On Fri, Apr 23, 2004 at 02:48:33AM +0200, Marcin Orda wrote:
> I've got tripwire packages that I use internally at work. They're built
> for woody, and I'd be happy to share them with anybody who's interested.
> They aren't in any way based on the tripwire packages from unstable, so
> I don't know
On Fri, Apr 23, 2004 at 03:48:59PM -0400, Phillip Hofmeister wrote:
> Therefore, in my mind, "it is mean for sid" is not an excuse to omit a
> build dependency. What is to say there won't be a g++2 and g++3 package in
> sarge when it is released?
If the build dependency is part of "build-essentia
On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
> So when I'm getting a large amount of messages there is approx. 15-20
> spamc/spamd running. I want to limit this to ~5. How can I do this. The
First of all, this is OT for debian-security. It should have gone to
debian-user. Second, RTFM
On Thu, Jun 10, 2004 at 02:28:49PM +0100, Alex Owen wrote:
> I ask as I'm commisioning a woody system and cannot upgrade to sarge till
> July/August 2005 so I'll probably need a year of woody security updates.
I don't think you have much to worry about. The infrastructure is in
place and was used
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote:
> > What are the recommended rbl's these days?
>
> Best thing is ask on NANAE or exim-users or whatever your favourite MTA is.
> Here's what I am using here RBL-wise:
>
> rbl_domains = bl.spamcop.net/reject :
> relays.osirusof
Most other OS vendors are willing to make updates for errata beyond
simple security updates. Often this means minor updates to software
packages like web browsers. I believe the community will be better able
to help us prepare e.g. bug-free firefox 1.0.5 packages than it will to
produce 1.0.4+sec
On Mon, Aug 01, 2005 at 04:57:31PM -0700, Thomas Bushnell BSG wrote:
> > IMHO, sloopy security support (by uploading new upstream versions) is
> > better than no security support.
>
> Are you prepared to make sure all the packages that depend on mozilla
> will have packages ready to enter at once?
On Tue, Aug 02, 2005 at 10:09:13AM -0700, Thomas Bushnell BSG wrote:
> >> > IMHO, sloopy security support (by uploading new upstream versions) is
> >> > better than no security support.
> >>
> >> Are you prepared to make sure all the packages that depend on mozilla
> >> will have packages ready to
On Tue, Aug 02, 2005 at 09:56:12PM +0200, Petter Reinholdtsen wrote:
>
> [Noah Meyerhans]
> >> How about actually maintaining them?
> >
> > That's exactly what I think we should do.
>
> Is this "we" as in you, or "we" as in someone els
On Mon, Sep 19, 2005 at 09:18:29PM +0200, No?l K?the wrote:
> anybody knows what's the problem with klecker/security.d.o?
> The whole day I get timeouts but I could update xfree(woody)/xorg(sarge)
> on some machine but I didn't find the DSA for it.
>
> Any information about this?
See http://lists
On Mon, Sep 19, 2005 at 10:45:37PM +0200, Bartosz Fenski aka fEnIo wrote:
> I wonder what else should I read to keep in touch with such important
> information?
slashdot? ;)
signature.asc
Description: Digital signature
On Thu, Sep 29, 2005 at 09:50:34PM +0200, Arnaud Fontaine wrote:
> Is it possible to have a warranty that the package in the mirror archive
> hasn't be modified by someone else ? Maybe my question is stupid but i
> wasn't able to find an answer on replicator website ;).
Is this really more impor
On Thu, Oct 20, 2005 at 07:22:30AM -0400, Baxley, Dewayne (ISS Atlanta) wrote:
> Please unscribe me from this list. Thanks!
Instructions for unsubscribing are included at the bottom of every
message posted to the list. Please follow them.
noah
signature.asc
Description: Digital signature
On Wed, Nov 09, 2005 at 10:28:53AM -0500, Kevin B. McCarty wrote:
> I received the following (see below) in an email from logcheck on my
> home desktop running Sarge. Looks like an attempt to cause a buffer
> overflow in rpc.statd. System logs don't include anything else that
> looks suspicious.
On Wed, Nov 23, 2005 at 12:59:02PM +0100, Florian Weimer wrote:
> Availability is typically considered one aspect of security (and
> arguably the hardest one to get right in networked applications).
I tend to consider it the other way around. Security is a subset of
availability. Availability mu
On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
> the service:
> 443/tcp open https
> is used to protect the webmail service. it is meant to stop the email
> passwords from being sniffed.
If you're concerned about passwords being sniffed, you better shut off
pop3 and imap, too
On Thu, Dec 15, 2005 at 06:46:02PM +0100, Florian Weimer wrote:
> > It may be nothing. The fact that it showed up as filterd in the nmap
> > output indicates that nmap didn't received a TCP RST packet back when it
> > tried to contact that port. That may mean you have iptables configured
> > to D
On Thu, Dec 15, 2005 at 10:19:48PM +, kevin bailey wrote:
> good point - also the fact that the users stick their email passwords to
> their monitors using postits!
Well, at least there's still *some* level of physical security there;
an attacker has to be at your user's desk to get the passwo
On Wed, Jan 04, 2006 at 06:25:02PM +0100, martin f krafft wrote:
> > Nevertheless the sysvinit maintainers thought it would be a good
> > idea to ask here whether anyone sees any security problems arising
> > from this feature.
>
> ... sounds like a nice way to infest a system with a trojan, in
>
On Wed, Apr 19, 2006 at 03:56:41PM -0600, Michael Loftis wrote:
> Increasingly 2.6 is unsuitable for production use due to its huge amount of
> change and lack of stable tree. There was a decision to do away with the
> old split development/odd numbered development model sometime after about
>
On Mon, Jul 17, 2006 at 06:13:28PM +0200, Moritz Muehlenhoff wrote:
>
> This was an error on my side, it's already corrected on the web:
> http://www.debian.org/security/2006/dsa-
>
Any idea why this DSA isn't linked to from
http://www.debian.org/security/ ? The document is there, but there
On Tue, Aug 29, 2006 at 10:54:45PM +0200, Moritz Muehlenhoff wrote:
> If there's anything special to do (e.g. kernel or glibc) we alredy add this
> to the DSA text.
I don't think that's quite enough. I have a few hundred Debian
workstations for which I'm responsible, and it's difficult for me to
On Wed, Sep 06, 2006 at 06:14:51PM +0200, Allard Hoeve wrote:
> Please take note of:
>
> http://www.openssl.org/news/secadv_20060905.txt
Acknowledged. A fix is already in the works.
noah
signature.asc
Description: Digital signature
On Tue, Oct 10, 2006 at 09:22:43PM -0400, David Kennedy CISSP wrote:
> signed by a key not included in
> http://www.debian.org/security/keys.txt and not on the PGP.COM,
> MIT.EDU or any other of several public key servers.
It's on pgp.mit.edu
(http://pgp.mit.edu:11371/pks/lookup?search=noahm%40deb
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
> > NB: although some are saying this is a local root exploit only, the
> > bulletin points out it can be exploited by visiting a malicious
> > webpage.
>
> I've not scrutinised the claims closely, but it looks like a remote
> vulnerability to
On Sun, Nov 26, 2006 at 12:47:55AM +0100, Alexander Klauer wrote:
> there has been a texinfo update for sarge available from
> security.debian.org for a few days now. The changelog in the
> source package says something about arbitrary code execution.
> The GPG signature by Noah
On Wed, Feb 07, 2007 at 04:38:30PM +0100, Holger Levsen wrote:
> > Lalala
>
> WTF? At least you used a proper from:-header...
>
> Could you *please* correct your errors (which are no problem per se) correct
> in a professional way?
The errors have already been corrected:
http://www.debian.o
On Tue, May 01, 2007 at 11:18:22AM -0700, Michael Leibowitz wrote:
> The DSA incorrectly identifies etch as the unstable distribution.
>
Yeah, my fault. The web site will have it listed correctly, of course.
noah
signature.asc
Description: Digital signature
On Tue, May 08, 2007 at 05:34:30PM -0400, Gerardo Curiel wrote:
> El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribi?:
> > Chris Adams schrieb:
> >
> > > Do you have a VNC server installed?
> >
> > | But I do have vino-server running.
>
> That's the problem, the same happened to me
On Wed, May 16, 2007 at 09:03:12AM +1000, Andrew Vaughan wrote:
> > Package: qt4-x11
>
> > For the stable distribution (etch), this problem has been fixed in
> > version 4.2.1-2etch1
> >
> Etch shipped with 4.2.1-2+b1 packages.
>
> $ dpkg --compare-versions "4.2.1-2+b1" ">>" "4.2.1-2etc
On Wed, May 16, 2007 at 09:39:56PM +0200, Thomas Korber wrote:
> Moritz Muehlenhoff <[EMAIL PROTECTED]> writes:
>
> >> Nice work on getting this out. Is sarge going to get an update, is it
> >> even affected? I've looked into CVE-2007-2444, and
> >> http://www.securityfocus.com/bid/23974/ says tha
On Fri, Sep 21, 2007 at 04:24:38PM +0100, Steve Kemp wrote:
> > It seems at kdebase and fetchmailconf depencies are broken.
>
> I don't see what the source of this is.
>
> > kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but
> > 4:3.5.5a.dfsg.1-6 is installed.
>
> kappfinder is a
On Fri, Sep 21, 2007 at 04:48:34PM +0100, Adam D. Barratt wrote:
> I'm guessing the people reporting problems are i386 users.
>
> > > kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but
> > > 4:3.5.5a.dfsg.1-6 is installed.
> >
> > kappfinder is a binary coming from the kdebase packa
On Fri, Sep 21, 2007 at 12:04:22PM -0400, Noah Meyerhans wrote:
> > kdebase is arch:all and therefore installable on i386. kappfinder isn't
> > and there aren't any i386 binary packages for it available.
>
> This problem is being worked on right now and will be cor
On Fri, Nov 23, 2007 at 11:10:09AM +0100, Alfio wrote:
> (Reading database ... 360460 files and directories currently installed.)
> Preparing to replace samba 3.0.24-6etch4 (using
> samba_3.0.24-6etch5_i386.deb) ...
> invoke-rc.d: dangling symlink: /etc/rc2.d/S91samba
> dpkg: warning - old pre-rem
On Sun, Jan 06, 2008 at 01:36:26PM -0600, William Twomey wrote:
>
> I also disabled ipv6, which I was seeing a lot of from this host.
Probably not, unless you've knowingly configured IPv6 routing and all
that; you were probably seeing a lot of IPv4 mapped v6 addresses, which
look (in netstat) lik
On Thu, Jan 10, 2008 at 05:29:18PM -0500, Thomas Bushnell BSG wrote:
> This is not sufficient advice for how to upgrade. Merely installing a
> new version of openafs-modules-source will not build it. Some form of
> m-a invocation as well will be necessary.
Except that the security flaw is in the
On Thu, Jan 10, 2008 at 11:25:07PM -0500, Thomas Bushnell BSG wrote:
> > Except that the security flaw is in the fileserver, which does not
> > involve the kernel module at all and runs fine even without it
> > installed.
>
> Surely. But then the security update shouldn't mention unaffected
> pac
On Fri, Jan 11, 2008 at 01:24:28AM -0500, Thomas Bushnell BSG wrote:
> If a security bug were found in the afs client-side package, which is
> implemented as a kernel module, would the announcement not look just
> like the one we saw for DSA 1458-1?
See for yourself:
http://www.debian.org/security
On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
> Noah Meyerhans wrote:
> > We mention all the binary packages in the advisory because they're the
> > versions that are going to be installed by apt* and people are going
> > to want checksums, file sizes, etc.
On Tue, Feb 12, 2008 at 04:09:00PM +0100, Nicolas Boullis wrote:
>
> I think this package deserves an official upgrade.
It'll get one. The severity of the issue dictates that we release
kernel builds for the various architectures as soon as we get them,
rather than waiting until they're all read
On Wed, Feb 13, 2008 at 06:23:16PM -0200, Martin Spinassi wrote:
> > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
> > > build a new linux-image. But after installing an rebooting I still was
> > > able to become root with this exploit:
> > > http://milw0rm.com/exploits
On Sun, Feb 17, 2008 at 03:12:26PM -0500, Jim Popovitch wrote:
> > http://lists.debian.org/debian-announce/debian-announce-2008/msg0.html
>
> One additional thing that is not clear to me is that I see pending
> updates for libc6 and libc6-dev that are NOT mentioned in that
> announcement.
No?
On Thu, Feb 21, 2008 at 01:16:33PM +0100, Thomas Hungenberg wrote:
> I am a little bit surprised that - apart from small graphics errors
> and some performance issues - the fglrx driver runs fine without
> the kernel module.
> I thought that starting x.org would fail if the kernel module is not
> a
On Mon, Mar 10, 2008 at 01:36:46PM -0500, Filipus Klutiero wrote:
> I reported #468765 about a questionable statement on www.debian.org. Frank
> Lichtenheld wants this to be discussed.
>
> This statement is in a security announcement. Martin Schulze confirmed that
> he
> wrote the statement. Do
On Mon, Mar 10, 2008 at 04:33:53PM -0400, Filipus Klutiero wrote:
> > Their public one, the one you referenced.
> Argh. If I'm asking about a statement, that's because I read it. Obviously,
> the author didn't bother checking whether he was right, which is why I'm
> asking whether there are some
On Mon, May 05, 2008 at 02:57:34AM +0200, Peter Palfrader wrote:
> On Mon, 05 May 2008, Bernd Eckenfels wrote:
>
> > In article <[EMAIL PROTECTED]> you wrote:
> > > Apropos. Is there a way to get that information from a vmlinuz file on
> > > disk? Without booting it, that is.
> >
> > Interestin
On Fri, May 09, 2008 at 05:54:40AM -0700, phobot wrote:
> On May 7, 1:10 pm, martin f krafft <[EMAIL PROTECTED]> wrote:
> > > use integrit/aide/tripwire
> >
> > only useful with read-only media
>
> OK, I don't get it if the media is read-only none can alter it so you
> don't really need tripwire.
On Wed, May 14, 2008 at 10:39:10AM -0700, Harry Edmon wrote:
> Are there any plans to issue the same openssl/openssh security fixes for
> lenny has have been done for etch?
OpenSSL has already been fixed in lenny. The openssh package containing
ssh-vulkey should hit testing tomorrow at the lates
On Thu, May 15, 2008 at 11:08:58AM +0300, Mikko Rapeli wrote:
> > It would be also helpful to print the line as dokuwd.pl does.
> > Is there any repository with newer versions of ssh-vulnkey or dokuwd.pl ?
>
> Try the Ubuntu version which contains a fixed ssh-vulnkey (
> http://www.ubuntu.com/usn/
On Wed, Jul 09, 2008 at 06:10:51PM +0200, Wolfgang Jeltsch wrote:
> > At this time, it is not possible to implement the recommended
> > countermeasures in the GNU libc stub resolver.
>
> I don???t have bind9 installed. Am I affected by the libc stub resolver bug?
Yes. I suggest that you install
On Sun, May 03, 2015 at 10:06:20PM +0530, bkpsusmitaa wrote:
> I have added the lines. The issue is regarding non-availability of
> security keys. Yes, it is about an old laptop that ran superbly in
> lenny, but somewhat slower in squeeze,
The keys are available in the debian-archive-keyring packa
On Wed, Sep 09, 2015 at 01:24:05PM -0400, Justin R. Andrusk wrote:
> Was just wondering if there was any mentoring opportunities available on
> the Debian Security team.
Per https://www.debian.org/security/faq#contact you should be contacting
t...@security.debian.org to reach the security team.
On Mon, Jan 11, 2016 at 11:14:52AM -0500, Cindy-Sue Causey wrote:
> Just thinking out loud... that maybe the Announce list settings might
> need a quick once-over review depending on admin's intentions for it.
The ability to send mail to the debian-security-announce list is
restricted, and the set
On Tue, Feb 16, 2016 at 04:32:00PM +0100, Peter Ludikovsky wrote:
> A question to those more knowledgeable: we're using our own DNS
> servers for all lookups, and those do recursive lookup for any
> external addresses. Am I right to assume that Bind9 uses it's own
> implementation for DNS lookups?
On Tue, Mar 01, 2016 at 08:35:43PM +0100, Zack Piper wrote:
> > "someone take my email off the list or I will report it as harassment."
>
> Oh wow I forgot about this. They've tried unsubscribing in the past
> from other lists just to refuse to follow instructions' I imagine
> they're a troll.
It
On Wed, Aug 30, 2017 at 08:49:44AM +0200, Guido Günther wrote:
> Hi gnupg maintainers, security team,
> attached debdiff addresses the above CVE for jessie. O.k. to upload to
> security-master?
debian-security@lists.debian.org is the public discussion list and isn't
necessarily monitored by the se
On Sat, Jan 06, 2018 at 05:10:10PM +0100, Davide Prina wrote:
> https://haveibeenpwned.com/
>
> that inform you if your credential have been compromised in data brench
> (only for public compromised data).
>
> I have try it with sub...@bugs.debian.org and this account result
> compromised!! for:
On Sat, Mar 07, 2020 at 11:46:54AM -0600, Jonathan Hutchins wrote:
> The only way to achieve real security is through knowledge. Pressing a
> shiny automated button is just going to implement what somebody else thinks
> is good for the system they assume you're running. Find the security
> websit
On Sat, Mar 07, 2020 at 08:22:59PM +1100, Russell Coker wrote:
> For subsystems that are complex and security critical (like Apache and Samba
> for example) you could have other packages providing check scripts that look
> for common configuration choices that might reduce security. Such scripts
On Wed, Oct 21, 2020 at 07:03:35PM +0300, Pavlos Ponos wrote:
>Apologies if this should be directed to another list, but I've already
>tried in 'debian-testing' with no luck, see [1]here.
>In Debian's package tracker I see that Thunderbird in stable through the
>security updates is
On Wed, Oct 21, 2020 at 09:22:11PM +0300, Pavlos Ponos wrote:
>Thunderbird 1:78.3.1-2 accepted in unstable at 30/09/2020, 21 days passed
>since then, so i think it would be enough time to consider it ready for
>testing.
Normally it would be, but issues (release-critical bugs, test
regr
On Wed, Jan 27, 2021 at 10:23:44AM -0800, Ramin Doe wrote:
>This lead me to search for more answers online, where I have found an
>article that suggests that package metadata is verified, but that package
>contents are not.
>
> ([1]https://blog.packagecloud.io/eng/2014/10/28/howto-g
On Thu, Jan 28, 2021 at 10:08:32AM -0800, Ramin Doe wrote:
> The signed metadata includes cryptographic checksums of the package
> contents. Thus, package contents can't be modified in storage on the
> mirror or in transit to your system without invalidating the checksum,
> and
Can we please take this tinfoil hat lunacy somewhere else? There are
plenty of conspiracy theory forums out there. I'm sure you've got your
favorite, but this isn't one.
On Fri, May 13, 2022 at 08:15:52PM +0200, Elmar Stellnberger wrote:
> I mean Michael Lazin didn´t say anything bad, on the c
On Mon, Jun 20, 2022 at 06:10:45PM +0200, Sebastian Rose wrote:
> >> how do you guys test all of the potential PNG/JPG potential malware
> >> payloads
>
> What's your use-case? As I'm not aware of an vector for GNU/Linux in
> normal everyday use¹, I guess you host files for Windows clients?
http
On Mon, Jun 20, 2022 at 09:25:38AM -0700, Noah Meyerhans wrote:
> https://security-tracker.debian.org/tracker/source-package/imagemagick
>
> If you're processing data (images, videos, audio files, etc) from
> unknown sources, it's a really good idea to use sandboxing of so
On Sun, Mar 30, 2003 at 09:44:05PM +0200, Bernard Lheureux wrote:
> The previous one was a porono site promo, now this one !!!
> WHY ISN'T THIS LIST PRIVATE ONLY !!!
Oh, shut up. We've been through this a number of times. The list is
and will remain public. If you do not want the spam, please
On Wed, Apr 02, 2003 at 07:57:35AM -0700, Tom Clements wrote:
> --Sendmail Users Face Second Major Security Flaw
> (31 March 2003)
Yes, it's on its way. Expect it very soon. I think the updated
packages have all (or almost all) completed building.
> Most versions of sendmail do not adequately c
On Sun, Apr 06, 2003 at 04:50:39PM +0200, First Last wrote:
> Any constructive suggestions?
For whatever it's worth, I have the exact same problem and have had it
for quite some time. As in your case, it's not user error; I have
OpenSSH properly configured to allow X11 forwarding on the sshd end,
On Sun, Apr 06, 2003 at 09:48:42PM +0200, First Last wrote:
> It's reassuring to find out I'm not alone with this problem!
> My configuration is different, I have no NFS mounts at all.
> So the problem can't be related to NFS.
Do you have any ListenAddress directives in sshd_config?
This discussi
On Mon, Apr 07, 2003 at 07:02:26PM +0200, First Last wrote:
> Your mention of ListenAddress reminded me that
> ursa is a firewall; I wonder if my iptables rules are
> responsible for the problem. Are you using iptables
> on the machine which you have a problem with?
Nope, I have no firewalling on
On Tue, Apr 15, 2003 at 02:47:52PM +0200, Konstantin wrote:
> I need a spam filter, but I need one which works with sendmail and is
> not spamassasin(the system needs an old perl 5.0.X), but spamassasin
> needs perl 5.6
When I set up spamassassin on a potato system, I installed perl from
source wi
On Fri, Apr 18, 2003 at 11:09:14PM +0200, Martin Hermanowski wrote:
> am I missing an update of pptpd? Today an exploit has been posted to
> bugtraq.
The update has not yet been released.
noah
--
___
| Web: http://web.morgul.net/~frodo/
| PGP
On Wed, Apr 23, 2003 at 10:09:27PM -0300, Henrique de Moraes Holschuh wrote:
> > How do you think switching a separate VLAN for this would be also secure
> > enough? Is it a must to use a dedicated device?
>
> Depends on your switch. A dedicated device is a MUCH better idea.
Yes, there are a num
On Fri, Apr 25, 2003 at 10:44:49PM +0100, Nick Boyce wrote:
> The general consensus of opinion (including the Debian packager) was
> that *nobody* should even consider using the V1.8.4 Snort package in
> Woody - it's much too old, and has a number of security issues.
It's not really that it has a
On Fri, May 09, 2003 at 08:34:16PM +0200, tomas pospisek wrote:
>
> Packages that have security relevant bugs in testing could be kicked
> ___immediately___ out of testing. What do people think?
That wouldn't help anything. People would have already installed the
vulnerable package. apt-get wou
On Fri, May 16, 2003 at 03:02:14PM +0200, Giacomo Mulas wrote:
> > Will FreeS/WAN's user-mode part (aka pluto) be ported to Linux 2.6
> > IPSec? Otherwise FreeS/WAN is a dead end, while IPSec is the standard.
>
> No.
Umm. It already has been ported to Linux 2.5:
http://marc.theaimsgroup.com/?l=
On Fri, May 16, 2003 at 05:43:21PM +0200, Giacomo Mulas wrote:
> yes, but it was a fork from a specific version of freeswan, if I am not
> mistaken. Which means that from that point on they parted ways... I did
> not mean to understate the work done by Herbert Xu at all, sorry if I gave
> you that
On Fri, May 23, 2003 at 08:32:27PM +0100, Ian Goodall wrote:
> > I have not got multicast enabled either so I don't know what is causing
> this...
>
> Oops looks like I have guys. I have read man 8 ifconfig but it will still
> not switch off. Is this what is causing it?
You probably don't want to
On Sun, May 25, 2003 at 01:04:30PM -0500, Jayson Vantuyl wrote:
> We have no idea how he's getting in, but we've got his rootkit fairly
> nailed down (he uses a few slightly different ones).
If you believe he'll be back, it might be worth it to set up a honeypot
and a box running tcpdump and captu
> 25 - It is entirely possible this is how the attacker got in. If you can
> avoid ftp (by using scp/sftp), do so. This will close 25% of your known
> open ports. And anonymous ftp is especially vulnerable.
If you want to sound credible you should probably at least know what
listens on port 25. (
On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote:
> Just curious, how do you su to root, if root's password is disabled?
> Do you have a modified su replacement?
su uses PAM. So it doesn't need to use root entry in /etc/passwd. It
could do something insane like consult a RADIUS serv
On Thu, Jun 05, 2003 at 10:02:53PM +0200, Christoph Haas wrote:
> So most probably you see just the second. That's the way TCP works.
> Sequential port numbers may show up because the counter of used
> high-ports (1024 ff.) is just increased.
No, it's not at all uncommon to see incoming traffic fr
On Fri, Jun 06, 2003 at 10:12:05PM +0200, Florian Weimer wrote:
> > But does nmap generate the packets WITHOUT the SYN flag set? Which is
> > what these are...
>
> In this case, it's probably backscatter. Could you tell us a few
> source/destination pairs? I could have a look at our flow databas
On Thu, Jun 12, 2003 at 01:18:59AM +0200, Peter Holm wrote:
> Could please someone of the people with a deeper knowledge explain, if
> the mentioned issues are addressed in one of the "stock" debian
> kernels or if I have to get the sources from kernel.org and patch it
> myself?
See DSA 311-1 at
On Sun, Jun 15, 2003 at 04:29:36PM +0300, Mika Bostr?m wrote:
> You must understand that Snort, ACID or any other IDS setup does not
> provide any protection against threats. They just monitor what takes
> place in the network.
>
> To really protect against break-ins, install a system monitor.
On Sun, Jun 15, 2003 at 11:42:33PM +0100, Ian Goodall wrote:
> Which is the best proxy server to use on debian? I have heard that
> squid is not secure...
Can you provide a reference for that statement? It certain seems secure
to me At least, I've never had any boxes cracked as a result of it, an
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
> So they know that I am running debian and what version of ssh I use! I
> know that security through obscurity is no security, but I still don't
> want to help any attackers. Anyone else have thoughts on this?
It is necessary so that t
On Tue, Jan 13, 2004 at 01:34:18PM +0100, Lupe Christoph wrote:
> Has anybody on this list managed to backport the tripwire package to
> Woody? I'm running into a strange problem where configure tries to
> locate an include file named "locale". Yes, without an suffix. I don't
> know much C++, but t
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
> > > 'nmap' to those ports gives me:
> > >
> > >>PORT STATESERVICE
> > >>1524/tcp filtered ingreslock
> > >>31337/tcp filtered Elite
>
> turn off those ports ... kill ingress and whatever uses elite
>
> and keep poking around
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> > this exact behavior, with nothing listening on these ports.
>
> and am wondering, why explicitly reject those ports and not
> explicity reject other ports that
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> > Those ports are not showing up as open. 'Filtered' does not mean open.
> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> > this exact behavior, with nothing listening on these ports.
>
> No, with REJE
On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
> > Does this mean, that a well known exploit was kept back for nearly three
> > weeks, just because some odd vendors were unable to build there kernels in
> > time?
>
> Yes, this is the norm. Debian hides security bugs from its us
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
>
> Looks like there are a lot of false positives on it.
>
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual rootkit? Questions about its output
On Wed, Mar 03, 2004 at 08:43:47AM -0300, Paulo Ricardo wrote:
> Sorry for this notice guys.8(
>
> It's a pity.
FreeS/WAN came with enough political baggage that I won't particularly
miss it. Particularly given that there is at least one other high
quality IPSec implementation available
On Tue, Mar 09, 2004 at 08:53:23PM +0100, Jan L?hr wrote:
> So this is all in all a capacity problem? Doesn't have the debian security
> team enough ressource to port exisiting patches to debian packages?
> Why not enlarging the team?
You do not need to be a member of the security team to submit
On Wed, Mar 10, 2004 at 07:44:11PM +0100, Florian Weimer wrote:
> Hmm, has there been any Mozilla security update for woody? This looks
> like a *lot* of work. Maybe it's better to take some other
> distribution's Mozilla 1.4 package and ship that. 8->
That's highly unlikely to happen. It's bee
On Sat, Apr 10, 2004 at 09:19:00PM +0200, LeVA wrote:
> I am just curious, that if my proftpd runs as user 'ftp', than the one
> who uses this vulnerability could only run arbitrary code as user ftp,
> or as root?
Only as ftp. But there have been a number of locally exploitable kernel
vulnerabi
On Sun, Apr 11, 2004 at 11:15:10AM +0200, LeVA wrote:
> I always compile the latest stable 2.4 kernel with loadable modules
> disabled, but I don't apply any kernel patches.
> Is this "safe", or I must apply some security patch?
None of the recent kernel-level vulnerabilities have required module
1 - 100 of 179 matches
Mail list logo
