Re: wrote hebrew general FAQ
Ira Abramov wrote: Eli? Is CAWABANGA installable on other machines by now? what's the status on its distribution? I consider it as "alpha", but some Hebrew sites, including leading and famous, already use it as production, even for critical jobs like e-commerce (yes, it supports SSL). Currently, I'm trying to avoid "sales", because the current stage (alpha) causes a lot of effort to be spent on each installation, so other important things (like completion of the beta version, or putting the Hebrew Netscape in my FTP server) are delayed. I hope to reach the first beta soon, but I don't promise anything. Regarding to the FAQ: I'll be happy to host it. My own web site is already powered by my stuff, and will have a major upgrade in the following days. In addition to host it, I'll open a port that you can use as a proxy to access web pages in other sites, in your preferred Hebrew method (Visual, Logical, and even without Hebrew fonts). Note: Currently I have a slow connection (128Mb FR through Aquanet). When this proxy will be up, please don't overload it; I hope to have ADSL in Q1 of 2000, and then everything will be better. In addition, my server is very weak and its disk is full (I planned to buy a real server this week, but as you could guess from my previous message, it is not a good idea, so it will be delayed by a week or two; Hopefully it will save me $100-$200, or even more). -- Eli Marmor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
More wealth monitoring
LNUX is the stock ticker of VA Linux Systems, Inc. Closed on Friday at $218 (IPO price $30). It was actually traded at $320 on Thursday. The current market capitalization is $8,654.95M - that's 8.65 BILLION US dollars. Not bad, not bad... Shall we send a collective congratulatory email to Mr. Maddog Co.? -- Oleg Goldshmidt | BLOOMBERG L.P. (BFM) | [EMAIL PROTECTED] "A sense of the fundamental decencies is parceled out unequally at birth." [F. Scott FitzGerald] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Off-Topic: SDRAM Prices
It's off-topic, but will save much money for some of you: If you are going to spend money in the following days on a new computer or to upgrade your memory, be ware: the SDRAM prices are FALLING! According to pricewatch.com, prices of 64MB reached $50, and 128MB - $120 (all are for 100MHz, SDRAM, 7/8 ns, 8x64 or 16x64). These prices reflect a drop of 60% (!) since October after the earth quake in taiwan. In the last days, the drop is even stronger, and there is a DAILY drop of 2%-3%. If there will not be another earth quake, and Y2K bug will not run millions of buyers in the last week of 1999 and the first week of 2000 to computer's stores, the prices are expected to reach $40 (64MB) and $90 (128MB) very soon (not to mention that Intel plans to cut prices drastically in mid January. But this is another story, and still too far...). Prices in Israel are still $100-$140 (64MB) and $200-$270 (128MB), but are expected to become similar to the American prices soon (you know, everything that happens there, is reaching Israel after a short delay). So if you buy memory or a computer this week, demand real prices, or delay your purchase a little if your seller insists on these crazy prices. Disclaimr: I'm not responsible for any damage, including results of another earth-quake or Y2K. Gambling on prices is like gambling in a Casino. Anyway, the current prices in Israel are crazy in any case, and paying them is like loosing your money even without gambling. -- Eli Marmor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ON TOPIC - Looking for a job?
http://linuxtoday.com/stories/13564.html -- Oleg Goldshmidt | BLOOMBERG L.P. (BFM) | [EMAIL PROTECTED] "A sense of the fundamental decencies is parceled out unequally at birth." [F. Scott FitzGerald] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: More wealth monitoring
Of course I realize that these numbers are essentially BS. I think the fact that the market is bullish on Linux is significant though. I thought noting the numbers was appropriate, so I did. A colleague of mine put it quite succinctly - here's a snippet of our email exchange, which just about sums it up for me (I don't quote his name, so I don't think I have to ask for his permission): Yahoo still is over 3 times as big as RHAT and LNUX combined, and M$FT is 5 times larger than that. Still, M$FT is the only valuation that isn't total garbage (it is the company that is total garbage instead) Well, shall we short? we, maybe not :-) -- Oleg Goldshmidt | BLOOMBERG L.P. (BFM) | [EMAIL PROTECTED] "A sense of the fundamental decencies is parceled out unequally at birth." [F. Scott FitzGerald] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: wrote hebrew general FAQ
not true we have here both emacs and vi writing and reading documants in hebrew and even have limited printing option (soon to come our hebrew page;) llp Ely Levy System group Hebrew University Jerusalem Israel On Sun, 12 Dec 1999, Nadav Har'El wrote: | Hey guys, how about some constructive comments for a change? Have better | ideas? (I know I would have suggested using LaTeX with Hebrew). | | I have a constructive idea: someone with Microsoft Word (e.g., Moran), | please save this document as Postscript (in Windows: "print to file", using | a postscript printer). We can all view Postscript files, right? | | Right now, postscript (or pdf) files are the only portable way we have | of seeing Hebrew documents. Of course, it's only for seeing documents, not | editing them, but it's an important first step. | | On Sun, Dec 12, 1999, [EMAIL PROTECTED] wrote about "Re: wrote hebrew general FAQ": | o.k. | | asuming I have linux and want to install hebrew, then | | 1. faq in doc format ? do not have microsoft word ! | 2. faq in html in hebrew: i do not have hebrew yet ( or why do i need | this faq if I do) | 3. assuming i only have hebrew fonts installed, this faq is in logical | hebrew, so I see it in the wrong direction. | | sorry, I couldn't read the faq so I can't comment on it. | | regards | Erez. | | -- | Nadav Har'El |Sunday, Dec 12 1999, 3 Tevet 5760 | [EMAIL PROTECTED] |- | Phone: +972-53-245868, ICQ 13349191 |Long periods of drought are always | http://nadav.harel.org.il |followed by rain. | | = | To unsubscribe, send mail to [EMAIL PROTECTED] with | the word "unsubscribe" in the message body, e.g., run the command | echo unsubscribe | mail [EMAIL PROTECTED] | | = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
hi, who use 2.0.X this days. just upgrade to 2.2.13 kernel. Moran Zavdi. -Original Message- From: Jonathan Ben-Avraham [EMAIL PROTECTED] To: James Olin Oden [EMAIL PROTECTED] Cc: Omer [EMAIL PROTECTED]; Hetz Ben Hamo [EMAIL PROTECTED]; Linux-IL [EMAIL PROTECTED] Date: éåí øàùåï 12 ãöîáø 1999 21:24 Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?] The answer is download.xs4all.nl:/pub/mirror/redhat-updates - yba On Fri, 10 Dec 1999, James Olin Oden wrote: What are you talking about? RH contrib? Some other site where you can get kernels packaged as RPMs? We're talking about an enterprise environment here, OFFICIAL RH errata. Whether or not this is the right way to go, this is where people look. Why don't you head on over to ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ (a respectable RH mirror site, no doubt) and check what kernel version they have in stock. The site is updated, there is nothing wrong with it. The official RH errata does indeed contain only kernel 2.0.36. Actually, when it comes to older realeases such as RH 5.x, then do not expect even ftp.cdrom.com to be upto date. Until about two months ago, one of our servers was running the RH 5.2 distribution. A little before we made the conversion to RH 6.1 yet another exploit was found in the wu-ftpd daemon. At the time, it was really hard to get a connection to updates.redhat.com. So I went looking around for a mirror that still had the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp errata file they had, and installed it without checking its version (a VERY dumb thing to do )-: ). Unfortunately, it happened to be something older than the rpm I was already using. This really hosed things as you might imagine. Eventually I got conencted to updates.redhat.com, and downloaded the correct version with the fix for the exploit. The moral is that mirrors often times may have the a distro's early realeases, but they are probably only truely mirroring the current release. ..james Hetz Ben Hamo wrote: Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 for redhat 5.x - compiled and ready. Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. Hetz Omer wrote: Irrelevant. Most people will not upgrade the kernel on their own to the latest stable version, but rather would only upgrade using the official vendor errata. This is how it is for all of the big-time operating systems, and since Linux is poised to make it to the big time, you have to expect this practice to become a lot more common. To which: Say you're a RH user, using 5.x. You will be using RedHat's errata updated for 5.2. The latest kernel included is 2.0.36, not patched to fix this. Hetz Ben Hamo wrote: It fixed long time ago on kernel 2.0.38 Hetz Omer wrote: This was posted to BugTraq today, and it seemed important enough to pass on (even though if you are a sysadmin and do not regularly read BT, you might deserve what you get). It's what I'd call a HUGE problem, not merely a big problem (unless of course you have no local users). In any case, I'd chmod u-s /bin/ping immediatly, and be careful not to ping as root (if you're not sure you're up to it, better make it chmod 000 /bin/ping :) Message to BT follows... -- -- Eduardo Cruz wrote: Hello ppl. Last week i was playing with my old linux 2.0.36 i486 box, while i was playing with the command ping and trying combinations of commands i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps , freezes complitely and after few secconds the system reboots. The major problem with this (if this is a bug, because i dont have time to install differents kernels and test it better) is that command can be run by everyone because you dont need root permissions to make a -R. I tested this on a 2.0.35 and .36 (both slackware), when u try to do this on a 2.2.x the system prints out "message too long". I think the problem is that there is a size-check missed when u reach the maximun packet size and u put the route information, but anyway i am not a guru on kernels. So, now is time for the kernel experts :) -- - Eduardo Cruz - [EMAIL PROTECTED] Network Administrator Telecomm Solutions Group Tel: +350 74146 Fax: +350 41781 ---
Re: wrote hebrew general FAQ
On Sun, Dec 12, 1999, Ely Levy wrote about "Re: wrote hebrew general FAQ": not true we have here both emacs and vi writing and reading documants in hebrew and even have limited printing option (soon to come our hebrew page;) Ely Levy On Sun, 12 Dec 1999, Nadav Har'El wrote: ... | Right now, postscript (or pdf) files are the only portable way we have | of seeing Hebrew documents. Of course, it's only for seeing documents, not | editing them, but it's an important first step. Look again at what you wrote: "we have HERE both emacs and vi...". Is this what you call PORTABLE? If you send your output to some Joe running out-of- the-box Redhat distribution, do you think he'll be able to view them? Telling him to "get this-and-that software, run xterm -fn heb8x13, click M-x show-me-this-file-in-Hebrew in emacs..." is a chicken and egg problem if your document is an introduction to Linux :) So, until we have an out-of-the-box Hebrew distribution (this is what Ivrix hopes to be), if you want your documents to be viewable by *anybody*, you'll need to pick a format like Postscript or PDF that is viewable by *anybody*. Of course, it doesn't matter how you create these files: I'll use Hebrew Latex 2.09, You'll use MS-Word, or whatever, until one program is good enough to get the attention of all Hebrew writers. Of course, it's always best to have your documents in multiple formats, and let your users choose. The US DOJ keeps the (interim) judgement against MS on their site in Word-Perfect format - I wonder why not MS-Word :) -- Nadav Har'El|Sunday, Dec 12 1999, 4 Tevet 5760 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |May you live as long as you want - and http://nadav.harel.org.il |never want as long as you live. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
Hi Moran, Moran wrote: Date: Wed, 1 Jan 1997 08:01:24 +0200 ... who use 2.0.X this days. just upgrade to 2.2.13 kernel. And who uses ancient dates these days? And even before Y2K hits us ;-) Just upgrade your date to Sun Dec 12 19:56:05 IST 1999... BTW: The same problem is known (for Solaris systems) for at least one year. -- Eli Marmor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: wrote hebrew general FAQ
Tzafrir Cohen wrote: [now that I see Eli's suggestion to use CAWABANGA - Ira's suggestion, not mine (though I agree). what format do you need as the source: logical hebrew html? Whatever: Visual, Semi-Logical, Full-Logical, Unicode, etc. You even don't have to put a meta tag (it can be guessed automatically). Is the one produced by word OK?] No; Only open standards. But in any case, as I wrote, it's not yet there. -- Eli Marmor = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Just getting security paranoid
While I never declared myself a security expert :), I've seen security experts who secured his machine by changing his /etc/issue message to print some nonexistent Linux distro name. I doubt he knows much about ipchains, capabilities, and such, but - dunno - I'm not too much into the hax0rs scene, so, could it be that his strategy is in fact better than mine? Could it be that setting traps to address the average hacker is actually better than doing stuff The Right Way? Anyone knows the hacking/kiddies world a little better? What do they look for? Where do they usually update from? -- Best regards, Ilya Konstantinov a.k.a Toastie [http://toast.demon.co.il] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Just getting security paranoid
They probably scan packetstorm on a daily basis (ever since rootshell stopped updating, they re-discovered ps it seems :), browse through BugTraq for l33t new 'xploits, and cruise NTBugTraq as well. I suppose the averege script kiddie likes to use automated tools (read: no-brainers), so it's a good idea to have your logs scanned for such commong things (for instance, /etc/shadow as part of a URL in your httpd logs - I see tons of those). Seems like the latest craze is TFN and Trinoo (or Trin00 if you're c00l), and other such distributed attack tools. But you might be kind of defenseless unless it is your own network used to attack you. Actually TFN is a pretty cool idea. Ilya Konstantinov wrote: While I never declared myself a security expert :), I've seen security experts who secured his machine by changing his /etc/issue message to print some nonexistent Linux distro name. I doubt he knows much about ipchains, capabilities, and such, but - dunno - I'm not too much into the hax0rs scene, so, could it be that his strategy is in fact better than mine? Could it be that setting traps to address the average hacker is actually better than doing stuff The Right Way? Anyone knows the hacking/kiddies world a little better? What do they look for? Where do they usually update from? -- Best regards, Ilya Konstantinov a.k.a Toastie [http://toast.demon.co.il] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- /--- Omer Efraim, [EMAIL PROTECTED] --\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [are reborn.] \---/ - Quoting Buzh, asr S/MIME Cryptographic Signature
thanks
Hi, first of all thank you everyone for the feedback. im glad there are some who like what i try to do. im getting comments from people everywhere (irc/mail/this group) its good. Tzafrir you got the general idea and this is important because many didnt. the idea of this faq is that its not intended for people who allready installed linux and knows what it is. this FAQ is come to give descent answer to people who want to know what is Linux what it is require and etc. I know that http://warp.efnet.org/linux is broken it is because my server got attack that called DoS attack. all the ports are closed but port 80. http://www.doshelp.org so i cant really do anything till i reinstall new linux. Tzafrir you mentioned alot of important questions, ill probably add most of them when ill install the new linux RedHat v6.1 www.linux.org.il is pointing to gilad and he said he is the only one who translating currently so there arent any translated articles about linux. you all should allways remember when you read my translated FAQ (and how-to's soon) 1. its very very hard translating. hebrew is hard. 2. im disturbing copys of pre Release so you can tell your comments, nothing final yet. 3. dont get pissed when you see its currently only doc format and word html format. at this point of time i prefer first doing FAQ that will be good and answer the most of questions that asked regulary before spending hours on final design. again remember its not easy at all. so emails like: i use linux i dont have hebrew fonts. so i cant help you unless you make english faq. or i use linux and win2000. but i cant read this fonts so fix it. such emails not really help but waste my time :) so be patience. Tzafrir and everyone again thank you for the feedback. ill work on those comments you all said. probably will have next version at next weekend. Moran ZavdiWarp Security Response Team. [EMAIL PROTECTED]
Connecting to remote host with the same user password
Hi list I'm working on a linux station, but for the development environment I need to work on our SUN OS. To do that I'm using "rsh -l username remotename" It works fine but I have to enter the password. I declared the same user name, user ID and group ID, but I can't get him to use my local machine's password. Is it possible ? Thanks = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Connecting to remote host with the same user password
Hi, the file .rhosts in your directory will allow you elogin without enter password each time. Moran Zavdi Warp Security Response Team. [EMAIL PROTECTED] -Original Message- From: Iftach Hyams [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: 12 1999 15:58 Subject: Connecting to remote host with the same user password Hi list I'm working on a linux station, but for the development environment I need to work on our SUN OS. To do that I'm using "rsh -l username remotename" It works fine but I have to enter the password. I declared the same user name, user ID and group ID, but I can't get him to use my local machine's password. Is it possible ? Thanks = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Linux for Alpha dec - HELP !
Can anyone please burn for me Linux for Alpha dec. I am trying to save the misery of a Win NT - Alpha Computer ... If anyone can help instructing It will be accepted with a lot of appritiation. thanks. Haim = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Just getting security paranoid
hi, so what you actually say is that if i scan your network from us shell that is hacked and not on my name that i telneted from .dk university shell that has 20 users minimum 24hrs a day telnetd anotheeer free shell that have 50 users minimum on line telneted from my box you or anyone can trace it ? or you say you can trace my real ip from http logs after i used 4 different proxy server that support freedom on the internet ? if some hacker really use the hidiing methods i just wrote youll never know who scanned/hacked your site and putted ugly web page i 0wN j00 all and in worse case made rm to what he didnt liked. Moran Zavdi Warp Security Response Team. [EMAIL PROTECTED] -Original Message- From: Stanislav Malyshev a.k.a Frodo [EMAIL PROTECTED] To: Ilya Konstantinov [EMAIL PROTECTED] Cc: ILUG [EMAIL PROTECTED] Date: éåí ùðé 13 ãöîáø 1999 01:12 Subject: Re: Just getting security paranoid On the other side, it might be good to put some trap if you want to identify and catch someone, but most sysadmins has much more to do than investigate every portscan. You may install a tool like logcheck and maybe some other abacus tools, which will tell you about "strange" things happening, and install some integrity control that would watch your files (like tripwire). This probably would help about unskilled attacker (I have no experience with _this_ stage of being attacked, so I cannot say much). IK Anyone knows the hacking/kiddies world a little better? What do they IK look for? Where do they usually update from? Well, when I was a sort of script kiddie (long time ago...) I looked the same places I do now - Bugtraq (and its NT cousin), rootshell, CERT, "hacker" conferences and sites, IRC, social engineering, various vendor's security alerts, and basically everything marked "security". -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425 /\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] ÿÿ To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Linux for Alpha dec - HELP !
You may want to give a test to SuSE 6.1 Alpha. Heard it's pretty damn good one... Hetz Chaim Zadok wrote: Can anyone please burn for me Linux for Alpha dec. I am trying to save the misery of a Win NT - Alpha Computer ... If anyone can help instructing It will be accepted with a lot of appritiation. thanks. Haim = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
some people do not want to upgrade their distribution because it will mean a lot of work updating their scripts. and to move from 2.0.x to 2.2.x you need to upgrade a lot ... it took me for instance, a lot of time to upgrade my server from 2.0.36 (rh5.2) to 2.2.x (rh6.1) regards erez Moran wrote: hi, who use 2.0.X this days. just upgrade to 2.2.13 kernel. Moran Zavdi. -Original Message- From: Jonathan Ben-Avraham [EMAIL PROTECTED] To: James Olin Oden [EMAIL PROTECTED] Cc: Omer [EMAIL PROTECTED]; Hetz Ben Hamo [EMAIL PROTECTED]; Linux-IL [EMAIL PROTECTED] Date: 12 1999 21:24 Subject: Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?] The answer is download.xs4all.nl:/pub/mirror/redhat-updates - yba On Fri, 10 Dec 1999, James Olin Oden wrote: What are you talking about? RH contrib? Some other site where you can get kernels packaged as RPMs? We're talking about an enterprise environment here, OFFICIAL RH errata. Whether or not this is the right way to go, this is where people look. Why don't you head on over to ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/ (a respectable RH mirror site, no doubt) and check what kernel version they have in stock. The site is updated, there is nothing wrong with it. The official RH errata does indeed contain only kernel 2.0.36. Actually, when it comes to older realeases such as RH 5.x, then do not expect even ftp.cdrom.com to be upto date. Until about two months ago, one of our servers was running the RH 5.2 distribution. A little before we made the conversion to RH 6.1 yet another exploit was found in the wu-ftpd daemon. At the time, it was really hard to get a connection to updates.redhat.com. So I went looking around for a mirror that still had the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp errata file they had, and installed it without checking its version (a VERY dumb thing to do )-: ). Unfortunately, it happened to be something older than the rpm I was already using. This really hosed things as you might imagine. Eventually I got conencted to updates.redhat.com, and downloaded the correct version with the fix for the exploit. The moral is that mirrors often times may have the a distro's early realeases, but they are probably only truely mirroring the current release. ..james Hetz Ben Hamo wrote: Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38 for redhat 5.x - compiled and ready. Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it.. Hetz Omer wrote: Irrelevant. Most people will not upgrade the kernel on their own to the latest stable version, but rather would only upgrade using the official vendor errata. This is how it is for all of the big-time operating systems, and since Linux is poised to make it to the big time, you have to expect this practice to become a lot more common. To which: Say you're a RH user, using 5.x. You will be using RedHat's errata updated for 5.2. The latest kernel included is 2.0.36, not patched to fix this. Hetz Ben Hamo wrote: It fixed long time ago on kernel 2.0.38 Hetz Omer wrote: This was posted to BugTraq today, and it seemed important enough to pass on (even though if you are a sysadmin and do not regularly read BT, you might deserve what you get). It's what I'd call a HUGE problem, not merely a big problem (unless of course you have no local users). In any case, I'd chmod u-s /bin/ping immediatly, and be careful not to ping as root (if you're not sure you're up to it, better make it chmod 000 /bin/ping :) Message to BT follows... -- -- Eduardo Cruz wrote: Hello ppl. Last week i was playing with my old linux 2.0.36 i486 box, while i was playing with the command ping and trying combinations of commands i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record route) the system starts to print on the screen kernel dumps , freezes complitely and after few secconds the system reboots. The major problem with this (if this is a bug, because i dont have time to install differents kernels and test it better) is that command can be run by everyone because you dont need root permissions to make a -R. I tested this on a 2.0.35 and .36 (both slackware), when u try to do this on a 2.2.x the system prints out "message too long". I think the problem is that there is a size-check missed when u reach the maximun packet size and u put the
