-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 407-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 409-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 410-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004
I have been using tiger for nearly a year. Several months ago, a new
test was added in:
/usr/lib/tiger/scripts/check_finddeleted
Since then, several of my servers are flooded with alerts like this:
NEW: --FAIL-- [kis011f] Server [apache] (pid 31863) is using deleted files
Yes, I know
Quoting Marcel Weber ([EMAIL PROTECTED]):
But what made me shudder was this: In the /tmp folder I found these files:
drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
drwx-- 2 root root 48 Aug 11
Emmanuel Lacour wrote:
It's a gzip file of the perl modules available from CPAN...
Try zcat your_file
Thanks! I counter checked and indeed I upgraded perl to 5.8.0 on the
same date these suspicious directories have. In this case everything
should be fine. The env and netstat were false
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Patch:
http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]
/Thomas
--
Quoting Marcel Weber ([EMAIL PROTECTED]):
[Snip explanation for suspicious directories, which sadly doesn't
suffice to imply the more general conclusion]
In this case everything should be fine.
Actually, you don't know that.
I just thought I'd mention that fact, to add an extra frisson of
On Monday 05 January 2004 15:50, Thomas Sjögren wrote:
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Incoming from Rick Moen:
Quoting Marcel Weber ([EMAIL PROTECTED]):
But what made me shudder was this: In the /tmp folder I found these files:
drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
drwx-- 2
Hi,
Ricardo Kustner wrote:
Yeah I just finished updating my first server of many ;-)
BTW even though not all mirrors are updated yet, you can get a patch from
www.kernel.org -- that would probably be a better place to get the patch
from.
This issue has been fixed in the 2.4.24 version
On Mon, Jan 05, 2004 at 02:26:12PM +0100, kuene wrote:
thanks a lot to all.
now I really understand. :b
below I write down what I have understood.
please correct me if I am still wrong.
You are still wrong. What you do not understand is, when you install
Debian, you do not have the
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
Hi
It isn't exactly a debian question, but nevertheless I think this is the
appropriate place to post this.
I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
server. Chkrootkit complained about two files:
El lun, 05-01-2004 a las 16:38, Thijs Welman escribió:
Hi,
Ricardo Kustner wrote:
Yeah I just finished updating my first server of many ;-)
BTW even though not all mirrors are updated yet, you can get a patch from
www.kernel.org -- that would probably be a better place to get the
On Monday 05 January 2004 16:38, Thijs Welman wrote:
This issue has been fixed in the 2.4.24 version (2004-01-05 13:55
UTC)
Changelog:
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
Yeah, it seems Marcello released this to specifically address this
issue. Perhaps he has
Michael,
Javier appears to be addressing this issue in the following debian bug
report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225112
Hope this helps.
Thanks,
- Ryan
No, I do *not* want to turn OFF this check; but, I need to find some way
to manage the output of this
Incoming from Martin Schulze:
- --
Debian Security Advisory DSA 407-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004
Bill Marcum wrote:
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
What exactly did chkrootkit say about those files? Were they writable
by non-root users, did they have setuid permission, or what?
They had the following access rights:
They had the usual access rights 751.
On Mon, Jan 05, 2004 at 07:57:15AM -0800, Matt Zimmerman wrote:
On Mon, Jan 05, 2004 at 02:26:12PM +0100, kuene wrote:
thanks a lot to all.
now I really understand. :b
below I write down what I have understood.
please correct me if I am still wrong.
You are still wrong. What
* Thomas Sjögren ([EMAIL PROTECTED]) [040105 16:10]:
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Patch:
Incoming from Matt Zimmerman:
Debian Security Advisory DSA 411-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004 http://www.debian.org/security/faq
Package: mpg321
Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 06 January 2004 06.37, s. keeling wrote:
Incoming from Matt Zimmerman:
Debian Security Advisory DSA 411-1
[EMAIL PROTECTED] http://www.debian.org/security/
Matt Zimmerman January 5th,
I have been using tiger for nearly a year. Several months ago, a new
test was added in:
/usr/lib/tiger/scripts/check_finddeleted
Since then, several of my servers are flooded with alerts like this:
NEW: --FAIL-- [kis011f] Server [apache] (pid 31863) is using deleted files
Yes, I know
Hi,
looks like an ipsec isssue as l2tp cant connect. How does freeswan logs
looks like ?
On Wed, Dec 24, 2003 at 12:49:31AM +, Antony Gelberg wrote:
Hi all,
My first post here - long time d-u subscriber. I'm trying to set up a
VPN where WinXP roadwarriors can access a LAN that sits
hello,
I am using sendmail 8.12 in redhat linux9.0 to send
mail.It sends the
message between the
internal network. But it doesnot send the message to
the external network.
I want to send mail to [EMAIL PROTECTED] But it is not
sending mail.The
following logs are generated in maillog .
From the
Are you able to ping 64.4.33.7 !?
If so, try 'telnet 64.4.33.7 25' next to get a smtp prompt.
If nothing works look at your connection: Firewall rules etc.
Beside that your sendmail seems to work.
Christian
- Original Message -
From: arun raj [EMAIL PROTECTED]
To:
thanks a lot to all.
now I really understand. :b
below I write down what I have understood.
please correct me if I am still wrong.
In debian every package is pached if security holes are known.
-- exception is the package:
kernel-image-2.4.18-bf2.4
Even if you install it (apt-get install
Hi
It isn't exactly a debian question, but nevertheless I think this is the
appropriate place to post this.
I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
server. Chkrootkit complained about two files: /bin/netstat and
/usr/bin/env. Both of these files were quite big
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
Hi
Is this a left over from an attempt to hack my system? How can I check
what happened and if the attacker succeeded? The bad thing is, there are
no log files left from august. Has anybody a clue what this
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Patch:
http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]
/Thomas
--
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
Hi
It isn't exactly a debian question, but nevertheless I think this is the
appropriate place to post this.
I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
server. Chkrootkit complained about two files:
Quoting Marcel Weber ([EMAIL PROTECTED]):
[Snip explanation for suspicious directories, which sadly doesn't
suffice to imply the more general conclusion]
In this case everything should be fine.
Actually, you don't know that.
I just thought I'd mention that fact, to add an extra frisson of
On Mon, Jan 05, 2004 at 02:26:12PM +0100, kuene wrote:
thanks a lot to all.
now I really understand. :b
below I write down what I have understood.
please correct me if I am still wrong.
You are still wrong. What you do not understand is, when you install
Debian, you do not have the
On Monday 05 January 2004 16:38, Thijs Welman wrote:
This issue has been fixed in the 2.4.24 version (2004-01-05 13:55
UTC)
Changelog:
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
Yeah, it seems Marcello released this to specifically address this
issue. Perhaps he has
Hi,
Ricardo Kustner wrote:
Yeah I just finished updating my first server of many ;-)
BTW even though not all mirrors are updated yet, you can get a patch from
www.kernel.org -- that would probably be a better place to get the patch
from.
This issue has been fixed in the 2.4.24 version
Incoming from Rick Moen:
Quoting Marcel Weber ([EMAIL PROTECTED]):
But what made me shudder was this: In the /tmp folder I found these files:
drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
drwx-- 2
El lun, 05-01-2004 a las 16:38, Thijs Welman escribió:
Hi,
Ricardo Kustner wrote:
Yeah I just finished updating my first server of many ;-)
BTW even though not all mirrors are updated yet, you can get a patch from
www.kernel.org -- that would probably be a better place to get the
On Monday 05 January 2004 15:50, Thomas Sjögren wrote:
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Michael,
Javier appears to be addressing this issue in the following debian bug
report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225112
Hope this helps.
Thanks,
- Ryan
No, I do *not* want to turn OFF this check; but, I need to find some way
to manage the output of this
Incoming from Martin Schulze:
- --
Debian Security Advisory DSA 407-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 5th, 2004
Bill Marcum wrote:
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
What exactly did chkrootkit say about those files? Were they writable
by non-root users, did they have setuid permission, or what?
They had the following access rights:
They had the usual access rights 751.
On Mon, Jan 05, 2004 at 07:57:15AM -0800, Matt Zimmerman wrote:
On Mon, Jan 05, 2004 at 02:26:12PM +0100, kuene wrote:
thanks a lot to all.
now I really understand. :b
below I write down what I have understood.
please correct me if I am still wrong.
You are still wrong. What
* Thomas Sjögren ([EMAIL PROTECTED]) [040105 16:10]:
If you haven't heard it already:
Synopsis: Linux kernel do_mremap local privilege escalation
vulnerability
Product: Linux kernel
Version: 2.2, 2.4 and 2.6 series
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Patch:
Incoming from Matt Zimmerman:
Debian Security Advisory DSA 411-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004 http://www.debian.org/security/faq
Package: mpg321
Vulnerability
45 matches
Mail list logo