oops, wrong address.
-- Forwarded message --
Date: Wed, 4 Dec 2002 08:06:00 -0600 (CST)
From: Drew Scott Daniels <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: exploit for (Debian's?) pfinger
I found an exploit on Packetstorm described as "Pfinger v0.7.8 and below
local root e
oops, wrong address.
-- Forwarded message --
Date: Wed, 4 Dec 2002 08:06:00 -0600 (CST)
From: Drew Scott Daniels <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: exploit for (Debian's?) pfinger
I found an exploit on Packetstorm described as "Pfinger v0.7.8 and below
local root e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
> I have allready reported a bug and filed a patch against this bug.
> look at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Yes, I saw your report a few minutes ago when I searched for already
known bug reports for t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings <[EMAIL PROTECTED]> [021208 01:32]:
> Martin Helas wrote:
>
> > I would agree giving anyone else the posibility of reading the passwords of
> > your upstream-newsserver wont be a good idea :)
> > That should be definetifly fixed.
>
Marcus Frings wrote:
> I informed the security team by mail just a few seconds ago and I will
> generate a bugreport for suck now. Thanks for your help.
I noticed that this bug has already been reported by Martin Helas:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Regards,
Marcus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
> I would agree giving anyone else the posibility of reading the passwords of
> your upstream-newsserver wont be a good idea :)
> That should be definetifly fixed.
Thanks for your answer. As Javi suggested I have informed the De
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> Please file and appropiate bug against the package (the maintainer
> needs not read this list) and contact the security team
> ([EMAIL PROTECTED]) so they can evaluate this and prepare a fix.
I inform
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
> I have allready reported a bug and filed a patch against this bug.
> look at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Yes, I saw your report a few minutes ago when I searched for already
known bug reports for t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings <[EMAIL PROTECTED]> [021208 01:32]:
> Martin Helas wrote:
>
> > I would agree giving anyone else the posibility of reading the passwords of
> > your upstream-newsserver wont be a good idea :)
> > That should be definetifly fixed.
>
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis" <[EMAIL
PROTECTED]> wrote:
> On 12/07/02 12:54, Tim van Erven wrote:
>> 2) How are the passwordhashes in /etc/shadow generated from the
>> salt+password? I can't use 'passwd' to update popa3d's auth files, so
>> I need to genera
Marcus Frings wrote:
> I informed the security team by mail just a few seconds ago and I will
> generate a bugreport for suck now. Thanks for your help.
I noticed that this bug has already been reported by Martin Helas:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Regards,
Marcus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
> I would agree giving anyone else the posibility of reading the passwords of
> your upstream-newsserver wont be a good idea :)
> That should be definetifly fixed.
Thanks for your answer. As Javi suggested I have informed the De
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> Please file and appropiate bug against the package (the maintainer
> needs not read this list) and contact the security team
> ([EMAIL PROTECTED]) so they can evaluate this and prepare a fix.
I inform
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
On Sat, Dec 07, 2002 at 04:39:54PM -0500, "Christopher W. Curtis"
<[EMAIL PROTECTED]> wrote:
> On 12/07/02 12:54, Tim van Erven wrote:
>> 2) How are the passwordhashes in /etc/shadow generated from the
>> salt+password? I can't use 'passwd' to update popa3d's auth files, so
>> I need to genera
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
Ted Cabeen <[EMAIL PROTECTED]> writes:
> If we disregarded software that has had problems in the
> past, sendmail would be dead and buried by now.
s/would/should
I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendm
On Sat, Dec 07, 2002 at 09:45:30AM -0600, Daniel Rychlik wrote:
> I attempted to setup my cd read write so that I could do backups, and I hosed
> my Debian server. You know, kernel panic well I passed some init
> options and I got it back up. I still would like to get my cd readwrite to
>
Hi all,
Inspired by a recent thread on this list I decided to set up a
mailserver with pop3 access over ssl. It's working now, but I'd
appreciate some comments on its security. My setup is as follows:
- I'm using stunnel+popa3d for pop3-ssl
(/usr/sbin/stunnel -d pop3s -p /etc/ssl/certs/pop3s.p
On Sat, Dec 07, 2002 at 01:51:11PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > IIRC "important new versions of existing packages" are allowed into
> > point releases, so maybe Woody's main Snort engine binary packages can
> > be updated when 3.0r1 happens.
>
> That won't happen sorry. T
Ted Cabeen <[EMAIL PROTECTED]> writes:
> If we disregarded software that has had problems in the
> past, sendmail would be dead and buried by now.
s/would/should
I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendm
On Sat, Dec 07, 2002 at 09:45:30AM -0600, Daniel Rychlik wrote:
> I attempted to setup my cd read write so that I could do backups, and I hosed
> my Debian server. You know, kernel panic well I passed some init
> options and I got it back up. I still would like to get my cd readwrite to
>
Hi all,
Inspired by a recent thread on this list I decided to set up a
mailserver with pop3 access over ssl. It's working now, but I'd
appreciate some comments on its security. My setup is as follows:
- I'm using stunnel+popa3d for pop3-ssl
(/usr/sbin/stunnel -d pop3s -p /etc/ssl/certs/pop3s.p
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
work for redundantcy, Are there Debian white papers on how to do this
On Sat, Dec 07, 2002 at 01:51:11PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > IIRC "important new versions of existing packages" are allowed into
> > point releases, so maybe Woody's main Snort engine binary packages can
> > be updated when 3.0r1 happens.
>
> That won't happen sorry. T
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
work for redundantcy, Are there Debian white papers on how to do this
On Sat, Dec 07, 2002 at 12:52:02AM +0100, Marcus Frings wrote:
> Any comments concerning this are very welcome.
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and prepa
On Sat, Dec 07, 2002 at 02:46:01AM +, Nick Boyce wrote:
> I'd suggest maybe a note about V1.8.4 being "useless" should be added
> to http://packages.debian.org/stable/net/snort.html, along with some
> advice about getting signature updates (i.e. roll your own).
Why not file a bug?
>
>
On Sat, Dec 07, 2002 at 12:52:02AM +0100, Marcus Frings wrote:
> Any comments concerning this are very welcome.
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and prepa
On Sat, Dec 07, 2002 at 02:46:01AM +, Nick Boyce wrote:
> I'd suggest maybe a note about V1.8.4 being "useless" should be added
> to http://packages.debian.org/stable/net/snort.html, along with some
> advice about getting signature updates (i.e. roll your own).
Why not file a bug?
>
>
A Saturday 07 December 2002 2:37, David B Harris va escriure:
> On Sat, 7 Dec 2002 01:09:59 +0100
>
> Albert Cervera Areny <[EMAIL PROTECTED]> wrote:
> > So it isn't really that the hole system runs 8% slower. Sorry for my
> > first explanation... Now I think it is an overhead which is afordable
>
A Saturday 07 December 2002 2:37, David B Harris va escriure:
> On Sat, 7 Dec 2002 01:09:59 +0100
>
> Albert Cervera Areny <[EMAIL PROTECTED]> wrote:
> > So it isn't really that the hole system runs 8% slower. Sorry for my
> > first explanation... Now I think it is an overhead which is afordable
>
32 matches
Mail list logo
