Re: Strange segmentation faults and Zombies
Hi, Markus Schabel wrote: > > I've seen some strange things on my (stable with security-updates) > server: the last apt-get update didn't work because gzip segfaultet. > I've copied gzip from another server over the version on this server, > but it also crashed. Interesting was that the executable was bigger > after the segfault. try the following: md5sum /bin/gzip scp goodserver:/bin/gzip /bin/gzip md5sum /bin/gzip ls /bin/gzip md5sum /bin/gzip can you send the output? i had the same problem on a few servers, every file was bigger before the ls, but still worked. beside gzip, it segfaultet. you can also strace ls, normally ls does nothing in /proc, but this ls had done anything in /proc. But where is it from? Have you installed/executed any binarys beside debian-packages? Regards, Ralf Dreibrodt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
about sendmail hole - relay restrictions bypassed
Hi list, You know, as DSA-384-1, sendmail buffer overflow vulnerability is fixed but another hole "sendmail relay access restrictions can be bypassed with bogus DNS"(*) is NOT fixed yet. * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174907 Do you know why maintainer let this issue alone ? or not effect Debian package? (if so, this bug should be closed.) -- Regards, Hideki Yamanemailto:henrich @ iijmio-mail.jp
about sendmail hole - relay restrictions bypassed
Hi list, You know, as DSA-384-1, sendmail buffer overflow vulnerability is fixed but another hole "sendmail relay access restrictions can be bypassed with bogus DNS"(*) is NOT fixed yet. * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174907 Do you know why maintainer let this issue alone ? or not effect Debian package? (if so, this bug should be closed.) -- Regards, Hideki Yamanemailto:henrich @ iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange segmentation faults and Zombies
On Wed, 17 Sep 2003 22:29:58 +0200 Markus Schabel <[EMAIL PROTECTED]> wrote: > I've seen some strange things on my (stable with security-updates) > server: the last apt-get update didn't work because gzip segfaultet. > I've copied gzip from another server over the version on this server, > but it also crashed. Interesting was that the executable was bigger > after the segfault. curious. > In a ps I can see a lot of Zombies (rm, ln, readlink, grep) and I've no > idea where they come from. > it's the daily cronjob that stole. > You think the server got hacked? Are there any other things that can > lead to this? man also behaves strange, it says either "No manual entry > for...", "What manual page do you want?" or nothing. i'm thinking about a hardware problem. may the harddrive is in failure (get the ouput of dmesg) or a very big ram problem that corrupt files on the hard drive. in every case simply copy all the data you can and inspect the hdd in another box mounting it read only. -- http://glot.net/, [EMAIL PROTECTED] Cycom http://www.rezal.net/, Epidemic http://epidemic.glot.net/ --
Re: Strange segmentation faults and Zombies
On Wed, 17 Sep 2003 22:29:58 +0200 Markus Schabel <[EMAIL PROTECTED]> wrote: > I've seen some strange things on my (stable with security-updates) > server: the last apt-get update didn't work because gzip segfaultet. > I've copied gzip from another server over the version on this server, > but it also crashed. Interesting was that the executable was bigger > after the segfault. curious. > In a ps I can see a lot of Zombies (rm, ln, readlink, grep) and I've no > idea where they come from. > it's the daily cronjob that stole. > You think the server got hacked? Are there any other things that can > lead to this? man also behaves strange, it says either "No manual entry > for...", "What manual page do you want?" or nothing. i'm thinking about a hardware problem. may the harddrive is in failure (get the ouput of dmesg) or a very big ram problem that corrupt files on the hard drive. in every case simply copy all the data you can and inspect the hdd in another box mounting it read only. -- http://glot.net/, [EMAIL PROTECTED] Cycom http://www.rezal.net/, Epidemic http://epidemic.glot.net/ -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Strange segmentation faults and Zombies
Hello! I've seen some strange things on my (stable with security-updates) server: the last apt-get update didn't work because gzip segfaultet. I've copied gzip from another server over the version on this server, but it also crashed. Interesting was that the executable was bigger after the segfault. In a ps I can see a lot of Zombies (rm, ln, readlink, grep) and I've no idea where they come from. I thougt I should try chkrootkit downloaded and compiled on an external computer (because on the server there are no development programs) and scp'ed it over. After running I see the following in the ps aux output: root 23029 0.2 0.1 2320 1300 pts/0S18:53 0:00 /bin/sh ./chkrootkit root 23088 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])biff([^A-Za-z0-9_]|$) root 23089 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23093 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23094 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23113 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])chsh([^A-Za-z0-9_]|$) root 23117 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23118 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23119 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23134 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23136 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23150 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23151 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23170 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23171 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23191 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^/bin/.*sh$|bash|elite$|vejeta|\.ark root 23194 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^...s root 23195 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23198 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])echo([^A-Za-z0-9_]|$) root 23203 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23204 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23216 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^...s root 23220 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])egrep([^A-Za-z0-9_]|$) root 23221 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23225 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23226 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23227 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23240 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23245 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^/bin/.*sh$|bash|elite$|vejeta|\.ark root 23258 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23259 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23260 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23261 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23287 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23288 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23299 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23304 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep givemer root 23306 0.0 0.0 1272 412 pts/0S18:53 0:00 /bin/egrep ^...s root 23307 0.0 0.0 1604 308 pts/0T18:53 0:00 /bin/ls -l /bin/grep root 23308 0.0 0.0 00 pts/0Z18:53 0:00 [ls ] root 23309 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23311 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23313 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] As you can see there's a lot of Zombies. That output started when chkrootkit analysed grep (it stopped there and continued only after I removed all processes in T state), then the same with inetd and after that I gave up. You think the server got hacked? Are there any other things that can lead to this? man also behaves strange, it says either "No manual entry for...", "What manual page do you want?" or nothing. regards Markus
Re: Pat on the back
Viestissä Keskiviikko 17. Syyskuuta 2003 18:18, Robert Brockway kirjoitti: > Hi. I just wanted to say thanks to the security team for the rapid > deployment of the fixed versions of OpenSSH (twice). > > Often people are quick to post negative emails and not so quick to post > positive emails, so I just wanted to say that many of us really do > appreciate the work the security team does. Knowing that fixed versions > will be in the security archive quickly helps to keep my blood pressure > down :) > > Cheers, > Rob Same here. I give few applauds too. Keep the updates flowing in! Antti -- My PGP public key: http:://tola.org/pgp.txt
Strange segmentation faults and Zombies
Hello! I've seen some strange things on my (stable with security-updates) server: the last apt-get update didn't work because gzip segfaultet. I've copied gzip from another server over the version on this server, but it also crashed. Interesting was that the executable was bigger after the segfault. In a ps I can see a lot of Zombies (rm, ln, readlink, grep) and I've no idea where they come from. I thougt I should try chkrootkit downloaded and compiled on an external computer (because on the server there are no development programs) and scp'ed it over. After running I see the following in the ps aux output: root 23029 0.2 0.1 2320 1300 pts/0S18:53 0:00 /bin/sh ./chkrootkit root 23088 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])biff([^A-Za-z0-9_]|$) root 23089 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23093 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23094 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23113 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])chsh([^A-Za-z0-9_]|$) root 23117 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23118 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23119 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23134 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23136 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23150 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23151 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23170 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23171 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23191 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^/bin/.*sh$|bash|elite$|vejeta|\.ark root 23194 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^...s root 23195 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23198 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])echo([^A-Za-z0-9_]|$) root 23203 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23204 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23216 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^...s root 23220 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep (^|[^A-Za-z0-9_])egrep([^A-Za-z0-9_]|$) root 23221 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23225 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23226 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23227 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23240 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23245 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep ^/bin/.*sh$|bash|elite$|vejeta|\.ark root 23258 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23259 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23260 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23261 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23287 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23288 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23299 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep c root 23304 0.0 0.0 1220 216 pts/0T18:53 0:00 /bin/egrep givemer root 23306 0.0 0.0 1272 412 pts/0S18:53 0:00 /bin/egrep ^...s root 23307 0.0 0.0 1604 308 pts/0T18:53 0:00 /bin/ls -l /bin/grep root 23308 0.0 0.0 00 pts/0Z18:53 0:00 [ls ] root 23309 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23311 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] root 23313 0.0 0.0 00 pts/0Z18:53 0:00 [egrep ] As you can see there's a lot of Zombies. That output started when chkrootkit analysed grep (it stopped there and continued only after I removed all processes in T state), then the same with inetd and after that I gave up. You think the server got hacked? Are there any other things that can lead to this? man also behaves strange, it says either "No manual entry for...", "What manual page do you want?" or nothing. regards Markus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pat on the back
Viestissä Keskiviikko 17. Syyskuuta 2003 18:18, Robert Brockway kirjoitti: > Hi. I just wanted to say thanks to the security team for the rapid > deployment of the fixed versions of OpenSSH (twice). > > Often people are quick to post negative emails and not so quick to post > positive emails, so I just wanted to say that many of us really do > appreciate the work the security team does. Knowing that fixed versions > will be in the security archive quickly helps to keep my blood pressure > down :) > > Cheers, > Rob Same here. I give few applauds too. Keep the updates flowing in! Antti -- My PGP public key: http:://tola.org/pgp.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pat on the back
Robert Brockway wrote: Hi. I just wanted to say thanks to the security team for the rapid deployment of the fixed versions of OpenSSH (twice). I fully agree. thanks a lot! --Chris
Re: [d-security] Re: ssh vulnerability in the wild
Adrian von Bidder wrote: On Tuesday 16 September 2003 22:30, Rich Puhek wrote: [mix stable/testing/unstable] This is what I usually do - and usually, it works quite fine. Right now, though, I've been pulling in more and more from testing/unstable since some things depend on the new glibc, and some other things randomly break when used with the new glibc, so I've had to upgrade those things, which in turn depend on foo, which... Ahh, when it starts to want to download a lot of libraries I don't know much about, that's when I lean towards apt-get source. reduces the exploding dependancies/conflicts problem... --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _
Re: Debian + Verisign's .com/.net hijack
Arthur de Jong wrote: > This will only work for a little while as a colleague of mine noted. This > will block > * IN A 64.94.110.11 > but not > * IN NS 64.94.110.11 > which is a valid delegation. The 64.94.110.11 nameserver should then only > return 64.94.110.11 for all requests for A records. Paul Vixie addressed just this possibility in <[EMAIL PROTECTED]> on the NANOG list. You can mark such a name server as "bogus". Assuming that IP is routable at all; I have not seen a packet from 64.94.110.11 in over 24 hours. -- see shy jo pgpV66eptaCgn.pgp Description: PGP signature
Re: Verisign and Bind update
ke, 2003-09-17 kello 18:12, James Miller kirjoitti: > Will the package maintainers of BIND be integrating the patches from > ISC-BIND to negate Verisign's recent shenanigans? Well, it's not only a patch, it's part of bind upstream releases, so yes of course it will eventually be in the packaged version. Actually, there already seems to be a release with this available. *hile*
RE: Verisign and Bind update
Ack, sorry folks.. I need to finish reading my mail before sending anything out. -Original Message- From: James Miller [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:12 AM To: debian-security@lists.debian.org Subject: Verisign and Bind update Will the package maintainers of BIND be integrating the patches from ISC-BIND to negate Verisign's recent shenanigans? --from ISC's web site -- In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones in caching/recursive name servers. Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset). This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest. Example named.conf entry for the zone: zone "foo" { type delegation-only; }; Release Candidates/Patches that support "delegation-only" zones: ->Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pat on the back
Hi. I just wanted to say thanks to the security team for the rapid deployment of the fixed versions of OpenSSH (twice). Often people are quick to post negative emails and not so quick to post positive emails, so I just wanted to say that many of us really do appreciate the work the security team does. Knowing that fixed versions will be in the security archive quickly helps to keep my blood pressure down :) Cheers, Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) "The earth is but one country and mankind its citizens" -Baha'u'llah
Verisign and Bind update
Will the package maintainers of BIND be integrating the patches from ISC-BIND to negate Verisign's recent shenanigans? --from ISC's web site -- In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones in caching/recursive name servers. Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset). This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest. Example named.conf entry for the zone: zone "foo" { type delegation-only; }; Release Candidates/Patches that support "delegation-only" zones: ->Jim
Re: Pat on the back
Robert Brockway wrote: Hi. I just wanted to say thanks to the security team for the rapid deployment of the fixed versions of OpenSSH (twice). I fully agree. thanks a lot! --Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [d-security] Re: ssh vulnerability in the wild
Adrian von Bidder wrote: On Tuesday 16 September 2003 22:30, Rich Puhek wrote: [mix stable/testing/unstable] This is what I usually do - and usually, it works quite fine. Right now, though, I've been pulling in more and more from testing/unstable since some things depend on the new glibc, and some other things randomly break when used with the new glibc, so I've had to upgrade those things, which in turn depend on foo, which... Ahh, when it starts to want to download a lot of libraries I don't know much about, that's when I lean towards apt-get source. reduces the exploding dependancies/conflicts problem... --Rich _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Arthur de Jong wrote: > This will only work for a little while as a colleague of mine noted. This > will block > * IN A 64.94.110.11 > but not > * IN NS 64.94.110.11 > which is a valid delegation. The 64.94.110.11 nameserver should then only > return 64.94.110.11 for all requests for A records. Paul Vixie addressed just this possibility in <[EMAIL PROTECTED]> on the NANOG list. You can mark such a name server as "bogus". Assuming that IP is routable at all; I have not seen a packet from 64.94.110.11 in over 24 hours. -- see shy jo pgp0.pgp Description: PGP signature
unsubscribe
Re: Debian + Verisign's .com/.net hijack
On Wed, 17 Sep 2003, Gaël Le Mignot wrote: > > What precisely have they done? I'd not heard about > > their latest idiocy... > > They decided to answer to all requests for a non-existing domain in > .com or .net with the IP of some of their computers, hosting an > advertising page... Please note they include the sentence "The Value Of Trust" in their corporate logo. // Thomas
Re: Verisign and Bind update
ke, 2003-09-17 kello 18:12, James Miller kirjoitti: > Will the package maintainers of BIND be integrating the patches from > ISC-BIND to negate Verisign's recent shenanigans? Well, it's not only a patch, it's part of bind upstream releases, so yes of course it will eventually be in the packaged version. Actually, there already seems to be a release with this available. *hile* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Verisign and Bind update
Ack, sorry folks.. I need to finish reading my mail before sending anything out. -Original Message- From: James Miller [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: Verisign and Bind update Will the package maintainers of BIND be integrating the patches from ISC-BIND to negate Verisign's recent shenanigans? --from ISC's web site -- In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones in caching/recursive name servers. Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset). This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest. Example named.conf entry for the zone: zone "foo" { type delegation-only; }; Release Candidates/Patches that support "delegation-only" zones: ->Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pat on the back
Hi. I just wanted to say thanks to the security team for the rapid deployment of the fixed versions of OpenSSH (twice). Often people are quick to post negative emails and not so quick to post positive emails, so I just wanted to say that many of us really do appreciate the work the security team does. Knowing that fixed versions will be in the security archive quickly helps to keep my blood pressure down :) Cheers, Rob -- Robert Brockway B.Sc. email: [EMAIL PROTECTED], [EMAIL PROTECTED] Linux counter project ID #16440 (http://counter.li.org) "The earth is but one country and mankind its citizens" -Baha'u'llah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Unidentified subject!
Verisign and Bind update
Will the package maintainers of BIND be integrating the patches from ISC-BIND to negate Verisign's recent shenanigans? --from ISC's web site -- In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones in caching/recursive name servers. Briefly, a zone which has been declared "delegation-only" will be effectively limited to containing NS RRs for subdomains, but no actual data outside its apex (for example, its SOA RR and apex NS RRset). This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest. Example named.conf entry for the zone: zone "foo" { type delegation-only; }; Release Candidates/Patches that support "delegation-only" zones: ->Jim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
unsubscribe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
security updates vs. proposed-updates
Hi! Many people asked (in messages to [EMAIL PROTECTED]) how to get the security updates when there's a newer version of the package in question in proposed-updates, so I thought that posting this here could be useful. Here's the way I do it recently: Add (for every package you need) an entry like this into /etc/apt/preferences: Explanation: override stable-updates/stable-security desync Package: ssh Pin: release l=Debian-Security Pin-Priority: 1001 This seems to work better then othe suggested ways: - puting the package on hold (you need to override it when the security update is updated again) - removing proposed-updates from sources.list (2.4.x kernels from Herbert are there) Maybe this could be added to the security team FAQ? Disclaimer: I'm not a member of the security team. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 signature.asc Description: Digital signature
Re: Debian + Verisign's .com/.net hijack
On Wed, 17 Sep 2003, Gaël Le Mignot wrote: > > What precisely have they done? I'd not heard about > > their latest idiocy... > > They decided to answer to all requests for a non-existing domain in > .com or .net with the IP of some of their computers, hosting an > advertising page... Please note they include the sentence "The Value Of Trust" in their corporate logo. // Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > While the "first generation" patches work with hardcoded values, there > are others that are much more general. Check the link of the ISC patch > for a description: > > http://www.isc.org/products/BIND/delegation-only.html This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. - -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE/aE23VYan35+NCKcRAsu1AKDTcrzQ664BAeERJjQ0gM/g/XEkdwCgrL7Z 0QCNqEsJooAzYP5oNtraSmU= =4xx8 -END PGP SIGNATURE-
Unidentified subject!
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: > On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: > > They've put a wildcard DNS entry for .com and .net to resolve to their > > product called "SiteFinder" which offers a IE/MSN like "Did you mean > > to type " services. > > > > So any domain that doesn't exist, or in the PENDING/DELETE states, or has > > no nameservers associated with it, now resolves. > > Ah, so what would happen if many thousands of people ran pings > and other things against nonexistant names? > Pings are being blocked AFAIK, but there are many ports open (mail for example). Best bet is to search the NANOG lists (www.nanog.org), whole lotta information and discussion about it there. Andy.
Re: OpenSSH
On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote: > > do you also provide the sources of your unofficial distribution? > I just uploaded them (http://debian.home-dn.net/woody/ssh/) apt-get source should work too -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: > They've put a wildcard DNS entry for .com and .net to resolve to their > product called "SiteFinder" which offers a IE/MSN like "Did you mean > to type " services. > > So any domain that doesn't exist, or in the PENDING/DELETE states, or has > no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names?
security updates vs. proposed-updates
Hi! Many people asked (in messages to [EMAIL PROTECTED]) how to get the security updates when there's a newer version of the package in question in proposed-updates, so I thought that posting this here could be useful. Here's the way I do it recently: Add (for every package you need) an entry like this into /etc/apt/preferences: Explanation: override stable-updates/stable-security desync Package: ssh Pin: release l=Debian-Security Pin-Priority: 1001 This seems to work better then othe suggested ways: - puting the package on hold (you need to override it when the security update is updated again) - removing proposed-updates from sources.list (2.4.x kernels from Herbert are there) Maybe this could be added to the security team FAQ? Disclaimer: I'm not a member of the security team. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 signature.asc Description: Digital signature
Re: OpenSSH
Emmanuel, > Emmanuel Lacour <[EMAIL PROTECTED]> [2003-09-17 12:33]: > > On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote: > > Hello, > > > > does anybody know, whether the chroot-patch will be included in future > > versions of the official ssh package? > > > > I maintain an unofficial at : > > deb http://debian.home-dn.net/woody ssh/ > > > (up to date with last security fix) do you also provide the sources of your unofficial distribution? Gruss, Lukas -- Lukas RufSwiss Federal Institute of Technology Office: ETZ-G61.2Computer Engineering and Networks Lab Fon: +41/1/632 7312 ETH Zentrum / Gloriastr. 35 / CH-8092 Zurich Fax: +41/1/632 1035 PGP: 6323 B9BC 9C8E 6563 B477 BADD FEA6 E6B7
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: > What precisely have they done? I'd not heard about > their latest idiocy... [EMAIL PROTECTED]:~$ dig verisign-go-fuck-yourself.com ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.2.2 <<>> verisign-go-fuck-yourself.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;verisign-go-fuck-yourself.com. IN A ;; ANSWER SECTION: verisign-go-fuck-yourself.com. 900 IN A 64.94.110.11 ;; AUTHORITY SECTION: com.116276 IN NS g.gtld-servers.net. com.116276 IN NS i.gtld-servers.net. com.116276 IN NS l.gtld-servers.net. com.116276 IN NS d.gtld-servers.net. com.116276 IN NS m.gtld-servers.net. com.116276 IN NS h.gtld-servers.net. com.116276 IN NS c.gtld-servers.net. com.116276 IN NS k.gtld-servers.net. com.116276 IN NS f.gtld-servers.net. com.116276 IN NS j.gtld-servers.net. com.116276 IN NS a.gtld-servers.net. com.116276 IN NS e.gtld-servers.net. com.116276 IN NS b.gtld-servers.net. ;; ADDITIONAL SECTION: g.gtld-servers.net. 116118 IN A 192.42.93.30 i.gtld-servers.net. 116118 IN A 192.43.172.30 l.gtld-servers.net. 116118 IN A 192.41.162.30 d.gtld-servers.net. 116118 IN A 192.31.80.30 m.gtld-servers.net. 116118 IN A 192.55.83.30 h.gtld-servers.net. 116118 IN A 192.54.112.30 c.gtld-servers.net. 116118 IN A 192.26.92.30 k.gtld-servers.net. 116118 IN A 192.52.178.30 f.gtld-servers.net. 116118 IN A 192.35.51.30 j.gtld-servers.net. 116118 IN A 192.48.79.30 a.gtld-servers.net. 115467 IN A 192.5.6.30 e.gtld-servers.net. 116118 IN A 192.12.94.30 b.gtld-servers.net. 116118 IN A 192.33.14.30 ;; Query time: 110 msec ;; SERVER: 62.4.16.70#53(62.4.16.70) ;; WHEN: Wed Sep 17 12:58:57 2003 ;; MSG SIZE rcvd: 495 -- "I have sampled every language, french is my favorite. Fantastic language, especially to curse with. Nom de dieu de putain de bordel de merde de saloperie de connard d'enculé de ta mère. It's like wiping your ass with silk! I love it." -- The Merovingian, in the Matrix Reloaded
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: > What precisely have they done? I'd not heard about > their latest idiocy... They have registered domains like http://www.islandone-is-bad.org to point to their own web site. (Note: the web site is overloaded and thus frequently doesn't work). HTH -- vbi -- Packages should build-depend on what they should build-depend. -- Santiago Vila on debian-devel pgpn2o3pf2IdC.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
> What precisely have they done? I'd not heard about > their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... -- Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: > What precisely have they done? I'd not heard about > their latest idiocy... > > [I note that I just got html mail from them about > a domain renewal... I just delete html mail > without reading.] They've put a wildcard DNS entry for .com and .net to resolve to their product called "SiteFinder" which offers a IE/MSN like "Did you mean to type " services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Andy.
Re: OpenSSH
> > does anybody know, whether the chroot-patch will be included in future > > versions of the official ssh package? thanks to Emmanuel Lacour, there is also a private repository with ssh+chroot for woody: http://debian.home-dn.net/woody/ssh/ Alexis Bory
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote: > Better to get Verisign to revoke this stupidity. After all, another TLD > did the same some time ago and the US government intervened, IIRC, to > get it changed back (.biz?). > host sdkljhsdlfkjsdfkljsdf.cc sdkljhsdlfkjsdfkljsdf.cc has address 206.253.214.102 So - no, it's not been changed back, at least in that case. But then, who uses .cc (except spammers). cheers -- vbi -- Turns out that grep returns error code 1 when there are no matches. I KNEW that. Why did it take me half an hour? -- Seen on #Debian pgpxeU6OrFoWK.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > While the "first generation" patches work with hardcoded values, there > are others that are much more general. Check the link of the ISC patch > for a description: > > http://www.isc.org/products/BIND/delegation-only.html This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. - -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE/aE23VYan35+NCKcRAsu1AKDTcrzQ664BAeERJjQ0gM/g/XEkdwCgrL7Z 0QCNqEsJooAzYP5oNtraSmU= =4xx8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... [I note that I just got html mail from them about a domain renewal... I just delete html mail without reading.] -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org --
Re: Debian + Verisign's .com/.net hijack
On 17 Sep 2003, Ronny Adsetts wrote: > Adding this *hard coded* value to an official Debian package that could > be around for a couple of years (in stable) would be foolish IMHO. I > haven't reviewed the patch, so may be wrong about the nature of it... > (anyone have a link for the patch?) While the "first generation" patches work with hardcoded values, there are others that are much more general. Check the link of the ISC patch for a description: http://www.isc.org/products/BIND/delegation-only.html Regards, Oliver
Re: OpenSSH
On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote: > Hello, > > does anybody know, whether the chroot-patch will be included in future > versions of the official ssh package? > I maintain an unofficial at : deb http://debian.home-dn.net/woody ssh/ (up to date with last security fix) -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com
RE: Debian + Verisign's .com/.net hijack
It is not hardcoded. A new configuration directive has been added, and it is completely up to the administrator to decide to use it. http://www.isc.org/products/BIND/delegation-only.html Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself > -Original Message- > From: Ronny Adsetts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 17, 2003 12:58 PM > To: Adrian von Bidder > Cc: debian-security@lists.debian.org > Subject: Re: Debian + Verisign's .com/.net hijack > > > Adrian von Bidder said the following on 17/09/03 10:11: > >> Patches for various dns servers to get back to the old behaviour of > >> the dns system have been published. For example, the ISC has just > >> released an "official" patch for BIND9. > >> > >> I wonder if there are plans to make security upgrades of the dns > >> servers shipped with Debian. Any comments? > > > > I for one would really, really, really like for this 'fix' > to appear > > soon. Maintaining hand compiled software is awkward - but I guess > > I'll do that quite soon. > > > > Adding this *hard coded* value to an official Debian package > that could > be around for a couple of years (in stable) would be foolish IMHO. I > haven't reviewed the patch, so may be wrong about the nature of it... > (anyone have a link for the patch?) > > Better to get Verisign to revoke this stupidity. After all, > another TLD > did the same some time ago and the US government intervened, IIRC, to > get it changed back (.biz?). > > Regards, > Ronny Adsetts > -- > Technical Director > Amazing Internet Ltd, London > t: +44 20 8607 9535 > f: +44 20 8607 9536 > w: www.amazinginternet.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
Re: Debian + Verisign's .com/.net hijack
Adrian von Bidder said the following on 17/09/03 10:11: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an "official" patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: > On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: > > They've put a wildcard DNS entry for .com and .net to resolve to their > > product called "SiteFinder" which offers a IE/MSN like "Did you mean > > to type " services. > > > > So any domain that doesn't exist, or in the PENDING/DELETE states, or has > > no nameservers associated with it, now resolves. > > Ah, so what would happen if many thousands of people ran pings > and other things against nonexistant names? > Pings are being blocked AFAIK, but there are many ports open (mail for example). Best bet is to search the NANOG lists (www.nanog.org), whole lotta information and discussion about it there. Andy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH
On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote: > > do you also provide the sources of your unofficial distribution? > I just uploaded them (http://debian.home-dn.net/woody/ssh/) apt-get source should work too -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: > They've put a wildcard DNS entry for .com and .net to resolve to their > product called "SiteFinder" which offers a IE/MSN like "Did you mean > to type " services. > > So any domain that doesn't exist, or in the PENDING/DELETE states, or has > no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH
Emmanuel, > Emmanuel Lacour <[EMAIL PROTECTED]> [2003-09-17 12:33]: > > On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote: > > Hello, > > > > does anybody know, whether the chroot-patch will be included in future > > versions of the official ssh package? > > > > I maintain an unofficial at : > > deb http://debian.home-dn.net/woody ssh/ > > > (up to date with last security fix) do you also provide the sources of your unofficial distribution? Gruss, Lukas -- Lukas RufSwiss Federal Institute of Technology Office: ETZ-G61.2Computer Engineering and Networks Lab Fon: +41/1/632 7312 ETH Zentrum / Gloriastr. 35 / CH-8092 Zurich Fax: +41/1/632 1035 PGP: 6323 B9BC 9C8E 6563 B477 BADD FEA6 E6B7 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: > What precisely have they done? I'd not heard about > their latest idiocy... [EMAIL PROTECTED]:~$ dig verisign-go-fuck-yourself.com ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.2.2 <<>> verisign-go-fuck-yourself.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;verisign-go-fuck-yourself.com. IN A ;; ANSWER SECTION: verisign-go-fuck-yourself.com. 900 IN A 64.94.110.11 ;; AUTHORITY SECTION: com.116276 IN NS g.gtld-servers.net. com.116276 IN NS i.gtld-servers.net. com.116276 IN NS l.gtld-servers.net. com.116276 IN NS d.gtld-servers.net. com.116276 IN NS m.gtld-servers.net. com.116276 IN NS h.gtld-servers.net. com.116276 IN NS c.gtld-servers.net. com.116276 IN NS k.gtld-servers.net. com.116276 IN NS f.gtld-servers.net. com.116276 IN NS j.gtld-servers.net. com.116276 IN NS a.gtld-servers.net. com.116276 IN NS e.gtld-servers.net. com.116276 IN NS b.gtld-servers.net. ;; ADDITIONAL SECTION: g.gtld-servers.net. 116118 IN A 192.42.93.30 i.gtld-servers.net. 116118 IN A 192.43.172.30 l.gtld-servers.net. 116118 IN A 192.41.162.30 d.gtld-servers.net. 116118 IN A 192.31.80.30 m.gtld-servers.net. 116118 IN A 192.55.83.30 h.gtld-servers.net. 116118 IN A 192.54.112.30 c.gtld-servers.net. 116118 IN A 192.26.92.30 k.gtld-servers.net. 116118 IN A 192.52.178.30 f.gtld-servers.net. 116118 IN A 192.35.51.30 j.gtld-servers.net. 116118 IN A 192.48.79.30 a.gtld-servers.net. 115467 IN A 192.5.6.30 e.gtld-servers.net. 116118 IN A 192.12.94.30 b.gtld-servers.net. 116118 IN A 192.33.14.30 ;; Query time: 110 msec ;; SERVER: 62.4.16.70#53(62.4.16.70) ;; WHEN: Wed Sep 17 12:58:57 2003 ;; MSG SIZE rcvd: 495 -- "I have sampled every language, french is my favorite. Fantastic language, especially to curse with. Nom de dieu de putain de bordel de merde de saloperie de connard d'enculé de ta mère. It's like wiping your ass with silk! I love it." -- The Merovingian, in the Matrix Reloaded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote: > Patches for various dns servers to get back to the old behaviour of the > dns system have been published. For example, the ISC has just released > an "official" patch for BIND9. > > I wonder if there are plans to make security upgrades of the dns servers > shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Greets -- vbi -- The prablem with Manoca is thot it's difficult ta tell the difference between o cauple af the letters. -- Jacob W. Haller on alt.religion.kibology pgpE4Dt5hCpNW.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: > What precisely have they done? I'd not heard about > their latest idiocy... They have registered domains like http://www.islandone-is-bad.org to point to their own web site. (Note: the web site is overloaded and thus frequently doesn't work). HTH -- vbi -- Packages should build-depend on what they should build-depend. -- Santiago Vila on debian-devel pgp0.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
> What precisely have they done? I'd not heard about > their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... -- Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: > What precisely have they done? I'd not heard about > their latest idiocy... > > [I note that I just got html mail from them about > a domain renewal... I just delete html mail > without reading.] They've put a wildcard DNS entry for .com and .net to resolve to their product called "SiteFinder" which offers a IE/MSN like "Did you mean to type " services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Andy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH
> > does anybody know, whether the chroot-patch will be included in future > > versions of the official ssh package? thanks to Emmanuel Lacour, there is also a private repository with ssh+chroot for woody: http://debian.home-dn.net/woody/ssh/ Alexis Bory -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote: > Better to get Verisign to revoke this stupidity. After all, another TLD > did the same some time ago and the US government intervened, IIRC, to > get it changed back (.biz?). > host sdkljhsdlfkjsdfkljsdf.cc sdkljhsdlfkjsdfkljsdf.cc has address 206.253.214.102 So - no, it's not been changed back, at least in that case. But then, who uses .cc (except spammers). cheers -- vbi -- Turns out that grep returns error code 1 when there are no matches. I KNEW that. Why did it take me half an hour? -- Seen on #Debian pgp0.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... [I note that I just got html mail from them about a domain renewal... I just delete html mail without reading.] -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian + Verisign's .com/.net hijack
Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an "official" patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? Regards, Oliver
Re: Debian + Verisign's .com/.net hijack
On 17 Sep 2003, Ronny Adsetts wrote: > Adding this *hard coded* value to an official Debian package that could > be around for a couple of years (in stable) would be foolish IMHO. I > haven't reviewed the patch, so may be wrong about the nature of it... > (anyone have a link for the patch?) While the "first generation" patches work with hardcoded values, there are others that are much more general. Check the link of the ISC patch for a description: http://www.isc.org/products/BIND/delegation-only.html Regards, Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH
On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote: > Hello, > > does anybody know, whether the chroot-patch will be included in future > versions of the official ssh package? > I maintain an unofficial at : deb http://debian.home-dn.net/woody ssh/ (up to date with last security fix) -- Emmanuel Lacour Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Debian + Verisign's .com/.net hijack
It is not hardcoded. A new configuration directive has been added, and it is completely up to the administrator to decide to use it. http://www.isc.org/products/BIND/delegation-only.html Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself > -Original Message- > From: Ronny Adsetts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 17, 2003 12:58 PM > To: Adrian von Bidder > Cc: [EMAIL PROTECTED] > Subject: Re: Debian + Verisign's .com/.net hijack > > > Adrian von Bidder said the following on 17/09/03 10:11: > >> Patches for various dns servers to get back to the old behaviour of > >> the dns system have been published. For example, the ISC has just > >> released an "official" patch for BIND9. > >> > >> I wonder if there are plans to make security upgrades of the dns > >> servers shipped with Debian. Any comments? > > > > I for one would really, really, really like for this 'fix' > to appear > > soon. Maintaining hand compiled software is awkward - but I guess > > I'll do that quite soon. > > > > Adding this *hard coded* value to an official Debian package > that could > be around for a couple of years (in stable) would be foolish IMHO. I > haven't reviewed the patch, so may be wrong about the nature of it... > (anyone have a link for the patch?) > > Better to get Verisign to revoke this stupidity. After all, > another TLD > did the same some time ago and the US government intervened, IIRC, to > get it changed back (.biz?). > > Regards, > Ronny Adsetts > -- > Technical Director > Amazing Internet Ltd, London > t: +44 20 8607 9535 > f: +44 20 8607 9536 > w: www.amazinginternet.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Adrian von Bidder said the following on 17/09/03 10:11: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an "official" patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH Update for Potato?
* Shane Machon ([EMAIL PROTECTED]) [030917 06:50]: > On a more general note, is potato still supported by the Security Team? No. There was a notice sometimes ago. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Re: [d-security] Re: ssh vulnerability in the wild
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote: > I note: > http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb > http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb > http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb > > ...and would guess they're built from upstream's v. 3.7.1. > > (The two latter arrived within the last fifteen minutes.) openssh (1:3.6.1p2-8) unstable; urgency=high * Merge more buffer allocation fixes from new upstream version 3.7.1p1 (closes: #211324). Still waiting for a similar version on security.debian.org, for Woody. -- Regards Birzan George Cristian pgpl5xM3j0rlI.pgp Description: PGP signature
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote: > Patches for various dns servers to get back to the old behaviour of the > dns system have been published. For example, the ISC has just released > an "official" patch for BIND9. > > I wonder if there are plans to make security upgrades of the dns servers > shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Greets -- vbi -- The prablem with Manoca is thot it's difficult ta tell the difference between o cauple af the letters. -- Jacob W. Haller on alt.religion.kibology pgp0.pgp Description: signature
Unidentified subject!
To,Digital Brand Manager,clear express web support,from: [EMAIL PROTECTED]Dear brother Christ,common Name:Peyyala PhillipOrganisation Name:Mr&Mrs Peyyala Phillip marys ministries we have already rigistered delphi advanced mail registration membership option 3 paid US $15 to delphi forms LLC.USA dated 22-07-2003.if our check process within 3weeks in delphi clearence but no process no payment and also site of www.verisign.com/compref if your profile changes published.your request will be processed in fourty eight hours but no process no payment.Please kindly request account changes information and our server id and digital id(Certificate order) and lists and payment informations.our payment very late. please kindly request immediately to our Email. Thanking You Sir, P.Phillip Yahoo! India Matrimony: Find your partner online. Post your profile.
Re: [d-security] Re: ssh vulnerability in the wild
Quoting Jan Niehusmann ([EMAIL PROTECTED]): > So I guess we all have to upgrade again. Didn't see packages with > patches derived from 3.7.1, yet. I note: http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb ...and would guess they're built from upstream's v. 3.7.1. (The two latter arrived within the last fifteen minutes.) -- Cheers, Founding member of the Hyphenation Society, a grassroots-based, Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed, [EMAIL PROTECTED] modern-American-English-usage-improvement association.
Re: [d-security] Re: ssh vulnerability in the wild
On Tuesday 16 September 2003 22:30, Rich Puhek wrote: [mix stable/testing/unstable] This is what I usually do - and usually, it works quite fine. Right now, though, I've been pulling in more and more from testing/unstable since some things depend on the new glibc, and some other things randomly break when used with the new glibc, so I've had to upgrade those things, which in turn depend on foo, which... I expect once the libc/gcc issues have settled down it should be a bit better - but I now run quite a bit a sarge system already, so security support for many things is non-existant for me. Thankfully, ssh/stable seems to work fine with libc6/unstable. Greets -- vbi -- featured product: GNU Privacy Guard - http://gnupg.org pgpClNjzn6LF1.pgp Description: signature
Re: [d-security] Re: ssh vulnerability in the wild
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote: > According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists > the only not vulnerable version as 3.7.1. In my mind, that means the ssh > version on security.debian.org right now is _STILL_ vulnerable. I'm not > a security expert, nor do I have time to actually see if that's true, > so, I'm asking the list if anyone can confirm/deny that. Yes, it seems like OpenSSH 3.7.1 appeared quickly after 3.7 (or 3.7 didn't really appear at all?) and fixed additional security bugs. The first debian patches did only contain patches from 3.7, not from 3.7.1, so ssh is still vulnerable. (But I did not check if all these vulnerabilities affect both woody and sid) So I guess we all have to upgrade again. Didn't see packages with patches derrived from 3.7.1, yet. Jan signature.asc Description: Digital signature
ssh v2 hostbased authentication after woody security upgrade
Hi all! After the woody security fix of ssh (new version 3.4p1-1.1) we cannot use HostBased Authentication for SSH V.2. There was no change in the configuration files or the host keys, besides, interestingly the /etc/ssh/ssh_host_key (responsible for V.1 authentication, thus uninteresing for my problem I guess) has a newer timestamp, while the corresponding .pub file has not changed at all. We have on both ssh ends the followng permission (in /etc/ssh) -rw---1 root root 672 Feb 2 2002 ssh_host_dsa_key -rw-r--r--1 root root 600 Feb 2 2002 ssh_host_dsa_key.pub -rw---1 root root 883 Feb 2 2002 ssh_host_rsa_key -rw-r--r--1 root root 220 Feb 2 2002 ssh_host_rsa_key.pub in sshd_config: HostbasedAuthentication yes in ssh_config: Host * Protocol 2,1 HostbasedAuthentication yes ssh-keysign is setuid root: -rwsr-xr-x1 root root 151496 Sep 16 13:33 /usr/lib/ssh-keysign So I do not understand what is going on. The only thing I found in the log files is: sshd[26845]: error: ssh_rsa_verify: RSA_verify failed: error:0A071003:lib(10):func(113):reason(3) sshd[26847]: error: ssh_rsa_verify: RSA_verify failed: error:0A071003:lib(10):func(113):reason(3) sshd[26847]: Failed password for user from AAA.BBB.CCC.DDD port 1028 ssh2 I started the server with LogLevel DEBUG3 and this is what I got: sshd[5432]: debug1: Bind to port 22 on 0.0.0.0. sshd[5432]: Server listening on 0.0.0.0 port 22. sshd[5432]: Generating 768 bit RSA key. sshd[5432]: RSA key generation complete. sshd[5440]: Connection from AAA.BBB.CCC.DDD port 3894 sshd[5432]: debug1: Forked child 5440. sshd[5440]: debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 Debian 1:3.4p1-1.1 sshd[5440]: debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.1 pat OpenSSH* sshd[5440]: Enabling compatibility mode for protocol 2.0 sshd[5440]: debug1: Local version string SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-1.1 sshd[5440]: debug2: Network child is on pid 5441 sshd[5440]: debug3: preauth child monitor started sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 0 sshd[5440]: debug3: mm_answer_moduli: got parameters: 1024 2048 8192 sshd[5440]: debug3: mm_request_send entering: type 1 sshd[5440]: debug2: monitor_read: 0 used once, disabling now sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 4 sshd[5440]: debug3: mm_answer_sign sshd[5440]: debug3: mm_answer_sign: signature 0x8095650(143) sshd[5440]: debug3: mm_request_send entering: type 5 sshd[5440]: debug2: monitor_read: 4 used once, disabling now sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 6 sshd[5440]: debug3: mm_answer_pwnamallow sshd[5440]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 sshd[5440]: debug3: mm_request_send entering: type 7 sshd[5440]: debug2: monitor_read: 6 used once, disabling now sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 37 sshd[5440]: debug1: Starting up PAM with username "user" sshd[5440]: debug3: Trying to reverse map address AAA.BBB.CCC.DDD. sshd[5440]: debug1: PAM setting rhost to "origin.mydomain.foo" sshd[5440]: debug2: monitor_read: 37 used once, disabling now sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 3 sshd[5440]: debug3: mm_answer_authserv: service=ssh-connection, style= sshd[5440]: debug2: monitor_read: 3 used once, disabling now sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 10 sshd[5440]: debug3: mm_answer_authpassword: sending result 0 sshd[5440]: debug3: mm_request_send entering: type 11 sshd[5440]: Failed none for user from AAA.BBB.CCC.DDD port 3894 ssh2 sshd[5440]: debug3: mm_request_receive entering sshd[5440]: debug3: monitor_read: checking request 20 sshd[5440]: debug3: mm_answer_keyallowed entering sshd[5440]: debug3: mm_answer_keyallowed: key_from_blob: 0x809fd20 sshd[5440]: debug2: userauth_hostbased: chost origin.mydomain.foo. resolvedname origin.mydomain.foo ipaddr AAA.BBB.CCC.DDD sshd[5440]: debug2: stripping trailing dot from chost origin.mydomain.foo. sshd[5440]: debug2: auth_rhosts2: clientuser user hostname origin.mydomain.foo ipaddr AAA.BBB.CCC.DDD sshd[5440]: debug1: temporarily_use_uid: 1045/1000 (e=0) sshd[5440]: debug1: restore_uid sshd[5440]: debug2: userauth_hostbased: access allowed by auth_rhosts2 sshd[5440]: debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts sshd[5440]: debug3: key_read: type mismatch OK here we start with host based authentication: sshd[5440]: debug3: check_host_in_hostfile: match line 18 sshd[5440]: debug2: check_key_in_hostfiles: key ok for origin.mydomain.foo Found the right key sshd[5440]: debug3: mm_answer_keyallowed: key 0x809fd20 is allowed sshd[5440]: debug3: mm_app
Debian + Verisign's .com/.net hijack
Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an "official" patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? Regards, Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [d-security] Re: ssh vulnerability in the wild
On Tue, Sep 16, 2003 at 09:51:43PM +0200, Matthias Merz wrote: > So only one problem remains: The version in woody-proposed-updates is > 1:3.4p1-1.woody.1 which is "newer" than the patched version. So I had to > manually "downgrade" my proposed-updates-version to get the fix. > (apt-get dist-upgrade didn't show any packages to upgrade) > When will there be a "new" version in proposed-updates for apt-getting > the fix? This will be sorted out soon: I believe the next version in security will include the changes in proposed-updates and so will have a higher version number. -- Colin Watson [EMAIL PROTECTED]
Re: [d-security] Re: ssh vulnerability in the wild
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote: > On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote: > > The new version has already been installed. This was quick. Good work, > > security team. > > > > openssh (1:3.4p1-1.1) stable-security; urgency=high > > > > * NMU by the security team. > > * Merge patch from OpenBSD to fix a security problem in buffer handling > > > > -- Wichert Akkerman <[EMAIL PROTECTED]> Tue, 16 Sep 2003 13:06:31 +0200 > > Is 3.6.1p2-3 vulnerable? For those of us who want security, must we > downgrade to 3.4p1-1.1 or build from source after patching by hand? Or > will this security fix be applied to sarge as well? It's not routine practice, but assuming glibc doesn't suddenly get fixed in the next couple of days, I expect to upload a fixed openssh to testing-proposed-updates once the dust settles. That should be able to get into testing fairly quickly. -- Colin Watson [EMAIL PROTECTED]
Re: SSH Update for Potato?
* Shane Machon ([EMAIL PROTECTED]) [030917 06:50]: > On a more general note, is potato still supported by the Security Team? No. There was a notice sometimes ago. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [d-security] Re: ssh vulnerability in the wild
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote: > I note: > http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb > http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb > http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb > > ...and would guess they're built from upstream's v. 3.7.1. > > (The two latter arrived within the last fifteen minutes.) openssh (1:3.6.1p2-8) unstable; urgency=high * Merge more buffer allocation fixes from new upstream version 3.7.1p1 (closes: #211324). Still waiting for a similar version on security.debian.org, for Woody. -- Regards Birzan George Cristian pgp0.pgp Description: PGP signature
Re: [d-security] Re: ssh vulnerability in the wild
On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote: > The new version has already been installed. This was quick. Good work, > security team. > > openssh (1:3.4p1-1.1) stable-security; urgency=high > > * NMU by the security team. > * Merge patch from OpenBSD to fix a security problem in buffer handling > > -- Wichert Akkerman <[EMAIL PROTECTED]> Tue, 16 Sep 2003 13:06:31 +0200 According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists the only not vulnerable version as 3.7.1. In my mind, that means the ssh version on security.debian.org right now is _STILL_ vulnerable. I'm not a security expert, nor do I have time to actually see if that's true, so, I'm asking the list if anyone can confirm/deny that. -- Regards Birzan George Cristian pgpu1uixft7Pe.pgp Description: PGP signature
Unidentified subject!
To,Digital Brand Manager,clear express web support,from: [EMAIL PROTECTED]Dear brother Christ,common Name:Peyyala PhillipOrganisation Name:Mr&Mrs Peyyala Phillip marys ministries we have already rigistered delphi advanced mail registration membership option 3 paid US $15 to delphi forms LLC.USA dated 22-07-2003.if our check process within 3weeks in delphi clearence but no process no payment and also site of www.verisign.com/compref if your profile changes published.your request will be processed in fourty eight hours but no process no payment.Please kindly request account changes information and our server id and digital id(Certificate order) and lists and payment informations.our payment very late. please kindly request immediately to our Email. Thanking You Sir, P.Phillip Yahoo! India Matrimony: Find your partner online. Post your profile.
Re: [d-security] Re: ssh vulnerability in the wild
Quoting Jan Niehusmann ([EMAIL PROTECTED]): > So I guess we all have to upgrade again. Didn't see packages with > patches derived from 3.7.1, yet. I note: http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb ...and would guess they're built from upstream's v. 3.7.1. (The two latter arrived within the last fifteen minutes.) -- Cheers, Founding member of the Hyphenation Society, a grassroots-based, Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed, [EMAIL PROTECTED] modern-American-English-usage-improvement association. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [d-security] Re: ssh vulnerability in the wild
On Tuesday 16 September 2003 22:30, Rich Puhek wrote: [mix stable/testing/unstable] This is what I usually do - and usually, it works quite fine. Right now, though, I've been pulling in more and more from testing/unstable since some things depend on the new glibc, and some other things randomly break when used with the new glibc, so I've had to upgrade those things, which in turn depend on foo, which... I expect once the libc/gcc issues have settled down it should be a bit better - but I now run quite a bit a sarge system already, so security support for many things is non-existant for me. Thankfully, ssh/stable seems to work fine with libc6/unstable. Greets -- vbi -- featured product: GNU Privacy Guard - http://gnupg.org pgp0.pgp Description: signature
Re: [d-security] Re: ssh vulnerability in the wild
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote: > According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists > the only not vulnerable version as 3.7.1. In my mind, that means the ssh > version on security.debian.org right now is _STILL_ vulnerable. I'm not > a security expert, nor do I have time to actually see if that's true, > so, I'm asking the list if anyone can confirm/deny that. Yes, it seems like OpenSSH 3.7.1 appeared quickly after 3.7 (or 3.7 didn't really appear at all?) and fixed additional security bugs. The first debian patches did only contain patches from 3.7, not from 3.7.1, so ssh is still vulnerable. (But I did not check if all these vulnerabilities affect both woody and sid) So I guess we all have to upgrade again. Didn't see packages with patches derrived from 3.7.1, yet. Jan signature.asc Description: Digital signature