Re: How to get the current security updates on CD?

* John Morton <[EMAIL PROTECTED]> [20030106 23:53]: > On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote: > >>2) Set up a private ftp/http mirror of security.debian.org and update > >> the system from there before connecting it to the internet... > > >

Re: How to get the current security updates on CD?

On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote: >>2) Set up a private ftp/http mirror of security.debian.org and update >> the system from there before connecting it to the internet... > > Yes, this is what I would like to do, but I'm not clear on the > mechanics of doing it. Does an

Re: How to get the current security updates on CD?

* John Morton <[EMAIL PROTECTED]> [20030106 23:53]: > On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote: > >>2) Set up a private ftp/http mirror of security.debian.org and update > >> the system from there before connecting it to the internet... > > >

[Fwd: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS]

The nest in the thread from bugtraq ~Chris -Forwarded Message- > From: Global InterSec Research <[EMAIL PROTECTED]> > To: bugtraq@securityfocus.com > Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > Date: 06 Jan 2003 20:05:32 + > > > As some may have gathered, the advisory

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On 2003.01.06, Phillip Hofmeister <[EMAIL PROTECTED]> wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > - Original Message - > > From: <[EMAIL PROTECTED] > > > To: mailto:bugtraq@securityfocus.com>> > > Sent: Sunday, January 05, 2003 4

Re: How to get the current security updates on CD?

On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote: >>2) Set up a private ftp/http mirror of security.debian.org and update >> the system from there before connecting it to the internet... > > Yes, this is what I would like to do, but I'm not clear on the > mechanics of doing it. Does an

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 2003-01-06 at 21:06, Phillip Hofmeister wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > - Original Message - > > From: <[EMAIL PROTECTED] > > > To: mailto:bugtraq@securityfocus.com>> > > Sent: Sunday, January 05, 2003 4:37 AM

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > - Original Message - > From: <[EMAIL PROTECTED] > > To: mailto:bugtraq@securityfocus.com>> > Sent: Sunday, January 05, 2003 4:37 AM > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > > # g

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

Hi, Johannes Verelst wrote: > > Summarized, this exploit only works if you have in your sshd_config: > > PAMAuthenticationViaKbdInt yes > UsePrivilegeSeparation no > > The default values for both my unstable and stable debian boxes appear > to be: > > PAMAuthenticationV

[Fwd: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS]

The nest in the thread from bugtraq ~Chris -Forwarded Message- > From: Global InterSec Research <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > Date: 06 Jan 2003 20:05:32 + > > > As some may have gathered, the advisory recentl

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On 2003.01.06, Phillip Hofmeister <[EMAIL PROTECTED]> wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > - Original Message - > > From: <[EMAIL PROTECTED] > > > To: <[EMAIL PROTECTED] > > > Sent: Sunday, Januar

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 2003-01-06 at 18:44, Domonkos Czinke wrote: > FYI Note: > > Before the SSH server is actually executed, the sshd_config file should > > be modified in order to enable PAM ("PAMAuthenticationViaKbdInt yes"). and > > "you can prevent privilege escalation if you enable > > UsePrivilegeSepa

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 2003-01-06 at 21:06, Phillip Hofmeister wrote: > On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > > - Original Message - > > From: <[EMAIL PROTECTED] > > > To: <[EMAIL PROTECTED] > > > Sent: Sunday, January 05,

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote: > - Original Message - > From: <[EMAIL PROTECTED] > > To: <[EMAIL PROTECTED] > > Sent: Sunday, January 05, 2003 4:37 AM > Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSI

OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

FYI Cheers, Domonkos Czinke - Original Message - From: <[EMAIL PROTECTED] > To: mailto:bugtraq@securityfocus.com>> Sent: Sunday, January 05, 2003 4:37 AM Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > > -BEGIN PGP SIGNED MESSAGE- > >

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

Hi, Johannes Verelst wrote: > > Summarized, this exploit only works if you have in your sshd_config: > > PAMAuthenticationViaKbdInt yes > UsePrivilegeSeparation no > > The default values for both my unstable and stable debian boxes appear > to be: > > PAMAuthenticationV

Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

On Mon, 2003-01-06 at 18:44, Domonkos Czinke wrote: > FYI Note: > > Before the SSH server is actually executed, the sshd_config file should > > be modified in order to enable PAM ("PAMAuthenticationViaKbdInt yes"). and > > "you can prevent privilege escalation if you enable > > UsePrivilegeSepa

Re: How to get the current security updates on CD?

Le lun 06/01/2003 à 15:53, Mike Renfro a écrit : > Security mirrors should only be for local use, to help keep people > from unknowingly using outdated mirrors. Also, fmirror isn't nearly as > bandwidth-friendly as rsync, but I'm not aware of any rsync capability > on the security site. It's avail

Re: How to get the current security updates on CD?

On Mon, Jan 06, 2003 at 10:37:56AM -0500, [EMAIL PROTECTED] wrote: >2) Set up a private ftp/http mirror of security.debian.org and update > the system from there before connecting it to the internet... > > Yes, this is what I would like to do, but I'm not clear on the > mechanics of doi

OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS

FYI Cheers, Domonkos Czinke - Original Message - From: <[EMAIL PROTECTED] > To: <[EMAIL PROTECTED] > Sent: Sunday, January 05, 2003 4:37 AM Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS > > -BEGIN PGP SIGNED MESSAGE---

Re: How to get the current security updates on CD?

Date: Sat, 4 Jan 2003 20:43:10 -0600 From: Mike Renfro <[EMAIL PROTECTED]> Cc: debian-security@lists.debian.org On Sat, Jan 04, 2003 at 05:20:46PM -0500, [EMAIL PROTECTED] wrote: > Hi. I'm doing a fresh Woody installation, and I want it to include > a reasonably current set o

Re: How to get the current security updates on CD?

Le lun 06/01/2003 à 15:53, Mike Renfro a écrit : > Security mirrors should only be for local use, to help keep people > from unknowingly using outdated mirrors. Also, fmirror isn't nearly as > bandwidth-friendly as rsync, but I'm not aware of any rsync capability > on the security site. It's avail

Re: How to get the current security updates on CD?

On Mon, Jan 06, 2003 at 10:37:56AM -0500, [EMAIL PROTECTED] wrote: >2) Set up a private ftp/http mirror of security.debian.org and update > the system from there before connecting it to the internet... > > Yes, this is what I would like to do, but I'm not clear on the > mechanics of doi

Re: How to get the current security updates on CD?

Date: Sat, 4 Jan 2003 20:43:10 -0600 From: Mike Renfro <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] On Sat, Jan 04, 2003 at 05:20:46PM -0500, [EMAIL PROTECTED] wrote: > Hi. I'm doing a fresh Woody installation, and I want it to include > a reasonably current set of security upda

Re: Putting Apache, PHP, Tomcat and CGI in a jail

OK people. I'm not sure that I had reason to do it - you will tell me. I wrote a script for chrooting applications (FOR DEBIAN ONLY). You can find it: http://joker.hansabank.lt/mkchroot I tried to chroot perl, apache, libapache-mod-ssl. I think it should chroot php4 and phplib. CGI runs as on no