On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> Hi,
>
> sigh... yes... some of our servers have been hit with the "SSH CRC-32
> compensation attack detector vulnerability" attack.
>
> some servers have been compromised, and the usual rootkit stuff (install
> root shells in /etc/inetd
> Never really looked into how reliable that is, but it's there. I'd like to
> see apt-get support some sort of 'reinstall' command.
apt-get install --reinstall package
Regards
Tim
I know this is not a complete solution, but for starters you could try
'chkrootkit':
http://packages.debian.org/unstable/misc/chkrootkit.html
http://www.chkrootkit.org/
Stable doesn't have a package but I'm sure you could build the unstable .deb
from source.
Regards
Tim
>>> "Jason Lim" <[EMA
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> Hi,
>
> sigh... yes... some of our servers have been hit with the "SSH CRC-32
> compensation attack detector vulnerability" attack.
>
> some servers have been compromised, and the usual rootkit stuff (install
> root shells in /etc/inet
The patch is to use the "ssh" package in unstable... and I think in the
security-updates.
We were using ssh-nonfree and that is vunerable. I think they released a
patch and the debs have since been updated, but I'd be wary of staying
with ssh-nonfree now that a hole is right there.
Damn... now th
> Never really looked into how reliable that is, but it's there. I'd like to
> see apt-get support some sort of 'reinstall' command.
apt-get install --reinstall package
Regards
Tim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED
I know this is not a complete solution, but for starters you could try 'chkrootkit':
http://packages.debian.org/unstable/misc/chkrootkit.html
http://www.chkrootkit.org/
Stable doesn't have a package but I'm sure you could build the unstable .deb from
source.
Regards
Tim
>>> "Jason Lim" <[EMA
What is the patch to plug this hole?
K.
* Jason Lim ([EMAIL PROTECTED]) wrote:
> Reply-To: "Jason Lim" <[EMAIL PROTECTED]>
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To:
> Subject: Help... SSH CRC-32 compensation attack detector vulnerability
> Date: Mon, 3 Dec 2001 09:33:07 +1100
> X-Mailer: Mic
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> What is an easy way to locate binaries that are different from the ones
> provided in the original debs?
man debsums
>
> And is there any other relatively easier way of cleaning up a system that
> has had a rootkit installed?
apt-get
Hi,
sigh... yes... some of our servers have been hit with the "SSH CRC-32
compensation attack detector vulnerability" attack.
some servers have been compromised, and the usual rootkit stuff (install
root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.).
What is an easy way to locate b
The patch is to use the "ssh" package in unstable... and I think in the
security-updates.
We were using ssh-nonfree and that is vunerable. I think they released a
patch and the debs have since been updated, but I'd be wary of staying
with ssh-nonfree now that a hole is right there.
Damn... now t
What is the patch to plug this hole?
K.
* Jason Lim ([EMAIL PROTECTED]) wrote:
> Reply-To: "Jason Lim" <[EMAIL PROTECTED]>
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Help... SSH CRC-32 compensation attack detector vulnerability
> Date: Mon, 3 Dec 2001 09:33:07 +
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> What is an easy way to locate binaries that are different from the ones
> provided in the original debs?
man debsums
>
> And is there any other relatively easier way of cleaning up a system that
> has had a rootkit installed?
apt-get
Hi,
sigh... yes... some of our servers have been hit with the "SSH CRC-32
compensation attack detector vulnerability" attack.
some servers have been compromised, and the usual rootkit stuff (install
root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.).
What is an easy way to locate
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in
> /usr/lib/sourceforge/www/include/ldap.php on line 50
>
> * The distinguished name of the search base: dc=dev.uprint.web
Should be:
dc=dev,dc=uprint,dc=web
- Jeff
--
We're passe with class, eh?
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in
> /usr/lib/sourceforge/www/include/ldap.php on line 50
>
> * The distinguished name of the search base: dc=dev.uprint.web
Should be:
dc=dev,dc=uprint,dc=web
- Jeff
--
We're passe with class, eh?
On Sun, Dec 02, 2001 at 05:42:10PM +0800, Patrick Hsieh wrote:
> Hello,
>
> If I don't want to use MD5 in my linux box, is it possible to migrate
> the account/password?
Actually... I'm wanting to do the oposite... I want to migrate from crypt
shadow passwords to md5sum passwords in LDAP.
Any hi
Hello,
If I don't want to use MD5 in my linux box, is it possible to migrate
the account/password?
> On Sun, 2 Dec 2001, Patrick Hsieh wrote:
>
> > Hello list,
> >
> > My company has a plan to migrate a FreeBSD 4.4 to Debian 2.2r4.
> > A couple of minutes of downtime is acceptable, but my core p
On Sun, Dec 02, 2001 at 05:42:10PM +0800, Patrick Hsieh wrote:
> Hello,
>
> If I don't want to use MD5 in my linux box, is it possible to migrate
> the account/password?
Actually... I'm wanting to do the oposite... I want to migrate from crypt
shadow passwords to md5sum passwords in LDAP.
Any h
Hello,
If I don't want to use MD5 in my linux box, is it possible to migrate
the account/password?
> On Sun, 2 Dec 2001, Patrick Hsieh wrote:
>
> > Hello list,
> >
> > My company has a plan to migrate a FreeBSD 4.4 to Debian 2.2r4.
> > A couple of minutes of downtime is acceptable, but my core
20 matches
Mail list logo
