A Saturday 07 December 2002 2:37, David B Harris va escriure:
On Sat, 7 Dec 2002 01:09:59 +0100
Albert Cervera Areny [EMAIL PROTECTED] wrote:
So it isn't really that the hole system runs 8% slower. Sorry for my
first explanation... Now I think it is an overhead which is afordable
seeing
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
work for redundantcy, Are there Debian white papers on how to do this
On Sat, Dec 07, 2002 at 01:51:11PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
IIRC important new versions of existing packages are allowed into
point releases, so maybe Woody's main Snort engine binary packages can
be updated when 3.0r1 happens.
That won't happen sorry. That's
Hi all,
Inspired by a recent thread on this list I decided to set up a
mailserver with pop3 access over ssl. It's working now, but I'd
appreciate some comments on its security. My setup is as follows:
- I'm using stunnel+popa3d for pop3-ssl
(/usr/sbin/stunnel -d pop3s -p
On Sat, Dec 07, 2002 at 09:45:30AM -0600, Daniel Rychlik wrote:
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
Ted Cabeen [EMAIL PROTECTED] writes:
If we disregarded software that has had problems in the
past, sendmail would be dead and buried by now.
s/would/should
I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendmail
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
On Sat, Dec 07, 2002 at 04:39:54PM -0500, Christopher W. Curtis
[EMAIL PROTECTED] wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
salt+password? I can't use 'passwd' to update popa3d's auth files, so
I need to generate them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and prepare a fix.
I informed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
I would agree giving anyone else the posibility of reading the passwords of
your upstream-newsserver wont be a good idea :)
That should be definetifly fixed.
Thanks for your answer. As Javi suggested I have informed the
Marcus Frings wrote:
I informed the security team by mail just a few seconds ago and I will
generate a bugreport for suck now. Thanks for your help.
I noticed that this bug has already been reported by Martin Helas:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Regards,
Marcus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings [EMAIL PROTECTED] [021208 01:32]:
Martin Helas wrote:
I would agree giving anyone else the posibility of reading the passwords of
your upstream-newsserver wont be a good idea :)
That should be definetifly fixed.
Thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
I have allready reported a bug and filed a patch against this bug.
look at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Yes, I saw your report a few minutes ago when I searched for already
known bug reports for
oops, wrong address.
-- Forwarded message --
Date: Wed, 4 Dec 2002 08:06:00 -0600 (CST)
From: Drew Scott Daniels [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: exploit for (Debian's?) pfinger
I found an exploit on Packetstorm described as Pfinger v0.7.8 and below
local root
A Saturday 07 December 2002 2:37, David B Harris va escriure:
On Sat, 7 Dec 2002 01:09:59 +0100
Albert Cervera Areny [EMAIL PROTECTED] wrote:
So it isn't really that the hole system runs 8% slower. Sorry for my
first explanation... Now I think it is an overhead which is afordable
seeing
On Sat, Dec 07, 2002 at 02:46:01AM +, Nick Boyce wrote:
I'd suggest maybe a note about V1.8.4 being useless should be added
to http://packages.debian.org/stable/net/snort.html, along with some
advice about getting signature updates (i.e. roll your own).
Why not file a bug?
IIRC
On Sat, Dec 07, 2002 at 12:52:02AM +0100, Marcus Frings wrote:
Any comments concerning this are very welcome.
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
work for redundantcy, Are there Debian white papers on how to do this
On Sat, Dec 07, 2002 at 01:51:11PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
IIRC important new versions of existing packages are allowed into
point releases, so maybe Woody's main Snort engine binary packages can
be updated when 3.0r1 happens.
That won't happen sorry. That's
Hi all,
Inspired by a recent thread on this list I decided to set up a
mailserver with pop3 access over ssl. It's working now, but I'd
appreciate some comments on its security. My setup is as follows:
- I'm using stunnel+popa3d for pop3-ssl
(/usr/sbin/stunnel -d pop3s -p
On Sat, Dec 07, 2002 at 09:45:30AM -0600, Daniel Rychlik wrote:
I attempted to setup my cd read write so that I could do backups, and I hosed
my Debian server. You know, kernel panic well I passed some init
options and I got it back up. I still would like to get my cd readwrite to
Ted Cabeen [EMAIL PROTECTED] writes:
If we disregarded software that has had problems in the
past, sendmail would be dead and buried by now.
s/would/should
I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendmail
On 12/07/02 12:54, Tim van Erven wrote:
[much stuff I didn't read]
/etc/virtualusers just contains the names of the virtual users I want
to allow.
- The current permissions for the mailboxes
/home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:
-rw-rw1 mail mail
On Sat, Dec 07, 2002 at 04:39:54PM -0500, Christopher W. Curtis [EMAIL
PROTECTED] wrote:
On 12/07/02 12:54, Tim van Erven wrote:
2) How are the passwordhashes in /etc/shadow generated from the
salt+password? I can't use 'passwd' to update popa3d's auth files, so
I need to generate them
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
Please file and appropiate bug against the package (the maintainer
needs not read this list) and contact the security team
([EMAIL PROTECTED]) so they can evaluate this and prepare a fix.
I informed
Marcus Frings wrote:
I informed the security team by mail just a few seconds ago and I will
generate a bugreport for suck now. Thanks for your help.
I noticed that this bug has already been reported by Martin Helas:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Regards,
Marcus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings [EMAIL PROTECTED] [021208 01:32]:
Martin Helas wrote:
I would agree giving anyone else the posibility of reading the passwords of
your upstream-newsserver wont be a good idea :)
That should be definetifly fixed.
Thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Helas wrote:
I have allready reported a bug and filed a patch against this bug.
look at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172126
Yes, I saw your report a few minutes ago when I searched for already
known bug reports for
oops, wrong address.
-- Forwarded message --
Date: Wed, 4 Dec 2002 08:06:00 -0600 (CST)
From: Drew Scott Daniels [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: exploit for (Debian's?) pfinger
I found an exploit on Packetstorm described as Pfinger v0.7.8 and below
local root
29 matches
Mail list logo
