-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 309-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 6th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 313-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 315-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 316-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 316-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 317-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 11th, 2003
On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit
On Wed, 11 Jun 2003, Celso González wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate partition with the noexec flag in fstab
This will disable most of the trojans
Sorry to delude you, but browse the
On 11 Jun 2003 at 6:59, Reckhard, Tobias wrote:
On Tue, Jun 10, Stefan Neufeind wrote:
I'm using a 128-bit-cert.
You're using an X.509 certificate. The grade of symmetric encryption
negotiated between browser and web server is (at least in theory)
independent of the certificate.
But
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate
While I agree with your observation I feel compelled to
defend his point.
He said mounting /tmp will stop MOST Trojans. While it might
not stop a trojan planted by a person, it will stop a trojan
planted by a worm (which is what this thread is about) since
the author of the worm might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
I use it and am very happy with it. If I trust archives from this list, I am
not
the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve
Hello all.
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
flip-flops, or it does not send mails for these ?
On Wed, 11 Jun 2003, Jacques Foury wrote:
Date: Wed, 11 Jun 2003 17:50:14 +0200
From: Jacques Foury [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: arpwatch exclusion ?
Resent-Date: Wed, 11 Jun 2003 11:10:48 -0500 (CDT)
Resent-From: [EMAIL PROTECTED]
Hello all.
I am using arpwatch,
Martynas Domarkas wrote:
Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.
Martynas:
three people now have given you advice on how to fix your problem
three different ways. Apache doesn't have this behaviour: in fact, the
apache foundation suggests you use
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit:
Vinai == Vinai Kopp [EMAIL PROTECTED] writes:
[...]
Vinai There seem to be problems using both the grsecurity and the
Vinai freeswan patches (at least I haven't been successfull applying
Vinai the patches - I tried the debian
In article [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
http://packetstorm.linuxsecurity.com/filedesc/atftpdx.c.html says: Proof
of concept remote root exploit for atftpd version 0.6. Makes use of the
filename overflow found by Rick Patel. Related post here. Tested against
Debian 3.0. By gunzip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK, I have been seeing lots of people on this list recommend using the
grsecurity kernel patch. Now I want to give it a go, but I see that
there is also a lsm patch and I also remember lids being recommended in
the past by others.
I would like to
Hi,
just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the stock debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
cite
Mandrake Linux
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the stock debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
See DSA 311-1 at
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Regards,
William
On Tue, 10 Jun 2003, Dale Amon wrote:
Just ran across an interesting prob, wondered if
anyone else has seen it. I added a repeating entry
to /etc/cron.d/foo that ran
On Thu, Jun 12, 2003 at 11:55:00AM +1000, William Law wrote:
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Yeah, I'd checked everything. Just didn't account for pure
blind bad luck chance :-)
(you probably read my second post by
On Tue, Jun 10, Stefan Neufeind wrote:
I'm using a 128-bit-cert.
You're using an X.509 certificate. The grade of symmetric encryption
negotiated between browser and web server is (at least in theory)
independent of the certificate.
But browsers that support less encryption
(e.g. IE that
On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit
On Wed, 11 Jun 2003, Celso González wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate partition with the noexec flag in fstab
This will disable most of the trojans
Sorry to delude you, but browse the
On 11 Jun 2003 at 6:59, Reckhard, Tobias wrote:
On Tue, Jun 10, Stefan Neufeind wrote:
I'm using a 128-bit-cert.
You're using an X.509 certificate. The grade of symmetric encryption
negotiated between browser and web server is (at least in theory)
independent of the certificate.
But
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate
On Wed, 11 Jun 2003, Phillip Hofmeister wrote:
While I agree with your observation I feel compelled to defend his
point.
He said mounting /tmp will stop MOST Trojans. While it might not stop a
trojan planted by a person, it will stop a trojan planted by a worm
(which is what this thread is
While I agree with your observation I feel compelled to
defend his point.
He said mounting /tmp will stop MOST Trojans. While it might
not stop a trojan planted by a person, it will stop a trojan
planted by a worm (which is what this thread is about) since
the author of the worm might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
I use it and am very happy with it. If I trust archives from this list, I am
not
the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve
Hello all.
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
flip-flops, or it does not send mails for these
On Wed, 11 Jun 2003, Jacques Foury wrote:
Date: Wed, 11 Jun 2003 17:50:14 +0200
From: Jacques Foury [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Subject: arpwatch exclusion ?
Resent-Date: Wed, 11 Jun 2003 11:10:48 -0500 (CDT)
Resent-From: debian-security@lists.debian.org
Hello
Martynas Domarkas wrote:
Yes, of course. But in this case I will invoke rotatelogs... I don't
like it.
Martynas:
three people now have given you advice on how to fix your problem
three different ways. Apache doesn't have this behaviour: in fact, the
apache foundation suggests you use
Le jeu, Jun 05, 2003 a 21:50:33 -0400, Hubert Chan a écrit:
Vinai == Vinai Kopp [EMAIL PROTECTED] writes:
[...]
Vinai There seem to be problems using both the grsecurity and the
Vinai freeswan patches (at least I haven't been successfull applying
Vinai the patches - I tried the debian
In article [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
I am using arpwatch, but I use a few machines with 2 ethernet cards, and
they often flip-flop... As I know them, I want to exclude the flip-flop
mails from my mailbox...
How could I tune arpwatch so that it does not listen to those
http://packetstorm.linuxsecurity.com/filedesc/atftpdx.c.html says: Proof
of concept remote root exploit for atftpd version 0.6. Makes use of the
filename overflow found by Rick Patel. Related post here. Tested against
Debian 3.0. By gunzip
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK, I have been seeing lots of people on this list recommend using the
grsecurity kernel patch. Now I want to give it a go, but I see that
there is also a lsm patch and I also remember lids being recommended in
the past by others.
I would like to
Hi,
just got an announcement from the mandrake security list.
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the stock debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
cite
Mandrake Linux
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
Could please someone of the people with a deeper knowledge explain, if
the mentioned issues are addressed in one of the stock debian
kernels or if I have to get the sources from kernel.org and patch it
myself?
See DSA 311-1 at
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Regards,
William
On Tue, 10 Jun 2003, Dale Amon wrote:
Just ran across an interesting prob, wondered if
anyone else has seen it. I added a repeating entry
to /etc/cron.d/foo that ran
On Thu, Jun 12, 2003 at 11:55:00AM +1000, William Law wrote:
Have you tried checking the root crontab? not a normal place to put stuff,
but worth checking out anyway...
Yeah, I'd checked everything. Just didn't account for pure
blind bad luck chance :-)
(you probably read my second post by
44 matches
Mail list logo