On Wed, 2003-08-13 at 00:20, Adam Majer wrote:
> So, now I don't run a Debian kernel at all - only a monolithic
> (no modules) kernel
This doesn't provide very much security. For example:
http://www.phrack.org/show.php?p=58&a=7
Quoting Boyd Moore ([EMAIL PROTECTED]):
> Well I did have rlogin, that is it points to netkit-rlogin. I finally
> got rsh to work by commenting out the ALL: PARANOID line in
> hosts.deny. I thought that the hosts.allow overrode the hosts.deny,
> but apparently they have reversed the priority.
On Thu, Aug 07, 2003 at 10:55:16PM -0700, Mark Ferlatte wrote:
> Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
> > I tried to set this up again recently on another machine, and found that
> > privelege separation breaks this functionality. Does anyone know of a
> > workaround to
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
> I tried to set this up again recently on another machine, and found that
> privelege separation breaks this functionality. Does anyone know of a
> workaround to provide similar functionality?
I think you have to turn off PrivSep to
On Wed, 2003-08-13 at 21:00, valerian wrote:
> Well capabilities are only one of the things that grsec implements. You
> can also restrict a process to access various parts of the filesystem.
> There's no reason /usr/sbin/apache should have write access to /etc, so
> you just don't allow it.
Rig
On Sun, Aug 10, 2003 at 01:27:50PM +0200, Gian Piero Carrubba wrote:
> can anyone explain me the DSA-361-2? Does it mean that the
> vulnerabilities reported were already addressed in woody in version
> 2.2.2-6woody2 ?
>
> I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
>
Am Son, 2003-08-10 um 12.26 schrieb Fallen Angel:
> hi,
>
> my config:
> debian stable 3.0r1
> postfix
> qpopper
>
> I have a small problem:
>
> my smtp after pop3 configuration works fine, no open relay possible, but
> the authentificated users can fake their own e-mail address.
>
> How can
schedule accommodated cricket schoolmaster technical tames scrub mile polarograph maxima pleases cower adumbrated saturated bluish scops cotillion scatter crosswords huh cranelike bombarded exhume terminators coverlet expelled crafted crates andersen polariscope $RANDO
MIZE screwbean seater crouch
On Wed, 2003-08-13 at 18:39, valerian wrote:
>
> grsec handles this by allowing you to restrict Linux capabilities for a
> process. For example, there's no reason /usr/sbin/apache should have
> access to CAP_SYS_ADMIN (allows mount/umount, amongst other things) or
> CAP_SYS_PTRACE (run ptrace) o
On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
> Why? Because SELinux doesn't solely associate security with executable
> pathnames. If someone takes over control of the apache process via a
> buffer overflow or whatever, they don't need /bin/ls to list a
> directory; they can just
On Thu, Aug 14, 2003 at 09:57:26AM -0400, Todd Charron wrote:
> I'm using the latest 2.4.18 kernel in woody (came out very recently). I was
> wondering if anyone else was running into this problem and perhaps knew a way
> around it? Thanks,
The Debian kernel contains patches not present in th
On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
> Hi,
>
> Thanks. I forgot to mantion that i am subscribed to
> debian-security-announce as well (ofcourse ;)). As far as the kernel
> updates are concerned: i use my own kernel. At this moment that's 2.4.21
> with Alan Cox' patches
Hi all,
can anyone explain me the DSA-361-2?
Does it mean that the vulnerabilities reported were already addressed in
woody in version 2.2.2-6woody2 ?
I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
released in december 2001, so i've to assume fake vulnerabilities (CAN
200
On Fri, Aug 01, 2003 at 01:03:46PM +0200, [EMAIL PROTECTED] wrote:
> If you can read Dutch you can use my pages right now [1]. They explain
> all this in excruciating detail. OpenSSH and SSH.com interoperability
> and setting up ssh-agent are explained too. Some scripts are provided to
> automate a
Hello, using debian kernel 2.4.18-11 on some servers, after "ps ax"
command at the end of input I noticed "Segmentation fault" message.
"strace ps ax" gave:
open("/proc/1048/environ", O_RDONLY)= 7
read(7,
+++ killed by SIGSEGV +++
Is it unsuccesfull patch for
http://cve.mitre.org/cgi-bin/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thu, Aug 07, 2003 at 08:05:05AM -0700, Boyd Moore wrote:
>
> Well I did have rlogin, that is it points to netkit-rlogin. I finally
> got rsh to work by commenting out the ALL: PARANOID line in
> hosts.deny.
You should put ALL: ALL in hosts.deny, and fix hosts.allow to allow what
you want ins
On Mon, Aug 11, 2003 at 12:22:13PM +0200, Gian Piero Carrubba wrote:
> Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
>
> > > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
> > > released in december 2001
> >
> > 2.2.2-6woody2 is a later version than 2.2.2-6.
On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
> It actually does a very good job of stopping any kind of "stack-smashing"
> attack dead in its tracks (both the stack and heap are marked as
> non-executable). That takes care of most vulnerabilities, both known and
> unknown.
No, it re
*** REPLY SEPARATOR ***
On 12.08.2003 at 23:20 Adam Majer wrote:
>On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote:
>> Hi,
>>
>> Thanks. I forgot to mantion that i am subscribed to
>> debian-security-announce as well (ofcourse ;)). As far as the kernel
>> updates
A few thoughts on potenital problems:
Thijs Welman wrote:
Unfortunately i don't have the resources to get an IDS system up and
running...
A bare-bones IDS isn't all thet extreme to build, especially if you are
only interested in a single network. Debian stable + snort source
package from unstab
On Tue, 12 Aug 2003, [iso-8859-1] Aníbal Monsalve Salazar wrote:
> What's the URL of the English version?
It took me a bit longer than I had expected, but I just finished the
translation. You can read it here:
http://huizen.dto.tudelft.nl/devries/security/ssh2_pubkey_auth_config.html
Grx HdV
Hi,
After all this discussion about the grsecurity patch I thought I'd try it
out. Unfortunately every time I try and get the patch to apply it always
fails regardless of the system I run it on (see below for output). I've
tried using the grsecurity patch in woody as well as the latest one
On Wed, 2003-08-13 at 00:20, Adam Majer wrote:
> So, now I don't run a Debian kernel at all - only a monolithic
> (no modules) kernel with grsecurity.net patches. Then I set
> up the ACL system (more or less) so that all of the services
> that can be used to break into the system are quite useless
http://www.cert.org/advisories/CA-2003-21.html
Looks like GNU was root compromised.
Neil
--
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wit
Martynas Domarkas <[EMAIL PROTECTED]> wrote:
> Hello, using debian kernel 2.4.18-11 on some servers, after "ps ax"
> command at the end of input I noticed "Segmentation fault" message.
>
> "strace ps ax" gave:
>
> open("/proc/1048/environ", O_RDONLY)= 7
> read(7,
> +++ killed by SIGSEGV ++
On Wed, 06 Aug 2003 16:01:39 +0200, Thijs Welman <[EMAIL PROTECTED]>
wrote:
>
>My loganalyzer showed four "Did not receive identification string from
>w.x.y.z" logentries from sshd. This happens all the time and i certainly
>don't check all of them out, but i happen to do so this time.
That's pro
Hugo Kazumi Kavamura
20 Anos / Solteiro / Brasileiro
Objetivo
Atuar na área de informática / web / suporte / comunicação
Contatos:
E-mail : [EMAIL PROTECTED]
Telefone : (11) 6331-0765 (11) 9898-1262
Formação:
- UniFAI - Faculdade Ipiranga
Cursando 2 º semestre de Engenharia da computação
Conhe
On Fri, Aug 08, 2003 at 01:36:06AM -0400, Bradley Alexander wrote:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to provide similar functionality?
Short answer: use a newer version of ssh.
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
> All packages are unmodified releases from Debian stable and, yes, i do
> update packes from security.debian.org as soon as there are any updates. :)
If you don't also subscribe to debian-security-announce, then you are
missing import
On Sun, 10 Aug 2003 at 10:26:16 +, Fallen Angel wrote:
>
> my config:
> debian stable 3.0r1
> postfix
> qpopper
>
> I have a small problem:
>
> my smtp after pop3 configuration works fine, no open relay possible, but
> the authentificated users can fake their own e-mail address.
>
> How
A long time ago, I had Openssh (circa 2.5-ish) set up to work with opie so
that if a user attempted to log in without keys, instead of a pasword
prompt, it would give an opie/skey login prompt.
I tried to set this up again recently on another machine, and found that
privelege separation breaks thi
Hi,
Last sunday, August 3rd 2003, one of my servers was hacked which i, by
coincidence, was able to catch 'in progress'.
My loganalyzer showed four "Did not receive identification string from
w.x.y.z" logentries from sshd. This happens all the time and i certainly
don't check all of them out, but
On Tue, 12 Aug 2003, [iso-8859-1] Aníbal Monsalve Salazar wrote:
> What's the URL of the English version?
Well, I just finished translating the iptables page and hope to have this
one ready at the end of the day. The would be about 18:00 CEST (+0200).
It will be available at
http://huizen.dto.tu
On Thu, 7 Aug 2003, Thijs Welman wrote:
>
> Thanks. I forgot to mantion that i am subscribed to
> debian-security-announce as well (ofcourse ;)). As far as the kernel
> updates are concerned: i use my own kernel. At this moment that's 2.4.21
> with Alan Cox' patches (ac4). Could be there's an exp
On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> I have succesfully configued sshd to allow opie logons, without
> disabling PrivSep, by configuring pam to use the libpam-opie
> module for ssh.
> In this case the user gets the normal password prompt though, and no
> opie inform
This might help:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
On Mon, 2003-08-11 at 13:37, Marcel Weber wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Am Montag, 11.08.03, um 12:59 Uhr (Europe/Zurich) schrieb Tomasz
> Papszun:
> >>
> >
> > If you want to prevent them fr
On Fri, Aug 08, 2003 at 12:52:39PM +0200, Marcin Owsiany wrote:
> On Fri, Aug 08, 2003 at 11:47:09AM +0200, Matteo Vescovi wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Friday 08 August 2003 06:10, Hugo Kavamura wrote:
> > > Hugo Kazumi Kavamura
> > > [...]
> >
> > What
Tarjei Huse wrote:
This might help:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
On Mon, 2003-08-11 at 13:37, Marcel Weber wrote:
Another good thing is the postfix ([EMAIL PROTECTED]) mailing
list. It is quite a high traffic mailing list, but there are very
expirienced people reading it
Il lun, 2003-08-11 alle 02:58, Matt Zimmerman ha scritto:
> > I haven't found 2.2.2-6woody2 in the changelog, however 2.2.2-6 has been
> > released in december 2001
>
> 2.2.2-6woody2 is a later version than 2.2.2-6. 2.2.2-6 has the bugs,
> 2.2.2-6woody2 has the fixes.
2.2.2-6 has been released
On Wed, Aug 13, 2003 at 07:08:59PM -0400, Colin Walters wrote:
> But Linux capabilities are so weak. They won't protect an apache master
> process that runs as root from scribbling over /etc/passwd and giving an
> attacker a new uid 0 shell account, for example. At that point it's
> really game o
Hello,
> Was anyone else logged in at the time? Perhaps one of your admins had a
> weak or compromised password?
Install "johntheripper" if you want to check for weak passwords :D a great program!
Hobbs.
FOR ALL YOUR UNIX/LINUX QUESTIONS, visit: http://unixforum.co.uk
--
_-'`-_-'`-_-'`-_-'
On Thu, Aug 14, 2003 at 09:57:26AM -0400, Todd Charron wrote:
> I'm using the latest 2.4.18 kernel in woody (came out very recently). I was
> wondering if anyone else was running into this problem and perhaps knew a way
> around it? Thanks,
The Debian kernel contains patches not present in th
Hello
On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
> I'm puzzled about how they managed to get those processes running (as
> root). There are no local accounts, other than some accounts for the
> sysadmins. Does anyone have any idea how they might have done this?
Most times, serv
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[EMAIL PROTECTED] (Boyd Moore) wrote in message news:<[EMAIL PROTECTED]>...
> Peter Cordes <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> > On Thu, Jul 31, 2003 at 02:17:46PM -0700, Boyd Moore wrote:
> > > I have two Debian systems behind a Linksys router, with the router
> > >
Which opens up a whole 'nother can of security worms...Is anyone
maintaining opie or s/key? Or for that matter, can something like this
even be worked around?
On Thu, 7 Aug 2003 22:55:16 -0700
Mark Ferlatte <[EMAIL PROTECTED]> wrote:
> Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -04
On Fri, Aug 08, 2003 at 11:47:09AM +0200, Matteo Vescovi wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Friday 08 August 2003 06:10, Hugo Kavamura wrote:
> > Hugo Kazumi Kavamura
> > [...]
>
> What the h.ll does this mean?
Apparently some moron tries to find a job through SPAMmi
I just set up a Debian snort sensor logging to a postgresql database (on
the same host) and noticed that the alerts in the database have
timestamps seven hours earlier than their timestamps in the snort alert
file. The seven hours is interesting because that's my current offset
from GMT -- onl
On Thu, 07 Aug 2003 03:00:12 +0200, Peter Cordes wrote:
> sshd logs IP addresses of connections. Was the IP address for those did
> not receive id connections inside your site, or does it belong to an ISP
> somewhere, or what? If it's a local address, and not a computer lab, that
> might give y
Yes it is fixed in kernel-source 2.4.18-13. However, due to another
issue introduced by the security fix, you should download the latest
kernels from http://auric.debian.org/~herbert/.
Thanks for your answer.
2.4.18-12 works without segfaults. Is something wrong in 2.4.18-12 more?
Is that local
On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
> It actually does a very good job of stopping any kind of "stack-smashing"
> attack dead in its tracks (both the stack and heap are marked as
> non-executable). That takes care of most vulnerabilities, both known and
> unknown.
No, it re
Hi,
After all this discussion about the grsecurity patch I thought I'd try it
out. Unfortunately every time I try and get the patch to apply it always
fails regardless of the system I run it on (see below for output). I've
tried using the grsecurity patch in woody as well as the latest one
Hi,
maybe a legitimate user account combined with a local root exploit have
been used to crack the server. Does this server has any legitimate user
accounts? Are you sure you trust this users? Are you sure they (or you)
don't write their passwords on a piece of paper?
Who has local access to the s
On Wed, 2003-08-13 at 16:02, Colin Walters wrote:
> Let me give an example of how SELinux protects my machine (verbum.org).
> My blog is a Python script (pyblosxom) which runs in a domain called
> httpd_user_script_t.
Oh, and what I forgot to mention about this domain is that it doesn't
have wr
http://www.cert.org/advisories/CA-2003-21.html
Looks like GNU was root compromised.
Neil
--
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5
56 matches
Mail list logo
