SubRPC vulnerability: is Debian libc6 affected?
Recently several glibc vulnerabilities have been published, and there is only some disjoint information about their status for Debian here and there. Maybe this bunch of issues is worth one combined DSA that will explain what is fixed? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including ^ dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. There are 3 DSAs (142, 143, 146) fixing this bug in other packages, but I haven't found any statement from Debian Security Team or from glibc maintainer, except following notice already mentioned on this list: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155529repeatmerged=yes calloc() contains an integer overflow which means that in some cases, the allocated buffer is too small. See the following page for details: http://cert.uni-stuttgart.de/advisories/calloc.php ... Currently, woody and potato fixed packages have been uploaded to security.d.o (same update as the xdr bug was fixed in). Sid(unstable) is coming soon. Is the xdr bug the one mentioned in CAN-2002-0391? BTW calloc() bug also went below radar, while to me it seems serious enough to be worth mention. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684 Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. It looks like it is fixed in glibc 2.2.5-8, but again, it never made into official announcement. -- Dmitry Borodaenko
Re: Email Virus Scanner
i recently setup mailscanner with mcafee virusscan and have been pretty happy with it. if you describe the nature of the error, i might be able to help you out. xn On Mon, Aug 12, 2002 at 08:00:16PM -0500, Daniel J. Rychlik wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gentlemen, I am wanting to setup a good virus scanner for exim. I tried out mailscanner, but it bombs with an error. I tried to fix the error, but I got frustrated. I would like to use mailscanner or even the santizer. Do you guys have any suggestions or even a preference over one or the other? Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does . -BEGIN PGP SIGNATURE- Version: PGP 7.1.1 iQA/AwUBPVhaIOgW0zo5qpEdEQINiwCgy33QLmdqVpjsHy0dh1om2tUt/q8AoJT3 soHEdM9HMqdePuLWBsloImIq =7dW0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Email Virus Scanner - listof um
hi ya here's the collection of virus scanners.. http://www.Linux-Sec.net/Mail/antivirus.gwif.html c ya alvin On Mon, 12 Aug 2002, Daniel J. Rychlik wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gentlemen, I am wanting to setup a good virus scanner for exim. I tried out mailscanner, but it bombs with an error. I tried to fix the error, but I got frustrated. I would like to use mailscanner or even the santizer. Do you guys have any suggestions or even a preference over one or the other? Sincerely,
Re: Email Virus Scanner
Hello, I perfer the scanning and rejection to be at SMTP sending time so I think exiscan [1] is a better tool. You can also add-in spamassassin checking at the same time and there is a patch to reject or just tag based the spamassassin responce with a patch from [EMAIL PROTECTED] posted to the exiscanusers list on Jul 29th. 1. http://duncanthrax.net/exiscan/ Dave, Quoting Daniel J. Rychlik [EMAIL PROTECTED]: I am wanting to setup a good virus scanner for exim. I tried out mailscanner, but it bombs with an error. I tried to fix the error, but I got frustrated. I would like to use mailscanner or even the santizer. Do you guys have any suggestions or even a preference over one or the other? -- David Broome Programmer-Analyst.FineArts.UVic.CA /BSc /CNA /MCP 250.721-6307 [EMAIL PROTECTED]FIA 221
Re: Email Virus Scanner
I like amavis-perl, but have never set it up under exim. -- Arthur H. Johnson II, Debian GNU/Linux Advocate Catechist, St John Catholic Church, Davison MI USA President, Genesee County Linux Users Group IRC: [EMAIL PROTECTED],#debian YIM: arthurjohnson AIM: bytor4232 ICQ: 31770438 On Mon, 12 Aug 2002, Daniel J. Rychlik wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gentlemen, I am wanting to setup a good virus scanner for exim. I tried out mailscanner, but it bombs with an error. I tried to fix the error, but I got frustrated. I would like to use mailscanner or even the santizer. Do you guys have any suggestions or even a preference over one or the other? Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does . -BEGIN PGP SIGNATURE- Version: PGP 7.1.1 iQA/AwUBPVhaIOgW0zo5qpEdEQINiwCgy33QLmdqVpjsHy0dh1om2tUt/q8AoJT3 soHEdM9HMqdePuLWBsloImIq =7dW0 -END PGP SIGNATURE-
Re: Email Virus Scanner
On Mon, 12 Aug 2002 at 08:00:16PM -0500, Daniel J. Rychlik wrote: santizer. Do you guys have any suggestions or even a preference over one or the other? Sophos is considered by many in the security industry to be one of the best. BUT, it is commercial (in other words...green). It supports MANY MANY MANY platforms and is basically an smtp pipe... http://www.sophos.com -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import
Fwd: openssl overflow
Forwarded by suneo135 Forwarded Message - Package:openssl Version:0.9.6c-2 Severity:critical Openssl 0.9.6f changes Changes between 0.9.6e and 0.9.6f [8 Aug 2002] *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. [Florian Weimer [EMAIL PROTECTED], Alon Kantor [EMAIL PROTECTED] (and others), Steve Henson] *) Use proper error handling instead of \\\'assertions\\\' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper [EMAIL PROTECTED], Bodo Moeller] Probably it is this pathc. http://marc.theaimsgroup.com/?l=openssl-cvsm=102831422608153w=2 other http://rhn.redhat.com/errata/RHSA-2002-160.html - End of Forwarded Message -
Re: SubRPC vulnerability: is Debian libc6 affected?
It looks like it is fixed in glibc 2.2.5-8, but again, it never made into official announcement. On woody, I believe Ben have been already working, but I don't know its status. Ben? Should I go ahead for woody? Woody and potato are already uploaded to security.d.o. It's in their hands now, and I suspect the hold up is getting it to auto-compile on all the archs. -- Debian - http://www.debian.org/ Linux 1394 - http://linux1394.sourceforge.net/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/