an issue in the IP networking subsystem. A remote user
can cause a denial of service (system crash) on servers running
applications that set options on sockets which are actively being
processed.
CVE-2012-4461
Jon Howell reported a denial of service issue in the KVM subsystem
Apologies, hit the wrong reply to! Please ignore and thanks for all the good
work.
On Tue, May 14, 2013 at 09:15:48PM +0100, Jon Marshall wrote:
Saw this earlier, apparently there is a serious issue that affects all of the
kernels up to 3.8
Will do a security thing tomorrow, if I get
Hi,
This DSA was signed with key 0x401DAC04, which is not in any debian-keyring
package I can find, nor on pgp.mit.edu. Is this a mistake? Thanks!
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
on safe mode does this, I believe.
--
Jon Dowland
http://alcopop.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Oct 25, 2005 at 05:23:19PM +0200, Martin Schulze wrote:
Package: libgda2
^^^
snip
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
^
Sorry to be a pest :(
--
Jon
.
The following services are affected by this downtime:
security.debian.org
The public security archive. As a temporary solution, please
switch to http://ftp.rfc822.org/debian-security/ instead.
snip
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
power-cycle.
The following services are affected by this downtime:
security.debian.org
The public security archive. As a temporary solution, please
switch to http://ftp.rfc822.org/debian-security/ instead.
snip
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http
On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote:
Pn, 2003-06-27 05:59, Jean Christophe ANDR ra:
Matt Zimmerman crivait :
There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any
configuration options with that hosts. What could it be?
This is surely an evolution
On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote:
Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė:
Matt Zimmerman écrivait :
There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any
configuration options with that hosts. What could it be?
This is surely an
63.236.73.20:80 SYN_SENT
4055/evolution-exec
And... I'm not sure about this one, but it's probably another item on
the Summary page.
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
signature.asc
Description: This is a digitally signed message part
63.236.73.20:80 SYN_SENT
4055/evolution-exec
And... I'm not sure about this one, but it's probably another item on
the Summary page.
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
signature.asc
Description: This is a digitally signed message part
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTED
On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote:
Thank you for the information. Am I right that php-skripts then would
need an execute-bit set? Currently they don't have ...
Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or
the likes.
- Jon
--
[EMAIL PROTECTED
- but then your scripts have to have
#!/path/to/php
at the top - although there are ways around that too. Google has some
success stories where people managed to get it to work.
- Jon
On 6 Jun 2003 at 17:06, Wade Richards wrote:
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would
writing their own init.d scripts, and
which sysadmins can use for a slightly higher-level interface to this
module.
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
signature.asc
Description: This is a digitally signed message part
- but then your scripts have to have
#!/path/to/php
at the top - although there are ways around that too. Google has some
success stories where people managed to get it to work.
- Jon
On 6 Jun 2003 at 17:06, Wade Richards wrote:
On 06 Jun 2003 16:15:37 PDT, Jon writes:
I believe Apache would
writing their own init.d scripts, and
which sysadmins can use for a slightly higher-level interface to this
module.
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
signature.asc
Description: This is a digitally signed message part
.
I believe Apache would still be executing php/cgi scripts as www-data,
so users could snoop on other users's scripts, session files, etc.
Something like:
?php echo `ls ../neighbor/public_html`; ?
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
/proposed-updates/kernel-source-2.4.20_2.4.20-3woody.2_i386.changes
[2]http://ftp.debian.org/pool/main/k/kernel-image-2.4.20-i386/
- Jon
--
[EMAIL PROTECTED]
Administrator, tgpsolutions
http://www.tgpsolutions.com
On Fri, 2003-05-09 at 00:27, Jon wrote:
Sources are patched as of woody.2, according to this changes file[1],
but only woody.1 images are available[2], as far as I can tell. The
images at the second URL are still vulnerable:
[1]http://ftp.debian.org/dists/proposed-updates/kernel-source
..
Does this mean the patch I downloaded worked?
Yes.
- Jon
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
Jon wrote:
[...]
Linux kmod + ptrace local root exploit by [EMAIL PROTECTED]
= Simple mode, executing /usr/bin/id /dev/tty
sizeof(shellcode)=95
= Child process started..
= Child process started..
[...]
Does
..
Does this mean the patch I downloaded worked?
Yes.
- Jon
On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
Jon wrote:
[...]
Linux kmod + ptrace local root exploit by [EMAIL PROTECTED]
= Simple mode, executing /usr/bin/id /dev/tty
sizeof(shellcode)=95
= Child process started..
= Child process started..
[...]
Does
/315635
- Jon
to it,
or stop using email. I cannot believe the number of
mails I've deleted regarding this off-topic.
'nuff said
Jon
__
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
/mysql:/bin/false
You don't want to sacrifice security for convenience.
___
(@ @)
--oOo--(_)--oOo---
Jon McCainEmail: [EMAIL PROTECTED]
Sr. ProgrammerVoice: 912-355-3213
to a $
prompt. You also have to define your menu script as a shell
(/etc/shell) so regular ftp will still work.
--
___
(@ @)
--oOo--(_)--oOo---
Jon McCainEmail: [EMAIL PROTECTED]
Sr. Programmer
to a $
prompt. You also have to define your menu script as a shell
(/etc/shell) so regular ftp will still work.
--
___
(@ @)
--oOo--(_)--oOo---
Jon McCainEmail: [EMAIL PROTECTED]
Sr. Programmer
I'm not sure if this message made it through. Our ISP was having
problems this morning.
Sorry if you get this message twice.
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them
The user can change to directories above their home.
Is there a way to chroot them
Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.
This does not seem to affect sshd. I changed a user to use rbash but I
could still go to a windows machine and use the putty
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did,
I'm not sure if this message made it through. Our ISP was having
problems this morning.
Sorry if you get this message twice.
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them
The user can change to directories above their home.
Is there a way to chroot them
Use restricted bash shell for the user (/bin/rbash) in the
/etc/passwd.
This does not seem to affect sshd. I changed a user to use rbash but I
could still go to a windows machine and use the putty
I think some of you misunderstood me. I was not clear about my
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did,
All of this has gotten me to thinking about another flaw in the way I
have things set up. I'm preventing users from getting to a $ by running
a menu from their profile.
exec /usr/bin/menu
This works fine since the exec causes menu to become their shell
process.
But some smart user could get
Chris Reeves wrote:
Why not change the users' shell to /usr/bin/menu?
Because they need to be able to transfer files to their home
directories. If you do this, then ftp,pscp,etc won't work. My original
goal was to allow them transfer files to/from home directory with
something besides ftp
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an ftp config file? I don't see anything in
the sshd
I've been playing around with the scp and sftp components of putty and
noticed what I consider a security hole. Winscp does the same thing.
The user can change to directories above their home. Is there a way to
chroot them like you can in an ftp config file? I don't see anything in
the sshd
I'd agree with your comments. I being looking at
OpenBSD (for various reasons) and the default setup is
reasonable secure (there are still some things left on
, which supprised me). Not sure if Debian needs to go
as far as OpenBSD but I think that it is a good
referance base
Jon
--- Tarjei
On 31 Aug 2001 23:54:40 -0400, Ed Street wrote:
If not is anyone up for a road trip? ;)
Sure :)
* jcm fires off another abuse report...
...or should that be I HAVE FIRED OFF ANOTHER ABUSE REPORT AND NOW I
CAN'T FIGURE OUT HOW TO TURN OFF CAPS LOCK ? :)
--jcm
--
To UNSUBSCRIBE, email to
Hi,
I'm sure someone else can do much better with a bit of effort :)
--jcm
On 01 Sep 2001 16:26:29 +0200, [EMAIL PROTECTED] wrote:
On Sat, Sep 01, 2001 at 07:13:06AM -0500, Bud Rogers wrote:
I put him in a filter. Every mail I receive from him gets forwarded back to
him and to
On 31 Aug 2001 23:54:40 -0400, Ed Street wrote:
If not is anyone up for a road trip? ;)
Sure :)
* jcm fires off another abuse report...
...or should that be I HAVE FIRED OFF ANOTHER ABUSE REPORT AND NOW I
CAN'T FIGURE OUT HOW TO TURN OFF CAPS LOCK ? :)
--jcm
Hi,
I'm sure someone else can do much better with a bit of effort :)
--jcm
---BeginMessage---
On 01 Sep 2001 16:26:29 +0200, [EMAIL PROTECTED] wrote:
On Sat, Sep 01, 2001 at 07:13:06AM -0500, Bud Rogers wrote:
I put him in a filter. Every mail I receive from him gets forwarded back
to
On 01 Sep 2001 16:32:50 +0100, Jon Masters wrote:
-ASubject: [ABUSE] Forwarded Message;\
) | $SENDMAIL -oi -t
Should have a:
-ACc: [EMAIL PROTECTED];\
in there, thus:
:0:
* (^From:[EMAIL PROTECTED])
{
:0 c:
'Abuse/Layne-Log-'`date +%b-%Y`
:0 c
to this.
2) Apache, Boa, thttpd, and others each deal with this differently.
What way is the *correct* way?
--
Pound for pound, the amoeba is the most vicious animal on earth.
Jon Nelson
[EMAIL PROTECTED]
Craig wrote:
Goodday ladies and fellas
I have potato installed on a box that will be a proxy and firewall. I needed
to have the facility of port forwarding so i was told to install kernel 2.4.
Does kernel 2.4 have some special feature of port forwarding that the
2.2.x kernels don't
Craig wrote:
Goodday ladies and fellas
I have potato installed on a box that will be a proxy and firewall. I needed
to have the facility of port forwarding so i was told to install kernel 2.4.
Does kernel 2.4 have some special feature of port forwarding that the
2.2.x kernels don't
After setting up the IPChains policies and rules, I want to be able to have a log file
of any DENY packets sent to me. We use GroupWise as a email package. I also want
those log files to exist on another Debian server that sits behind the firewall.
TIA
Jon L. Miller, MCNE
Director/Sr
with such a thing.
I'm not aware of any actual implementations, unfortunately.
The usual reference for this sort of thing is the cypherpunks list.
Jon Leonard
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
with such a thing.
I'm not aware of any actual implementations, unfortunately.
The usual reference for this sort of thing is the cypherpunks list.
Jon Leonard
or steganographic file storage. Those are only really useful if
you might need to plausibly deny that you had the encrypted files at all.
I'm also not aware of any available implementations.
Jon Leonard
52 matches
Mail list logo