Nice work on getting this out. Is sarge going to get an update, is it
even affected? I've looked into CVE-2007-2444, and
http://www.securityfocus.com/bid/23974/ says that the version in sarge
is affected.
--
Geoff Crompton
Debian System Administrator
Strategic Data
, Debian security
updates predated widespread (semi-)automated exploits by weeks.
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
for the
chunks to get distributed well through out the network.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
This bug has been closed for unstable (see bug 350964) with the 4.6
upload, but will it be fixed for sarge?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
requiredpam_unix.so nullok obscure min=4 max=8
md5 try_first_pass
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
distribution (sarge) this problem has been fixed in
version 0.10.10-2sarge3.
Looks like a typo, this last line should be:
version 0.10.10-2sarge4
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
that static-page mode be the default since
upstream's CGI default is (in my opinion) too risky, but I haven't done
that yet.
I would agree with that idea. In fact, I've just lodged a bug report
along those lines. Bug #341308.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3
with that idea. In fact, I've just lodged a bug report
along those lines. Bug #341308.
Thank you, Geoff!
No worries. Jonas has already responded to the bug, he sounds in favour
of it. I'm sure he'd appreciate patch suggestions on implementing it.
--
Geoff Crompton
Debian System Administrator
Anyone know if clamav is vulnerable to the magic byte detection evasion
issue discussed at http://www.securityfocus.com/bid/15189?
Or alternatively, can anyone work out if it is vulnerable?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email
in the code where the problems are.
Then that person could release more detailed information about the fix
after the embargo ends, which would benefit all other distributions in a
similar position.
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
necessary to see if you can identify how
the attacker broke in. Otherwise you will find that after reinstalling,
the attack will occur again. As Christoph mentioned, the logs are a good
place to start.
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
On http://merkel.debian.org/~joeyh/testing-security.html this CAN is
listed, as waiting for a 2.4.27-9 to fix this issue. The securityfocus
article says that this is a 2.6.8 issue.
Does anyone know if a fix for this has made it into a 2.6.8 debian kernel?
--
Geoff Crompton
Debian System
Does anyone know if apache 1.3 is affected by the issue mentioned at
http://www.securityfocus.com/bid/12877
Also, anyone know how Debian stands with this?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
find a
DSA that corresponds to CAN-2003-0020.
Does anyone know if Debian is vulnerable or fixed?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Similarly to my last email, is Debian's apache affected by this? Further
details on http://www.securityfocus.com/bid/9921.
Debian is listed as being vulnerable. It's a DoS involving a connection
to a little used port.
I've not found a correspondind DSA.
--
Geoff Crompton
Debian System
-0710, CAN-2005-0711
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
the
packet.
I have not investigated but think the kernel but think it would reliably
respond and 99.99% of attackers would not realised they had been
exposed.
Assuming that the promiscuous machine has arp spoofed that mac address,
so that the switch will pass the packet down that port.
--
Geoff
Are the kernel team aware of http://www.securityfocus.com/bid/12555, a
bunch of vulnerablities in 2.6 kernels prior to 2.6.11-rc2.
Or more generally, are these being tracked? And if so, by whom, and I
should I keep asking them specifically rather than posting to
debian-security?
--
Geoff
http://www.securityfocus.com/bid/12575
Libasound 1.0.6 has a vulnerability. The sarge and sid versions are
newer, and the woody version is much older. Anyone know if woody is
affected?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email
I haven't seen a DSA for kdelibs, according to:
http://www.securityfocus.com/bid/12525
version 3.3.2 is vulnerable to a local file overwriting issue.
Woody's clean, anyone know if the sid and sarge packages are affected?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
Geoff Crompton wrote:
I haven't seen a DSA for kdelibs, according to:
http://www.securityfocus.com/bid/12525
version 3.3.2 is vulnerable to a local file overwriting issue.
Woody's clean, anyone know if the sid and sarge packages are affected?
KDE is tracking the bug.
http://bugs.kde.org
Has there been a DSA for apache, in relation to the securityfocus
bugtraqID #12308?
http://www.securityfocus.com/bid/12308
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble
Anyone know if any Debian kernels are vulnerable to CAN-2004-1237?
Apparently it was originally just thought to be a redhat thing, but
bugtraq recently said it was also found in suse.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL
SecurityFocuse newsletter #286 lists some bind issues:
http://www.securityfocus.com/bid/12364
CAN-2005-0033
http://www.securityfocus.com/bid/12365
CAN-2005-0034
Anyone know how Debian stands with these?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
-installing
it. However in my (fairly recent experience), it was _easier_ to
reinstall than it was to check all those things.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
Hi,
Has there been any DSA released for CAN-2004-0930, an Input
Vulnerability in Samba, 3.0 to 3.0.7.
Ta
--
Geoff Crompton
Debian System Administrator
StrategicData
+61-3-9348-2013
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
You may find that the internal web server is sending its reply IP
packets directly to the internal client, instead of via the firewall.
This can occur if the internal client and the internal web server have
the same subnet mask. The internal web server sends the packets straight
back to the
You may find that the internal web server is sending its reply IP
packets directly to the internal client, instead of via the firewall.
This can occur if the internal client and the internal web server have
the same subnet mask. The internal web server sends the packets straight
back to the
On Thu, Aug 07, 2003 at 10:55:16PM -0700, Mark Ferlatte wrote:
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to
On Fri, Aug 08, 2003 at 11:58:45AM -0500, Greg Norris wrote:
On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
I have succesfully configued sshd to allow opie logons, without
disabling PrivSep, by configuring pam to use the libpam-opie
module for ssh.
In this case
On Thu, Aug 07, 2003 at 10:55:16PM -0700, Mark Ferlatte wrote:
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to
(initially, at least) break it.
I suppose if you used a BSD system, you could do this kernel modification
and not have to provide the source. The userland side of the system is
going to be very similar.
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe
(initially, at least) break it.
I suppose if you used a BSD system, you could do this kernel modification
and not have to provide the source. The userland side of the system is
going to be very similar.
Geoff Crompton
: IP Accounting for iptables( kernel =2.4)
Can do accounting on any iptable rule (as I understand it). iptables
have the capability to match on owner:
iptables -A INPUT -m owner --uid-owner 2
Cheers
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
--dport 1024 -m limit --limit 20/hour -j
ULOG --ulog-prefix BPA
(Checking with iptables-save -c reveals that the rule has been getting
matches).
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
: IP Accounting for iptables( kernel =2.4)
Can do accounting on any iptable rule (as I understand it). iptables
have the capability to match on owner:
iptables -A INPUT -m owner --uid-owner 2
Cheers
Geoff Crompton
--dport 1024 -m limit --limit
20/hour -j ULOG --ulog-prefix BPA
(Checking with iptables-save -c reveals that the rule has been getting
matches).
Geoff Crompton
of an infection' way.
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
of an infection' way.
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Geoff Crompton
On Thu, Sep 12, 2002 at 09:22:43AM +0200, Marcel Weber wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Something that would be totally legal would be to send an email to the
[EMAIL PROTECTED], in the hope, that they have such an email
address. Of course one has to pay attention, that
Ok. So it is good to warn owners of cracked boxes. Does that mean it
is good for me to walk into a house that has been robbed, and write a
note to the owner that it has been robbed?
In this case the analogy doesn't work so well, as the owner is more
likely going to notice that the place
. It would be for the good of the net! They could be a part of the
ICANN or UNO or whoever.
Marcel
Sounds like such an organization would be ripe for misuse by power
hungry politicians/diplomats/whatever-you-call-them-power-hungry-people
Geoff Crompton
On Thu, Aug 22, 2002 at 03:00:59PM -0400, Sean McAvoy wrote:
Hello,
I've successfully configured site to site VPN connections using
FreeSwan, RSA keys, and using our own Dynamic DNS server (gnudip). It's
a straight forward tunnel connection. Couple of points
left= and right= should be FQDNs,
On Wed, Aug 21, 2002 at 12:20:27PM +0200, Marcel Weber wrote:
Hash: SHA1
Hi
Does anybody know if there are any news concerning freeswan and
Watchguard Firebox 2 interoperability? Some time ago I read that the two
would not work together, as Watchguard does not use triple DES during
On Thu, Aug 22, 2002 at 01:57:32AM +0200, R?mi Letot wrote:
Hi all,
I'd like to setup a VPN between two hosts on cable connection. The
problem is that they have dynamic ip's, and none of the two sides is
permanently up (most of the time they are up, but it's not guaranteed
at all).
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Fri, 21 Jun 2002 00:36, Olaf Meeuwissen wrote:
Geoff Crompton [EMAIL PROTECTED] writes:
On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote:
(wait for official release updates) and then just s/potato/stable/g.
Note that non-US is being phased out.
Can you point me to the mail
47 matches
Mail list logo