similar to: DoS with sysklogd, glibc (Caldera) (fwd)

___________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Linux/Unix System Administrator | Fax: (630) 840-6345 Computing Division OSS/FSS | email: yocum@fnal.gov .~. L Fermi National Accelerator Lab | WWW: www-oss.fnal.gov/~yocum/ /V\ I P.O. Box 500 |

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

Another from Bugtraq. I've also forwarded this one on to our contact at Red Hat (Stephen Smoogen) and he tells me it's in their QA currently. Dan _______________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Computing Division OSS/FSS | Fax: (630) 840-6345 .~. L Fermi National Accelerator

sysklogd in RH4.2 always opens a UDP listen socket, even when -r is not specified on the command line. It doesn''t check the file descriptor when -r is off though, but the behaviour still irritates the system administrator greatly (see also the recent bugtraq messages about this). Here is a patch to fix this: --- sysklogd-1.3/syslogd.c-o Wed Sep 3 22:19:26 1997 +++

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: DoS on gpm Advisory number: CSSA-2000-024.0 Issue date: 2000 July, 6 Cross reference: ______________________________________________________________________________ 1. Problem Description There are security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: kdelibs vulnerability for setuid KDE applications Advisory number: CSSA-2000-015.0 Issue date: 2000 June, 02 Cross reference: ______________________________________________________________________________ 1.

Hello - thanks to Prof. Ripley and Peter Dalgaard for their helpful responses. I have now successfully compiled R on my machine. The kernel-headers were not installed on my machine, but there is a package on the Open Linux 2.3 CD. I believe they weren't installed simply because I didn't choose to have all the development tools/libraries added when I installed linux. I didn't realize

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: wu-ftpd vulnerability Advisory number: CSSA-2000-020.0 Issue date: 2000 June, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: serious bug in setuid() Advisory number: CSSA-2000-014.0 Issue date: 2000 May, 31 Cross reference:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: sperl vulnerability Advisory number: CSSA-2000-026.0 Issue date: 2000 August, 7 Cross reference: ______________________________________________________________________________ 1. Problem Description sperl is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: flaws in the SSL transaction handling of Netscape Advisory number: CSSA-2000-017.0 Issue date: 2000 June, 09 Cross reference:

Hi all! Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions. I switched from sysklogd to rsyslog simply using chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start but this seems not to be

Greetings list-members! I''m a puppet newb and I''m trying to write a recipe that replaces the standard Redhat sysklogd with syslog-ng. I do this to separate shorewall-generated iptables log messages from / var/log/messages into a separate log. I have something that works now but it spews warnings every time puppetd runs on the client. The outline of what I wanted was to

Hi All, This has to be something simple....but it's really busting my chops. We have a PXE boot server that is used for initial installation of a number of operating systems and it works well. However the CentOS 5.1 x86_64 install is seriously broken. We've made the PXE boot images available from "centos/5/os/x86_64/images/pxeboot/" in the tftp boot etc. We've rsynced

Greetings. I wrote a script that make remote backups with rsync. I have 2 main problems with it 1) I want that the destination directory (on the repository machine) recreate the backed up file path and it permission (I use -R here ) 2) Is there a way to "follow" all the links using -R and -a parameters..?? Currently I am using something like this. rsync -al --delete

While I realize that the bliss virus looks more like a research project than a malicious virus, the reality is that it is out there. Because I was concerned that some programs on my linux systems might have become infected, I wrote a tool to determine which programs, if any, had been infected by the bliss virus. For those who lack md5 checksums of all their binaries, this is likely to be a

Hoping that this is not OT.. Hi I want to write a simple perl script to see if my system supports des or md5 as the password encryption scheme..what is the easiest way.. one of course is to look at the /etc/shadow file and then parsing the passwd field, any better way..?? Thx, Arni

Hello, I believe I''ve found a bug in the installation process of OpenLinux 2.2 when using the LISA boot disk. During the installation a temporary passwd file is put on the new file system containing the user "help" set uid=0 gid=0 and no password. Once you are prompted to set the root password and default user password a new passwd and shadow file is created yet the help user

Good call - I forgot to mention that. Caldera released an advisory a couple months ago about it if anyone's interested: ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-008.0.txt Dave -----Original Message----- From: Thomas Biege [mailto:thomas@suse.de] Sent: Friday, May 19, 2000 2:44 AM To: David LaPorte Cc: Mike Bowie; linux-security@redhat.com Subject: Re: [Security -