Re: [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities

Quoting Raymond Wood ([EMAIL PROTECTED]): > The question is obviously an unpopular one :) Well, I think it got old. Moreover, and more to the point, FAQed. > Even though Sid is officially not supported by the security team, > still 99 times out of a hundred, a patch or new version will appear i

Re: Bind issues

On Wed, Nov 13, 2002 at 11:45:19PM -0500, Mike Dresser wrote: > Any word from the security team on what's going on with potato's bind? Both potato and woody are vulnerable. Fixes are on there way, but disclosure of this vulnerability was very badly organized (not by the security team), and the se

Snort alert log

Hello, This morning I've read the following in my snort.alert log: [**] [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**] 11/13-21:21:31.736604 200.207.87.24:0 -> 80.84.232.115:0 TCP TTL:117 TOS:0x0 ID:19244 IpLen:20 DgmLen:40 ***F Seq: 0x3A6D74 Ack: 0x110 Win: 0x

Re: Bind issues

On Thursday 14 November 2002 14:24, Noah L. Meyerhans wrote: > On Wed, Nov 13, 2002 at 11:45:19PM -0500, Mike Dresser wrote: > > Any word from the security team on what's going on with potato's bind? > > Both potato and woody are vulnerable. Fixes are on there way, but > disclosure of this vulnera

wrong permissions of /usr/bin/cdrecord

Hello, I became aware of bug #164283 that seems to me security related and -- even worse -- affects woody. I have not been able to exploit it easily (by burning /etc/shadow to a CD or something like that) but it really should be fixed IMHO. The attached patch should fix woody's package. Torsten

Re: unsubscribe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Instead of cursing do this here as noted in almost every mail closing! To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] RTFM Elvedin T schrieb: | How long does it take to unsubscribe? I

recommendable security lists?

Hi all. One question I think that is not very off topic: what mailinglists, besides bugtraq, would you recommend for someone who wants to keep track of current security problems? My interest is mainly in security issues with wireless lan equipment (such as the two security wholes in current 2

Re: spam

Hello, Am 11:26 11/11/02 -0800 hat Rich Rudnick geschrieben: >I try to block on character sets: ie., > >^Content-Type.*charset.*[gG][bB]2312 > >This catches quite a few spams I can't read. I do it too and it filters around 70% of all spam mail MIchelle

Re: I will not be a part of this list anymore

What about readin the Mail-Headers or the Footer of each Message ??? List-Post: List-Help: List-Subscribe: List-Unsubscribe: Am 17:42 10/11/02 +0100 hat Maria Larsson gesch

Re: unsubscribe

What about the mail-Headers ??? List-Post: List-Help: List-Subscribe: List-Unsubscribe: Precedence: list Am 20:13 12/11/02 +0100 hat Ali MECHIRI geschrieben: > > >Attachment

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

On Wed, 2002-11-13 at 20:15, Lupe Christoph wrote: > Please read > http://www.hlug.org/modules.php?op=modload&name=News&file=article&sid=6&mode=thread&order=0&thold=0 > > Is Debian affected? If I read this (and the CERT advisory) correctly, the trojan only triggers at compile time, so I don't th

VPN question

HI I must create a VPN between an external company and a server behind my firewall. Company--->its_routermy_firewall<-server Workers from this company ONLY MUST have access to the server in the VPN. Perhaps some of them must have access to internet only perhap

Re: VPN question

On Thu, Nov 14, 2002 at 12:43:48PM +0100, Iñaki Martínez wrote: > I must create a VPN between an external company and a server behind my > firewall. > Company--->its_routermy_firewall<-server > * How to implement this VPN??? I would use IPSEC, but there are other solutio

libpam-ldap in stable

has this bug/exploit been fixed for debian stable(woody)? http://neworder.box.sk/showme.php3?id=7314 -- Kris Amy System Administrator, UCB Australia +---+ | Email: [EMAIL PROTECTED] | | Phone: +61 411 202 258| | Msn: [EMAIL PROTECTED] | | ICQ: 38459156

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

You are correct insofar as it triggers at compile time for libpcap, the configure script to be exact. I grabbed a copy of the trojan'ed libpcap and compiled it in a sandbox machine. You can do a strings of the compiled libpcap.a and grep for 1963. Doing so yields these results: debian:~/lib

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

Steve Suehring <[EMAIL PROTECTED]> writes: > You are correct insofar as it triggers at compile time for libpcap, the > configure script to be exact. I grabbed a copy of the trojan'ed libpcap > and compiled it in a sandbox machine. You can do a strings of the > compiled libpcap.a and grep for 1963.

Fwd: Apache Security Vulnerabilities on IRIX

I assume we are aware of this? Apache has been having a lot of problems lately. ALMOST as bad as IIS... - Forwarded message from SGI Security Coordinator <[EMAIL PROTECTED]> - From: SGI Security Coordinator <[EMAIL PROTECTED]> Subject: Apache Security Vulnerabilities on IRIX To: [EMAIL

Beware of sid (today at least)

Here's a warning for all who live on the wild side: Sid updates as of this moment in time have a dangerous problem. They are de-installing a lib right out from under dselect and apt. apt-config: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No s

Re: Bind issues

On Thu, Nov 14, 2002 at 03:28:26PM +0800, Patrick Hsieh wrote: > 1. apt-get source bind > 2. wget the pacth file from www.isc.org > 3. apply the patch > 4. dpkg-buildpackage > 5. dpkg -i bind*.deb That will conceivably work *now*. However, news of the vulnerability was announced before the patche

Re: VPN question

Iñaki Martínez, 2002-Nov-14 12:43 +0100: > HI > > > I must create a VPN between an external company and a server behind my > firewall. > > > Company--->its_routermy_firewall<-server > > > Workers from this company ONLY MUST have access to the server in the VPN. >

Re: Beware of sid (today at least)

On Thu, 2002-11-14 at 16:53, Dale Amon wrote: > Here's a warning for all who live on the wild side: Sid > updates as of this moment in time have a dangerous > problem. They are de-installing a lib right out > from under dselect and apt. > > apt-config: error while loading shared libraries: libst

Re: Beware of sid (today at least)

A simple workaround (in case of) it's to make a symlink to the other library... ln -s libstdc++libc6.2-2.so.3 libstdc++-libc6.2-2.so.3 (assuming that you're on /usr/lib) On Thu, 2002-11-14 at 16:53, Dale Amon wrote: > Here's a warning for all who live on the wild side: Sid > updates as of this

Re: VPN question

You can also try openvpn (http://openvpn.sourceforge.net/). On Thu, 14 Nov 2002 12:43:48 +0100 "I" <[EMAIL PROTECTED]> wrote: > HI > > > I must create a VPN between an external company and a server behind my > firewall. > > > Company--->its_routermy_firewall<-serve

Trojan Found in libpcap and tcpdump

FYI Members of The Houston Linux Users Group discovered that the newest sources of libpcap and tcpdump available from tcpdump.org were contaminated with trojan code. HLUG has notified the maintainers of tcpdump.org. Details: The trojan contains modifications to the configure script and gencode

AIDE output after unclean shutdown

Hi folks! I'm wondering if you can offer me some advice like you so kindly have a couple of times in the past. This morning, my cocoon2 installation took off unexpectedly, exhausting all the resources of the box (which isn't too big...). I could connect to all the open ports, but nothing happe

Re: AIDE output after unclean shutdown

On Thu, 14 Nov 2002 at 09:26:10PM +0100, Kjetil Kjernsmo wrote: > File: /lib/modules/2.4.19/modules.dep > Mtime: 2002-11-04 21:16:56 , 2002-11-14 15:18:29 > Ctime: 2002-11-04 21:16:56 , 2002-11-14 15:18:29 These module files usually get re-writter with every

Re: Fwd: Apache Security Vulnerabilities on IRIX

On Thu, Nov 14, 2002 at 10:41:12AM -0500, Phillip Hofmeister wrote: > > Apache has been having a lot of problems lately. ALMOST as bad as > IIS... > [useful part of message removed :] My impression is that most of the problems found these days are cross-site scripting, or at the worst, local pr

wrong permissions of /usr/bin/cdrecord

Hello, I became aware of bug #164283 that seems to me security related and -- even worse -- affects woody. I have not been able to exploit it easily (by burning /etc/shadow to a CD or something like that) but it really should be fixed IMHO. The attached patch should fix woody's package. Torsten

Re: unsubscribe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Instead of cursing do this here as noted in almost every mail closing! To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] RTFM Elvedin T schrieb: | How long does it take to unsubscribe? I d

recommendable security lists?

Hi all. One question I think that is not very off topic: what mailinglists, besides bugtraq, would you recommend for someone who wants to keep track of current security problems? My interest is mainly in security issues with wireless lan equipment (such as the two security wholes in current 22

Re: spam

Hello, Am 11:26 11/11/02 -0800 hat Rich Rudnick geschrieben: >I try to block on character sets: ie., > >^Content-Type.*charset.*[gG][bB]2312 > >This catches quite a few spams I can't read. I do it too and it filters around 70% of all spam mail MIchelle -- To UNSUBSCRIBE, email to [EMAIL PR

Re: I will not be a part of this list anymore

What about readin the Mail-Headers or the Footer of each Message ??? List-Post: List-Help: List-Subscribe: List-Unsubscrib

Re: unsubscribe

What about the mail-Headers ??? List-Post: List-Help: List-Subscribe: List-Unsubscribe:

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain atrojan"

On Wed, 2002-11-13 at 20:15, Lupe Christoph wrote: > Please read > >http://www.hlug.org/modules.php?op=modload&name=News&file=article&sid=6&mode=thread&order=0&thold=0 > > Is Debian affected? If I read this (and the CERT advisory) correctly, the trojan only triggers at compile time, so I don't

VPN question

HI I must create a VPN between an external company and a server behind my firewall. Company--->its_routermy_firewall<-server Workers from this company ONLY MUST have access to the server in the VPN. Perhaps some of them must have access to internet only perhap

Re: VPN question

On Thu, Nov 14, 2002 at 12:43:48PM +0100, Iñaki Martínez wrote: > I must create a VPN between an external company and a server behind my > firewall. > Company--->its_routermy_firewall<-server > * How to implement this VPN??? I would use IPSEC, but there are other solutio

libpam-ldap in stable

has this bug/exploit been fixed for debian stable(woody)? http://neworder.box.sk/showme.php3?id=7314 -- Kris Amy System Administrator, UCB Australia +---+ | Email: [EMAIL PROTECTED] | | Phone: +61 411 202 258| | Msn: [EMAIL PROTECTED] | | ICQ: 38459156

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain a trojan"

You are correct insofar as it triggers at compile time for libpcap, the configure script to be exact. I grabbed a copy of the trojan'ed libpcap and compiled it in a sandbox machine. You can do a strings of the compiled libpcap.a and grep for 1963. Doing so yields these results: debian:~/lib

Re: "Latest libpcap & tcpdump sources from tcpdump.org contain atrojan"

Steve Suehring <[EMAIL PROTECTED]> writes: > You are correct insofar as it triggers at compile time for libpcap, the > configure script to be exact. I grabbed a copy of the trojan'ed libpcap > and compiled it in a sandbox machine. You can do a strings of the > compiled libpcap.a and grep for 1963.

Fwd: Apache Security Vulnerabilities on IRIX

I assume we are aware of this? Apache has been having a lot of problems lately. ALMOST as bad as IIS... - Forwarded message from SGI Security Coordinator <[EMAIL PROTECTED]> - From: SGI Security Coordinator <[EMAIL PROTECTED]> Subject: Apache Security Vulnerabilities on IRIX To: [EMAIL

Beware of sid (today at least)

Here's a warning for all who live on the wild side: Sid updates as of this moment in time have a dangerous problem. They are de-installing a lib right out from under dselect and apt. apt-config: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No s

Re: Bind issues

On Thu, Nov 14, 2002 at 03:28:26PM +0800, Patrick Hsieh wrote: > 1. apt-get source bind > 2. wget the pacth file from www.isc.org > 3. apply the patch > 4. dpkg-buildpackage > 5. dpkg -i bind*.deb That will conceivably work *now*. However, news of the vulnerability was announced before the patche

Re: VPN question

Iñaki Martínez, 2002-Nov-14 12:43 +0100: > HI > > > I must create a VPN between an external company and a server behind my > firewall. > > > Company--->its_routermy_firewall<-server > > > Workers from this company ONLY MUST have access to the server in the VPN. >

Re: Beware of sid (today at least)

On Thu, 2002-11-14 at 16:53, Dale Amon wrote: > Here's a warning for all who live on the wild side: Sid > updates as of this moment in time have a dangerous > problem. They are de-installing a lib right out > from under dselect and apt. > > apt-config: error while loading shared libraries: libst

Re: Beware of sid (today at least)

A simple workaround (in case of) it's to make a symlink to the other library... ln -s libstdc++libc6.2-2.so.3 libstdc++-libc6.2-2.so.3 (assuming that you're on /usr/lib) On Thu, 2002-11-14 at 16:53, Dale Amon wrote: > Here's a warning for all who live on the wild side: Sid > updates as of this

Re: VPN question

You can also try openvpn (http://openvpn.sourceforge.net/). On Thu, 14 Nov 2002 12:43:48 +0100 "I" <[EMAIL PROTECTED]> wrote: > HI > > > I must create a VPN between an external company and a server behind my > firewall. > > > Company--->its_routermy_firewall<-serve

Trojan Found in libpcap and tcpdump

FYI Members of The Houston Linux Users Group discovered that the newest sources of libpcap and tcpdump available from tcpdump.org were contaminated with trojan code. HLUG has notified the maintainers of tcpdump.org. Details: The trojan contains modifications to the configure script and gencode

AIDE output after unclean shutdown

Hi folks! I'm wondering if you can offer me some advice like you so kindly have a couple of times in the past. This morning, my cocoon2 installation took off unexpectedly, exhausting all the resources of the box (which isn't too big...). I could connect to all the open ports, but nothing happe

Re: AIDE output after unclean shutdown

On Thu, 14 Nov 2002 at 09:26:10PM +0100, Kjetil Kjernsmo wrote: > File: /lib/modules/2.4.19/modules.dep > Mtime: 2002-11-04 21:16:56 , 2002-11-14 15:18:29 > Ctime: 2002-11-04 21:16:56 , 2002-11-14 15:18:29 These module files usually get re-writter with every

Re: Fwd: Apache Security Vulnerabilities on IRIX

On Thu, Nov 14, 2002 at 10:41:12AM -0500, Phillip Hofmeister wrote: > > Apache has been having a lot of problems lately. ALMOST as bad as > IIS... > [useful part of message removed :] My impression is that most of the problems found these days are cross-site scripting, or at the worst, local pr