configuration problem with interaction of krb5 and kde screensaver

2002-09-19 Thread Dietrich Schroff
Greetings, our institute network uses afs and krb5 for home directories and user authentication. I got everything working, like logging as user (net) or root (local) in with wdm or ssh or on console, getting AFS-tokens automatically (for net-user, not for root). Here my problem: If i log in

Kernel image 2.4.18-bf2.4

2002-09-19 Thread Douglas Wheet
Greetings, I may have missed something on the lists, but I was doing my usual nightly reading and saw there are some vulnerabilities in kernel 2.4.18 on security focus, I was wondering if there is or will be patches for these vulnerabilities? http://online.securityfocus.com/bid/5539

Re: slapper countermeasures

2002-09-19 Thread Emil Pedersen
[...] Indeed. A similar case to this is the Good Samaritan Act was abolished, or at least changed in Australia to the point that if some one was mown down by a bus and you pulled them off the road and they still died, you could be sued by the family for killing them. It's a load of crud,

Re: SSL update.. still giving me a Vulnerable status

2002-09-19 Thread Florian Weimer
Jeroen de Leeuw den Bouter [EMAIL PROTECTED] writes: No, it checks a large and a small overflow. Jeroen, have you restarted the httpd? If not, it is still running with the old library. I shut the whole apache down (both http and http-ssl). Oh, in this case, I am really interested in the

Re: configuration problem with interaction of krb5 and kde screensaver

2002-09-19 Thread Will Aoki
On Thu, Sep 19, 2002 at 08:44:18AM +0200, Dietrich Schroff wrote: Here my problem: If i log in as user in KDE and then use the screensaver, i can not unlock my screen. As root this is possible. I think the configuration file is /etc/pam.d/kde. It looks like this: auth required

a.out apache exploit known?

2002-09-19 Thread Michael Renzmann
Hi. Is there any known issue to a http request for a file named a.out? I was just wondering, because I had such a request today from a box which was in a .mil domain... he/she downloaded the source of slapper there, watched the index file (which is quite boring so far :)) and then tried to

Re: slapper countermeasures

2002-09-19 Thread thing
Geoff Crompton wrote: (I've been trying to think of a reason that the owner of an infected box would not appreciate efforts to sanitize the box). simple gross stupidity I mean they didnt patch it on the first place... Mind you if you did fix it for them they would probably never notice.

Re: slapper countermeasures

2002-09-19 Thread Jason Clarke
- Original Message - From: thing [EMAIL PROTECTED] Subject: Re: slapper countermeasures Geoff Crompton wrote: (I've been trying to think of a reason that the owner of an infected box would not appreciate efforts to sanitize the box). Mind you if you did fix it for them they

Re: slapper countermeasures

2002-09-19 Thread Alan Shutko
Geoff Crompton [EMAIL PROTECTED] writes: (I've been trying to think of a reason that the owner of an infected box would not appreciate efforts to sanitize the box). The big problem is that it's possible your efforts actually damage important services or data that the virus didn't.

Re: slapper countermeasures

2002-09-19 Thread thing
someone needs to fix thier anti-spam filter regards Thing Jaroslaw Tabor wrote: Your mail has been rejected by anti-spam filter

configuration problem with interaction of krb5 and kde screensaver

2002-09-19 Thread Dietrich Schroff
Greetings, our institute network uses afs and krb5 for home directories and user authentication. I got everything working, like logging as user (net) or root (local) in with wdm or ssh or on console, getting AFS-tokens automatically (for net-user, not for root). Here my problem: If i log in as

Kernel image 2.4.18-bf2.4

2002-09-19 Thread Douglas Wheet
Greetings, I may have missed something on the lists, but I was doing my usual nightly reading and saw there are some vulnerabilities in kernel 2.4.18 on security focus, I was wondering if there is or will be patches for these vulnerabilities? http://online.securityfocus.com/bid/5539

Re: slapper countermeasures

2002-09-19 Thread Emil Pedersen
[...] Indeed. A similar case to this is the Good Samaritan Act was abolished, or at least changed in Australia to the point that if some one was mown down by a bus and you pulled them off the road and they still died, you could be sued by the family for killing them. It's a load of crud, but

Re: SSL update.. still giving me a Vulnerable status

2002-09-19 Thread Florian Weimer
Jeroen de Leeuw den Bouter [EMAIL PROTECTED] writes: No, it checks a large and a small overflow. Jeroen, have you restarted the httpd? If not, it is still running with the old library. I shut the whole apache down (both http and http-ssl). Oh, in this case, I am really interested in the data

Re: configuration problem with interaction of krb5 and kde screensaver

2002-09-19 Thread Will Aoki
On Thu, Sep 19, 2002 at 08:44:18AM +0200, Dietrich Schroff wrote: Here my problem: If i log in as user in KDE and then use the screensaver, i can not unlock my screen. As root this is possible. I think the configuration file is /etc/pam.d/kde. It looks like this: auth required

a.out apache exploit known?

2002-09-19 Thread Michael Renzmann
Hi. Is there any known issue to a http request for a file named a.out? I was just wondering, because I had such a request today from a box which was in a .mil domain... he/she downloaded the source of slapper there, watched the index file (which is quite boring so far :)) and then tried to

Re: SSL update.. still giving me a Vulnerable status

2002-09-19 Thread Jeroen de Leeuw den Bouter
No, it checks a large and a small overflow. Jeroen, have you restarted the httpd? If not, it is still running with the old library. I shut the whole apache down (both http and http-ssl). Oh, in this case, I am really interested in the data Lupe suggested to collect. There might be a