similar to: Re: RedHat5.1 security flaws.

On Mon, 1 Jun 1998, Chris Evans wrote: > Sadly the number of unaddressed security issues in RedHat Linux systems > is creeping up. > > It is becoming difficult for me to keep track of them all. Since I am keen > they all get fixed ASAP, I''ve put up a text file of these issues on the > web. > > http://ferret.lmh.ox.ac.uk/~chris/rhbugs.txt > > I hope this is

Hi Are there any known security holes or necessary precautions in using port forwarding with ipportfw? I'm planning on forwarding ports from an outer firewall/router (connected to the Internet) to a host in the DMZ, then on from the DMZ host to the inner firewall, and finally from the inner firewall to some host on the inside. Thanks, Jens jph@strengur.is From mail@mail.redhat.com Wed

Hi, I am bemused. After some security auditing on RH5.0, I was curious as to what new suid binaries and daemons shipped with RH5.1. The first one I noticed was "xosview". God knows why it needs to be SUID; it probably doesn''t but the makefile just makes the binary suid by default. Linux has /proc which has enough information that ferreting around in /dev/kmem using root privs

Hi, I just installed a new server and my final yum update fails... I have rpmforge and rpmforge-extras, but with yum priorities... # grep enabled /etc/yum/pluginconf.d/priorities.conf enabled = 1 # cat /etc/yum.repos.d/CentOS-Base.repo | grep "priority\|^\[" [base] priority=1 [updates] priority=1 ... # yum clean all # yum list | grep "tcp_wrappers\|nfs-utils"

http://bugzilla.mindrot.org/show_bug.cgi?id=948 Summary: high CPU in sshd after tcp_wrappers deny Product: Portable OpenSSH Version: 3.9p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi, I''m running into something weird here. I''m using RH5.1 with tcp_wrappers 7.6. The syntax for hosts.allow and hosts.deny is: <service list> : <access list> [ : <shell_command> ] Everything works when I _don''t_ use the shell_command. I used the _exact_ line as in the man-pages utilising "safe_finger" (comes with tcp_wrappers), tcpdchk

Parsing bug was discussed here: <http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006230.html> Parsing bug summary ------------------- working /etc/hosts.allow: upsd 127.0.0.1 [::1] : ALLOW broken in /etc/hosts.allow: upsd localhost : ALLOW It looks like upsd originally intended to match nut username with system username? This is not the case now. This causes

Hello, I just upgraded my nut 2.2.1 setup to 2.4.1. The "upsdrvctl shutdown" command now works using a APC Backup-UPS CS350 via USB. Great! The removed ACL/allowfrom functionality can be replaced by tcp_wrappers. Unfortunately there isn't much documentation about the migration. First you have to compile nut with "--with-wrap". I have a special "nutadmin"

Hello all, I'm hoping you can help out with an issue I'm having running dovecot-beta8 on Solaris 9 (SPARC). The reason I need to run them from xinetd is that we require the filtering ability that tcp_wrappers provide. My issue is that, when running both from xinetd, IMAP runs fine, but then, when you try to POP in to check mail on the same box, it seems that the login section is

The latest snapshot works well for me, except for one minor annoyance. When logging into an account with an expired password, OpenSSH asks for the current login password twice and then it asks for the new password. Other than that, everything works swell. [fortezzo at entralla /root]$ ssh fortezzo at firrerre Warning: Permanently added 'firrerre,xx.xx.xx.xx' (DSA) to the list of known

>>>> At a guess it was removed from the spec for el8 (which does not support >>>> tcpwrap) and somehow got removed from el7 by accident. The ghettoforge >>>> dovecot23 packages have tcpwrap support for el7: > > So is el8 truly incompatible with tcpwrap? Or is it just too much > effort to continue suport for every feature that was ever in the system?

I just submitted a PR for this (haven't even gotten the confirmation email), but since not everyone tracks the GNATS CVS distribution, I figured that I'd send it here as well. -----Forwarded Message----- > From: Steve Grubb <linux_4ever@yahoo.com> > To: bugtraq@securityfocus.com > Subject: Xinetd 2.3.10 Memory Leaks > Date: 18 Apr 2003 16:18:36 +0000 > > >

hi have problems to get an samba server up that offers shares for all without a password heres my smb.conf file located under /usr/local/samba/lib/smb.conf [global] netbios name = DEATHB server string = Samba %v on (%L) workgroup = LANSTRIKE encrypt passwords = yes security = share [homes] browseable = no [mp3] comment = lmh path = /var/glftpd/site/mp3/lame.r3mix/ browseable = yes read only =

Hi, attached is a patch by Chris Faylor <cgf at cygnus.com> relative to 2.2.0p1. Description: OpenSSH does not allow port gatewaying by default. This means that only the local host can access forwarded ports. Adding "GatewayPorts yes" to .ssh/config usually does this job. Unfortunately, OpenSSH does not recognize the same hosts.allow/ hosts.deny options as ssh.com's sshd

I have some (Thunderbird client, dovecot-1.0.13, Maildir) users who get an appalling amount of spam-with-attachment, and it's causing backups to take an inordinate amount of time. I'll implement some quota and server-side spam management when I go to dovecot-1.1, but in the meantime: What is the safest way to empty all messages within, but not delete, the following folders from the

Solaris and/or ZFS are badly confused about drive IDs. The "c5t0d0" names are very far removed from the real world, and possibly they''ve gotten screwed up somehow. Is devfsadm supposed to fix those, or does it only delete excess? Reason I believe it''s confused: zpool status shows mirror-0 on c9t3d0, c9t2d0, and c9t5d0. But format shows the one remaining Seagate

Rupert Gallagher via rsync <rsync at lists.samba.org> wrote: > On 7 Aug 2020, 23:44, Wayne Davison < wayne at opencoder.net> wrote: > > >> Also, I have 12GB of cache in ecc ram that rsync is not using. > > >It uses whatever memory it needs plus whatever filesystem caching > >your OS provides. > > Hmmm... bad day today... > > No, it is not

Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish. The package does what is should do, functionality isexactly what it should be and it is bug free. Also it is flexible enough to do other tricks with it like spawning something depending on the ip address the incoming connection is coming from. It is a

Hi, I've just started using Dovecot (v1.1.14), and I'm noticing a lot of dictionary attacks. I searched through the documentation and the mailing list archives hoping to find support for tcp_wrappers (hosts.deny) support. I did find some suggested patches in the list from last year, but as far as I can tell, there is no support in the released versions. Is this implemented and

I've just had the most appalling performance from * ever. Dialling: Cisco 7960 => asterisk => IAX produces sound drop outs so extreme that the call is useless. I noted this in an earlier post. Dialling: Cisco ATA186 => asterisk => IAX is fine. Frankly, I think this is such a bad problem that it should be sorted in advance of any of the new features that seem to be