Hallo
Word is spreading that Request-Range: seems to be a synonym to Range: and
is similar vulnerable but not covered by the config snippets that were
proposed yesterday. So Gentlemen, patch again! :-(
tschüss,
-christian-
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
On 2006-05-20 Wouter Verhelst wrote:
On Fri, May 19, 2006 at 05:46:52PM +0200, Martin Schulze wrote:
The old stable distribution (woody) does not contain quagga packages.
No, but it does contain zebra packages, which were the predecessor of
quagga. Have they been checked?
I CC'ed the
On 2005-07-11 Florian Weimer wrote:
A tool which lists all packages which are no longer downloadable from
any APT source would be more helpful, I think. Does it already exist?
I wrote a small script based on apt-show-versions and will try to
convince the apt team to create an
Hello
If a User upgrades his woody system to sarge and one package that has
been part of woody is now no longer part of Debian nor being superseded by
another package, will apt-get warn the user that this package is a potential
security risk as Debian does not monitor nor provide fixes for
Hello Geoff
On 2005-03-17 Geoff Crompton wrote:
There are several remote vulnerabilities listed here:
http://www.securityfocus.com/bid/12781
Seems that unstable and testing are either fixed, or on the way to being
fixed. Does anyone know if the older version that is in stable is
Hello Rhesa
On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:
In my case, the frontend handles SSL connections. Its config file is
/etc/apache/ht-light.conf.
The backend instance uses the original filename /etc/apache/httpd.conf.
The frontend is already bound to port 443. The
automatically use it then (I didn't try).
; For Unix only. You may supply arguments as well
; (default: 'sendmail -t -i').
;sendmail_path =
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner
Hello
On Mon, 19 Apr 2004 08:57:39 +0200 (CEST) Tomas Pospisek wrote:
* mysql unstable (4.0.18-4) changelog says:
Aplied fix for unprobable tempfile-symlink security problem in
mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24.
but doesn't mention the CAN numbers.
One
Hello
On Mon, 19 Apr 2004 08:57:39 +0200 (CEST) Tomas Pospisek wrote:
* mysql unstable (4.0.18-4) changelog says:
Aplied fix for unprobable tempfile-symlink security problem in
mysqlbug reported by Shaun Colley on bugtraq on 2004-03-24.
but doesn't mention the CAN numbers.
One
Hello
On Thu, Apr 08, 2004 at 04:07:18PM +0200, LeVA wrote:
Is there a way to get a machine's ip address, if I only know it's
netbios name?
With 'smbtree -S' I see a machine with the name 'LEVA':
Try nmblookup -I LEVA.
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
Hello
On Thu, Apr 08, 2004 at 04:07:18PM +0200, LeVA wrote:
Is there a way to get a machine's ip address, if I only know it's
netbios name?
With 'smbtree -S' I see a machine with the name 'LEVA':
Try nmblookup -I LEVA.
bye,
-christian-
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
Is there an emergency patch/workaround for this, if disabling ssh is not
an option? Are systems with
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
Is there an emergency patch/workaround for this, if disabling ssh is not
an option? Are systems with
Hello
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
I'm puzzled about how they managed to get those processes running (as
root). There are no local accounts, other than some accounts for the
sysadmins. Does anyone have any idea how they might have done this?
Most times,
Hello
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
I'm puzzled about how they managed to get those processes running (as
root). There are no local accounts, other than some accounts for the
sysadmins. Does anyone have any idea how they might have done this?
Most times,
Hello
I Cc [EMAIL PROTECTED], maybe my mails really got forgotten.
On Tue, Apr 29, 2003 at 08:35:24PM -0400, Carl Fink wrote:
Where did you get the information that said mysql was vulnerable?
Several places, for one:
On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote:
but isn't there a trick to surpass the bug while waiting for debian
updates ?
What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g.
echo unexisting_binary /proc/sys/kernel/modprobe
Can we trust this
On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote:
echo unexisting_binary /proc/sys/kernel/modprobe
Can we trust this solution ?
NO, it does not prevent the exploit.
It does prevent the km3.c example exploit but not e.g.
On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote:
I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't
been patched. I can echo '/sbin/modprobe' /proc/sys/kernel/modprobe and
try the above and I'll get a root prompt first time.
Ok, I have to admit, that
On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote:
but isn't there a trick to surpass the bug while waiting for debian
updates ?
What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g.
echo unexisting_binary /proc/sys/kernel/modprobe
Can we trust this
On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote:
echo unexisting_binary /proc/sys/kernel/modprobe
Can we trust this solution ?
NO, it does not prevent the exploit.
It does prevent the km3.c example exploit but not e.g.
On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote:
I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't
been patched. I can echo '/sbin/modprobe' /proc/sys/kernel/modprobe and
try the above and I'll get a root prompt first time.
Ok, I have to admit, that
-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED]D-52064 Aachen Fax 0241/911879
Hi
On Fri, Mar 21, 2003 at 03:13:23PM -, David Ramsden wrote:
On Fri, Mar 21, 2003 at 02:13:01PM -, David Ramsden wrote:
I'd like to say that I've had no success with the no-ptrace module (NPT)
(still get root and I've made sure the exploit hasn't been more than
once, due to
-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED]D-52064 Aachen Fax 0241/911879
Hello
On Fri, Mar 21, 2003 at 07:02:27PM +0700, Jean Christophe ANDRÉ wrote:
Christian Hammers écrivait :
Strange, sometimes it works, sometimes it doesn't :-(
After one reboot, I inserted the module, and executed the expoit twice,
the first time it worked, then I exited the shell
Hi
On Fri, Mar 21, 2003 at 03:13:23PM -, David Ramsden wrote:
On Fri, Mar 21, 2003 at 02:13:01PM -, David Ramsden wrote:
I'd like to say that I've had no success with the no-ptrace module (NPT)
(still get root and I've made sure the exploit hasn't been more than
once, due to
alter this setup.
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED]D
Hello
On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote:
- chrooting virtual hosts in apache ?
We had great success with a tiny tool called sbox. All CGI/PHP requests
are rewritten to /cgi-bin/sbox?... This sbox then looks
to the files owner and changes it's uid to the one (if it's
Hello
On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote:
- chrooting virtual hosts in apache ?
We had great success with a tiny tool called sbox. All CGI/PHP requests
are rewritten to /cgi-bin/sbox?... This sbox then looks
to the files owner and changes it's uid to the one (if it's
On Thu, Feb 13, 2003 at 04:18:56PM -0500, George Georgalis wrote:
* a local watchdog shell script that is called by cron minutely and that
- checks ps cax if every process is there else it restarts it
I've seen services fail to work while they are still in the ps tree.
Speaking from
On Thu, Feb 13, 2003 at 04:18:56PM -0500, George Georgalis wrote:
* a local watchdog shell script that is called by cron minutely and that
- checks ps cax if every process is there else it restarts it
I've seen services fail to work while they are still in the ps tree.
Speaking from
stable is quite unchanging).
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED
stable is quite unchanging).
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED
for the vhosts.
(although I haven't tested user-mode-linux yet which sounds very
promising, too)
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist
On Thu, Dec 19, 2002 at 12:40:51PM +0100, Vincent Hanquez wrote:
Dec 18 10:07:55 debian syslog-ng[164]: STATS: dropped 0
You can rid of this message with something like that:
...
Why not simply let syslog-ng log (it could be interesting somewhen) and
install logcheck to filter out everything
On Tue, Dec 17, 2002 at 08:07:57AM +0100, Schüle Benjamin wrote:
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
A DSA is in preparation by the security team. The unstable version is
already
Hello Noèl
On Tue, Dec 17, 2002 at 01:53:13PM +0100, Noèl Köthe wrote:
Those who do not want to wait can apply the patch from
http://people.debian.org/~ch/ theirselves.
As Debian Security doesn't cover proposed-updates :(
will you upload a fixed proposed-updates version
(it currently
On Tue, Dec 17, 2002 at 08:07:57AM +0100, Schüle Benjamin wrote:
look at http://security.e-matters.de/advisories/042002.html,
it seems like the the debian woody version is affected.
Is there any DSA in preparation?
A DSA is in preparation by the security team. The unstable version is
already
Hello
On Wed, Sep 25, 2002 at 02:03:43PM +0100, Jeff Armstrong wrote:
Symptoms:
Apache stops dishing pages - no log or error messages
netstat shows Apache still listening
/etc/init.d/apache stop fails to kill all apache processes
have to killapp apache and kill -9 some individual apache
On Wed, Sep 25, 2002 at 03:18:02PM +0200, Tycho Fruru wrote:
The logfile entries you've shown are absolutely harmless, I use exactly
the same strings for testing if a webserver responses.
hmm. To me they don't seem harmless. Looks more like you've been
visited by a slapper worm (which
Hello
On Wed, Sep 25, 2002 at 02:03:43PM +0100, Jeff Armstrong wrote:
Symptoms:
Apache stops dishing pages - no log or error messages
netstat shows Apache still listening
/etc/init.d/apache stop fails to kill all apache processes
have to killapp apache and kill -9 some individual apache
On Wed, Sep 25, 2002 at 03:18:02PM +0200, Tycho Fruru wrote:
The logfile entries you've shown are absolutely harmless, I use exactly
the same strings for testing if a webserver responses.
hmm. To me they don't seem harmless. Looks more like you've been
visited by a slapper worm (which
On Sat, Sep 14, 2002 at 12:56:00PM +0200, Wichert Akkerman wrote:
Previously Phillip Hofmeister wrote:
I am using RedHat 7.3 with Apache 1.3.23. Someone used the
program bugtraq.c to explore an modSSL buffer overflow to get access to
a shell. The attack creates a file named
just chroot the users at the login after ssh (if you want to allow ssh),
chroot apache (that means every user must have one apache-process), chroot
ftp (what you have already done).
This will be a great loss of performance and a waste of server resources :-)
bye,
-christian-
--
Christian
On Wed, Jun 26, 2002 at 07:23:49PM +0200, Florian Weimer wrote:
Well, it appears if OpenSSH 1.2.3 was *not* vulnerable, so the whole
exercise was rather pointless.
But drill inspector Theo (update and don't ask questions, soldier!), showed
at least how good our new security upload architecture
Hello
On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
its not just mod_proxy, apache was vulnerable regardless
BTW: in the case that mod_proxy is not loaded: is it enough to just
backport the get_chunk_size function from http_protocol.c (like in the
file
Hello
Is anybody aware of a small single patch against the recent apache
vulnerability? I have some self compiled production servers with 3rd party
binary add ons and cannot easily compile a complete new version.
I know the ones from cert.uni-stuttgart.de but they are not approved to
be really
Jun 12 11:27:53 abyss kernel: martian source 10.10.150.2 from 10.10.151.43,
on dev eth0
Jun 12 11:27:53 abyss kernel: ll header:
ff:ff:ff:ff:ff:ff:00:00:1c:de:35:0e:08:06
the MAC is from 151.43, this is correct.
i get this messages now every minute
Check with ethereal it shows you some more
On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote:
1) Check the Debian security announcement list.
2) Compare new announcements to the local package database.
3) If vulnerable packages installed, send an 'I need updated' email to
an address defined by the SysAdmin.
Another nice
On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote:
1) Check the Debian security announcement list.
2) Compare new announcements to the local package database.
3) If vulnerable packages installed, send an 'I need updated' email to
an address defined by the SysAdmin.
Another nice
On Thu, May 16, 2002 at 02:26:37PM +0200, Pawel Romanek wrote:
Then I was playing with sshd I had discovered
that it checks only 8 (first) characters
of my password, the remainder can be omitted ;)
That's normal for passwords using the standard unix crypt() function (like
aI24pyUVhurNU in
On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
Maybe debian developers should make a quick and dirty fix for this,
because (as I can understand) php developers already knows about this
hole and do still nothing.
just run apache chrooted and you don´t have problems like
On Thu, Jan 24, 2002 at 07:05:54PM +0100, Ralf Dreibrodt wrote:
and then no user, who has a valid shell has to enter the old password
from user x, when he wants to change the password of user x.
perhaps even if x=root ;-)
You have to enter it once for the ssh daemon anyways. He just wanted to
On Thu, Jan 24, 2002 at 07:05:54PM +0100, Ralf Dreibrodt wrote:
and then no user, who has a valid shell has to enter the old password
from user x, when he wants to change the password of user x.
perhaps even if x=root ;-)
You have to enter it once for the ssh daemon anyways. He just wanted to
On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
There is at least one package in Debian that requires you to put
sensitive information in /root. The mysql server package needs you to
have a .my.cnf in the /root if you want the logs to rotate. The
my.cnf contains
Hi
On Mon, Jan 21, 2002 at 03:23:15PM -0800, Thomas Bushnell, BSG wrote:
If it's a way to get the logs to rotate, that sure sounds like a
system-wide option. If it's a root password to a system-wide
database, then that's also a system-wide option.
The password for the mysql root user is
On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
There is at least one package in Debian that requires you to put
sensitive information in /root. The mysql server package needs you to
have a .my.cnf in the /root if you want the logs to rotate. The
my.cnf contains the
Hello
On Mon, Jan 21, 2002 at 03:35:14PM -0800, Thomas Bushnell, BSG wrote:
[cutted much to answer all below]
So I end up with a debian specific user with shutdown/reload privileges
that's created with a random (saved) password at installtime as the best
solution, or?
Nope. Probably
server or database or whatever the server is good for data.
/home could be /var/home or /usr/local/home in case you often do big
compiles in $HOME instead of /usr/local/src/ or similar.
good luck,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL
server or database or whatever the server is good for data.
/home could be /var/home or /usr/local/home in case you often do big
compiles in $HOME instead of /usr/local/src/ or similar.
good luck,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL
On Mon, Jan 14, 2002 at 06:52:49AM -0500, Ivan R. wrote:
to, I can see no reason why not giving a user, that has *no* password,
a shell.
if a user don t need a shell,
why should we give him one?
Because a sysadmin could like to execute scripts under this uid via sudo
as he thinks it's a
On Mon, Jan 14, 2002 at 06:52:49AM -0500, Ivan R. wrote:
to, I can see no reason why not giving a user, that has *no* password,
a shell.
if a user don t need a shell,
why should we give him one?
Because a sysadmin could like to execute scripts under this uid via sudo
as he thinks it's a
On Fri, Jan 11, 2002 at 10:00:32PM -0500, Hubert Chan wrote:
So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be
set to /bin/false. (Why does Debian not do this by default?)
Apart from the ftp users which (sometimes) need their ftp password to
be stored in /etc/shadow and
On Fri, Jan 11, 2002 at 10:00:32PM -0500, Hubert Chan wrote:
So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be
set to /bin/false. (Why does Debian not do this by default?)
Apart from the ftp users which (sometimes) need their ftp password to
be stored in /etc/shadow and thus
On Thu, Jan 03, 2002 at 11:31:38AM -0500, Gary MacDougall wrote:
I find it interesting that the seg fault happened, then xinetd reported it
failed.
xinetd was proftpd's daddy:
ServerType inetd
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren
status=1 pid=3425 duration=8(sec)
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
--
To UNSUBSCRIBE, email
someone what he did.
I now have ngrep and tcpdump running in case it happens again.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems
On Thu, Jan 03, 2002 at 11:31:38AM -0500, Gary MacDougall wrote:
I find it interesting that the seg fault happened, then xinetd reported it
failed.
xinetd was proftpd's daddy:
ServerType inetd
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren
=1 pid=3425 duration=8(sec)
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
=8(sec)
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
Hallo Hendrik
On Thu, Nov 29, 2001 at 11:58:46AM +0100, Hendrik Naumann wrote:
First of all I want to forward a Security Announcement. Since I run
wuftpd on some server I'd like to know if I am vulnerable with debian
(2.2r4) too.
Yes it is vulnerable. I already send the patch RedHat to
On Thu, Nov 29, 2001 at 12:22:02PM +0100, Hendrik Naumann wrote:
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE Mailing.
Then the best ist to subscrbe at bugtraq mailinglist at
On Thu, Nov 29, 2001 at 12:22:02PM +0100, Hendrik Naumann wrote:
Hm. I may be blind, but here I only see the already anounced issues.
I am looking for a list of issues, not jet announced. Like the one in
the SuSE Mailing.
Then the best ist to subscrbe at bugtraq mailinglist at
On Sun, May 20, 2001 at 11:23:04PM +0200, Torstein Tauno Svendsen wrote:
Well, if you place the LDAP server in the DMZ and use it for user
authentification on the internal network, you have a _huge_ problem if
the LDAP server machine gets compromised (i.e. evil cracker has
control over you
Hi
For those who don't want to wait: I put a fixed NMU-ready version of the
pam-mysql package on http://master.debian.org/~ch
bye,
-christian-
--
Real men don't take backups.
They put their source on a public FTP-server and let the world mirror it.
On Sun, May 20, 2001 at 11:23:04PM +0200, Torstein Tauno Svendsen wrote:
Well, if you place the LDAP server in the DMZ and use it for user
authentification on the internal network, you have a _huge_ problem if
the LDAP server machine gets compromised (i.e. evil cracker has
control over you
Hello
According to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=77537repeatmerged=yes
this package has a open security bug for more than 180 days.
Although the fix would simply be an upgrade to the version Wichert mentioned.
The maintainer Michael Alan Dorman did not response to
Hello
According to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=77537repeatmerged=yes
this package has a open security bug for more than 180 days.
Although the fix would simply be an upgrade to the version Wichert mentioned.
The maintainer Michael Alan Dorman did not response to
On Mon, May 07, 2001 at 11:39:06AM +0200, Gerhard Kroder wrote:
Current testing contains a debsig-verify package. Is this different to
what you called debsign?
debsign signs a package .dsc and .changes file to get it validatet by the
UploadQueue. After that the end-user has only the
On Mon, May 07, 2001 at 11:39:06AM +0200, Gerhard Kroder wrote:
Current testing contains a debsig-verify package. Is this different to
what you called debsign?
debsign signs a package .dsc and .changes file to get it validatet by the
UploadQueue. After that the end-user has only the possibility
mail.debug - it
This is arguable. I don't have a real optinion on it as I use logcheck
to remove the unnecessary messages from syslog and read the rest.
Maybe this is really clutter.
Would be interestingly to know how other distributions and other Unices do.
Regards
Kenneth
bye,
-christian-
--
Christi
with or below that severity is logged so that the admin can choose what
is worth to read daily is fine for me.
Disk space isn't the problem any more and if you run services that produces
so much logs you'll probably have enough anyways.
bye,
-christian-
--
Christian HammersWESTEND GmbH
. I don't have a real optinion on it as I use logcheck
to remove the unnecessary messages from syslog and read the rest.
Maybe this is really clutter.
Would be interestingly to know how other distributions and other Unices do.
Regards
Kenneth
bye,
-christian-
--
Christian HammersWESTEND
Hello
What must I do to get mysql_3.22.32-6 (not -4!) not only into
potato-proposed-updates but on security.debian.org, too?
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241
Hello
What must I do to get mysql_3.22.32-6 (not -4!) not only into
potato-proposed-updates but on security.debian.org, too?
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241
needing ARP requests at all.
bye,
-chrisitan-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
--
To UNSUBSCR
of our configurations
where it was explicitly given. But nevertheless as there is no technical
need to filter those bad addresses I would hold my statement for true
just to be sure :-)
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED
at all.
bye,
-chrisitan-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
of our configurations
where it was explicitly given. But nevertheless as there is no technical
need to filter those bad addresses I would hold my statement for true
just to be sure :-)
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED
/bugtraq/2001/Feb/0028.html
The 3rd bug was accidently found by me and fixed, as the others, too, by
Guillaume.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
/bugtraq/2001/Feb/0028.html
The 3rd bug was accidently found by me and fixed, as the others, too, by
Guillaume.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security for ProfessionalsFax 0241/911879
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote:
Why does Debian only have SSH-1 not SSH-2 ?
It does not.
The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote:
Why does Debian only have SSH-1 not SSH-2 ?
It does not.
The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL
On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote:
Maybe ssh_2.3.0 exist in unstable ?
yes. unstable/testing was what I looked at. Don't know about potato aka stable.
(it can, as release distributin, not be changed anyways, although the
security fixes are backported to the old
Currently it won't. :-\ You would have to get the packages yourself
and check the md5sums.
Which were of course altered by the cracker. Bad idea.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security
Currently it won't. :-\ You would have to get the packages yourself
and check the md5sums.
Which were of course altered by the cracker. Bad idea.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security
On Mon, Jan 08, 2001 at 11:13:49AM -0700, Kevin wrote:
When I tried it, I did not get the same results.
Me too, although there are even more different: ping worked fine as without
settting the variable but fping was vulnerable.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen
On Sun, Dec 03, 2000 at 03:27:06PM +1100, Steve wrote:
Is there a package in debian equivalent to RedHat's LogWatch? This
$ apt-cache show logwatch
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet Security
by esound to authorize clients to connect to a
running esd process. Especially usefull if you want to use a remote
esd.
Shouldn't such a cookie be in /var/state, /var/run or at least /tmp?
I really wouldn't like such a think in my *root*!
Wichert.
bye,
-christian-
--
Christian HammersWESTEND
1 - 100 of 114 matches
Mail list logo