Re: [SECURITY] [DSA 2668-1] linux-2.6 security update

Apologies, hit the wrong reply to! Please ignore and thanks for all the good work. On Tue, May 14, 2013 at 09:15:48PM +0100, Jon Marshall wrote: > Saw this earlier, apparently there is a serious issue that affects all of the > kernels up to 3.8 > > Will do a security thing tomorrow

Re: [SECURITY] [DSA 2668-1] linux-2.6 security update

the ability to assign devices could cause a denial of service due to a > memory page leak. > > CVE-2012-3552 > > Hafid Lin reported an issue in the IP networking subsystem. A remote user > can cause a denial of service (system crash) on servers running > appli

Re: [SECURITY] [DSA 2563-1] viewvc security update

Hi, This DSA was signed with key 0x401DAC04, which is not in any debian-keyring package I can find, nor on pgp.mit.edu. Is this a mistake? Thanks! -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org A

Re: security issues with apache!

tively turning on "safe mode" does this, I believe. -- Jon Dowland http://alcopop.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution

On Tue, Oct 25, 2005 at 05:23:19PM +0200, Martin Schulze wrote: > Package: libgda2 ^^^ > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc ^ Sorry to be a pest :( -

Re: http://security.debian.org - down?

rtunately, it didn't react on the serial console and to a remotely issued power-cycle. The following services are affected by this downtime: security.debian.org The public security archive. As a temporary solution, please switch to <http://ftp.rfc822.org/debian-security/> instea

Re: http://security.debian.org - down?

#x27;t react on the serial console and to a remotely issued power-cycle. The following services are affected by this downtime: security.debian.org The public security archive. As a temporary solution, please switch to <http://ftp.rfc822.org/debian-security/> instead.

Re: evolution

On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote: > Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > > Matt Zimmerman écrivait : > > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > > configuration options with that hosts. What could it be? > > > This is su

Re: evolution

On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote: > Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > > Matt Zimmerman écrivait : > > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > > configuration options with that hosts. What could it be? > > > This is su

Re: evolution

com's XML feed... > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > And... I'm not sure about this one, but it's probably another item on the Summary page. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolut

Re: evolution

com's XML feed... > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > And... I'm not sure about this one, but it's probably another item on the Summary page. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolut

Re: Default Apache install not fit for multiple domains/users

On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote: > Thank you for the information. Am I right that php-skripts then would > need an execute-bit set? Currently they don't have ... > Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or the likes.

Re: Default Apache install not fit for multiple domains/users

On Tue, 2003-06-10 at 08:24, Stefan Neufeind wrote: > Thank you for the information. Am I right that php-skripts then would > need an execute-bit set? Currently they don't have ... > Unfortunately, yes. Otherwise you'll get a 500 Internal Server Error or the likes.

Re: Default Apache install not fit for multiple domains/users

which package maintainers can register interpreters to be used with this module without having to worry about writing their own init.d scripts, and which sysadmins can use for a slightly higher-level interface to this module. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part

Re: Default Apache install not fit for multiple domains/users

which package maintainers can register interpreters to be used with this module without having to worry about writing their own init.d scripts, and which sysadmins can use for a slightly higher-level interface to this module. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part

Re: Default Apache install not fit for multiple domains/users

side is safer - but then your scripts have to have #!/path/to/php at the top - although there are ways around that too. Google has some success stories where people managed to get it to work. - Jon > > On 6 Jun 2003 at 17:06, Wade Richards wrote: > > > On 06 Jun 2003 16:15:

Re: Default Apache install not fit for multiple domains/users

side is safer - but then your scripts have to have #!/path/to/php at the top - although there are ways around that too. Google has some success stories where people managed to get it to work. - Jon > > On 6 Jun 2003 at 17:06, Wade Richards wrote: > > > On 06 Jun 2003 16:15:

Re: Default Apache install not fit for multiple domains/users

27;m misunderstanding the problem. > I believe Apache would still be executing php/cgi scripts as www-data, so users could snoop on other users's scripts, session files, etc. Something like: - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com sig

Re: Default Apache install not fit for multiple domains/users

m misunderstanding the problem. > I believe Apache would still be executing php/cgi scripts as www-data, so users could snoop on other users's scripts, session files, etc. Something like: - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc De

Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments

On Fri, 2003-05-09 at 00:27, Jon wrote: > Sources are patched as of woody.2, according to this changes file[1], > but only woody.1 images are available[2], as far as I can tell. The > images at the second URL are still vulnerable: > > [1]http://ftp.debian.org/dists/proposed

Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments

t; Child process started.. => Child process started.. => Child process started.+ 516 - 516 ok! [1]http://ftp.debian.org/dists/proposed-updates/kernel-source-2.4.20_2.4.20-3woody.2_i386.changes [2]http://ftp.debian.org/pool/main/k/kernel-image-2.4.20-i386/ - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com

Re: PTRACE Fixed?

On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > Jon wrote: > > [...] > > >> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > >> > >>=> Simple mode, executing /usr/bin/id > /dev/tty > >>sizeof(shellcode)=9

Re: PTRACE Fixed?

On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > Jon wrote: > > [...] > > >> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > >> > >>=> Simple mode, executing /usr/bin/id > /dev/tty > >>sizeof(shellcode)=9

Re: PTRACE Fixed?

cess started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > > > Does this mean the patch I downloaded worked? Yes. - Jon

Re: PTRACE Fixed?

cess started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > > > Does this mean the patch I downloaded worked? Yes. - Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: howcome there's no DSA for the latest Linux ptrace hole?

hive/1/315635 - Jon

Re: howcome there's no DSA for the latest Linux ptrace hole?

hive/1/315635 - Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Good Day - pls stop these mails

to it, or stop using email. I cannot believe the number of mails I've deleted regarding this off-topic. 'nuff said Jon __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com -- To UNSUBSCRIBE, email

Re: secure file transfer

102:MySQL Server:/var/lib/mysql:/bin/false You don't want to sacrifice security for convenience. ___ (@ @) --oOo--(_)--oOo------- Jon McCainEmail: [EMAIL PROTECTED] Sr. Programmer

Re: secure file transfer

a menu script (i.e. /usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $ prompt. You also have to define your menu script as a shell (/etc/shell) so regular ftp will still work. -- ___ (@ @) ------oOo--(_)--oOo--

Re: secure file transfer

a menu script (i.e. /usr/bin/yourmenu instead of /usr/bin/bash) so they can not get to a $ prompt. You also have to define your menu script as a shell (/etc/shell) so regular ftp will still work. -- ___ (@ @) ------oOo--(_)--oOo--

Re: scp and sftp

Chris Reeves wrote: > > Why not change the users' shell to /usr/bin/menu? > Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides ft

re: scp and sftp

All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get aro

re: scp and sftp

I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, permi

Re: scp and sftp

> > > The user can change to directories above their home. > > Is there a way to chroot them > > Use restricted bash shell for the user (/bin/rbash) in the > /etc/passwd. > This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the pu

re: scp and ftp

I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them t

Re: scp and sftp

Chris Reeves wrote: > > Why not change the users' shell to /usr/bin/menu? > Because they need to be able to transfer files to their home directories. If you do this, then ftp,pscp,etc won't work. My original goal was to allow them transfer files to/from home directory with something besides f

re: scp and sftp

All of this has gotten me to thinking about another flaw in the way I have things set up. I'm preventing users from getting to a $ by running a menu from their profile. exec /usr/bin/menu This works fine since the exec causes menu to become their shell process. But some smart user could get ar

re: scp and sftp

I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them to do. Thus they can't get to the $ prompt and thus can't cd to other directories to see what's there. And even they did, perm

Re: scp and sftp

> > > The user can change to directories above their home. > > Is there a way to chroot them > > Use restricted bash shell for the user (/bin/rbash) in the > /etc/passwd. > This does not seem to affect sshd. I changed a user to use rbash but I could still go to a windows machine and use the p

re: scp and ftp

I'm not sure if this message made it through. Our ISP was having problems this morning. Sorry if you get this message twice. I think some of you misunderstood me. I was not clear about my concern. Users can ssh into my machine but their profiles are fixed to run a menu of things I allow them

scp and sftp

I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd con

scp and sftp

I've been playing around with the scp and sftp components of putty and noticed what I consider a security hole. Winscp does the same thing. The user can change to directories above their home. Is there a way to chroot them like you can in an ftp config file? I don't see anything in the sshd co

Re: default security

I'd agree with your comments. I being looking at OpenBSD (for various reasons) and the default setup is reasonable secure (there are still some things left on , which supprised me). Not sure if Debian needs to go as far as OpenBSD but I think that it is a good referance base Jon --- T

Re: default security

I'd agree with your comments. I being looking at OpenBSD (for various reasons) and the default setup is reasonable secure (there are still some things left on , which supprised me). Not sure if Debian needs to go as far as OpenBSD but I think that it is a good referance base Jon --- T

Re: [Fwd: Re: HARASS ME MORE.........]

On 01 Sep 2001 16:32:50 +0100, Jon Masters wrote: >-A"Subject: [ABUSE] Forwarded Message";\ > ) | $SENDMAIL -oi -t Should have a: -A"Cc: [EMAIL PROTECTED]";\ in there, thus: :0: * (^From:[EMAIL PROTECTED]) { :0 c: 

[Fwd: Re: HARASS ME MORE.........]

Hi, I'm sure someone else can do much better with a bit of effort :) --jcm --- Begin Message --- On 01 Sep 2001 16:26:29 +0200, [EMAIL PROTECTED] wrote: > On Sat, Sep 01, 2001 at 07:13:06AM -0500, Bud Rogers wrote: > > I put him in a filter. Every mail I receive from him gets forwarded back >

RE: Layne (was: Re: Is ident secure?)

On 31 Aug 2001 23:54:40 -0400, Ed Street wrote: > If not is anyone up for a road trip? ;) Sure :) * jcm fires off another abuse report... ...or should that be "I HAVE FIRED OFF ANOTHER ABUSE REPORT AND NOW I CAN'T FIGURE OUT HOW TO TURN OFF CAPS LOCK" ? :) --jcm

Re: [Fwd: Re: HARASS ME MORE.........]

On 01 Sep 2001 16:32:50 +0100, Jon Masters wrote: >-A"Subject: [ABUSE] Forwarded Message";\ > ) | $SENDMAIL -oi -t Should have a: -A"Cc: [EMAIL PROTECTED]";\ in there, thus: :0: * (^From:.*[EMAIL PROTECTED]) { :0 c: 

[Fwd: Re: HARASS ME MORE.........]

Hi, I'm sure someone else can do much better with a bit of effort :) --jcm On 01 Sep 2001 16:26:29 +0200, [EMAIL PROTECTED] wrote: > On Sat, Sep 01, 2001 at 07:13:06AM -0500, Bud Rogers wrote: > > I put him in a filter. Every mail I receive from him gets forwarded back to > > him and to po

RE: Layne (was: Re: Is ident secure?)

On 31 Aug 2001 23:54:40 -0400, Ed Street wrote: > If not is anyone up for a road trip? ;) Sure :) * jcm fires off another abuse report... ...or should that be "I HAVE FIRED OFF ANOTHER ABUSE REPORT AND NOW I CAN'T FIGURE OUT HOW TO TURN OFF CAPS LOCK" ? :) --jcm -- To UNSUBSCRIBE, email t

Re: red worm amusement

olaris, etc.. weren't vulnerable to this. 2) Apache, Boa, thttpd, and others each deal with this differently. What way is the *correct* way? -- Pound for pound, the amoeba is the most vicious animal on earth. Jon Nelson [EMAIL PROTECTED]

Re: red worm amusement

olaris, etc.. weren't vulnerable to this. 2) Apache, Boa, thttpd, and others each deal with this differently. What way is the *correct* way? -- Pound for pound, the amoeba is the most vicious animal on earth. Jon Nelson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROT

Re: Kernel 2.4 SOS

Craig wrote: > > Goodday ladies and fellas > > I have potato installed on a box that will be a proxy and firewall. I needed > to have the facility of port forwarding so i was told to install kernel 2.4. > Does kernel 2.4 have some special feature of port forwarding that the 2.2.x kernels don'

Re: Kernel 2.4 SOS

Craig wrote: > > Goodday ladies and fellas > > I have potato installed on a box that will be a proxy and firewall. I needed > to have the facility of port forwarding so i was told to install kernel 2.4. > Does kernel 2.4 have some special feature of port forwarding that the 2.2.x kernels don

logging request

After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. TIA Jon L. Miller, MCNE Director/Sr

logging request

After setting up the IPChains policies and rules, I want to be able to have a log file of any DENY packets sent to me. We use GroupWise as a email package. I also want those log files to exist on another Debian server that sits behind the firewall. TIA Jon L. Miller, MCNE Director/Sr

Re: root fs/crypted

, so expect to spend several years in jail for contempt of court (or your local equivalent) should you get raided with such a thing. I'm not aware of any actual implementations, unfortunately. The usual reference for this sort of thing is the cypherpunks list. Jon Leonard

Re: root fs/crypted

, so expect to spend several years in jail for contempt of court (or your local equivalent) should you get raided with such a thing. I'm not aware of any actual implementations, unfortunately. The usual reference for this sort of thing is the cypherpunks list. Jon Leonard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Editing and storing encrypted files

u have more extreme secrecy needs, you might want to look into duress filesystems or steganographic file storage. Those are only really useful if you might need to plausibly deny that you had the encrypted files at all. I'm also not aware of any available implementations. Jon Leonard