Hi,
I'm having this annoying behaviour from GDM (or something related).
Quite ofter, after the GDM login screen appears, the host freezes
completely: every input device is unresponsive, no ssh connection from
another host is possible any more, no CTRL+ALT+CANC/F1-F6 is working.
But the same happ
Thank you for your mail.
On Wed, Mar 27, 2024 at 12:42 AM Andy Smith wrote:
> On Tue, Mar 26, 2024 at 06:33:42PM +0100, Steffen Dettmer wrote:
> > I changed a gateway on a remote site using /etc/network/interfaces by
> > changing gateway. However, at reboot some old gateway IP reappears. I
I als
I just saw this advisory
Escape sequence injection in util-linux wall (CVE-2024-28085)
https://seclists.org/fulldisclosure/2024/Mar/35
where they're talking about grabbing other users sudo password.
Apparently the root of the security issue is that wall is a setguid program?
Even more fun i
On Wed, Mar 27, 2024 at 4:47 PM nimrod wrote:
>
> I'm having this annoying behaviour from GDM (or something related).
>
> Quite ofter, after the GDM login screen appears, the host freezes completely:
> every input device is unresponsive, no ssh connection from another host is
> possible any more
Hi,
On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> I just saw this advisory
> Escape sequence injection in util-linux wall (CVE-2024-28085)
> https://seclists.org/fulldisclosure/2024/Mar/35
> where they're talking about grabbing other users sudo password.
It doesn't work by default
On 28/3/24 05:30, Lee wrote:
oof. Are there instructions somewhere on how to make Debian secure by default?
Further down the advisory is
"
Some distros, like Debian, do not seem to have a command like
command-not-found by default. There does not seem to be a way to
leak a users pass
Hello,
On Thu, Mar 28, 2024 at 07:37:13AM +0800, jeremy ardley wrote:
> Some distros, like Debian, do not seem to have a command like
> command-not-found by default.
[…]
> Which implies that Debian is secure by default against this particular
> exploit
I suspect if OP is worried about users
On Wed, Mar 27, 2024 at 10:07 PM Andy Smith wrote:
>
> Hi,
>
> On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> > I just saw this advisory
> > Escape sequence injection in util-linux wall (CVE-2024-28085)
> > https://seclists.org/fulldisclosure/2024/Mar/35
> > where they're talking abou
On Wed, Mar 27, 2024 at 10:22 PM Andy Smith wrote:
>
> Hello,
>
> On Thu, Mar 28, 2024 at 07:37:13AM +0800, jeremy ardley wrote:
> > Some distros, like Debian, do not seem to have a command like
> > command-not-found by default.
>
> […]
>
> > Which implies that Debian is secure by default again
On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> I just saw this advisory
> Escape sequence injection in util-linux wall (CVE-2024-28085)
> https://seclists.org/fulldisclosure/2024/Mar/35
> where they're talking about grabbing other users sudo password.
Are there any users logged in to
"Secure by default" is an OpenBSD slogan BTW. Or they have
made it into one at least. But I'm not sure it is any more
secure than Debian - maybe.
https://www.openbsd.org/security.html
--
underground experts united
https://dataswamp.org/~incal
11 matches
Mail list logo
