FYI,
http://marc.theaimsgroup.com/?|=linux-kernelm=105271679705571w=2
--
--
Orlando Padilla
http://www.g0thead.com/xbud.asc
I only drink to make other people interesting
--
On Thursday 22 May 2003 15:16, Simon Huggins wrote:
On Thu, May 22, 2003 at 01:50:51PM -0600, xbud wrote:
FYI, http://marc.theaimsgroup.com/?|=linux-kernelm=105271679705571w=2
You say 2.4 in the subject and it says 2.5 in that report.
Is 2.4 vulnerable too?
Yes.
In a reduced test on 2.4
On Wednesday 14 May 2003 10:23, Nathan E Norman wrote:
On Wed, May 14, 2003 at 03:33:36PM +0100, Michael Parkinson wrote:
Dear All,
Currently implementing a number of modifications to our internal security
policies and one addition I am attempting to add is the full logging of
user
Yes,
It's somewhat of a new bug that spawned from the media service advisory on
user enumeration via a timing issue if OpenSSH is compiled with PAM support.
It's not a remote root per say, but mainly an enumeration weakness.
By applying 'nodelay' option for pam_unix.so, this 'feature' is
While that is an option, it's probably unfeasable for his wantings. (Unless
he's the only one connecting to the server).
Anyway a simple stunnel portfoward will do the trick.
WebServer listens on port 80 locally.
stunnel -r 127.0.0.1:80 -d 443
*Note: A valid server certificate and private key
Hi Dale,
Stress testing networks can be quite tedious depending on what type of 'real
simulation' you have to abide by.
If you have a budget take a look at an appliance called 'Flame Thrower' I
forget who the vendor is ATM, but it was complete in regaurds to stress
testing IDS's. We used it
tar up your /proc/ directory
to save a copy of your kcore - it should have useful information unless he
managed to zero out all the memory that was being utilized during the break
in.
turn the box off but make sure it don't delete crap, watch out for logic bombs
or what not.
remove the disk
http://www.coresecurity.com/common/showdoc.php?idx=313idxseccion=10
This went accross several lists a few days ago, I'm forwarding it in case
anyone missed it.
--
--
Orlando Padilla
http://www.g0thead.com/xbud.asc
--
On Wednesday 19 March 2003 09:18, Martynas Domarkas wrote:
Grsecurity patch can limit ordinary user use ptrace. Can it help avoid
ptrace exploit?
Martynas
yes for the most part limiting access to /proc/self/exe breaks the exploit.
On Wednesday 19 March 2003 09:18, Martynas Domarkas wrote:
Grsecurity patch can limit ordinary user use ptrace. Can it help avoid
ptrace exploit?
Martynas
yes for the most part limiting access to /proc/self/exe breaks the exploit.
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
Correct me if I am wrong but is the ptrace vulnerability not a fairly old
one. By old I mean like a
Your situation is pretty vague, but my guess would be iptables rule is
invalid or just not doing what you want it to do . The reason ftp might
still be working through it is because it uses a high port to do the actual
file transfer.
test your rule with something other than ft protocol nc
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
Hello,
We are running a Debian (potato) box with Samba as PDC for user
authentication and file server for W2k LAN clients. Recently one of our
notebooks was stolen. As I can identify all the users who have ever logged
in via that
On Wednesday 29 May 2002 04:38 pm, Rauno Linnam?e wrote:
On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
Hello,
We are running a Debian (potato) box with Samba as PDC for user
authentication and file server for W2k LAN
On Wednesday 29 May 2002 11:30 am, Rishi L Khan wrote:
I looked into shorewall. It doesn't support ipchains, but seawall does.
Would you suggest updating to iptables or using seawall?
Do you think that Linux 2.4.x is stable yet? If so, which version?
The kernel overall I believe is
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
Hello,
We are running a Debian (potato) box with Samba as PDC for user
authentication and file server for W2k LAN clients. Recently one of our
notebooks was stolen. As I can identify all the users who have ever logged
in via that
On Wednesday 29 May 2002 04:38 pm, Rauno Linnam?e wrote:
On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
Hello,
We are running a Debian (potato) box with Samba as PDC for user
authentication and file server for W2k LAN
at this very moment in time yes.. if your zlib is up to date..
there is currently no working exploit for this bug.. but one will popup
sooner or later.
-xbud
On Tuesday 12 March 2002 02:19 pm, Martin Hermanowski wrote:
On bugtraq I read something about openssh being vulnerable to the
doube
at this very moment in time yes.. if your zlib is up to date..
there is currently no working exploit for this bug.. but one will popup
sooner or later.
-xbud
On Tuesday 12 March 2002 02:19 pm, Martin Hermanowski wrote:
On bugtraq I read something about openssh being vulnerable to the
doube
Not sure if this made to this list.
I haven't confirmed the following, but thought it was worth forwarding.
-xbud
-- Forwarded Message --
Subject: Exim 3.34 and lower (fwd)
Date: Wed, 13 Feb 2002 11:19:49 -0700 (MST)
From: Dave Ahmad [EMAIL PROTECTED]
To: [EMAIL PROTECTED
Not sure if this made to this list.
I haven't confirmed the following, but thought it was worth forwarding.
-xbud
-- Forwarded Message --
Subject: Exim 3.34 and lower (fwd)
Date: Wed, 13 Feb 2002 11:19:49 -0700 (MST)
From: Dave Ahmad [EMAIL PROTECTED]
To: bugtraq
this might not be the solution you are
looking for.
-xbud
On Thursday 27 December 2001 09:27 am, Pedro Zorzenon Neto wrote:
Hi Friends,
I am developing a software to provide access control to users of a
network.
The gateway has ipchains rules to DENY packets from all 192.168.0.0/16
hosts
there.
g'luck
-xbud
'Nicely' probably isn't a prefered word but you
all know what I mean.
Here are some numbers.
- Snip
-
xbud@natas:~$ cat
/var/log/boa/access_log | grep /default.ida | cut -f1-4 -d ' '
bla.bla.bla.bla
- - [19/Jul/2001:16:18:23bla.bla.bla.bla - - [19/Jul/2001:16:48
it gets lengthy
and the IPs are blocked for obvious reasons, I also noticed none of the IP's
were duplicates.
Note all of them are in one day time span... =)
I contacted as many of the Company's I could using their IP
block.
- xbud
somewhere.
If the values on your box are set to 0... let them be. Unless you are
running a routed daemon and need to route mc addressed frames.
-xbud
-Original Message-
From: Vineet Kumar [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Tuesday, July 17, 2001 12:56 AM
Subject: Re
somewhere.
If the values on your box are set to 0... let them be. Unless you are
running a routed daemon and need to route mc addressed frames.
-xbud
-Original Message-
From: Vineet Kumar [EMAIL PROTECTED]
To: debian-security@lists.debian.org debian-security@lists.debian.org
Date: Tuesday, July
28 matches
Mail list logo