similar to: Authentification required again.

Hi, There have been several replies on the syslogd question. All 2 to 4 lines long. I therefore gathered them here. Roger. ----------------------------------------------------------------- From: Paul Kenyon <pkenyon@loctech.com> Date: Wed, 24 Jun 1998 11:37:01 -0500 I believe it is possible to pipe anything through SSH. I''ll find the URL to the info and post it. I

Hi, There have been a bunch of useful submissions for the compare /contrast thread. To reduce the load on your mailbox, they are gathered here in one go... Roger. Date: Wed, 28 Oct 1998 15:11:37 +0000 From: "David L. Sifry" <dsifry@linuxcare.com> To: "Matthew S. Crocker" <matthew@crocker.com> CC: Rob Bringman <rob@trion.com>,

Ran into a weird problem, and this seemed a good forum to toss it out into -- if I've gaffed, please let me know. Just upgraded my RH5.0 box to RH5.2. Went well, worked nearly seamlessly. When running 5.0, though, I'd installed the opie-fied ftpd that comes with the most recent opie package (ftp://ftp.inner.net/pub/opie/opie-2.32.tar.gz) and had it work without a hitch. I'd also

Oops. Missed one line in the last patch.... Roger. -- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * The Worlds Ecosystem is a stable system. Stable systems may experience * * excursions from the stable situation. We are currently in such an * * excursion: The stable situation does

Hi, When php3 module is compiled in apache, files in any directory will be interpreted by the parser and executed. This is a security breach. There is a way to correct this? Any comments? Thanks, lacj --- <levy@null.net> Levy Carneiro Jr. Linux & Network Admin From mail@mail.redhat.com Sat May 8 02:32:02 1999 Received: (qmail 28372 invoked from network); 8 May 1999 07:05:57

Introduction. ------------ Every now and then a new "exploit" turns up of some program that uses tmp files. The first solution was "sticky bits", but since links exist (that''s a LONG time), that solution is inadequate. Discussion. ---------- The problem is that you put an object (link/pipe) in the place where you expect a program to put its tempfile, and wait for

Automatic renewal The Ubuntu package for certbot comes pre-configured with systemd timer that will automatically renew existing certificates. What it does not handle however is reloading postfix/dovecot so that they will begin using the new certificates. For that, we need to implement a hook. Certbot has both pre and post hooks that you can use to execute a script prior to and after the renewal

Felix von Leitner told me: > The [zip disk] security can be circumvented by putting a read-write > disk in the drive, then using a needle to do the eject and inserting > the read-only disk. Done. > AFAIK there hasn''t been a published way to hack the protection in > software, but I see no reason to trust them. Regards, Roger. -- If it''s there and you can

Hi, I''ve been thinking about group membership and the corresponding (weak) restrictions to system resources. Consider the following: % cat > gsh.c main() { system("/bin/sh"); } % cc -o gsh gsh.c % id uid=100(joe) gid=500(users) groups=14(floppy),15(sound) % chgrp sound gsh % chmod g+s gsh % mail abuser Subject: You owe me $5...

I would be surprised if someone hasn''t encountered this already, but I haven''t found any discussion of the nature of this problem. I run RehHat 5.0. If a user makes a mistake in the login process such as the following: login: mistake password: xxx Login incorrect! login: username password xxxx bash$ a ps will show, among other things, 2333 /bin/login --mistake. Since

Hi, well, swift response! Qualcomm has a patched qpopper (2.5) Greetings, Jan-Philip Velders <jpv@jvelders.tn.tudelft.nl> ---------- Forwarded message ---------- Date: Mon, 29 Jun 1998 21:43:18 -0700 From: Praveen Yaramada <pyaramad@QUALCOMM.COM> To: BUGTRAQ@NETSPACE.ORG Subject: Patched Qpopper2.5 release Notification. Hello Folks, As you are already aware that qpopper

---------- Forwarded message ---------- Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST) From: David Cantrell <david@slackware.com> To: slackware-security@slackware.com Subject: Security Patches for Slackware 7.0 Available There are several security updates available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:

Hi Are there any known security holes or necessary precautions in using port forwarding with ipportfw? I'm planning on forwarding ports from an outer firewall/router (connected to the Internet) to a host in the DMZ, then on from the DMZ host to the inner firewall, and finally from the inner firewall to some host on the inside. Thanks, Jens jph@strengur.is From mail@mail.redhat.com Wed

Hi, This advisory has a bit more than the Red Hat one.... Roger. ----- Forwarded message from Alfred Huger ----- >>From owner-bugtraq@SECURITYFOCUS.COM Mon Nov 22 18:49:41 1999 Approved-By: aleph1@SECURITYFOCUS.COM Message-ID: <Pine.GSO.4.10.9911220906250.11753-100000@www.securityfocus.com> Date: Mon, 22 Nov 1999 09:08:08 -0800 X-Reply-To: Alfred Huger

Hi, I get my Email from my own SMTP server on the internet using "fetchmail". Some time ago I did the smart thing and configured dovecot to use SSL and the letsencrypt certificate that automatically renews. Welllll..... a few days ago my certificate expired and the fetchmail deamon running in the background had nowhere to complain. So I didn't notice. It turns out that dovecot

This may be, or may not be a security issue, however, since alot of people still use tripwire-1.2 or lesser versions(this is what shipped with R.H. Linux 5.2 at least), they might be interested in following detail: Chuck Campbell (campbell@neosoft.com) pointed me out that tripwire dies with coredump on R.H. linux, if it hits a filename containing 128-255 characters. Playing a bit with debugger I

Hi everyone, I'm trying to rsync a large directory. After pondering on the list-of-files, it's now more or less doing nothing. It's running for over 4 hours now, not doing anything except eating CPUtime on the destination for over half an hour. I don't know what it was doing before that. The stdout of the rsync reported: 4675350 files to consider (which is about right)

below. Dan ___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

George Brown sent this to my private Email address instead of to the list. Because I forwarded it, my addres is in the header. Roger. ----- Forwarded message from root ----- >From root@bull.bullnet.co.uk Mon Aug 24 16:20:29 1998 Received: from dutepp0.et.tudelft.nl by rosie.BitWizard.nl (fetchmail-4.2.9 POP3 run by wolff) for <wolff@localhost> (single-drop); Mon Aug 24