-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 30 Oct 2003 at 01:59:01PM -0500, Roman Medina wrote:
> I'm not subscribed to debian-apache neither I'm going to subscribe
> only to ask this. If this is a security issue in Debian, why not to
> discuss it in a Debian security ml? I repeat it:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 30 Oct 2003 at 01:59:01PM -0500, Roman Medina wrote:
> I'm not subscribed to debian-apache neither I'm going to subscribe
> only to ask this. If this is a security issue in Debian, why not to
> discuss it in a Debian security ml? I repeat it:
On Thu, Oct 30, 2003 at 07:58:50PM +0100, Roman Medina wrote:
> On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
> >> > Ask [EMAIL PROTECTED]
> >
> >See above.
>
> I'm not subscribed to debian-apache neither I'm going to subscribe only
> to ask this. If this is a security issue in Debian, why not
On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>On Thu, Oct 30, 2003 at 05:49:34PM +0100, [EMAIL PROTECTED] wrote:
>
>> It's a Woody 3.0 up-to-date machine. Are you sure Apache shipped on Debian
>> is actually secure? These segfaults scare me... it smells like
>> 0day-exploit...
>> >[...]
>> > Ask
On Thu, Oct 30, 2003 at 07:58:50PM +0100, Roman Medina wrote:
> On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
> >> > Ask [EMAIL PROTECTED]
> >
> >See above.
>
> I'm not subscribed to debian-apache neither I'm going to subscribe only
> to ask this. If this is a security issue in Debian, why not
On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>On Thu, Oct 30, 2003 at 05:49:34PM +0100, [EMAIL PROTECTED] wrote:
>
>> It's a Woody 3.0 up-to-date machine. Are you sure Apache shipped on Debian
>> is actually secure? These segfaults scare me... it smells like
>> 0day-exploit...
>> >[...]
>> > Ask
On Thu, Oct 30, 2003 at 08:46:13 -0800, $2a$ wrote:
> Is there a patch for pam ( and/or glibc ) to add blowfish password support
> (openBSD style)in Debian ?Other distibutions like suse or openwall already
> support this feature.Is this feature under way for debian as well ?
See bug #149447.
HTH,
$2a$ <[EMAIL PROTECTED]> wrote:
> Is there a patch for pam ( and/or glibc ) to add
> blowfish
> password support (openBSD style)in Debian ?
"Many cryptographers have examined Blowfish, although there are few
published results. Serge Vaudenay examined weak keys in Blowfish;
there is a class of key
On Thu, Oct 30, 2003 at 08:46:13 -0800, $2a$ wrote:
> Is there a patch for pam ( and/or glibc ) to add blowfish password support
> (openBSD style)in Debian ?Other distibutions like suse or openwall already
> support this feature.Is this feature under way for debian as well ?
See bug #149447.
HTH,
$2a$ <[EMAIL PROTECTED]> wrote:
> Is there a patch for pam ( and/or glibc ) to add
> blowfish
> password support (openBSD style)in Debian ?
"Many cryptographers have examined Blowfish, although there are few
published results. Serge Vaudenay examined weak keys in Blowfish;
there is a class of key
Is there a patch for pam ( and/or glibc ) to add
blowfish
password support (openBSD style)in Debian ?Other
distibutions like suse or openwall already support
this feature.Is this feature under way for debian as
well ?
thanks in advance
__
Do you Yahoo!?
Exc
On Thu, Oct 30, 2003 at 05:03:36PM +0900, Hideki Yamane wrote:
> >> Do you know about apache security issue?
> >
> >Yes. According to the Apache maintainers, woody does not require an update.
>
> Really? mod_alias is so much old(*), I think all of apache
> would be effected by this vulnerabi
Is there a patch for pam ( and/or glibc ) to add
blowfish
password support (openBSD style)in Debian ?Other
distibutions like suse or openwall already support
this feature.Is this feature under way for debian as
well ?
thanks in advance
__
Do you Yahoo!?
Exc
On Thu, Oct 30, 2003 at 05:03:36PM +0900, Hideki Yamane wrote:
> >> Do you know about apache security issue?
> >
> >Yes. According to the Apache maintainers, woody does not require an update.
>
> Really? mod_alias is so much old(*), I think all of apache
> would be effected by this vulnerabi
Hello!
Thanks to all for answering!
Kind regards
Matthias
Hi Matthias,
>A reboot does not solve the problem.
>I use an actual sid with kernel 2.4.22 from package
>kernel-source- 2.4.22-3. Before PID 3 are starting
>PID 1 init (of course)
>and
>PID 2 keventd
>
>
>Does this look like a rootkit and what is to do?
Did you see this post?
http://bugs.deb
> Does this look like a rootkit and what is to do?
It's a bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
top should display the processes correctly
nico.
Hello!
I have got a problem with chkrootkit, too (refering to http://
lists.debian.org/debian-security/2003/debian-security-200310/msg00204.html):
ai1:# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 3: not in ps output
CWD 3: /
EXE 3: /
PID 4: not in
Hello!
Thanks to all for answering!
Kind regards
Matthias
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi Matthias,
>A reboot does not solve the problem.
>I use an actual sid with kernel 2.4.22 from package
>kernel-source- 2.4.22-3. Before PID 3 are starting
>PID 1 init (of course)
>and
>PID 2 keventd
>
>
>Does this look like a rootkit and what is to do?
Did you see this post?
http://bugs.deb
> Does this look like a rootkit and what is to do?
It's a bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
top should display the processes correctly
nico.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello!
I have got a problem with chkrootkit, too (refering to http://
lists.debian.org/debian-security/2003/debian-security-200310/msg00204.html):
ai1:# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 3: not in ps output
CWD 3: /
EXE 3: /
PID 4: not in
thanks to your reply.
>> Do you know about apache security issue?
>
>Yes. According to the Apache maintainers, woody does not require an update.
Really? mod_alias is so much old(*), I think all of apache
would be effected by this vulnerability.
* Revision: 1.17, Tue Jul 8 03:45:28 1997
On Mit, 29 Okt 2003, Benjamin Goedeke wrote:
> http://bridge.sf.net to replace the firewall once the transition to
Our bridged/fw was running 160 day with code from there. Now I have
installed a new kernel (2.4.22) with the current ebtables code
(ebtables.sf.net) which can do even more, although I
thanks to your reply.
>> Do you know about apache security issue?
>
>Yes. According to the Apache maintainers, woody does not require an update.
Really? mod_alias is so much old(*), I think all of apache
would be effected by this vulnerability.
* Revision: 1.17, Tue Jul 8 03:45:28 1997
On Mit, 29 Okt 2003, Benjamin Goedeke wrote:
> http://bridge.sf.net to replace the firewall once the transition to
Our bridged/fw was running 160 day with code from there. Now I have
installed a new kernel (2.4.22) with the current ebtables code
(ebtables.sf.net) which can do even more, although I
On Wed, Oct 29, 2003 at 09:11:24PM -0500, Phillip Hofmeister wrote:
> I think there is a race condition that was discussed before about
> rootkit checkers. First it reads in data from the PS command. It then
> stores this data in a buffer. Then it reads /proc (or visa-versa, I
> forget the order
On Thu, Oct 30, 2003 at 12:12:27AM +0900, Hideki Yamane wrote:
> Do you know about apache security issue?
Yes. According to the Apache maintainers, woody does not require an update.
--
- mdz
28 matches
Mail list logo