
/usr/bin/exim -bh ::%A`perl -e 'print pack('L',0xdeadbeef') x 256'`
III. ANALYSIS
Exploitation of this vulnerability will give an attacker access to the
mailer uid. (The exim mailer is setuid root, but drops privileges before
the vulnerable code is reached). Having the mailer uid may allow access
to sensitive information in email messages, or possibly further
elevation.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Exim
versions 4.40 and 4.41. A source audit of version 4.42 suggests that it
is also vulnerable. It is suspected that earlier versions are also
vulnerable.
V. WORKAROUND
iDEFENSE is currently unaware of any effective workarounds for this
vulnerability.
VI. VENDOR RESPONSE
A patch for Exim release 4.43 which addresses this vulnerability is
available at:
http://www.exim.org/mail-archives/exim-announce/2005/msg0.html
The patch will be incorporated into a future Exim release (4.50).
VII. CVE INFORMATION
A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not
been assigned yet.
VIII. DISCLOSURE TIMELINE
09/30/2004 Initial vendor notification
09/30/2004 Initial vendor response
01/14/2005 Public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email [EMAIL PROTECTED] for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
--
End of this Digest
**
--
Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] (fwd) [SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
[Please upgrade mc if you haven't recently -- Raju] This is an RFC 1153 digest. (1 message) -- Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Martin Schulze) To: bugtraq@securityfocus.com Subject: [SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities Date: Fri, 14 Jan 2005 11:20:28 +0100 (CET) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 639-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 14th, 2005 http://www.debian.org/security/faq - -- Package: mc Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1004 CAN-2004-1005 CAN-2004-1009 CAN-2004-1090 CAN-2004-1091 CAN-2004-1092 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2004-1176 Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities: CAN-2004-1004 Multiple format string vulnerabilities CAN-2004-1005 Multiple buffer overflows CAN-2004-1009 One infinite loop vulnerability CAN-2004-1090 Denial of service via corrupted section header CAN-2004-1091 Denial of service via null dereference CAN-2004-1092 Freeing unallocated memory CAN-2004-1093 Denial of service via use of already freed memory CAN-2004-1174 Denial of service via manipulating non-existing file handles CAN-2004-1175 Unintended program execution via insecure filename quoting CAN-2004-1176 Denial of service via a buffer underflow For the stable distribution (woody) these problems have been fixed in version 4.5.55-1.2woody5 For the unstable distribution (sid) these problems should already be fixed since they were backported from current versions. We recommend that you upgrade your mc package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5.dsc Size/MD5 checksum: 798 09408d39e539898d3384293454b806a8 http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5.diff.gz Size/MD5 checksum:51884 64d27d64149013cbbfcbe0d568f872af http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz Size/MD5 checksum: 4850321 82772e729bb2ecfe486a6c219ebab09f Alpha architecture: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_alpha.deb Size/MD5 checksum: 1186490 28bce9bd85c73413c4e610a83f6c80dd http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_alpha.deb Size/MD5 checksum: 562942 519466cca7aa730a64c5ff629fe64112 http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_alpha.deb Size/MD5 checksum: 1351654 7b7e2ee396427d08f38bb2610533fb25 ARM architecture: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_arm.deb Size/MD5 checksum: 1028206 7bc8143ab26f4c42ef99de8f86d30604 http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_arm.deb Size/MD5 checksum: 480562 94e93aaa4a2dccb4b3acde553091fce7 http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_arm.deb Size/MD5 checksum: 1351824 cd5a6b905f11fd1661a16e790bf1f588 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_i386.deb Size/MD5 checksum: 994986 0c53de4cf192308977e39bb4a7216314 http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_i386.deb Size/MD5 checksum: 455878 7a09ac156183bc9cee032d674e21587c http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_i386.deb Size/MD5 checksum: 1351766 fe4f6d051f36930a1533ac7239d5759f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_ia64.deb Size/MD5 checksum: 1435394 06eb2692e366aa35d3aa39f2903253a7
Re: [ilugd] Re: [LIH](fwd) [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution
Pankaj kaushal wrote: Hey! who are you calling backward? Woody is still *the* stable to run. /me runs with placards stating The end is near. stick to woody. at least use the exim4 packages for woody then. exim 3.x is outdated and if debian users (as frequently happens) ask questions about stuff that's tough to do with 3.x and very easy to do with 4.x, or screw up after running eximconfig and then dont know how to edit a configuration file manually, they'll just get flamed is all ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] LA2005 meet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Please come over to my place in Munirka tomorrow (Sunday the 16th) at 6:00 pm to finalise our presence in Linux Asia 2005. Venue: BB/3G DDA Flats Munirka Date: 2005-01-16 Time: 18:00 Contact: Me (9811066460) Agenda:Linux Asia 2005 discussion Also, if you wish to subscribe to the events-list, please send a mail to: mailto:[EMAIL PROTECTED] You don't NEED to subscribe to the list! If you just want to volunteer or present a demo or a talk, you can send mail to [EMAIL PROTECTED] without subscribing. Regards, - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFB6LodyWjQ78xo0X8RAvcyAJ9GcKVOp4lQrlpgSvX2OMAcc5qJ8QCePyHs wU+JtwXwTrfQBkjrzbwr23U= =qI61 -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
