November 2005 - openSUSE Security - openSUSE Mailing Lists

OT: X Server with cygwin. Was Re:[suse-security] safety with scp
by miguel gmail 07 Dec '05

07 Dec '05

Hi > Nevertheless gives a nice X-Server. > ;-) Oh, yes, i forgot it. Problem is... i am unable to use it. The first time i used cygwin i did it with administrator w2k user. From then on, i use a regular user, but with administration rights, though (company policy). Administrator user can launch X server, but not any other user (at this point, i really miss the su - linux capability). When i launch the startx command, this is what i get (in a popup window): A fatal error has occurred and Cygwin/X will now exit. Please open /tmp/XWin.log for more information. Vendor: The cygwin X Project Release: 6.8.2.0-2 Contact: blah blah XWin was started with the following command-line: X :0 -multiwindow -clipboard The main cygwin windows shows: Mcalerom@MCALEROMAC2K ~ $ startx Welcome to the XWin X Server Vendor: The Cygwin/X Project Release: 6.8.2.0-2 Contact: cygwin-xfree(a)cygwin.com XWin was started with the following command line: X :0 -multiwindow -clipboard Fatal server error: Cannot open log file "/tmp/XWin.log" waiting for X server to begin accepting connection .. .. .. .. .. .. .. .. .. .. winDeinitMultiWindowWM - Noting shutdown in progre giving up. xinit: Connection refused (errno 111): unable to xinit: No such process (errno 3): Server error. The closest thing i could find to the log file mentioned above was c:\cygwin\tmp\XWin.log, but the last time this file was updated was by mid september :-? Welcome to the XWin X Server Vendor: The Cygwin/X Project Release: 6.8.2.0-2 Contact: cygwin-xfree(a)cygwin.com XWin was started with the following command line: X :0 -multiwindow -clipboard ddxProcessArgument - Initializing default screens winInitializeDefaultScreens - w 1400 h 1050 winInitializeDefaultScreens - Returning _XSERVTransmkdir: Owner of /tmp/.X11-unix should be set to root (II) XF86Config is not supported (II) See http://x.cygwin.com/docs/faq/cygwin-x-faq.html for more information (==) FontPath set to "/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/" winAdjustVideoModeShadowGDI - Using Windows display depth of 32 bits per pixel winAllocateFBShadowGDI - Creating DIB with width: 1400 height: 1050 depth: 32 winInitVisualsShadowGDI - Masks 00ff0000 0000ff00 000000ff BPRGB 8 d 24 bpp 32 null screen fn ReparentWindow null screen fn RestackWindow InitQueue - Calling pthread_mutex_init InitQueue - pthread_mutex_init returned InitQueue - Calling pthread_cond_init InitQueue - pthread_cond_init returned winInitMultiWindowWM - Hello winInitMultiWindowWM - Calling pthread_mutex_lock () winMultiWindowXMsgProc - Hello winMultiWindowXMsgProc - Calling pthread_mutex_lock () MIT-SHM extension disabled due to lack of kernel support XFree86-Bigfont extension local-client optimization disabled due to lack of shared memory support in the kernel (--) Setting autorepeat to delay=500, rate=31 (--) winConfigKeyboard - Layout: "0000040a" (0000040a) (--) Using preset keyboard for "Spanish (Spain, Traditional Sort)" (40a), type "4" (--) 3 mouse buttons found Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from list! winInitMultiWindowWM - pthread_mutex_lock () returned. winMultiWindowXMsgProc - pthread_mutex_lock () returned. winInitMultiWindowWM - pthread_mutex_unlock () returned. winInitMultiWindowWM - DISPLAY=127.0.0.1:0.0 winMultiWindowXMsgProc - pthread_mutex_unlock () returned. winMultiWindowXMsgProc - DISPLAY=127.0.0.1:0.0 winProcEstablishConnection - Hello winInitClipboard () winProcEstablishConnection - winInitClipboard returned. winClipboardProc - Hello DetectUnicodeSupport - Windows NT/2000/XP winClipboardProc - DISPLAY=127.0.0.1:0.0 winInitMultiWindowWM - XOpenDisplay () returned and successfully opened the display. winClipboardProc - XOpenDisplay () returned and successfully opened the display. winMultiWindowXMsgProc - XOpenDisplay () returned and successfully opened the display. winMultiWindowXMsgProcErrorHandler - ERROR: BadWindow (invalid Window parameter) I know it is very OT, but i thought it was worthy to give it a try... -- Saludos, miguel

5 6

Re: [suse-security] SuSEfirewall2 drop/reject on ip address
by Polarizer 29 Nov '05

29 Nov '05

> Could someone tell me how to configure SuSEfirewall2 to drop packets based > source address(s)/range? Any help would be appreciated. Take a look at the configuration file "/etc/sysconfig/SuSEfirewall2" <quote> ## Type: string # # 25.) # Do you want to load customary rules from a file? # # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS! # READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom # FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" </quote> in "/etc/sysconfig/scripts/SuSEfirewall2-custom" are examples which may help you to meet your needs. Good place to block an address range seems to be "fw_custom_after_antispoofing()". hope that helps the polarizer http://www.codixx.de/polarizer.html

1 0

SuSEfirewall2 drop/reject on ip address
by Wade Grant 29 Nov '05

29 Nov '05

Could someone tell me how to configure SuSEfirewall2 to drop packets based source address(s)/range? Any help would be appreciated. wade G. "Privilege becomes arrogance. Arrogance promotes injustice. The seed of ruin blossom." Frank Herbert. 1984. God Emperor of Dune.

1 0

RE: Simple to exploit SQL Injection ?
by suse＠karsites.net 29 Nov '05

29 Nov '05

Hi all. Would this be of relevance: from php.ini: ; Use Sybase-style magic quotes (escape ' with '' instead of \'). ; Leave this OFF! magic_quotes_sybase = OFF HTH - KR On Mon, 28 Nov 2005, Victor Chapela wrote: > To: 'Jason binger' <cisspstudy(a)yahoo.com>, webappsec(a)securityfocus.com > From: Victor Chapela <victor(a)sm4rt.com> > Subject: RE: Simple to exploit SQL Injection ? > > Jason, > > I agree with Rich, it seems your ' is being escaped by > adding a second one. This should be interpreted by the > database as a single quote within the quoted string '...'.

1 0

Re: [suse-security] problems after update to new php4-corefiles with YaSt
by Polarizer 29 Nov '05

29 Nov '05

> Just my question - how can i go back to the last > php Version (php4-4.3.4-43.44) until this is > fixed. > Depending on your Suse version you'll find previously installed php versions right here: /var/lib/YaST2/you/mnt/i386/update/X.X/rpm/i586/php4-* where X.X is to replace with your version.subversion roll back with "rpm -i" optionally w/ "--nodeps" and/or "--force" polarizer http://www.codixx.de/polarizer.html

2 1

problems after update to new php4-corefiles with YaSt
by Michael Weber 29 Nov '05

29 Nov '05

Hi, cause it was a security update i just try it here. After the Update of the php4 corefiles with Yast we have *real* problems with the "simulate static" Functions of Typo3 on our Server. After the update i found a replaced php.ini, with no php.ini.rpm whatever backup. The replacement with the old php.ini dont work so i guess its a bug in the update (php4-4.3.4-43.46.3). Just my question - how can i go back to the last php Version (php4-4.3.4-43.44) until this is fixed. Luckily thats my first problem with a Update but it have to be solved very fast. tia, Michael Weber

1 1

How to make SuSEfirewall2 accept packets passing bridge-interface
by David Huecking 29 Nov '05

29 Nov '05

Hi! I had set up a router as follows: - eth1/ ppp0 is external interface to a DSL-modem to the internet - eth0 is a ethernet-interface to internal net/ switch => everything was fine. SuSEFirewall2 set up the routing to and from the internet for the internal clients and provided some protection from the internet. Now I added a wireless-card for the router also acting as a wireless access-point: - ath0 is interface of wireless-card running in hostap-mode Then I build a bridge-interface from eth0 and ath0 and gave it the former IP of eth0. - br0 bridge made of ath0 and eth0 Routing from the wired and wireless clients to the internet works like a charm. What does not work ist bridging from physical interface eth0 to ath0 so that I can reach my server attached to the LAN-switch from my wireless notebook. I get logging-entries like that: SFW2-FWDint-DROP-DEFLT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=ath0 SRC=192.168.42.6 DST=192.168.42.2 Could anybody tell me what to write into /etc/sysconfig/SUSEFirewall2 or in /etc/sysconfig/scripts/SuSEfirewall2-custom to accept packets crossing my bridge. Bridge was set up like that: brctl addbr br0 brctl addif br0 ath0 brctl addif br0 eth0 ifconfig ath0 0.0.0.0 ifconfig eth0 0.0.0.0 ifconfig br0 192.168.42.5 Thanks in advance for any tips. -- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216

6 9

Re: [suse-security] Problems with latest SuSE apache2-mod_php5 from SuSE update
by Stefan Seifert 28 Nov '05

28 Nov '05

/>> I have encountered a problem with apache2-mod_php5-5.0.3-14.13.i586.rpm / />> on SuSE 9.3. / />> / />> After installing the following mod_rewrite directive does not work anymore: / />> / />> RewriteRule ^(.*)(index|content)\.html myscript.php [PT] / />> / />> / />> The script is no longer executed, but a empty response of (I think) type / />> x-httpd-php is sent back. Rolling back to / />> apache2-mod_php5-5.0.3-14.11.i586.rpm fixes that issuse. / > i got the same problem with php4. error.log shows following messages: > ------------------------------ > [notice] child pid 8975 exit signal Segmentation fault (11) > ----------------------------- > i have additional eaccelerator running. maybe the problem depends from > this tool. can't test it atm. I can confirm this problem with patch php4-52615 on SuSE 9.1 and apache2-mod_php4-52618 on SuSE 9.3 No accelerators used. I get a segfault on every subrequest that's using PHP, e.g. PHP scripts that are included via SSI and PHP scripts that run as 404 errorpage. I think rewrites run as subrequest, too, so that's why they're broken. Rolled back the update for now. regards, Stefan Seifert

4 4

Re: [suse-security] Close all ssh sessions
by Polarizer 28 Nov '05

28 Nov '05

Miguel ALBUQUERQUE schrieb: > Hi, > > How can one force closing an open ssh session ? I want to disconnect a > user right after executing a script no waiting for a timeout. Is that > possible ? I've 3 ideas 1st) What about to replace the login shell in /etc/passwd with the script the user can invoke. If script is done user gets logged out :O)_ youruser:x:1000:1000::/var/tmp/:/bin/yourscript 2nd) One can invoke a script via ssh a.ip.addr.ess "command" so if you can disable interactive sessions in sshd it will fulfill your requirements (Dunno how to accomplish that ad hoc) 3rd) man bash PPID The process ID of the shell's parent. This variable is readonly. If one invokes a script this variable should contain the PID of the underlying bash. Just kill -9 $PPID in the of the script. Hope that helps the polarizer http://www.codixx.de/polarizer.html

4 3

RE: [suse-security] problem with apache reverse proxy
by Dörfler Andreas 25 Nov '05

25 Nov '05

well done, thanks :) right, missing / was only in the example :) problem was ProxyPreserveHost On .... ive set RequestHeader unset Accept-Encoding now, think i dont need more ?! greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ > -----Original Message----- > From: sf(a)sfritsch.de [mailto:sf@sfritsch.de] > Sent: Friday, November 25, 2005 10:06 AM > To: suse-security(a)suse.com > Subject: Re: [suse-security] problem with apache reverse proxy > > Hi, > > > ProxyPassReverse ^/(.*)$ http://test2.kempten.lan$1 > (here is a / missing, put this is probably only in the example?) > > > if the backend server uses named virtual hosts as in your case, > you must use one of > > * ProxyPreserveHost Off on the reverse proxy > * mod_header with RequestHeader set Host in a <Proxy> block on the > reverse proxy > * ServerAlias dummy.domain.de , etc. on the backend server > > Hope this helps. > > Cheers, > Stefan > > > > -- > Check the headers for your unsubscription address > For additional commands, e-mail: suse-security-help(a)suse.com > Security-related bug reports go to security(a)suse.de, not here > >

1 0