http://www.securityfocus.com/bid/7109 says Sun's JRE and Java SDKs versions
less than 1.4.1_02 are vulnerable as well as IBM's JDK.
The BID seems to indicate the vulnerability is in java.util.zip
I'm not sure which versions of Java JRE's and SDKs are in Debian, but it
seems to me that in Contrib
On Fri, 2 May 2003, Wolfgang Sourdeau wrote:
> I am not subscribed to debian-security, so please include me in your Cc:
> for this discussion.
>
Likewise.
> I have noticed a "fax" user was expected in mgetty-1.1.30 (never played
> with 1.1.29). The problem I have with that is that this user is req
On Fri, May 02, 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> My company has created an application that allows remote users to edit
> their DNS-records. This app needs to restart bind on the remote nameservers.
bind never needs to be restarted, use rndc or dns updates with key.
bastian
-
http://serg.cs.drexel.edu/phpnuke/html/modules.php?name=Project&pa=showproject&pid=1
lists Bunch which is an interesting tool to show modularity. I haven't yet
tried it.
Also on this site they link to CoSAK which is an interesting newer
security audit tool set.
Has anyone tried these tools?
On Fri, 2 May 2003, Phillip Hofmeister wrote:
> On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in
> > authorized_keys2. But this seems a little risky, so I was wondering if
> > it was possible to get sshd to on
On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
SSHD cannot do what you
On Thursday 01 May 2003 09:24 am, Adam Lydick wrote:
> Alternatives: (the traditional line printer was already mentioned), any
> sort of write-only media will do the trick (eg: CD-RW). You might have
> to flush batches of log entries to the CD for it to work. I'm not sure
> what min packet size on
Hy,
please consider that amavis and mailscanner are completly different mail
scanners. AFAIK: There is no standard debian package containing amavis
for sendmail, only for postfix.
The error messages in Your log are generated, by mailscanner. I would
say that Your mailscanner expects an other ver
Oliver Hitz wrote:
It is also possible to further restrict this connection. Something
like
command="/etc/init.d/bind restart",from="..." ssh-rsa ...
This does the job. Only I execute 'bind restart' thrue a small C-program
with a suid-bit.
Thanks for the help everybody!
Hans
Hi,
I am not subscribed to debian-security, so please include me in your Cc:
for this discussion.
I have noticed a "fax" user was expected in mgetty-1.1.30 (never played
with 1.1.29). The problem I have with that is that this user is required at
build time (during the make install phase). Anoth
On Fri May 02, 2003 at 02:34:17PM +0200, Oliver Hitz wrote:
> On 02 May 2003, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in
> > authorized_keys2. But this seems a little risky, so I was wondering if
> > it was possible to get sshd to only allow the c
> If the jigdo system was updated once a month (at least), we would be able to
> do most upgrade using CDs, which will be greatly appreciated in developping
> countries (I'm in Vietnam) since the Internet access is still expensive for
> individuals.
It exists a possibility to use apt "offline". Yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday 14 April 2003 21:31, Répási Tibor wrote:
> Hy,
>
> just follow the steps described in /usr/share/sendmail/examples/amavis
> download the lates sources and it works. I've installed it a few weeks
> ago and it is running well. I'm using it with
On 02 May 2003, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
If these remote users always connect from the sa
Danny De Cock wrote:
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
I understand that MAC-adresses can be spoofed, but I thought I would
Kay-Michael Voit wrote:
did you consider just to blockother mac-addresses through iptables?
Yes, but the MAC should just be checked for one specific user.
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh acces
No, just one user with limited ri
DDC> using mac addresses for client authentication seems to me as an extremely
DDC> risky business as a mac address can easily be copied/cloned/spoofed...
DDC> imho, it does not offer any authentication at all...
i under stood it as additional security to certificates or passwords (more like
secu
Hello,
are you really sure, that your dns server and all customers are located
in the same ip subnet? Authentication via the mac address of your
internet router does not seem to be very secure idea... ;)
achim
--
Demokratie beruht auf drei Prinzipien: auf der Freiheit des Gewissens,
auf der Fre
Hans van Leeuwen <[EMAIL PROTECTED]> writes:
> My company has created an application that allows remote users to
> edit their DNS-records. This app needs to restart bind on the remote
> nameservers.
I think this is the wrong solution. A better idea is a cron job on
the nameserver periodically rel
did you consider just to blockother mac-addresses through iptables?
but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh access?
i assume you need to be root for this? how are you going to solve it
over ssh? and how do you prevent users from just shuttin
hi,
using mac addresses for client authentication seems to me as an extremely
risky business as a mac address can easily be copied/cloned/spoofed...
imho, it does not offer any authentication at all...
g.
On Fri, 2 May 2003, Hans van Leeuwen wrote:
> Hello,
>
> My company has created an applica
Hello,
My company has created an application that allows remote users to edit
their DNS-records. This app needs to restart bind on the remote nameservers.
I have decided to do this thrue SSH by putting the client key in
authorized_keys2. But this seems a little risky, so I was wondering if
i
* Drew Scott Daniels ([EMAIL PROTECTED]) [030502 01:20]:
> [...]
There is as far as I can see (only) one important security enhancement
in the newer mgettys, and this is running the fax-out-scripts not
as root. There is no proof that the old mgettys are vulnerable, but
it's never a good idea to ru
Hi .*,
> Matthias Faulstich <[EMAIL PROTECTED]> wrote:
> > Does this jigdo - file load the latest security updates or are there any
> > other
> > places to download / create CD-Images?
Paul Hink écrivait :
> AFAIK no. I think you'll have to apt-get update && apt-get upgrade
> immediatel
24 matches
Mail list logo
