May 15, 2007
>
Nice work on getting this out. Is sarge going to get an update, is it
even affected? I've looked into CVE-2007-2444, and
http://www.securityfocus.com/bid/23974/ says that the version in sarge
is affected.
--
Geoff Crompton
Debian System Adm
ne day more or less doesn't really matter. So far, Debian security
> updates predated widespread (semi-)automated exploits by weeks.
>
>
I'm also wondering if security.debian.org has enough resources for every
single debian box on the planet checking it every X minutes.
--
Geo
the size allowed plenty of time for the
chunks to get distributed well through out the network.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
This bug has been closed for unstable (see bug 350964) with the 4.6
upload, but will it be fixed for sarge?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
requiredpam_unix.so nullok obscure min=4 max=8
md5 try_first_pass
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
) this problem has been fixed in
> version 0.9.4-1woody14.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 0.10.10-2sarge3.
>
Looks like a typo, this last line should be:
version 0.10.10-2sarge4
--
Geoff Crompton
Debian System Administrator
Strate
t;I would agree with that idea. In fact, I've just lodged a bug report
>>along those lines. Bug #341308.
>
>
> Thank you, Geoff!
No worries. Jonas has already responded to the bug, he sounds in favour
of it. I'm sure he'd appreciate patch suggestions on imple
/www.debian-administration.org/articles/85
>
> I keep meaning to file a very polite bug with Debian maintainer Jonas
> Smedegaard, suggesting that static-page mode be the default since
> upstream's CGI default is (in my opinion) too risky, but I haven't done
> that y
Anyone know if clamav is vulnerable to the magic byte detection evasion
issue discussed at http://www.securityfocus.com/bid/15189?
Or alternatively, can anyone work out if it is vulnerable?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email
identify in the code where the problems are.
Then that person could release more detailed information about the fix
after the embargo ends, which would benefit all other distributions in a
similar position.
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of &qu
ou to spend the time necessary to see if you can identify how
the attacker broke in. Otherwise you will find that after reinstalling,
the attack will occur again. As Christoph mentioned, the logs are a good
place to start.
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a sub
Does anyone know if apache 1.3 is affected by the issue mentioned at
http://www.securityfocus.com/bid/12877
Also, anyone know how Debian stands with this?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On http://merkel.debian.org/~joeyh/testing-security.html this CAN is
listed, as waiting for a 2.4.27-9 to fix this issue. The securityfocus
article says that this is a 2.6.8 issue.
Does anyone know if a fix for this has made it into a 2.6.8 debian kernel?
--
Geoff Crompton
Debian System
Similarly to my last email, is Debian's apache affected by this? Further
details on http://www.securityfocus.com/bid/9921.
Debian is listed as being vulnerable. It's a DoS involving a connection
to a little used port.
I've not found a correspondind DSA.
--
Geoff Crompto
x27;t find a
DSA that corresponds to CAN-2003-0020.
Does anyone know if Debian is vulnerable or fixed?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-0710, CAN-2005-0711
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
://www.securityfocus.com/bid/12767.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
the
packet.
I have not investigated but think the kernel but think it would reliably
respond and 99.99% of attackers would not realised they had been
exposed.
Assuming that the promiscuous machine has arp spoofed that mac address,
so that the switch will pass the packet down that port.
--
Geoff
http://www.securityfocus.com/bid/12575
Libasound 1.0.6 has a vulnerability. The sarge and sid versions are
newer, and the woody version is much older. Anyone know if woody is
affected?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to
Are the kernel team aware of http://www.securityfocus.com/bid/12555, a
bunch of vulnerablities in 2.6 kernels prior to 2.6.11-rc2.
Or more generally, are these being tracked? And if so, by whom, and I
should I keep asking them specifically rather than posting to
debian-security?
--
Geoff
Geoff Crompton wrote:
I haven't seen a DSA for kdelibs, according to:
http://www.securityfocus.com/bid/12525
version 3.3.2 is vulnerable to a local file overwriting issue.
Woody's clean, anyone know if the sid and sarge packages are affected?
KDE is tracking the bug.
http://bu
I haven't seen a DSA for kdelibs, according to:
http://www.securityfocus.com/bid/12525
version 3.3.2 is vulnerable to a local file overwriting issue.
Woody's clean, anyone know if the sid and sarge packages are affected?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3
SecurityFocuse newsletter #286 lists some bind issues:
http://www.securityfocus.com/bid/12364
CAN-2005-0033
http://www.securityfocus.com/bid/12365
CAN-2005-0034
Anyone know how Debian stands with these?
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To
Anyone know if gs-gpl is affected by the issues mentioned at
http://www.securityfocus.com/bid/12327?
(Asstute readers will realise that I'm going through the securityfocuse
newsletter #285.)
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE,
Anyone know if any Debian kernels are vulnerable to CAN-2004-1237?
Apparently it was originally just thought to be a redhat thing, but
bugtraq recently said it was also found in suse.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL
Has there been a DSA for apache, in relation to the securityfocus
bugtraqID #12308?
http://www.securityfocus.com/bid/12308
Cheers
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
em is not important, you might not bother re-installing
it. However in my (fairly recent experience), it was _easier_ to
reinstall than it was to check all those things.
--
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Hi,
Has there been any DSA released for CAN-2004-0930, an Input
Vulnerability in Samba, 3.0 to 3.0.7.
Ta
--
Geoff Crompton
Debian System Administrator
StrategicData
+61-3-9348-2013
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
someone will eventually say "Hey, that really has
been fixed, even though the Debian Testing Security team said it wasn't".
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
that this team would start auditing all Debian
packages, nor proposing policy about security issues to try and satisfy
everybodies different ideas on security. I'm sure that might occur to
some degree as an aside, but I doubt that is the main focus of what Joey
is proposing.
Geoff Cro
ine gets TCP packets from 192.168.5.2 when it was expecting them to
come back from 200.210.101.37. Hence the 192.168.5.x machine rejects
them, probably sending an ICMP packet back to 192.168.5.2 indicating an
error. Use of a packet sniffing program will tell you if this is occuring.
Geof
martin f krafft wrote:
> also sprach Geoff <[EMAIL PROTECTED]>
[2004.08.23.0134 +0200]:
Is it possible on a gpg key server to mark a key as invalid, with
out access to the private key?
Yes, by removing it from the keyring.
The question is how one would continuously QA the developers..
martin f krafft wrote:
> Debian did not have package signatures for years, and it's been
rarely a problem. Now we are going to add them, but the sole effect
is that of a false security feeling. To me, APT 0.6 is snake oil,
which is *not* an offence to the guys behind apt-secure. It's
a criticism o
internal client because of this. However the internal client
is expecting packets to come back from the external IP address, so it
drops the packets.
Geoff
On Fri, Nov 28, 2003 at 10:21:44PM -0600, Hanasaki JiJi wrote:
> i have a firewwall with 2 nics .. its running iptables. the outside
&g
internal client because of this. However the internal client
is expecting packets to come back from the external IP address, so it
drops the packets.
Geoff
On Fri, Nov 28, 2003 at 10:21:44PM -0600, Hanasaki JiJi wrote:
> i have a firewwall with 2 nics .. its running iptables. the outside
&g
r gets the normal password prompt though, and no
opie information to tell them what password they are upto.
Geoff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Aug 08, 2003 at 11:58:45AM -0500, Greg Norris wrote:
> On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> > I have succesfully configued sshd to allow opie logons, without
> > disabling PrivSep, by configuring pam to use the libpam-opie
> > module f
On Fri, Aug 08, 2003 at 11:58:45AM -0500, Greg Norris wrote:
> On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> > I have succesfully configued sshd to allow opie logons, without
> > disabling PrivSep, by configuring pam to use the libpam-opie
> > module f
r gets the normal password prompt though, and no
opie information to tell them what password they are upto.
Geoff
ar needs, so that a
> client cannot (initially, at least) break it.
>
I suppose if you used a BSD system, you could do this kernel modification
and not have to provide the source. The userland side of the system is
going to be very similar.
Geoff Crompton
--
To UNSUBSCRIBE, email to
ar needs, so that a
> client cannot (initially, at least) break it.
>
I suppose if you used a BSD system, you could do this kernel modification
and not have to provide the source. The userland side of the system is
going to be very similar.
Geoff Crompton
-p udp -m udp --dport 1024 -m limit --limit
20/hour -j ULOG --ulog-prefix BPA
(Checking with iptables-save -c reveals that the rule has been getting
matches).
Geoff Crompton
;s my problem. Any good solutions out there? I'm stuck with this
> :-((
>
Try ipac-ng:
Description: IP Accounting for iptables( kernel >=2.4)
Can do accounting on any iptable rule (as I understand it). iptables
have the capability to match on owner:
iptables -A INPUT -m owner --uid-owner 2
Cheers
Geoff Crompton
-p udp -m udp --dport 1024 -m limit --limit 20/hour -j
ULOG --ulog-prefix BPA
(Checking with iptables-save -c reveals that the rule has been getting
matches).
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
;s my problem. Any good solutions out there? I'm stuck with this
> :-((
>
Try ipac-ng:
Description: IP Accounting for iptables( kernel >=2.4)
Can do accounting on any iptable rule (as I understand it). iptables
have the capability to match on owner:
iptables -A INPUT -
f
this virus, in an active 'watch the symptoms of an infection' way.
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Geoff Crompton
f
this virus, in an active 'watch the symptoms of an infection' way.
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
them
Each of these actions are supposedly for the benefit of the owner. But
you don't know if they are really going to appreciate them.
Cheers
Geoff
On Thu, Sep 12, 2002 at 11:14:37PM -0300, Peter Cordes wrote:
e for spam.
(Unless there was some sort of hashcash thing used that I read about on
./)
Cheers
Geoff
has the right to do such
> things. It would be for the good of the net! They could be a part of the
> ICANN or UNO or whoever.
>
> Marcel
Sounds like such an organization would be ripe for misuse by power
hungry politicians/diplomats/whatever-you-call-them-power-hungry-people
Geoff Crompton
n
> (woody) package contains that patch (though it does add AES, and x.509
> certificate support).
Were both ends dynamic IP addresses? And freeswan automatically looks
up the domain names upon reconnections?
Thanks for clarifying
Geoff
try and
establish the connection. You might have to go as far as dynamically
generating a config file and restarting freeswan. (If you were going
to use freeswan).
If you work out a solution, I would be interested in knowing. There is
a chance that I might have to implement something similar in a few
months.
Cheers
Geoff
rds to supporting DES (they
don't support it), as they believe that the inclusion of
single DES in the IPSec standards weakeness IPSec too much. So you
might have to do a fair bit of hunting around for a patch to FreeSwan
so that it supports single DES.
Geoff
On Fri, 21 Jun 2002 00:36, Olaf Meeuwissen wrote:
> Geoff Crompton <[EMAIL PROTECTED]> writes:
> > On Thu, 20 Jun 2002 23:22, Olaf Meeuwissen wrote:
> > > (wait for official release updates) and then just s/potato/stable/g.
> > > Note that non-US is being phased o
.
Cheers
Geoff Crompton
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian was
our first preference when we selected our distro, but IBM don't support
DB2 on Debian, so we had to go for SuSE instead.
Geoff.
>2cents anyway. --gabe
There may be issues with application support - for instance, Debian was
our first preference when we selected our distro, but IBM don't support
DB2 on Debian, so we had to go for SuSE instead.
Geoff.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
57 matches
Mail list logo
