On Wed, Nov 13, 2002 at 11:45:19PM -0500, Mike Dresser wrote:
> Any word from the security team on what's going on with potato's bind?
Both potato and woody are vulnerable. Fixes are on there way, but
disclosure of this vulnerability was very badly organized (not by the
security team), and the se
On Wed, Nov 13, 2002 at 11:45:19PM -0500, Mike Dresser wrote:
> Any word from the security team on what's going on with potato's bind?
Both potato and woody are vulnerable. Fixes are on there way, but
disclosure of this vulnerability was very badly organized (not by the
security team), and the se
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> i say modifying files is a give away .. that says
> "come find me" which is trivial since its modified
> binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right.
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> i say modifying files is a give away .. that says
> "come find me" which is trivial since its modified
> binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right.
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
> Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local
> Network. In order to get inside the network you will have to get past
> the IPSEC Host, which of course will require a key that has a valid
> certificate fr
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
> Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local
> Network. In order to get inside the network you will have to get past
> the IPSEC Host, which of course will require a key that has a valid
> certificate fr
On Tue, Oct 22, 2002 at 11:36:06PM +0800, Dion Mendel wrote:
> Which files do people exclude when using integrity checkers
> (e.g. aide/tripwire etc)?
I don't typically exclude many files, but I often limit the changes that
tripwire notifies me about. For example, if one of my users changes
their
On Tue, Oct 22, 2002 at 11:36:06PM +0800, Dion Mendel wrote:
> Which files do people exclude when using integrity checkers
> (e.g. aide/tripwire etc)?
I don't typically exclude many files, but I often limit the changes that
tripwire notifies me about. For example, if one of my users changes
their
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need.
Towar
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need.
Towar
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote:
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
What do you get from:
netstat -ntlp | grep 16001
--
On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote:
> Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN
This is odd. Is /etc/bind/named.root configured correctly? It may be
that named.conf isn't pointing to the right named.root file since you're
running in a chroot.
On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote:
> Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN
This is odd. Is /etc/bind/named.root configured correctly? It may be
that named.conf isn't pointing to the right named.root file since you're
running in a chroot.
On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote:
> My understanding is that the law restricts U.S. citizens from
> exporting certain types of cryptographic software. As a non-US
> national, I believe you have a moral responsibility to thumb your
> nose at US law.
At this point, the
On Wed, Oct 09, 2002 at 10:21:31PM +0200, Alberto Cort?s wrote:
> In other words, is http://security.debian.org/ located outside the
> US?.
Where have you been for the past year? Cryptographic software is legal
to export from US Debian mirrors and has been integrated into the main
archive. The o
On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote:
> My understanding is that the law restricts U.S. citizens from
> exporting certain types of cryptographic software. As a non-US
> national, I believe you have a moral responsibility to thumb your
> nose at US law.
At this point, the
On Wed, Oct 09, 2002 at 10:21:31PM +0200, Alberto Cort?s wrote:
> In other words, is http://security.debian.org/ located outside the
> US?.
Where have you been for the past year? Cryptographic software is legal
to export from US Debian mirrors and has been integrated into the main
archive. The
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
> In March 1997, I offered $500 to the first person to publish a
> verifiable security hole in the latest version of qmail...
> My offer still stands. Nobody has found any security holes in qmail.
> it s because we can read on pureftpd.
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
> In March 1997, I offered $500 to the first person to publish a
> verifiable security hole in the latest version of qmail...
> My offer still stands. Nobody has found any security holes in qmail.
> it s because we can read on pureftpd
On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote:
> Are you sure that they portscanned you and not someone faking that IP?
There'd have to be one *seriously* misconfigured router out there to
allow such a thing to work. Otherwise, they'd never get the results of
their portscan back.
On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote:
> Are you sure that they portscanned you and not someone faking that IP?
There'd have to be one *seriously* misconfigured router out there to
allow such a thing to work. Otherwise, they'd never get the results of
their portscan back.
On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote:
> After updating libssl09 to the latest stable (0.9.4-6.woody.2) version.
> And running the openssl-sslv2-master script from
> (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
The test program is being st
On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote:
> After updating libssl09 to the latest stable (0.9.4-6.woody.2) version.
> And running the openssl-sslv2-master script from
> (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
The test program is being s
On Sun, Sep 15, 2002 at 12:42:04PM +0100, John Winters wrote:
> Can anyone clarify this please? Have the relevant fixes from openssl
> 0.9.6e been back-ported into openssl-0.9.6c-0.potato.2?
The problem is that potato has more than one version of openssl. The
security team had to package OpenSSL
On Sat, Sep 14, 2002 at 08:14:56PM +0200, Michael Renzmann wrote:
> Any idea about the outgoing connections to port 80? We noticed that the
> bugtraq-process systematically tries to connect to port 80 in an ip
> block, and it keeps trying and trying, incrementing the ip addresses by
> one per st
On Sat, Sep 14, 2002 at 08:00:15PM +0200, Guille -bisho- wrote:
> In 3 dias, about 1500 diferent IP address tried to contact my machine at
> UDP port 2002. Fortunally i have iptables configured.
That's interesting. I haven't seen any traffic to udp port 2002 in the
past couple of days at all. T
On Sat, Sep 14, 2002 at 08:05:53PM +0200, Guille -bisho- wrote:
> I don't know if in the c-2 the worm works partially or fully. Anybody knows?
> It seems that the worm does not fully works on debian.
The exploit code in the newest worm has been tested against
0.9.6c-2.woody.0. It was not sucessfu
On Sat, Sep 14, 2002 at 07:46:03PM +0200, Guille -bisho- wrote:
> I have seen two Debian machines exploited with the -d version of
> openssl, denoted by the the files:
> /tmp/.bugtraq.c /tmp/.uubugtraq
That's not surprising. OpenSSL 0.9.6d is vulnerable. However, in woody
we have 0.9.6c-2.woody
On Sat, Sep 14, 2002 at 07:24:06PM +0200, Michael Renzmann wrote:
> One thing that makes me wonder: after I wrote my first few lines about
> the attack on the rlx blade server that we experienced, someone gave a
> correct hint to the worm (describing it with some of its actions), and
> also ment
On Sun, Aug 11, 2002 at 05:40:15PM +0200, Jens Hafner wrote:
> directly connected to the Internet (e.g. by a dialup connection). Things
> start to break as soon as I connect the laptop to my private network
> (192.168.0.0/24) whose default gateway is a debian (woody, kernel
> 2.2.19) box. I configu
On Mon, Aug 05, 2002 at 01:19:45PM -0500, Daniel Rychlik wrote:
> must have missed that one.
I am sorry for giving an RTFM-style answer. I didn't think anybody was
still using PGP. Is there a specific reason you need it instead of gpg?
pgp can't upload to keyservers on its own. Take a look a
On Mon, Aug 05, 2002 at 01:06:03PM -0500, Daniel Rychlik wrote:
> In pgp, how do I upload my public key to a key server? Ive read the
> documentation on it and I cannot seem to find a way to do it.
--send-keys [names]
Same as --export but sends the keys to a key?
On Mon, Aug 05, 2002 at 07:40:36PM +0300, Halil Demirezen wrote:
> Where can i find a code that tests a vulnerable OpenSSH trojaned server.
>
> Or if i should write the code, What is this trojan server's
> specifications?
Remember that the trojan only exists during the build process. The ssh
ser
> an apt-get update && apt-get upgrade -dy today brought me new
> libpng[23]-Packages from security.debian.org for woody/stable,
> but I can't find an advisory for them. What changes were made?
The advisory was DSA 140-1. If it's not on the web site, it will be.
You should subscribe to debian-sec
On Thu, Jul 25, 2002 at 08:54:17AM +0900, Howland, Curtis wrote:
> I can't upgrade, it would require restarting and that would blow my
> record on necraft.com
Why would you need to restart? Today I wanted to upgrade a busy server
(busy with apache & proftp). I put apache & proftp on hold in
/var
On Wed, Jul 24, 2002 at 01:24:51PM -0400, Desai, Jason wrote:
> Does anybody know how long Debian will officially be supporting Potato and
> providing security updates for it?
We haven't yet announced anything officially. We do want to continue to
support it for a longer time than we supported sl
On Fri, Jul 19, 2002 at 03:58:18PM +0200, Mathias Palm wrote:
> >- Can I safely give an SSH key to my backup user without any
> > passphrase so that it could be automated via cron ?
>
> I'd say, the security is that of your original account then. Say there
> are the computers A and B, whe
On Tue, Jul 02, 2002 at 03:30:52PM +0100, Tim Haynes wrote:
>
> Given that rfc-ignorant lists *.uk for not having contact info, would you
> like to refine that to `shite idea'?
That's in the whois.rfc-ignorant.org blacklist. That's not the list I
was talking about. And it is not rfc-ignorant's
On Mon, Jul 01, 2002 at 09:55:57PM -0700, Rafael wrote:
> Assuming the spam came from 213.181.64.226 it would be very easy to reject
> it based on the fact that there is no RR in DNS for that IP.
I don't agree with the policy of rejecting mail due to a lack of a
reverse DNS entry. However, rfc-i
On Mon, Jul 01, 2002 at 01:48:31PM -0700, Anne Carasik wrote:
> So, if I force X11 with the -X (even though my ssh_config on
> the client is set to X11Forwarding yes), I get this:
>
Get what?
You don't have UseLogin set in sshd_config, do you?
noah
--
On Mon, Jul 01, 2002 at 01:24:34PM -0700, Anne Carasik wrote:
> However, when I try to launch an xterm, I get either:
> can't open DISPLAY
Are you explicitly asking for X11 forwarding on the client's command
line (-X)?
> Or the display is set to server:10.0.
That is normal. That's what it shoul
On Mon, Jul 01, 2002 at 03:07:37PM +0200, Olle Hedman wrote:
> At 08:25 2002-01-07, Mr.Muyiwa Ige wrote:
> > [a load of bullshit]
>
> If anyone wonders what that mail was, read here:
> http://www.snopes.com/inboxer/scams/nigeria.htm
And forward it to [EMAIL PROTECTED], with full headers intact,
On Thu, Jun 27, 2002 at 04:55:31PM -0700, Tom Dominico wrote:
> When woody goes stable, though, I want to move on to whatever "testing"
> is at that point. That's why I had been using "testing" in my
> sources.list rather than explicitly saying "woody"; I thought it would
> make it easier to stay
On Thu, Jun 27, 2002 at 07:35:21PM -0400, Moti Levy wrote:
> this line in /etc/apt/sources.list did it for me ...
> deb http://security.debian.org testing/updates main contrib non-free
You should probably use 'woody', not 'testing'. After all, testing
doesn't normally get security updates. Once
On Tue, Jun 25, 2002 at 06:01:36PM -0400, Noah L. Meyerhans wrote:
> A local exploit that can be run by a non-root user in an empty chroot.
Oh, and I forgot to mention that non-root user does not have write
permissions on the chroot.
There's really not much you can do with such an env
On Tue, Jun 25, 2002 at 11:58:13PM +0200, James Nord wrote:
> >
> In which case you just need a local exploit to go with your remote exploit.
A local exploit that can be run by a non-root user in an empty chroot.
Those are considerably harder to come by than the standard local
exploit. Are any kn
On Tue, Jun 25, 2002 at 09:37:26AM -0500, kruskal wrote:
> So it looks to me like priv sep is working on potato. At this point,
> is it safe to open up a public server?
Since the OpenSSH developers and some folks at ISS are the only people
who know the nature of the problem, they're the only peop
On Tue, Jun 11, 2002 at 07:20:50PM -0400, Jeff Bonner wrote:
> I am certainly not in a position to say which is more secure, but this
> reminded me of a flap that arose over a list of vulnerabilities posted
> by platform, etc on SecurityFocus:
>
>http://securityfocus.com/vulns/stats.shtml
I'm
On Mon, Jun 10, 2002 at 12:14:34AM +0100, Karl E. Jorgensen wrote:
> Can anybody suggest a suitable forum/mailing list to ask for help on
> this?
At one point (a year ago? more?) somebody suggested creating
debian-codereview to provide exactly such a forum. I don't remember who
it was, but they
On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote:
> Security patches go into stable first. Sid/unstable is generally
> upgraded pretty promptly too. They're working on a system (AFAIK) to
> allow security patches to be fast tracked into testing.
Not to be fast tracked in to testing.
On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote:
> Security patches go into stable first. Sid/unstable is generally
> upgraded pretty promptly too. They're working on a system (AFAIK) to
> allow security patches to be fast tracked into testing.
Not to be fast tracked in to testing.
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote:
> >IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to
> >/etc/network/options.
>
> after making this change, what service must I restart to make the change
> take effect?
None, the changes are in kernel space. Just
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote:
> >IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to
> >/etc/network/options.
>
> after making this change, what service must I restart to make the change
> take effect?
None, the changes are in kernel space. Just
On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote:
>
> Which is the best way to ensure that clients will connect using ssh2
> and not ssh1? How can I avoid the use of ssh1?
>
RTFM. See in particular sshd(8). See in particular the following:
Protocol
Specifies t
On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote:
>
> Which is the best way to ensure that clients will connect using ssh2
> and not ssh1? How can I avoid the use of ssh1?
>
RTFM. See in particular sshd(8). See in particular the following:
Protocol
Specifies
On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote:
> http://sec.greymagic.com/adv/gm001-ns/
>
> It claims to affect 0.9.7+ but on 1.0 all it does
> is crashing my browser.
That bug was fixed in the version of mozilla from sid, but *not* woody.
Woody appears vulnerable and had probably
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote:
> It is there as part of the installer to make like easier
> for those wishing to do things that the installer does not
> support by default. It has nothing whatsoever to do with
> cramfs or the kernel.
This is what I was thinking at
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote:
> It is there as part of the installer to make like easier
> for those wishing to do things that the installer does not
> support by default. It has nothing whatsoever to do with
> cramfs or the kernel.
This is what I was thinking at
On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> raw0 0 0.0.0.0:1 0.0.0.0:* 7
> -
> raw0
On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> raw0 0 0.0.0.0:1 0.0.0.0:* 7
> -
> raw0
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
> the "fswcert" tool, which is used to extract private key from
> certificate was before in freeswan package. I was not able to find it in
> 1.95 version of freeswan. Anyone knows why it has been removed ???
Because it's no longer ne
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
> the "fswcert" tool, which is used to extract private key from
> certificate was before in freeswan package. I was not able to find it in
> 1.95 version of freeswan. Anyone knows why it has been removed ???
Because it's no longer n
On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote:
>
> Debian usually patches the (security) bug, without going straight to the
> new upstream release, but only upgrading the package number
That's only the case with stable. In unstable, there is no reason not
to go straight to the new
On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote:
>
> Debian usually patches the (security) bug, without going straight to the
> new upstream release, but only upgrading the package number
That's only the case with stable. In unstable, there is no reason not
to go straight to the ne
On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote:
>
> Yikes! I guess, you didn't remove inetd that way, right? But how then?
>
As root:
/etc/init.d/inetd stop
rm /etc/rc?.d/S??inetd
It will not be started again, but the K??inetd links will still be in
place so the next upgrade won't
On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote:
>
> Yikes! I guess, you didn't remove inetd that way, right? But how then?
>
As root:
/etc/init.d/inetd stop
rm /etc/rc?.d/S??inetd
It will not be started again, but the K??inetd links will still be in
place so the next upgrade won'
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
>
> Well, daytime spits out the time of day, time is for NTP,
> and I'm not sure what discard is used for.
No, NTP does not use the time port. It uses port 123 (ntp in
/etc/services).
Discard is the network equivalent of /dev/null
T
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
>
> Well, daytime spits out the time of day, time is for NTP,
> and I'm not sure what discard is used for.
No, NTP does not use the time port. It uses port 123 (ntp in
/etc/services).
Discard is the network equivalent of /dev/null
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote:
> concern. Users can ssh into my machine but their profiles are fixed to
> run a menu of things I allow them to do. Thus they can't get to the $
> prompt and thus can't cd to other directories to see what's there. And
> even they did, p
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote:
> concern. Users can ssh into my machine but their profiles are fixed to
> run a menu of things I allow them to do. Thus they can't get to the $
> prompt and thus can't cd to other directories to see what's there. And
> even they did,
On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote:
> We seriouslly need a US branch of the law-enforcement to deal
> with this sort of stuff. I think if more people got prosecuted for
> trying to crack into a site, the level of BS would drop to zero.
Sure, but this particular attemp
On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote:
> We seriouslly need a US branch of the law-enforcement to deal
> with this sort of stuff. I think if more people got prosecuted for
> trying to crack into a site, the level of BS would drop to zero.
Sure, but this particular attem
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote:
> What seems odd to me is the the yyy IP is originating from such a low port
> (3) which means the system is most likely not unix or windows (or at least
> not standard apps), unless using some specific application. Anyone know of
> one
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote:
> What seems odd to me is the the yyy IP is originating from such a low port
> (3) which means the system is most likely not unix or windows (or at least
> not standard apps), unless using some specific application. Anyone know of
> one
On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote:
> Has anyone else heard of this SNMP problem? Are we up to date with the
> security fixes on stable, etc?
That's ancient history. The fix was released on Feb. 14.
noah
--
___
|
On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote:
> Has anyone else heard of this SNMP problem? Are we up to date with the
> security fixes on stable, etc?
That's ancient history. The fix was released on Feb. 14.
noah
--
___
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
> Pardon my ignorance, but I was under the impression that this list is only
> about official Security Announcements for Debian(DSA), and not a general
> discussion on security. Am I on the wrong list or did I read the list
> desc
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
> Pardon my ignorance, but I was under the impression that this list is only
> about official Security Announcements for Debian(DSA), and not a general
> discussion on security. Am I on the wrong list or did I read the list
> des
On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote:
> i'm wondering what this could be. Is it a known exploit, or just a new
> P2P software like gnutella/kaza/etc ?
It is traceroute.
--
___
| Web: http://web.morgul.net/~frodo/
| PGP
On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote:
> i'm wondering what this could be. Is it a known exploit, or just a new
> P2P software like gnutella/kaza/etc ?
It is traceroute.
--
___
| Web: http://web.morgul.net/~frodo/
| PG
On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
> >
> I thought class C networks were non-routable.
I think you're confused. First of all I think you're confused as to
what a class C network is, and second of all I think you're confused as
to what networks are non-routable and what it
On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
> >
> I thought class C networks were non-routable.
I think you're confused. First of all I think you're confused as to
what a class C network is, and second of all I think you're confused as
to what networks are non-routable and what i
On Sat, Mar 09, 2002 at 09:06:09AM +0800, Patrick Hsieh wrote:
> I just apt-get update but seems ssh version 3.0.2p1-8 is not in the
> non-US archive.
That is to be expected and it is exactly why we tell people not to use
testing if you care about security. It takes some time for a package to
pro
On Sat, Mar 09, 2002 at 09:06:09AM +0800, Patrick Hsieh wrote:
> I just apt-get update but seems ssh version 3.0.2p1-8 is not in the
> non-US archive.
That is to be expected and it is exactly why we tell people not to use
testing if you care about security. It takes some time for a package to
pr
On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote:
> Say, stable doesn't seem to have 2.2.20 available to it yet, and yet
> that's supposed to be the most stable 2.2.* kernel out according to (I
> think it was the HOWTO on E-Infomax I read it, but they're down right
> now) a howto I wa
On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote:
> Say, stable doesn't seem to have 2.2.20 available to it yet, and yet
> that's supposed to be the most stable 2.2.* kernel out according to (I
> think it was the HOWTO on E-Infomax I read it, but they're down right
> now) a howto I w
On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote:
>
> glibc has been patched for glob problems too.
> There is a not too old thread about the same subject...
I am very well aware of that, however the fixes are clearly not
effective as proftpd is still vulnerable. I have con
On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote:
>
> glibc has been patched for glob problems too.
> There is a not too old thread about the same subject...
I am very well aware of that, however the fixes are clearly not
effective as proftpd is still vulnerable. I have co
On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
>
> potato version is not exploitable (patched with a backported hack many
> months ago). See old DSA on www.debian.org.
>
No, it is still vulnerable. I have confirmed for myself that the fix
applied in the DSA did not eli
On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
>
> potato version is not exploitable (patched with a backported hack many
> months ago). See old DSA on www.debian.org.
>
No, it is still vulnerable. I have confirmed for myself that the fix
applied in the DSA did not el
On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote:
>
> Are there any tools which are smarter, faster and cleaner
> as my combination of log analyze apps. ?
I saw a presentation at the LISA sysadmin conference a couple years ago
about something called SHARP, the "syslog heuristic analysis and
re
On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote:
>
> Are there any tools which are smarter, faster and cleaner
> as my combination of log analyze apps. ?
I saw a presentation at the LISA sysadmin conference a couple years ago
about something called SHARP, the "syslog heuristic analysis and
r
On Wed, Jan 23, 2002 at 09:02:05AM +0100, Olsen Gerhard-Just wrote:
> Hi I'm investigating the possibility to use Linux box as an IPsec router. I
> want to be able to connect win clients to a LAN over the internet using
> IPsec. there is a win2k server set up with IPsec. Has any one any experience
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> > case? Clearly there are individual files that you don't want
> > world-readable, but that's true for normal users' home dirs as well.
>
> Why do you want folks t
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
>
> There is at least one package in Debian that requires you to put sensitive
> information in /root. The mysql server package needs you to have a .my.cnf
> in the /root if you want the logs to rotate. The my.cnf contains the clear
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> > case? Clearly there are individual files that you don't want
> > world-readable, but that's true for normal users' home dirs as well.
>
> Why do you want folks
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
>
> There is at least one package in Debian that requires you to put sensitive
> information in /root. The mysql server package needs you to have a .my.cnf
> in the /root if you want the logs to rotate. The my.cnf contains the clea
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
>
> Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
> Let me say I "chmod 0700 /root", will I encounter any
> problems thr
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
>
> Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
> Let me say I "chmod 0700 /root", will I encounter any
> problems th
101 - 200 of 330 matches
Mail list logo