Postgres buffer overflow in stable .

2002-09-10 Thread Jean-Francois Dive
Hello all, The bug 155419 opened 37 days old point to a serious security issue with postgres as i can lead to DOS from local users or worst, make non-serious SQL / perl / php bugs worst (from non exploitable to DOS capable). As far as i can see, Oliver tried to upload 7.2.2-X in woody and i su

Re: [OT] AW: Printing ?

2002-09-10 Thread Marcel Welschbillig
Thanks to those who replied. I now have somewhere to start :) Marcel On Tue, 2002-09-10 at 16:16, Ralf Dreibrodt wrote: > Hi, > > > > Sorry i know this is off topic but dose anyone know where theres a good > > > HOW-TO on Seting up SAMBA as a print server ?? > > there is an online book from ore

RE: "suspicious" apache log entries

2002-09-10 Thread Daniel J. Rychlik
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'nod', agreed Geoff. Sincerely, Daniel J. Rychlik " Money does not make the world go round , Gravity does ." - -Original Message- From: Geoff Crompton [mailto:[EMAIL PROTECTED] On Behalf Of Geoff Crompton Sent: Tuesday, September 10, 20

Re: "suspicious" apache log entries

2002-09-10 Thread Geoff Crompton
On Tue, Sep 10, 2002 at 12:43:10PM +0300, Marcel Weber wrote: > Well, but you're right: This is a beautyful tool on a companies network. But > if used on the internet, there could be legal issues. Why not introduce an > official "Internet Security Team" that officially has the right to do such > th

Re: "suspicious" apache log entries

2002-09-10 Thread Vineet Kumar
* Erik Rossen ([EMAIL PROTECTED]) [020910 04:51]: > On Tue, Sep 10, 2002 at 03:28:42AM -0700, Vineet Kumar wrote: > > As the law is concerned, this is like telling people they've left their > > front door unlocked by inviting yourself in and taking a dump on their > > couch. It's not yours, and yo

Re: "suspicious" apache log entries

2002-09-10 Thread Rolf Kutz
* Quoting Erik Rossen ([EMAIL PROTECTED]): > Imagine instead a car that is always unlocked and is used nightly by > hooligans when they go joy-riding. That's why leaving a car unlocked is illegal in Germany. On the other hand, you still need the key to start it and a hooligan wouldn't mind brakin

Re: "suspicious" apache log entries

2002-09-10 Thread Carlos Ollero Serrano
Hello! I have done a script against nimda and other undesiderable access to my server, http://ainulindale.homeunix.org/~carlos/scripts/cortafuegos/ Whath do you think about that? best regards: Carlos > Has anyone seen some Anti-Nimda/Code Red beside > http://www.eye-net.com.au/csmall/myscrip

Re: "suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi. Doug Winter wrote: It claimed that the HTTP libraries used by Nimda and Code Red were generic, and could be fooled by sending a redirect response like: Location: http://127.0.0.1/ Nice idea. Would it be enough to redirect them to the localhost-ip, or should the URI of the original request

Re: AW: "suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi Marcel. Marcel Weber wrote: Why not introduce an official "Internet Security Team" that officially has the right to do such things. It would be for the good of the net! They could be a part of the ICANN or UNO or whoever. I don't think this would be successful. It's a great idea, no doubt

Re: "suspicious" apache log entries

2002-09-10 Thread Erik Rossen
On Tue, Sep 10, 2002 at 03:28:42AM -0700, Vineet Kumar wrote: > * Michael Renzmann ([EMAIL PROTECTED]) [020910 03:12]: > > Hi. > > > > Vineet Kumar wrote: > > >>Phillip Hofmeister stated that one could use the Nimda backdoor on the > > >>server that connects our server to setup a warning message

Re: "suspicious" apache log entries

2002-09-10 Thread Jamie Heilman
Jamie Heilman wrote: > > [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > > erroneous characters after protocol string: CONNECT > > mailb.microsoft.com:25 / HTTP/1.0 > > open proxy probe, standard Internet crapola, > http://www.monkeys.com/security/proxies/ Hmm, ok it a

Re: "suspicious" apache log entries

2002-09-10 Thread Jamie Heilman
> [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > erroneous characters after protocol string: CONNECT > mailb.microsoft.com:25 / HTTP/1.0 open proxy probe, standard Internet crapola, http://www.monkeys.com/security/proxies/

Re: "suspicious" apache log entries

2002-09-10 Thread Doug Winter
On Tue 10 Sep Marcel Weber wrote: > So a little program called "Silver bullet" got developed. I think it > run even on Linux. When a backdoored server tried to contact the > silver bullet server, it got "shot down" by this script using nimda's > backdoor. I window popped up on the attacking machine

AW: "suspicious" apache log entries

2002-09-10 Thread Marcel Weber
Hi Phillip Hofmeister is right. This tool exists. We used this at our companies network (a bigger one, some 100'000 users ;-). All those Frontpage or I don't know what the hell they're using users with iis and nimda on it, were difficult to track down. Of course we tried to warn them before imple

Re: "suspicious" apache log entries

2002-09-10 Thread Vineet Kumar
* Michael Renzmann ([EMAIL PROTECTED]) [020910 03:12]: > Hi. > > Vineet Kumar wrote: > >>Phillip Hofmeister stated that one could use the Nimda backdoor on the > >>server that connects our server to setup a warning message on the > >>attacking computer's desktop. > >If you do, be prepared to go

Re: "suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi. Vineet Kumar wrote: Phillip Hofmeister stated that one could use the Nimda backdoor on the server that connects our server to setup a warning message on the attacking computer's desktop. If you do, be prepared to go to jail... For what reason? For telling stupid webserver administrators

Re: "suspicious" apache log entries

2002-09-10 Thread Vineet Kumar
* Michael Renzmann ([EMAIL PROTECTED]) [020910 02:55]: > Phillip Hofmeister stated that one could use the Nimda backdoor on the > server that connects our server to setup a warning message on the > attacking computer's desktop. I think this is a great idea, but I have > not been able to track do

Re: "suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi Andreas. Andreas Syksa wrote: > I've seen tons of ../script/ and ../cmd.exe's as I've got several > machines with fixed ips. I also received quite a lot of those requests, although our server is not "official" by now, has no domain name (besides an "work-around" solution using dyndns during

Re: "suspicious" apache log entries

2002-09-10 Thread Andreas Syksa
Hello Debians, - Original Message - From: "Michael Renzmann" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 10, 2002 8:35 AM Subject: "suspicious" apache log entries > [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > erroneous characters after protocol string:

Re: [OT] AW: Printing ?

2002-09-10 Thread Ralf Dreibrodt
Hi, > > Sorry i know this is off topic but dose anyone know where theres a good > > HOW-TO on Seting up SAMBA as a print server ?? there is an online book from oreilly: http://www.oreilly.com/catalog/samba/chapter/book/index.html Viele Gruesse Ralf Dreibrodt -- Mesos Telefon 49 221 963

Re: "suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi Anne. Anne Carasik wrote: Sounds like Code Red. We get a lot of these too, and the Microsoft attacks don't do much to an Apache server :) Ok, thanks for the info. I guess I didn't saw this one by now because Code Red seems to die more and more, right? :) Bye, Mike

Re: "suspicious" apache log entries

2002-09-10 Thread Anne Carasik
Sounds like Code Red. We get a lot of these too, and the Microsoft attacks don't do much to an Apache server :) -Anne This one time, Michael Renzmann wrote: > Hi all. > > While digging through the error.log of my apache I found two lines that > seem to hint toward a new (?) worm. I saw the firs

"suspicious" apache log entries

2002-09-10 Thread Michael Renzmann
Hi all. While digging through the error.log of my apache I found two lines that seem to hint toward a new (?) worm. I saw the first one some days ago, too: [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: erroneous characters after protocol string: CONNECT mailb.micros