Le lun 06/01/2003 à 15:53, Mike Renfro a écrit :
Security mirrors should only be for local use, to help keep people
from unknowingly using outdated mirrors. Also, fmirror isn't nearly as
bandwidth-friendly as rsync, but I'm not aware of any rsync capability
on the security site.
It's
FYI
Cheers,
Domonkos Czinke
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Sent: Sunday, January 05, 2003 4:37 AM
Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
-BEGIN PGP SIGNED MESSAGE-
On Mon, 2003-01-06 at 18:44, Domonkos Czinke wrote:
FYI
Note:
Before the SSH server is actually executed, the sshd_config file should
be modified in order to enable PAM (PAMAuthenticationViaKbdInt yes).
and
you can prevent privilege escalation if you enable
UsePrivilegeSeparation in
Hi,
Johannes Verelst wrote:
Summarized, this exploit only works if you have in your sshd_config:
PAMAuthenticationViaKbdInt yes
UsePrivilegeSeparation no
The default values for both my unstable and stable debian boxes appear
to be:
PAMAuthenticationViaKbdInt
On 2003.01.06, Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Sent: Sunday, January 05, 2003 4:37 AM
OK people. I'm not sure that I had reason to do it - you will tell me. I
wrote a script for chrooting applications (FOR DEBIAN ONLY). You can
find it:
http://joker.hansabank.lt/mkchroot
I tried to chroot perl, apache, libapache-mod-ssl. I think it should
chroot php4 and phplib.
CGI runs as on
Date: Sat, 4 Jan 2003 20:43:10 -0600
From: Mike Renfro [EMAIL PROTECTED]
Cc: debian-security@lists.debian.org
On Sat, Jan 04, 2003 at 05:20:46PM -0500, [EMAIL PROTECTED] wrote:
Hi. I'm doing a fresh Woody installation, and I want it to include
a reasonably current set of
On Mon, Jan 06, 2003 at 10:37:56AM -0500, [EMAIL PROTECTED] wrote:
2) Set up a private ftp/http mirror of security.debian.org and update
the system from there before connecting it to the internet...
Yes, this is what I would like to do, but I'm not clear on the
mechanics of doing
Le lun 06/01/2003 à 15:53, Mike Renfro a écrit :
Security mirrors should only be for local use, to help keep people
from unknowingly using outdated mirrors. Also, fmirror isn't nearly as
bandwidth-friendly as rsync, but I'm not aware of any rsync capability
on the security site.
It's
FYI
Cheers,
Domonkos Czinke
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: bugtraq@securityfocus.com mailto:bugtraq@securityfocus.com
Sent: Sunday, January 05, 2003 4:37 AM
Subject: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS
-BEGIN PGP SIGNED
On Mon, 2003-01-06 at 18:44, Domonkos Czinke wrote:
FYI
Note:
Before the SSH server is actually executed, the sshd_config file should
be modified in order to enable PAM (PAMAuthenticationViaKbdInt yes).
and
you can prevent privilege escalation if you enable
UsePrivilegeSeparation in
On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: bugtraq@securityfocus.com mailto:bugtraq@securityfocus.com
Sent: Sunday, January 05, 2003 4:37 AM
Subject: OPENSSH REMOTE ROOT COMPROMISE ALL
On Mon, 2003-01-06 at 21:06, Phillip Hofmeister wrote:
On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: bugtraq@securityfocus.com mailto:bugtraq@securityfocus.com
Sent: Sunday, January 05,
On 2003.01.06, Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Mon, 06 Jan 2003 at 06:44:17PM +0100, Domonkos Czinke wrote:
- Original Message -
From: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: bugtraq@securityfocus.com mailto:bugtraq@securityfocus.com
Sent: Sunday, January
On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote:
2) Set up a private ftp/http mirror of security.debian.org and update
the system from there before connecting it to the internet...
Yes, this is what I would like to do, but I'm not clear on the
mechanics of doing it. Does any
* John Morton [EMAIL PROTECTED] [20030106 23:53]:
On Tue, 07 Jan 2003 04:37, [EMAIL PROTECTED] wrote:
2) Set up a private ftp/http mirror of security.debian.org and update
the system from there before connecting it to the internet...
Yes, this is what I would like to do, but I'm
16 matches
Mail list logo