Nick Boyce wrote:
> On Friday 21 Mar 2003 2:01 pm, Martin Schulze wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > -
> >- Debian Security Advisory DSA 265-1
> > [EMAIL PROTECTED] http://w
On Friday 21 Mar 2003 2:01 pm, Martin Schulze wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> -
>- Debian Security Advisory DSA 265-1
> [EMAIL PROTECTED] http://www.debian.org/security/
On Friday 21 Mar 2003 2:01 pm, Martin Schulze wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> -
>- Debian Security Advisory DSA 265-1
> [EMAIL PROTECTED] http://www.debian.org/security/
All,
I just patched my kernel with the patch available on kernel.org. I
downloaded, compiled and ran the km3.c exploit for this bug. How can I
tell if the exploit failed or not? When I run the exploit as non-root
it keeps starting children over and over again. When I run it as root
it does the
All,
I just patched my kernel with the patch available on kernel.org. I
downloaded, compiled and ran the km3.c exploit for this bug. How can I
tell if the exploit failed or not? When I run the exploit as non-root
it keeps starting children over and over again. When I run it as root
it does the
Emmanuel Lacour wrote:
> Is there someone having information about this web vulnerability, goals
> and risks and how to disable it?
google
There's plenty of discussion out there on why this "vulnerability"
isn't.
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came
"Jeff" <[EMAIL PROTECTED]> writes:
>
> Does this affect:
> libstdc++2.10-glibc2.2
> glibc-2.2.5-11.2
>
> If so are the patches in the pipeline?
I don't believe this affects libstdc++2.10, but it *does* affect
glibc-2.2.5-11.2 (and most other Debian versions of glibc,
presumably). There is n
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
[ please don't top post ]
>> The original poster indicated that they were running potato. They should
>> put the following line in /etc/apt/sources.list:
>>
>> deb http://security.debian.org/debian-security oldstable/updates main
>> co
Emmanuel Lacour wrote:
> Is there someone having information about this web vulnerability, goals
> and risks and how to disable it?
google
There's plenty of discussion out there on why this "vulnerability"
isn't.
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
> Turns out that we are running a developers version of Oracle (8.1.7) in
> which are dependant on potato's library's and if we were to run apt-get it
> would break Oracle and perhaps a few other apps running.
>
> again fairly new and tr
"Jeff" <[EMAIL PROTECTED]> writes:
>
> Does this affect:
> libstdc++2.10-glibc2.2
> glibc-2.2.5-11.2
>
> If so are the patches in the pipeline?
I don't believe this affects libstdc++2.10, but it *does* affect
glibc-2.2.5-11.2 (and most other Debian versions of glibc,
presumably). There is n
On Sat, Mar 22, 2003 at 03:40:11AM +0700, Jean Christophe ANDR? wrote:
> John Kuhn écrivait :
> > The original poster indicated that they were running potato. They should
> > put the following line in /etc/apt/sources.list:
> > deb http://security.debian.org/debian-security oldstable/updates main
Turns out that we are running a developers version of Oracle (8.1.7) in
which are dependant on potato's library's and if we were to run apt-get it
would break Oracle and perhaps a few other apps running.
again fairly new and trying to get my head around how exacally unix works.
if potato is no lon
John Kuhn écrivait :
> The original poster indicated that they were running potato. They should
> put the following line in /etc/apt/sources.list:
> deb http://security.debian.org/debian-security oldstable/updates main contrib
> non-free
> Note that security updates for potato are scheduled to en
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Also, I would set some no-spoof rules, like accept 127.0.0.0/8 only from
>interface lo, and drop
>non-routable stuff coming from public interface.
for dev in default eth0 eth1 eth2 eth3 eth4 eth5 eth6
do
echo 1 >/proc/sys/net/ipv4
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
[ please don't top post ]
>> The original poster indicated that they were running potato. They should
>> put the following line in /etc/apt/sources.list:
>>
>> deb http://security.debian.org/debian-security oldstable/updates main
>> co
On Fri, Mar 21, 2003 at 07:19:35PM -, David Ramsden wrote:
> - Original Message -
> From: "Jeremy Choy" <[EMAIL PROTECTED]>
> To: "debian security lists"
> Sent: Friday, March 21, 2003 6:42 PM
> Subject: determining which patches to apply...
>
>
> > first off, is there a way to check
On Fri, Mar 21, 2003 at 02:43:47PM -0600, Jeremy Choy wrote:
> Turns out that we are running a developers version of Oracle (8.1.7) in
> which are dependant on potato's library's and if we were to run apt-get it
> would break Oracle and perhaps a few other apps running.
>
> again fairly new and tr
- Original Message -
From: "Jeremy Choy" <[EMAIL PROTECTED]>
To: "debian security lists"
Sent: Friday, March 21, 2003 6:42 PM
Subject: determining which patches to apply...
> first off, is there a way to check what's installed/running for packages
> besides ps aux ( so I can check if the
On Sat, Mar 22, 2003 at 03:40:11AM +0700, Jean Christophe ANDR? wrote:
> John Kuhn écrivait :
> > The original poster indicated that they were running potato. They should
> > put the following line in /etc/apt/sources.list:
> > deb http://security.debian.org/debian-security oldstable/updates main
Turns out that we are running a developers version of Oracle (8.1.7) in
which are dependant on potato's library's and if we were to run apt-get it
would break Oracle and perhaps a few other apps running.
again fairly new and trying to get my head around how exacally unix works.
if potato is no lon
first off, is there a way to check what's installed/running for packages
besides ps aux ( so I can check if the vulnerability will affect my
machines )
and how do I know which 'fix' I should apply? I'm generally good, when it's
something like apache, php, mysql as I know I have it installed. But f
John Kuhn écrivait :
> The original poster indicated that they were running potato. They should
> put the following line in /etc/apt/sources.list:
> deb http://security.debian.org/debian-security oldstable/updates main contrib
> non-free
> Note that security updates for potato are scheduled to en
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Also, I would set some no-spoof rules, like accept 127.0.0.0/8 only from
>interface lo, and drop
>non-routable stuff coming from public interface.
for dev in default eth0 eth1 eth2 eth3 eth4 eth5 eth6
do
echo 1 >/proc/sys/net/ipv4
On Fri, Mar 21, 2003 at 07:19:35PM -, David Ramsden wrote:
> - Original Message -
> From: "Jeremy Choy" <[EMAIL PROTECTED]>
> To: "debian security lists" <[EMAIL PROTECTED]>
> Sent: Friday, March 21, 2003 6:42 PM
> Subject: determining which patches to apply...
>
>
> > first off, is t
- Original Message -
From: "Jeremy Choy" <[EMAIL PROTECTED]>
To: "debian security lists" <[EMAIL PROTECTED]>
Sent: Friday, March 21, 2003 6:42 PM
Subject: determining which patches to apply...
> first off, is there a way to check what's installed/running for packages
> besides ps aux ( so
first off, is there a way to check what's installed/running for packages
besides ps aux ( so I can check if the vulnerability will affect my
machines )
and how do I know which 'fix' I should apply? I'm generally good, when it's
something like apache, php, mysql as I know I have it installed. But f
- Original Message -
From: "Christian Hammers" <[EMAIL PROTECTED]>
To: "David Ramsden" <[EMAIL PROTECTED]>
Cc:
Sent: Friday, March 21, 2003 3:20 PM
Subject: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
[snipped]
> ...
> > - Loading the module with with: insmod -f n
Hi
On Fri, Mar 21, 2003 at 03:13:23PM -, David Ramsden wrote:
> > On Fri, Mar 21, 2003 at 02:13:01PM -, David Ramsden wrote:
> > > I'd like to say that I've had no success with the no-ptrace module (NPT)
> > > (still get root and I've made sure the exploit hasn't been more than
> once, due
- Original Message -
From: "Christian Hammers" <[EMAIL PROTECTED]>
To: "David Ramsden" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, March 21, 2003 3:20 PM
Subject: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
[snipped]
> ...
> > - Loading the module wit
- Original Message -
From: "Christian Hammers" <[EMAIL PROTECTED]>
To: "Jean Christophe ANDRÉ" <[EMAIL PROTECTED]>
Cc:
Sent: Friday, March 21, 2003 1:18 PM
Subject: ptrace bug: ipsec exploit makes itself suid(0)
> Hello
>
[snip]
> >
> > Be carefull about the exploit owner/permission: it
Hi
On Fri, Mar 21, 2003 at 03:13:23PM -, David Ramsden wrote:
> > On Fri, Mar 21, 2003 at 02:13:01PM -, David Ramsden wrote:
> > > I'd like to say that I've had no success with the no-ptrace module (NPT)
> > > (still get root and I've made sure the exploit hasn't been more than
> once, due
A patch I consider to be from an authorative site is available (for
2.4.20) at:
http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #150: Loop f
Hello
On Fri, Mar 21, 2003 at 07:02:27PM +0700, Jean Christophe ANDRÉ wrote:
> Christian Hammers écrivait :
> > Strange, sometimes it works, sometimes it doesn't :-(
> > After one reboot, I inserted the module, and executed the expoit twice,
> > the first time it worked, then I exited the shell an
- Original Message -
From: "Christian Hammers" <[EMAIL PROTECTED]>
To: "Jean Christophe ANDRÉ" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, March 21, 2003 1:18 PM
Subject: ptrace bug: ipsec exploit makes itself suid(0)
> Hello
>
[snip]
> >
> > Be carefull about the exploit ow
A patch I consider to be from an authorative site is available (for
2.4.20) at:
http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #150: Loop f
Hello
On Fri, Mar 21, 2003 at 07:02:27PM +0700, Jean Christophe ANDRÉ wrote:
> Christian Hammers écrivait :
> > Strange, sometimes it works, sometimes it doesn't :-(
> > After one reboot, I inserted the module, and executed the expoit twice,
> > the first time it worked, then I exited the shell an
* Adrian Phillips <[EMAIL PROTECTED]> [030321 09:21]:
> Um, would you be so kind as to explain the "deluding yourself" part or
> point to some information that does so ? From what I have read on the
> net using google a good number of people use drop to help with port
> scanning (ie. port scanning
> [EMAIL PROTECTED]:~# iptables-save
> # Generated by iptables-save v1.2.7a on Fri Mar 21 10:13:12 2003
> *nat
> :PREROUTING ACCEPT [17038:1364291]
> :POSTROUTING ACCEPT [1561:131055]
> :OUTPUT ACCEPT [7155:558179]
> -A PREROUTING -i ppp0 -p tcp -m tcp --dport 25 -j REDIRECT
> --to-ports 4
>
Hi,
Is there someone having information about this web vulnerability, goals
and risks and how to disable it?
--
Emmanuel Lacour Easter-eggs
44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0)
Hello
On Fri, Mar 21, 2003 at 08:52:36AM +0100, Alexander Neumann wrote:
> That seems to work only for the exploit provided by him, but not for the
> isec proof-of-concept exploit. It's a better workaround to use the npt
> module from http://www.securiteam.com/tools/5SP082K5GK.html .
> This module
Hi,
Jon wrote:
>
> On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
>
> > Are the Debian kernels vulnerable to this hole?
> >
>
> This post to BugTraq by Andrzej Szombierski (who found the problem)
> includes a sample exploit for x86. You can use it to see if you are
> vulnerable.
>
> ht
On Thu, 2003-03-20 at 22:10, Vineet Kumar wrote:
> * Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [20030320 06:39
> PST]:
> > Set it up to block everything and then selectively open ports until
> > everything works as desired. Depending on the applications it may be a
> > good idea to
* Adrian Phillips <[EMAIL PROTECTED]> [030321 09:21]:
> Um, would you be so kind as to explain the "deluding yourself" part or
> point to some information that does so ? From what I have read on the
> net using google a good number of people use drop to help with port
> scanning (ie. port scanning
- Original Message -
From: "CERT Advisory"
To:
Sent: Wednesday, March 19, 2003 7:53 PM
Subject: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
routines
>
>
> -BEGIN PGP SIGNED MESSAGE-
>
> CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routine
On Thu, Mar 20, 2003 at 05:29:56PM -0800, Jon wrote:
> On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
>
> > Are the Debian kernels vulnerable to this hole?
> >
>
> This post to BugTraq by Andrzej Szombierski (who found the problem)
> includes a sample exploit for x86. You can use it to s
> [EMAIL PROTECTED]:~# iptables-save
> # Generated by iptables-save v1.2.7a on Fri Mar 21 10:13:12 2003
> *nat
> :PREROUTING ACCEPT [17038:1364291]
> :POSTROUTING ACCEPT [1561:131055]
> :OUTPUT ACCEPT [7155:558179]
> -A PREROUTING -i ppp0 -p tcp -m tcp --dport 25 -j REDIRECT
> --to-ports 4
>
Hi all!
http://isec.pl/cliph/isec-ptrace-kmod-exploit.c
Yndy
Hi,
Is there someone having information about this web vulnerability, goals
and risks and how to disable it?
--
Emmanuel Lacour Easter-eggs
44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0)
> -Original Message-
> From: Josh Carroll [mailto:[EMAIL PROTECTED]
> Sent: Friday 21 March 2003 08:46
> To: debian-security@lists.debian.org
> Subject: Re: is iptables enough?
>
>
> There are a couple of reasons why I use -j DROP
> instead of -J REJECT. Firstly, sending responses to
>
> "Vineet" == Vineet Kumar <[EMAIL PROTECTED]> writes:
Vineet> * Adrian 'Dagurashibanipal' von Bidder
Vineet> <[EMAIL PROTECTED]> [20030320 06:39 PST]:
>> Set it up to block everything and then selectively open ports
>> until everything works as desired. Depending on the
>>
On Thu Mar 20, 11:27pm -0800, Josh Carroll wrote:
> In general, I don't use -REJECT unless I'm worried
> about being polite. And in most circumstances,
> politeness isn't my goal ;)
Just to throw in my two cents, for each ten million people that don't
care, you've made one admin cry.
:)
pgp1wyy
Hi,
Guille -bisho- wrote:
> At least the 2.4.19 is vulnerable.
> A quick patch is to put a invalid binary on /proc/sys/kernel/modprobe
> instead of the real modprobe binary, and then you have time to compile
> out your kernel without having to run... :)
That seems to work only for the exploit pro
Hello
On Fri, Mar 21, 2003 at 08:52:36AM +0100, Alexander Neumann wrote:
> That seems to work only for the exploit provided by him, but not for the
> isec proof-of-concept exploit. It's a better workaround to use the npt
> module from http://www.securiteam.com/tools/5SP082K5GK.html .
> This module
Hi,
Jon wrote:
>
> On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
>
> > Are the Debian kernels vulnerable to this hole?
> >
>
> This post to BugTraq by Andrzej Szombierski (who found the problem)
> includes a sample exploit for x86. You can use it to see if you are
> vulnerable.
>
> ht
There are a couple of reasons why I use -j DROP
instead of -J REJECT. Firstly, sending responses to
packets your dropping can be bad, given a relatively
small upstream link. In theory, one could DoS you
sufficiently with an upstream equal or slightly better
than yours. That is not to say that the w
On Thu, 2003-03-20 at 22:10, Vineet Kumar wrote:
> * Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [20030320 06:39 PST]:
> > Set it up to block everything and then selectively open ports until
> > everything works as desired. Depending on the applications it may be a
> > good idea to REJ
- Original Message -
From: "CERT Advisory" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 19, 2003 7:53 PM
Subject: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
routines
>
>
> -BEGIN PGP SIGNED MESSAGE-
>
> CERT Advisory CA-2003-10 Integer o
On Thu, Mar 20, 2003 at 05:29:56PM -0800, Jon wrote:
> On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
>
> > Are the Debian kernels vulnerable to this hole?
> >
>
> This post to BugTraq by Andrzej Szombierski (who found the problem)
> includes a sample exploit for x86. You can use it to s
Hi all!
http://isec.pl/cliph/isec-ptrace-kmod-exploit.c
Yndy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> -Original Message-
> From: Josh Carroll [mailto:[EMAIL PROTECTED]
> Sent: Friday 21 March 2003 08:46
> To: [EMAIL PROTECTED]
> Subject: Re: is iptables enough?
>
>
> There are a couple of reasons why I use -j DROP
> instead of -J REJECT. Firstly, sending responses to
> packets your dr
> "Vineet" == Vineet Kumar <[EMAIL PROTECTED]> writes:
Vineet> * Adrian 'Dagurashibanipal' von Bidder
Vineet> <[EMAIL PROTECTED]> [20030320 06:39 PST]:
>> Set it up to block everything and then selectively open ports
>> until everything works as desired. Depending on the
>>
On Thu Mar 20, 11:27pm -0800, Josh Carroll wrote:
> In general, I don't use -REJECT unless I'm worried
> about being polite. And in most circumstances,
> politeness isn't my goal ;)
Just to throw in my two cents, for each ten million people that don't
care, you've made one admin cry.
:)
pgp
Hi,
Guille -bisho- wrote:
> At least the 2.4.19 is vulnerable.
> A quick patch is to put a invalid binary on /proc/sys/kernel/modprobe
> instead of the real modprobe binary, and then you have time to compile
> out your kernel without having to run... :)
That seems to work only for the exploit pro
64 matches
Mail list logo
