H323 Gateways

2003-04-01 Thread Daniel Husand
Hi, does anyone know if its possible to setup this: Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT servers to the world. Any software suggestions / tricks / ideas? (sorry about that, just reinstalled and forgot that outlook uses HTML as default) -- Daniel --

H323 Gateways

2003-04-01 Thread Daniel Husand
Hi, does anyone know if its possible to setup this:   Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT servers to the world. Any software suggestions / tricks / ideas?     -- Daniel

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Paul Hampson
On Tue, Apr 01, 2003 at 09:43:38PM +0200, Dariush Pietrzak wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? No, that's stretching the defini

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dale Amon
On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote: > Assuming an intruder made his way in with root privs couldn't he also > modify /dev/kmem or directly access the kernel memory by some other > means? I beleive this topic has also been discussed in the past (dig > deep into the a

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dale Amon
On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote: > Assuming an intruder made his way in with root privs couldn't he also > modify /dev/kmem or directly access the kernel memory by some other > means? I beleive this topic has also been discussed in the past (dig > deep into the a

Re: smtp auth

2003-04-01 Thread Olaf Dietsche
"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Wade Richards
On Tue, 01 Apr 2003 13:57:10 EST, Phillip Hofmeister writes: >Assuming an intruder made his way in with root privs couldn't he also >modify /dev/kmem or directly access the kernel memory by some other >means? I beleive this topic has also been discussed in the past (dig >deep into the archives) an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Barroso
* Dariush Pietrzak ([EMAIL PROTECTED]) wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? > Determined hacker can still relatively easily inser

anti-ptrace

2003-04-01 Thread Steve Meyer
Has anyone else beside me tried this anti-ptrace script? I downloaded it from packetstormsecurity.com and ran and loaded the module and it works like a charm. If anyone tries to use ptrace besides root it echo's that event to the root terminal, and denies it. Well here is a copy of the script

Re: [despammed] smtp auth

2003-04-01 Thread Ed McMan
Tuesday, April 1, 2003, 2:11:21 PM, debian-security@lists.debian.org (debian-security) wrote: Arnold> ok ad first I'm not really sure, if this ist exactly the right forum, but I'm Arnold> getting email from this list a long time and to be true I didn't found a Arnold> debian list for mailing

Re: smtp auth

2003-04-01 Thread Olaf Dietsche
"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Wade Richards
On Tue, 01 Apr 2003 13:57:10 EST, Phillip Hofmeister writes: >Assuming an intruder made his way in with root privs couldn't he also >modify /dev/kmem or directly access the kernel memory by some other >means? I beleive this topic has also been discussed in the past (dig >deep into the archives) an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dariush Pietrzak
> One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. isn't it security-by-obscurity? Determined hacker can still relatively easily insert code into kernel (vide phreack magazine articles ) -

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Barroso
* Dariush Pietrzak ([EMAIL PROTECTED]) wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? > Determined hacker can still relatively easily inser

smtp auth

2003-04-01 Thread Arnold J. Fischer
goog morning everybody, ok ad first I'm not really sure, if this ist exactly the right forum, but I'm getting email from this list a long time and to be true I didn't found a debian list for mailing administrativa... I'm trying to set up my dial-up system for mail relaying via mx.freenet.de an

anti-ptrace

2003-04-01 Thread Steve Meyer
Has anyone else beside me tried this anti-ptrace script? I downloaded it from packetstormsecurity.com and ran and loaded the module and it works like a charm. If anyone tries to use ptrace besides root it echo's that event to the root terminal, and denies it. Well here is a copy of the script

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Phillip Hofmeister
On Tue, 01 Apr 2003 at 07:49:29PM +0200, David Barroso wrote: > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. Ahh, yea. Assuming an intruder made his way in with root privs couldn't

Re: noboby with a shell !!

2003-04-01 Thread Phillip Hofmeister
On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote: > I have heard it so argued and remain to be convinced. > I have a cfengine script that overwrites the work of > debian packages in passwd within minutes of an upgrade. > All non-real users get /dev/false for a shell on my > systems. If it

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Ralf Dreibrodt
Hi, David Barroso wrote: > > * Marcin Owsiany ([EMAIL PROTECTED]) wrote: > > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser > > > wrote: > > > > In a server enviroment, where there no need to load modules at r

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dariush Pietrzak
> One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. isn't it security-by-obscurity? Determined hacker can still relatively easily insert code into kernel (vide phreack magazine articles ) -

Re: [d-security] Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote: > I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't > been patched. I can "echo '/sbin/modprobe' > /proc/sys/kernel/modprobe" and > try the above and I'll get a root prompt first time. Ok, I have to admit, th

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Barroso
* Marcin Owsiany ([EMAIL PROTECTED]) wrote: > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > In a server enviroment, where there no need to load modules at run-time, > > > could be a "usable workaorund

smtp auth

2003-04-01 Thread Arnold J. Fischer
goog morning everybody, ok ad first I'm not really sure, if this ist exactly the right forum, but I'm getting email from this list a long time and to be true I didn't found a debian list for mailing administrativa... I'm trying to set up my dial-up system for mail relaying via mx.freenet.de an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Phillip Hofmeister
On Tue, 01 Apr 2003 at 07:49:29PM +0200, David Barroso wrote: > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. Ahh, yea. Assuming an intruder made his way in with root privs couldn't

Re: noboby with a shell !!

2003-04-01 Thread Phillip Hofmeister
On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote: > I have heard it so argued and remain to be convinced. > I have a cfengine script that overwrites the work of > debian packages in passwd within minutes of an upgrade. > All non-real users get /dev/false for a shell on my > systems. If it

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Marcin Owsiany
On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > In a server enviroment, where there no need to load modules at run-time, > > could be a "usable workaorund", but, in a workstation machine, i don't > > think

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Ramsden
- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "David Ramsden" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, April 01, 2003 4:48 PM Subject: Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels] [snip] > > Can it be that you ha

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Ralf Dreibrodt
Hi, David Barroso wrote: > > * Marcin Owsiany ([EMAIL PROTECTED]) wrote: > > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > > In a server enviroment, where there no need to load modules at run-time

Re: [d-security] Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote: > I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't > been patched. I can "echo '/sbin/modprobe' > /proc/sys/kernel/modprobe" and > try the above and I'll get a root prompt first time. Ok, I have to admit, th

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Barroso
* Marcin Owsiany ([EMAIL PROTECTED]) wrote: > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > In a server enviroment, where there no need to load modules at run-time, > > > could be a "usable workaorund

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote: > > > echo unexisting_binary > /proc/sys/kernel/modprobe > > > Can we trust this solution ? > > NO, it does not prevent the exploit. > > > > It does prevent the km3.c example exploit but not e.g. > > http://isec.pl/cliph/isec-ptrace

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Marcin Owsiany
On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > In a server enviroment, where there no need to load modules at run-time, > > could be a "usable workaorund", but, in a workstation machine, i don't > > think

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Ramsden
- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "David Ramsden" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 4:48 PM Subject: Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels] [snip] > > Ca

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dale Amon
On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > In a server enviroment, where there no need to load modules at run-time, > could be a "usable workaorund", but, in a workstation machine, i don't > think thats a great idea. In a server environment it is preferable not t

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote: > > > echo unexisting_binary > /proc/sys/kernel/modprobe > > > Can we trust this solution ? > > NO, it does not prevent the exploit. > > > > It does prevent the km3.c example exploit but not e.g. > > http://isec.pl/cliph/isec-ptrace

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Ramsden
- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "Marc Demlenne" <[EMAIL PROTECTED]> Cc: "DouRiX" <[EMAIL PROTECTED]>; "Lutz Kittler" <[EMAIL PROTECTED]>; Sent: Tuesday, April 01, 2003 2:04 PM Subject: Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Maurizio Lemmo - Tannoiser
On martedì 01 aprile 2003, alle 14:20, DouRiX wrote: > but isn't there a trick to surpass the bug while waiting for debian > updates ? Actually, yes. But i'm not really sure if it's a "good" workaorund. Anyway: if you disable automatic loading module (a kernel feature), you may ignore this vuln

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote: > > but isn't there a trick to surpass the bug while waiting for debian > > updates ? > > What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Dale Amon
On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > In a server enviroment, where there no need to load modules at run-time, > could be a "usable workaorund", but, in a workstation machine, i don't > think thats a great idea. In a server environment it is preferable not t

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Rolf Kutz
* Quoting Marc Demlenne ([EMAIL PROTECTED]): > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust this solution ? > What's the effect ? You can't dynamically load and unload modules anymore. If you load all the modules you need before doing it, you're fine. > It seems to work

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Lutz Kittler
> > but isn't there a trick to surpass the bug while waiting for debian > updates ? > > or won't be there a 2.4.18 update ? :) > You can disable autoloading for kernel modules: echo "x" > /proc/sys/kernel/modprobe . lutz

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Marc Demlenne
> but isn't there a trick to surpass the bug while waiting for debian > updates ? What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. echo unexisting_binary > /proc/sys/kernel/modprobe Can we trust this solution ? What's the effect ? It seems to work fine, and to block t

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread David Ramsden
- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "Marc Demlenne" <[EMAIL PROTECTED]> Cc: "DouRiX" <[EMAIL PROTECTED]>; "Lutz Kittler" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 2:04 PM Subject: Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vuln

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Maurizio Lemmo - Tannoiser
On martedì 01 aprile 2003, alle 14:20, DouRiX wrote: > but isn't there a trick to surpass the bug while waiting for debian > updates ? Actually, yes. But i'm not really sure if it's a "good" workaorund. Anyway: if you disable automatic loading module (a kernel feature), you may ignore this vuln

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread DouRiX
Maurizio Lemmo - Tannoiser wrote: On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: Does someone know where is debian about this issue ? i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Christian Hammers
On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote: > > but isn't there a trick to surpass the bug while waiting for debian > > updates ? > > What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Rolf Kutz
* Quoting Marc Demlenne ([EMAIL PROTECTED]): > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust this solution ? > What's the effect ? You can't dynamically load and unload modules anymore. If you load all the modules you need before doing it, you're fine. > It seems to work

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Lutz Kittler
> > but isn't there a trick to surpass the bug while waiting for debian > updates ? > > or won't be there a 2.4.18 update ? :) > You can disable autoloading for kernel modules: echo "x" > /proc/sys/kernel/modprobe . lutz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "u

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread Marc Demlenne
> but isn't there a trick to surpass the bug while waiting for debian > updates ? What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. echo unexisting_binary > /proc/sys/kernel/modprobe Can we trust this solution ? What's the effect ? It seems to work fine, and to block t

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

2003-04-01 Thread DouRiX
Maurizio Lemmo - Tannoiser wrote: On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: Does someone know where is debian about this issue ? i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported that