similar to: [PATCH]: Add tcp_wrappers protection to port forwarding

http://bugzilla.mindrot.org/show_bug.cgi?id=948 Summary: high CPU in sshd after tcp_wrappers deny Product: Portable OpenSSH Version: 3.9p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hello, I have just found little bug in OpenSSH's tcp_wrappers handling. In file sshd.c you can find: if (!hosts_access(&req)) { close(sock_in); close(sock_out); refuse(&req); } If username was not requierd for authorization (for example you are refusing all connection from specific

Parsing bug was discussed here: <http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006230.html> Parsing bug summary ------------------- working /etc/hosts.allow: upsd 127.0.0.1 [::1] : ALLOW broken in /etc/hosts.allow: upsd localhost : ALLOW It looks like upsd originally intended to match nut username with system username? This is not the case now. This causes

I don't know if this is the right place for my problem, but couldn't find any other place. I am trying to install OpenSSH in a HPUX system, I installed OpenSSL and Zlibzlib-1.1.3, but when I execute configure, get the following: # ./configure loading cache ./config.cache checking for gcc... cc checking whether the C compiler (cc ) works... yes checking whether the C compiler (cc ) is a

Greetings everyone.... I tried posting this once before, but got no response. When I run liveice, I get an "Error:sending data to remote server message" from liveice, and then it hangs (I actually have to open another console window to kill the process). The IceCast server respond with the following: Kicking source 1 [127.0.0.1] [Access Denied (tcp wrappers (source connection))]

Problem: setting --with-tcpwrappers does not configure code to be compiled with wrapper support Solution: references to with_tcp_wrappers (lines 4975, 6396, 6397) need to be changed to with_tcpwrappers David Purks Sr Sys Admin Cogent Communications

I was under the impression it was just compatibility, and not actually built-in, but I thought I'd ask here and just make sure of what I'm saying. :) TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb -------------- next part

Hello, I just upgraded my nut 2.2.1 setup to 2.4.1. The "upsdrvctl shutdown" command now works using a APC Backup-UPS CS350 via USB. Great! The removed ACL/allowfrom functionality can be replaced by tcp_wrappers. Unfortunately there isn't much documentation about the migration. First you have to compile nut with "--with-wrap". I have a special "nutadmin"

Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish. The package does what is should do, functionality isexactly what it should be and it is bug free. Also it is flexible enough to do other tricks with it like spawning something depending on the ip address the incoming connection is coming from. It is a

Hi, I've just started using Dovecot (v1.1.14), and I'm noticing a lot of dictionary attacks. I searched through the documentation and the mailing list archives hoping to find support for tcp_wrappers (hosts.deny) support. I did find some suggested patches in the list from last year, but as far as I can tell, there is no support in the released versions. Is this implemented and

Hi, I''m running into something weird here. I''m using RH5.1 with tcp_wrappers 7.6. The syntax for hosts.allow and hosts.deny is: <service list> : <access list> [ : <shell_command> ] Everything works when I _don''t_ use the shell_command. I used the _exact_ line as in the man-pages utilising "safe_finger" (comes with tcp_wrappers), tcpdchk

http://bugzilla.mindrot.org/show_bug.cgi?id=948 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.aet.tu- | |cottbus.de/rt2/Ticket/Displa |

Hi, I'm like to try a get the new release to work with Sun's new device, that can be installed with patch 112438-01. I compiled SSL attempting to point it at the random device: cd openssl-0.9.6d ./Configure solaris-sparcv7-gcc make DEVRANDOM="/kernel/drv/random" And then ran the SSH configure: ./configure --prefix=/opt/OBSDssh --with-pam --without-rsh \ --sysconfdir=/etc/ssh

Hi all. As most of you know, we are preparing OpenSSH 4.4p1 for release. We have had one round of testing and I would like to thank all who responded. We believe that most of the problems reported have been resolved. If you are so inclined, we would appreciate a quick retest to ensure that the fixed ones remain fixed and the working ones remain working. Of the problems identitified, I am only

Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The

Hello, I'm having problems when trying to execute an deep battery test. UPS Model: PowerWalker VI 1000. root at HP-Opreon:/# upscmd PowerWalker at localhost test.battery.start.deep Username (root): admin Password: Unexpected response from upsd: ERR ACCESS-DENIED /etc/hosts.allow: <code> # /etc/hosts.allow: list of hosts that are allowed to access the system. # See

I am unable to get 2.0.beta4 to compile. I get the following errors: /usr/lib64/gcc/x86_64-slackware-linux/4.3.3/../../../../lib64/libwrap.a(hosts_access.o): In function `host_match': hosts_access.c:(.text+0x625): undefined reference to `yp_get_default_domain' collect2: ld returned 1 exit status make[3]: *** [tcpwrap] Error 1 make[3]: Leaving directory

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

http://bugzilla.mindrot.org/show_bug.cgi?id=948 ------- Additional Comments From dtucker at zip.com.au 2005-01-19 20:01 ------- Also worth trying: patch #772 in bug #973 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement