> perl script for automatic updates...
secpack does what you are looking for:
http://therapy.endorphin.org/secpack/
Sebastian
find documentation about security bugs in the Debian kernels at:
http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=pkg&data=kernel&archive=yes&include=security
Bugs #146349 and #168190 are Netfilter-related.
Sebastian
s not an
option - some of your users could for example get the idea of sending
fake logs of other users doing nasty things to the remote logging
server...).
Sebastian
For example, if
there is a bug in the openssl libraries, you must restart all services
that use it. Just installing new libraries is not enough.
Sebastian
For example, if
there is a bug in the openssl libraries, you must restart all services
that use it. Just installing new libraries is not enough.
Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> default in debian (I believe)
But using this option prevents you from using the global /etc/shadow
file, which is problematic in some cases.
- Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
rd sync" option with its dependence on the precise
> prompt string produced by the "passwd" command.
This loop protection is not really necessary since every program/daemon
can be configured separately.
- Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
y hand.
>
> Thanks.
I believe as potato is released stable there will be no more updates for
slink or hamm or even older distributions.
Please correct me if I'm wrong.
Just my $0.02
Sebastian
primary email: [EMAIL PROTECTED]
ICQ: sritter@86831140
--
To UNSUBSCRIBE, email to [
Abwesenheit
Sehr geehrte Damen und Herren,
ich bin in der Zeit vom 21. August bis zum 9. September im Urlaub. In dieser
Zeit können Sie sich an Herrn Zander wenden.
Telefon
0391 544 56 70
Mit freundlichen Grüßen
Sebastian Hennebrüder
Leitung eCommerce - Internet
---
Grass GmbH, eCommerce
FIXED
Martin Schulze schrieb am 07.10.2005 17:51:
> --
> Debian Security Advisory DSA 846-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> October 7th, 2005
--
|Sebastian Wehrmann - [EMAIL PROTECTED]|
||
| Reichenhainer Str. 35/336 |
| 09126Chemnitz |
| home: +49 371 2407260 |
| mobile: +49 179 9019256 |
||
|<><
/MySQL my current
code probably has security issues. As this code
is running on a publicly accessible machine I
depend on the kindness of its users and
your security reviews.
If you spot a vulnerability in that code please
drop me a private mail about it. Thank you!
Sebastian
[1] http
> Or use the the (non-free) Chrome DEBs provided by Google.
Did they stop to put their servers into /etc/apt/sources.list before
installing and, even worse, after de-installing? They did the last time
I (un-)installed Chrome.
- Sebastian
--
Ich setzte einen Fuß in die Luft, und sie t
ClamAV already? If so, please ignore me (sorry for
not following closely...).
- Sebastian
¹ One can execute every file on GNU/Linux. But the attack is that
execution of a file, not the file (otherwise we'd have to consider `rm',
`gpg', `scp', and many more malware, too).
l/docbook/dtd/xml/4.1.2/docbookx.dtd,'
{} \;
the gnome-applets package does it this way.
bye,
sebastian
--
::: sebastian henschel
::: kodeaffe
::: lynx -source http://www.kodeaffe.de/shensche.pub | gpg --import
pgpKLwbKqZ2qm.pgp
Description: PGP signature
en to your traffic. Just send a paket to one of the
ports in the sequence, when some one starts sending his. That would make
your login attempt invalid every time.
Sebastian
for older ones that are all available within woody.
How far back must patches be backported?
Is there a clear policy about this issue?
Sebastian
Hi,
you get this message when you use different names for a machine, for
example the ip and the machine's name. One of them is saved in
known_hosts, the other one causes this message!
Sebastian
Ian Goodall wrote:
Thanks everyone for your help.
It must be his computer as all the comput
__Erdbeben im Iran: Zehntausende Kinder brauchen Hilfe. UNICEF hilft denKindern - helfen Sie mit! https://www.unicef.de/spe/spe_03.php
Hi,
is there a kernel patch/update for the
'do_mremap VMA limit local privilege escalation vulnerability' described in
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
i have the kernel 2.4.22-2-686-smp running and do security updates on a daily
basis. But im still vulnerable, as
[...]
> > is there a kernel patch/update for the 'do_mremap VMA limit local
> > privilege escalation vulnerability' described in
> > http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
>
> That link provides the CVE identification CAN-2004-0077.
>
> http://cve.mitre.org/cgi-bin/cvename.c
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
l/docbook/dtd/xml/4.1.2/docbookx.dtd,'
{} \;
the gnome-applets package does it this way.
bye,
sebastian
--
::: sebastian henschel
::: kodeaffe
::: lynx -source http://www.kodeaffe.de/shensche.pub | gpg --import
msg08410/pgp0.pgp
Description: PGP signature
__Erdbeben im Iran: Zehntausende Kinder brauchen Hilfe. UNICEF hilft denKindern - helfen Sie mit! https://www.unicef.de/spe/spe_03.php
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troub
Hi,
is there a kernel patch/update for the
'do_mremap VMA limit local privilege escalation vulnerability' described in
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
i have the kernel 2.4.22-2-686-smp running and do security updates on a daily
basis. But im still vulnerable, as
[...]
> > is there a kernel patch/update for the 'do_mremap VMA limit local
> > privilege escalation vulnerability' described in
> > http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
>
> That link provides the CVE identification CAN-2004-0077.
>
> http://cve.mitre.org/cgi-bin/cvename.c
Abwesenheit
Sehr geehrte Damen und Herren,
ich bin in der Zeit vom 21. August bis zum 9. September im Urlaub. In dieser Zeit
können Sie sich an Herrn Zander wenden.
Telefon
0391 544 56 70
Mit freundlichen Grüßen
Sebastian Hennebrüder
Leitung eCommerce - Internet
---
Grass GmbH, eCommerce
Abwesenheit
Sehr geehrte Damen und Herren,
ich bin in der Zeit vom 21. August bis zum 9. September im Urlaub. In dieser Zeit
können Sie sich an Herrn Zander wenden.
Telefon
0391 544 56 70
Mit freundlichen Grüßen
Sebastian Hennebrüder
Leitung eCommerce - Internet
---
Grass GmbH, eCommerce
Abwesenheit
Sehr geehrte Damen und Herren,
ich bin in der Zeit vom 21. August bis zum 9. September im Urlaub. In dieser Zeit
können Sie sich an Herrn Zander wenden.
Telefon
0391 544 56 70
Mit freundlichen Grüßen
Sebastian Hennebrüder
Leitung eCommerce - Internet
---
Grass GmbH, eCommerce
Martin Schulze wrote:
This message was modified by F-Secure Anti-Virus E-Mail Scanning.
This is what F-Secure gave me. Martin do you send viruses? ;)
Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ow". I did not follow up on the current status of stable security, but in
any case we should send them a response. I volunteer to translate an answer
from English to German and send it to Heise.
Regards,
Sebastian
--
PGP-Key: http://www.mmweg.rwth-aachen.de/~sebastian.ley/public.k
On Thu, 16 Mar 2000, Ivan Ivanovic wrote:
> On my Slink placed on Inernet often appears auth port connection attempts
> from various sites...
> What (common) application needs this port?
irc server make ident connections to clients.
squid can use ident for authorization.
sendmail sometimes us
On Thu, 16 Mar 2000, Fredrik Liljegren wrote:
> > i'd turn auth off for security reasons if your box has a direct
> > connection to internet.
> Many people misunderstand the usefulness of identd, and so disable it or
> block all off site requests for it. identd is not there to help out remote
> sit
the password periodically (good idea) BUT:
to avoid telling the other sysadmins the new password, he choosed to set
it to the actual date so they can look at the calendar to find it out...
*sigh*
sebastian
am of your choice. (apt-get install ssmtp)
generally i'd say, don't use sendmail at all :)
sebastian
--
gravity is a myth. the earth sucks.
install.
I tend to disagree. bind could use debconf and ask a question with
priority "low", default set to running bind without root permissions.
Another approach is to fix bind by binding INADDR_ANY as was pointed out
in this thread. This may have undesirable side-effects, though.
- Sebastian
> default in debian (I believe)
But using this option prevents you from using the global /etc/shadow
file, which is problematic in some cases.
- Sebastian
rd sync" option with its dependence on the precise
> prompt string produced by the "passwd" command.
This loop protection is not really necessary since every program/daemon
can be configured separately.
- Sebastian
That's what an SuSE or knoppix CD is good for. I think Debian has a
rescue mode too, that works (not shure - I use Debian, but for rescue
I use an old SuSE CD).
You could start from a CD and remove the 'x' from /etc/passwd.
You might have to remount the volum with /etc/ read-write.
Then restart
Example for the previous Mail:
In /etc/passwd Change the line
root:x:0:0:root:/root:/bin/bash
to
root::0:0:root:/root:/bin/bash
Note the missing 'x' which means this user has to provide a password.
Murat Ohannes Berin wrote:
Hi,
I just insralled Debian on my laptop. However, I can not lo
hose 6 questions.
I count 7...
But I won't answer to any of these, because there are missing some
fundamental constraints in this scenario to make any useful suggestions.
Sebastian
--
" Religion ist das Opium des Volkes. " Karl Marx
s...@sti@N GÜNTHER mailto:sam...@guenther-roetgen.de
pgpR4fEOMNVXQ.pgp
Description: PGP signature
hose who have a sane package manager.
> NOTE: If it isn't possible for some of the OSs, please tell me which,
> then please continue to answer how it will be possible for the others.
>
> Thanks in advance,
>
> Chip D. Panarchy
>
Sebastian
--
" Religion
ebian-security-announce.lists.debian.org
> Thanks!
>
>
> John
>
>
HTH
Sebastian
--
" Religion ist das Opium des Volkes. " | _ ASCII ribbon campaign
Karl Marx | ( ) against HTML e-mail
s...@sti@N GÜNTHER
eed be interesting is a way to enforce that the PRIVATE
KEY is password-protected - sadly, you can't see this from the public key, and
I'm not aware of any possibility to query the client concerning this specific
matter.
Sebastian
--
baboo
--
Neu: GMX Doppel-FLAT mit Internet-Flatrate
ried such a thing.
Sadly, I'm not their bossbut they are more or less my customers, so putting a
security policy in place requiring the previously stated mechanism would be
more like starting a war than a small skirmish.
Sebastian
--
baboo
--
Neu: GMX Doppel-FLAT mit Internet-Flatrate + Tele
gt;
> Only using:
> deb http://security.debian.org stable/updates main contrib non-free
the other problem is, that you will not be able to install any software
which has never received any security fix:
e.g. neither vim nor nano are in the pool dir on that mirror.
Sebastian
--
"
t works, and what the flaws are.
- Sebastian, who doesn't like YaST at all
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ibed
for him at a different e-mail address and forwards all mail to his
address. Maybe the listmaster (cc'ed) should have a look at which
addresses had subscribed at the time he describes.
- Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
fine.
strncpy() is even more dangerous, since it doesn't add a final nul-byte if
strlen(src) > n. Most people are not aware of this problem. So, most of
the time you use strncpy() you should use a construction like this:
strncpy(dst, src, len);
dst[len] = '\0';
- Sebastian
--
T
ear. I have to download this
over ad 56kBit link and I pay by the minute.
- Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
LANs. It means, that such
> device have to be transparent for all IP traffic (or may be for all
> Ethernet traffic?).
>
> regards
> Jarek Tabor
Freeswan might be the solution.
Check www.freeswan.org
--
Sebastian Bruhn
System Tekniker / System Technichian
Email: [EMAIL PROTECTED]
t works, and what the flaws are.
- Sebastian, who doesn't like YaST at all
ibed
for him at a different e-mail address and forwards all mail to his
address. Maybe the listmaster (cc'ed) should have a look at which
addresses had subscribed at the time he describes.
- Sebastian
fine.
strncpy() is even more dangerous, since it doesn't add a final nul-byte if
strlen(src) > n. Most people are not aware of this problem. So, most of
the time you use strncpy() you should use a construction like this:
strncpy(dst, src, len);
dst[len] = '\0';
- Sebastian
his year. I have to download this
over ad 56kBit link and I pay by the minute.
- Sebastian
LANs. It means, that such
> device have to be transparent for all IP traffic (or may be for all
> Ethernet traffic?).
>
> regards
> Jarek Tabor
Freeswan might be the solution.
Check www.freeswan.org
--
Sebastian Bruhn
System Tekniker / System Technichian
Email: [EMAIL PROTECTED]
he other hand I don't see why allowing direct root
logins is a problem.
- Sebastian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi Ralf!
> 2. chroot everything
> just chroot the users at the login after ssh (if you want to allow ssh),
How can chroot a user who logs in via ssh? Do you have some links about
this?
--
Sebastian Schinzel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "
SSL toolkit in Debian and one
might need to scan a non-Debian / older machine.
[0] https://github.com/rbsec/sslscan
Sebastian
60 matches
Mail list logo
