-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 365-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 5th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 371-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 11th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 370-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 8th, 2003
On Wed, 2003-08-13 at 16:02, Colin Walters wrote:
Let me give an example of how SELinux protects my machine (verbum.org).
My blog is a Python script (pyblosxom) which runs in a domain called
httpd_user_script_t.
Oh, and what I forgot to mention about this domain is that it doesn't
have
Hi,
maybe a legitimate user account combined with a local root exploit have
been used to crack the server. Does this server has any legitimate user
accounts? Are you sure you trust this users? Are you sure they (or you)
don't write their passwords on a piece of paper?
Who has local access to the
Yes it is fixed in kernel-source 2.4.18-13. However, due to another
issue introduced by the security fix, you should download the latest
kernels from http://auric.debian.org/~herbert/.
Thanks for your answer.
2.4.18-12 works without segfaults. Is something wrong in 2.4.18-12 more?
Is that local
On Thu, 07 Aug 2003 03:00:12 +0200, Peter Cordes wrote:
sshd logs IP addresses of connections. Was the IP address for those did
not receive id connections inside your site, or does it belong to an ISP
somewhere, or what? If it's a local address, and not a computer lab, that
might give you
I just set up a Debian snort sensor logging to a postgresql database (on
the same host) and noticed that the alerts in the database have
timestamps seven hours earlier than their timestamps in the snort alert
file. The seven hours is interesting because that's my current offset
from GMT --
On Fri, Aug 08, 2003 at 11:47:09AM +0200, Matteo Vescovi wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 08 August 2003 06:10, Hugo Kavamura wrote:
Hugo Kazumi Kavamura
[...]
What the h.ll does this mean?
Apparently some moron tries to find a job through SPAMming.
Which opens up a whole 'nother can of security worms...Is anyone
maintaining opie or s/key? Or for that matter, can something like this
even be worked around?
On Thu, 7 Aug 2003 22:55:16 -0700
Mark Ferlatte [EMAIL PROTECTED] wrote:
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM
[EMAIL PROTECTED] (Boyd Moore) wrote in message news:[EMAIL PROTECTED]...
Peter Cordes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
On Thu, Jul 31, 2003 at 02:17:46PM -0700, Boyd Moore wrote:
I have two Debian systems behind a Linksys router, with the router
blocking
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hello
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
I'm puzzled about how they managed to get those processes running (as
root). There are no local accounts, other than some accounts for the
sysadmins. Does anyone have any idea how they might have done this?
Most times,
On Thu, Aug 14, 2003 at 09:57:26AM -0400, Todd Charron wrote:
I'm using the latest 2.4.18 kernel in woody (came out very recently). I was
wondering if anyone else was running into this problem and perhaps knew a way
around it? Thanks,
The Debian kernel contains patches not present in the
Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
released in december 2001
2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6 has the bugs,
2.2.2-6woody2 has the fixes.
2.2.2-6 has been released on dec
On Fri, Aug 08, 2003 at 12:52:39PM +0200, Marcin Owsiany wrote:
On Fri, Aug 08, 2003 at 11:47:09AM +0200, Matteo Vescovi wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 08 August 2003 06:10, Hugo Kavamura wrote:
Hugo Kazumi Kavamura
[...]
What the h.ll does this
Tarjei Huse wrote:
This might help:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
On Mon, 2003-08-11 at 13:37, Marcel Weber wrote:
Another good thing is the postfix ([EMAIL PROTECTED]) mailing
list. It is quite a high traffic mailing list, but there are very
expirienced people reading
This might help:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
On Mon, 2003-08-11 at 13:37, Marcel Weber wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Montag, 11.08.03, um 12:59 Uhr (Europe/Zurich) schrieb Tomasz
Papszun:
If you want to prevent them from using non
On Tue, 12 Aug 2003, [iso-8859-1] Aníbal Monsalve Salazar wrote:
What's the URL of the English version?
Well, I just finished translating the iptables page and hope to have this
one ready at the end of the day. The would be about 18:00 CEST (+0200).
It will be available at
On Sun, 10 Aug 2003 at 10:26:16 +, Fallen Angel wrote:
my config:
debian stable 3.0r1
postfix
qpopper
I have a small problem:
my smtp after pop3 configuration works fine, no open relay possible, but
the authentificated users can fake their own e-mail address.
How can I stop
Hugo Kazumi Kavamura
20 Anos / Solteiro / Brasileiro
Objetivo
Atuar na área de informática / web / suporte / comunicação
Contatos:
E-mail : [EMAIL PROTECTED]
Telefone : (11) 6331-0765 (11) 9898-1262
Formação:
- UniFAI - Faculdade Ipiranga
Cursando 2 º semestre de Engenharia da computação
http://www.cert.org/advisories/CA-2003-21.html
Looks like GNU was root compromised.
Neil
--
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
*** REPLY SEPARATOR ***
On 12.08.2003 at 23:20 Adam Majer wrote:
On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
Hi,
Thanks. I forgot to mantion that i am subscribed to
debian-security-announce as well (ofcourse ;)). As far as the kernel
updates are
On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
It actually does a very good job of stopping any kind of stack-smashing
attack dead in its tracks (both the stack and heap are marked as
non-executable). That takes care of most vulnerabilities, both known and
unknown.
No, it really
On Mon, Aug 11, 2003 at 12:22:13PM +0200, Gian Piero Carrubba wrote:
Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
released in december 2001
2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6
On Fri, Aug 01, 2003 at 01:03:46PM +0200, [EMAIL PROTECTED] wrote:
If you can read Dutch you can use my pages right now [1]. They explain
all this in excruciating detail. OpenSSH and SSH.com interoperability
and setting up ssh-agent are explained too. Some scripts are provided to
automate all
Hi,
Last sunday, August 3rd 2003, one of my servers was hacked which i, by
coincidence, was able to catch 'in progress'.
My loganalyzer showed four Did not receive identification string from
w.x.y.z logentries from sshd. This happens all the time and i certainly
don't check all of them out, but i
On Wed, Aug 13, 2003 at 07:08:59PM -0400, Colin Walters wrote:
But Linux capabilities are so weak. They won't protect an apache master
process that runs as root from scribbling over /etc/passwd and giving an
attacker a new uid 0 shell account, for example. At that point it's
really game
On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
I have succesfully configued sshd to allow opie logons, without
disabling PrivSep, by configuring pam to use the libpam-opie
module for ssh.
In this case the user gets the normal password prompt though, and no
opie
A long time ago, I had Openssh (circa 2.5-ish) set up to work with opie so
that if a user attempted to log in without keys, instead of a pasword
prompt, it would give an opie/skey login prompt.
I tried to set this up again recently on another machine, and found that
privelege separation breaks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
All packages are unmodified releases from Debian stable and, yes, i do
update packes from security.debian.org as soon as there are any updates. :)
If you don't also subscribe to debian-security-announce, then you are
missing
On Wed, 06 Aug 2003 16:01:39 +0200, Thijs Welman [EMAIL PROTECTED]
wrote:
My loganalyzer showed four Did not receive identification string from
w.x.y.z logentries from sshd. This happens all the time and i certainly
don't check all of them out, but i happen to do so this time.
That's probably
On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
Hi,
Thanks. I forgot to mantion that i am subscribed to
debian-security-announce as well (ofcourse ;)). As far as the kernel
updates are concerned: i use my own kernel. At this moment that's 2.4.21
with Alan Cox' patches
On Thu, 7 Aug 2003, Thijs Welman wrote:
Thanks. I forgot to mantion that i am subscribed to
debian-security-announce as well (ofcourse ;)). As far as the kernel
updates are concerned: i use my own kernel. At this moment that's 2.4.21
with Alan Cox' patches (ac4). Could be there's an exploit
Hi,
After all this discussion about the grsecurity patch I thought I'd try it
out. Unfortunately every time I try and get the patch to apply it always
fails regardless of the system I run it on (see below for output). I've
tried using the grsecurity patch in woody as well as the latest one
On Wed, 2003-08-13 at 00:20, Adam Majer wrote:
So, now I don't run a Debian kernel at all - only a monolithic
(no modules) kernel with grsecurity.net patches. Then I set
up the ACL system (more or less) so that all of the services
that can be used to break into the system are quite useless
Hello, using debian kernel 2.4.18-11 on some servers, after ps ax
command at the end of input I noticed Segmentation fault message.
strace ps ax gave:
open(/proc/1048/environ, O_RDONLY)= 7
read(7, unfinished ...
+++ killed by SIGSEGV +++
Is it unsuccesfull patch for
Hi all,
can anyone explain me the DSA-361-2?
Does it mean that the vulnerabilities reported were already addressed in
woody in version 2.2.2-6woody2 ?
I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
released in december 2001, so i've to assume fake vulnerabilities (CAN
On Thu, Aug 07, 2003 at 08:05:05AM -0700, Boyd Moore wrote:
Well I did have rlogin, that is it points to netkit-rlogin. I finally
got rsh to work by commenting out the ALL: PARANOID line in
hosts.deny.
You should put ALL: ALL in hosts.deny, and fix hosts.allow to allow what
you want
On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
Why? Because SELinux doesn't solely associate security with executable
pathnames. If someone takes over control of the apache process via a
buffer overflow or whatever, they don't need /bin/ls to list a
directory; they can just as
On Wed, 2003-08-13 at 18:39, valerian wrote:
grsec handles this by allowing you to restrict Linux capabilities for a
process. For example, there's no reason /usr/sbin/apache should have
access to CAP_SYS_ADMIN (allows mount/umount, amongst other things) or
CAP_SYS_PTRACE (run ptrace) or
schedule accommodated cricket schoolmaster technical tames scrub mile polarograph maxima pleases cower adumbrated saturated bluish scops cotillion scatter crosswords huh cranelike bombarded exhume terminators coverlet expelled crafted crates andersen polariscope $RANDO
MIZE screwbean seater
Am Son, 2003-08-10 um 12.26 schrieb Fallen Angel:
hi,
my config:
debian stable 3.0r1
postfix
qpopper
I have a small problem:
my smtp after pop3 configuration works fine, no open relay possible, but
the authentificated users can fake their own e-mail address.
How can I stop it,
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to provide similar functionality?
I think you have to turn off PrivSep to
On Thu, Aug 07, 2003 at 10:55:16PM -0700, Mark Ferlatte wrote:
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to
Quoting Boyd Moore ([EMAIL PROTECTED]):
Well I did have rlogin, that is it points to netkit-rlogin. I finally
got rsh to work by commenting out the ALL: PARANOID line in
hosts.deny. I thought that the hosts.allow overrode the hosts.deny,
but apparently they have reversed the priority.
http://www.cert.org/advisories/CA-2003-21.html
Looks like GNU was root compromised.
Neil
--
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5
Hi,
After all this discussion about the grsecurity patch I thought I'd try it
out. Unfortunately every time I try and get the patch to apply it always
fails regardless of the system I run it on (see below for output). I've
tried using the grsecurity patch in woody as well as the latest one
On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
It actually does a very good job of stopping any kind of stack-smashing
attack dead in its tracks (both the stack and heap are marked as
non-executable). That takes care of most vulnerabilities, both known and
unknown.
No, it really
On Wed, 2003-08-13 at 00:20, Adam Majer wrote:
So, now I don't run a Debian kernel at all - only a monolithic
(no modules) kernel
This doesn't provide very much security. For example:
http://www.phrack.org/show.php?p=58a=7
51 matches
Mail list logo
