Re: SSL proxy server

2003-05-05 Thread xbud
While that is an option, it's probably unfeasable for his wantings. (Unless he's the only one connecting to the server). Anyway a simple stunnel portfoward will do the trick. WebServer listens on port 80 locally. stunnel -r 127.0.0.1:80 -d 443 *Note: A valid server certificate and private key

bug #80888: dnrd: Multiple buffer overflows

2003-05-05 Thread Drew Scott Daniels
Sorry for the crosspost, but I wanted to include everyone potentially interested in this bug. The home page for dnrd [1] seems to indicate that it is intended for use for a single computer or an internal network. The typical user will likely only want to allow input to dnrd from trusted sources [2

Re: SSL proxy server

2003-05-05 Thread Dariush Pietrzak
> > solution that I am thinking of (and prefer) is setting up a proxy > > apache-ssl server on the same machine (or another machine on the same > > DMZ) so that SSL communication is conducted with the proxy across the > > firewall and unecrypted traffic is confined in the DMZ. Is that And then

Re: Can't fmirror security.debian.org

2003-05-05 Thread Mike Dresser
On Mon, 5 May 2003 [EMAIL PROTECTED] wrote: > $ rsync -avz security.debian.org::debian-security . > rsync: read error: Connection reset by peer > rsync error: error in rsync protocol data stream (code 12) at io.c(162) Works fine here, you might want to check your firewall logs to see if you're be

Re: Can't fmirror security.debian.org

2003-05-05 Thread Phillip
On Mon, 05 May 2003 at 01:02:35PM -0400, [EMAIL PROTECTED] wrote: > I already tried that, but I can't get rsync to work: > > $ rsync -avz security.debian.org::debian-security . > rsync: read error: Connection reset by peer > rsync error: error in rsync protocol data stream (code 12) at io.c(162)

Re: Can't fmirror security.debian.org

2003-05-05 Thread kynn
X-Original-To: [EMAIL PROTECTED] Date: Mon, 5 May 2003 12:33:58 -0400 From: Phillip Hofmeister <[EMAIL PROTECTED]> Cc: debian-security@lists.debian.org Mail-Followup-To: [EMAIL PROTECTED], debian-security@lists.debian.org Content-Disposition: inline --BOKacYhQ+x31HxR3 Co

Fwd: What is this???

2003-05-05 Thread Thomas Ritter
Hi all, I got this: Security Violations =-=-=-=-=-=-=-=-=-= May 5 17:32:02 hammer kernel: KERNEL: assertion (newsk->state != TCP_SYN_RECV) failed at tcp.c(2229) May 5 17:32:02 hammer kernel: KERNEL: assertion ((1

Re: Can't fmirror security.debian.org

2003-05-05 Thread Phillip Hofmeister
On Mon, 05 May 2003 at 11:57:53AM -0400, [EMAIL PROTECTED] wrote: > I have no problem ftp'ing to security.debian.org anonymously, but all > my attempts to fmirror a directory there fail with > > $ fmirror -f ~/security.fmirror > 11:38:51 Connecting to security.debian.org... > 11:38:51 Connec

Re: SSL proxy server

2003-05-05 Thread Douglas Blood
Why don't you just ssh with port forwarding and only have the webserver listen locally? This will encrypt all the traffic and you wouldn't have to worry as much about secureity holes in the web server. Douglas Blood - Original Message - From: "Costas Magos" <[EMAIL PROTECTED]> To: Cc: <

Re: SSL proxy server

2003-05-05 Thread Christoph Moench-Tegeder
## Costas Magos ([EMAIL PROTECTED]): > Is it possible to create an SSL tunnel using stunnel or something > similar to protect the web transactions? Yes, you can use stunnel here; setup is similar as for imap-ssl et.al. > Another > solution that I am thinking of (and prefer) is setting up a pro

Can't fmirror security.debian.org

2003-05-05 Thread kynn
I have no problem ftp'ing to security.debian.org anonymously, but all my attempts to fmirror a directory there fail with $ fmirror -f ~/security.fmirror 11:38:51 Connecting to security.debian.org... 11:38:51 Connected. 11:39:52 Dir listing failed, exiting. (425 Failed to establish conne

SSL proxy server

2003-05-05 Thread Costas Magos
Hello all, My new problem is not exactly debian-related but is surely security-related :-) Anyway, I need desperately your security expertise so here it goes: I am running a proprietary tacacs+ server that comes bundled with its own web server used as management interface. The web server is

Re: JRE & JDK <1.4.1_02 vulnerable?

2003-05-05 Thread Javier Fernández-Sanguino Peña
On Fri, May 02, 2003 at 02:13:08PM -0500, Drew Scott Daniels wrote: > http://www.securityfocus.com/bid/7109 says Sun's JRE and Java SDKs versions > less than 1.4.1_02 are vulnerable as well as IBM's JDK. > > The BID seems to indicate the vulnerability is in java.util.zip > > I'm not sure which ve

[OT] TCP/IP and OSI (Was: Re: MAC-based ssh)

2003-05-05 Thread Phillip Hofmeister
On Fri, 02 May 2003 at 06:20:58PM +0200, Peter Ondraska wrote: > Doesn't TCP/IP have only at most 4 layers? In the OSI model there are 7 Layers. TCP/IP takes up only two of them (3 & 4). Layer 1 - Physical - Cat5, Fiber, etc. Layer 2 - Datalink - Ethernet, FDDI, etc. Layer 3 - Network - IP, IPX,

subscribe

2003-05-05 Thread Slawomir Gruca

Re: Woody security updates

2003-05-05 Thread Matthias Faulstich
Hi! Am Freitag, 2. Mai 2003 10:45 schrieb Jean Christophe ANDRÉ : > Hi .*, > > > Matthias Faulstich <[EMAIL PROTECTED]> wrote: > > > Does this jigdo - file load the latest security updates or are there > > > any other places to download / create CD-Images? > > Paul Hink écrivait : > > AFAIK no. I