March 2000 - openSUSE Security - openSUSE Mailing Lists

PPTP VPN Firewall Settings
by Drew A. Harris 12 Mar '00

12 Mar '00

I'm using the SuSE Firewall 2.0 script to set my firewall. However, I still need to manual add the following IPchains to be able to reach the VPN from my clients behind the firewall. ipchains -I input -j ACCEPT -p 17 -s [vpn server ip address] -d [my external IP] -i eth1 ipchains -I forward -j MASQ -p 47 -s 192.168.0.1/32 -d [vpn server IP] -i eth1 ipchains -I output -j ACCEPT -p 47 -s [my external IP] -d [vpn server IP] -i eth1 ipchains -I input -j ACCEPT -p 47 -s [vpn server IP] -d [my external IP] -i eth1 Is there a way to configure the firewall.rc.config file to take care of this from within the script? Thanks for your help. DREW.

1 0

SuSE Security Announcement - make-3.77
by Yasholomew Yashinski 10 Mar '00

10 Mar '00

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 14 Feb 2000, Thomas Biege wrote: > The reason is simple: > The bug wasn't known to the public and only the vendors got > notified by me right after I found it. To give other linux > ditributors the time to fix their stuff I wait some days > before releasing our announcement. > > Hope that explains everything. The respect of your competition is more important then the security of your users? - -- ..Yashy ".. I used to get in more fights with SCO than I did my girlfriend, but now, thanks to Linux, she has more than happily accepted her place back at number one antagonist in my life.. " (Jason Stiefel, krypto(a)s30.nmex.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4uXDXFM22zL2gTQcRAqLAAJ9UmyzrWcRQ2L3Xy0SMEKf20qxcsgCeNtVJ TpB2I2qC/3yJUYX48W31y0Q= =4ek0 -----END PGP SIGNATURE-----

23 64

Cracker Gets 18 Month Sentence...
by Fred A. Miller 09 Mar '00

09 Mar '00

Cracker Gets 18 Month Sentence for Five Year Old Computer Break-Ins. A man who broke into several large computer systems more than five years ago will serve 18 months in prison and pay $10,000 in restitution. He had been employed as a computer consultant. http://www.foxnews.com/vtech/030500/hack.sml -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm(a)cupserv.org

1 0

Vulnerabilities in StarScheduler!
by Fred A. Miller 09 Mar '00

09 Mar '00

S.A.F.E.R. Security Bulletin 000309.EXP.1.4 __________________________________________________________ TITLE : Vulnerabilities in StarScheduler DATE : March 09, 2000 NATURE : Denial-of-Service, Remote Code Execution, Access to privileged files PLATFORMS : StarScheduler/StarOffice 5.1 DETAILS: StarOffice comes with a nice groupware server, called StarScheduler. It also includes a web server that is vulnerable to several security problems. PROBLEM: A buffer overflow exists in the StarScheduler web server (which listens on port 801), that can lead to remote execution of code and root access. Since the server dies, this is also a Denial-of-Service issue. The problem is in the way web server handles long requests. Sending a "GET /['A' x 933] HTTP/1.0" will crash the server. This web server is running as a root. Another silly problem exists in the server that allows any user to gain read access to files to which they normally don't have access to. Example: http://starscheduler_server:801/../../../../etc/shadow This will display the content of the /etc/shadow file. FIXES: No fixes are available yet. Sun has been contacted on 6th of February, but we have received no response from them. JOB OFFERS: The Relay Group is seeking security enthusiasts with a vast experience in intrusion testing, firewall/IDS configuration and other security-related fields. For more information, please visit: http://relaygroup.com/secjobs.html ___________________________________________________________ S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 2000 The Relay Group http://www.safermag.com ---- security(a)relaygroup.com -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm(a)cupserv.org

1 0

FW: [suse-security] MD5 Passwords.
by |[TDP]| 08 Mar '00

08 Mar '00

Sorry.... in suse 6.3 the MD5_CRYPT_ENAB doesn't appear in /etc/login.defs and if you enable it, suse doesn't seem to change passwords to MD5... I think this feature has been removed. (in suse 6.1 i obtained md5 passwd sucessfully) I think was removed for security, MD5 is an algorithm that has collisions, however DES does not undergo problems of collisions, although it is "in theory easy to crack" by brute force. ----- Mensaje original ----- De: "Normando Marcolongo" <normando(a)studenti.ing.uniroma1.it> Para: <suse-security(a)suse.com> Enviado: martes, 07 de marzo de 2000 12:38 Asunto: [suse-security] MD5 Passwords. > > How can I enable MD5 passwords on SuSE 6.3? > > Thanks in advance! > > Normando. > > -- > Normando [enemy] Marcolongo (iW6OWQ) [] normando(a)studenti.ing.uniroma1.it > LUG Roma - IEEE S.B. Roma - ALU [] (AX.25) IW6OWQ(a)IW7BNO.IPUG.ITA.EU > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com > For additional commands, e-mail: suse-security-help(a)suse.com > >

3 3

RE: [suse-security] MD5 Passwords.
by |[TDP]| 08 Mar '00

08 Mar '00

In /etc/login.defs ... set MD5_CRYPT_ENAB to yes (if the line is #commented, uncomment it) ----- Mensaje original ----- De: "Normando Marcolongo" <normando(a)studenti.ing.uniroma1.it> Para: <suse-security(a)suse.com> Enviado: martes, 07 de marzo de 2000 12:38 Asunto: [suse-security] MD5 Passwords. > > How can I enable MD5 passwords on SuSE 6.3? > > Thanks in advance! > > Normando. > > -- > Normando [enemy] Marcolongo (iW6OWQ) [] normando(a)studenti.ing.uniroma1.it > LUG Roma - IEEE S.B. Roma - ALU [] (AX.25) IW6OWQ(a)IW7BNO.IPUG.ITA.EU > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com > For additional commands, e-mail: suse-security-help(a)suse.com > >

4 4

Re: [suse-security] Firewall 2.0: Samba services
by Erwin Zierler 07 Mar '00

07 Mar '00

Samba usually uses ports 137-139 tcp and udp, should be easy to implement a rule that fixes your problem. --- At 21:24 07.03.00 +0100, you wrote: >Hello, > >With Firewall 1.4 and 2.0 i have a problem: > >The SuSE Firewall blocking all SAMBA pakets from my internal network >:-(( >My system has 5 Networkcards. All pakets from my local networks, e.g. 192.168.1.0:138 -> 192.168.2.0:138, will be blocked :-(( > >When comes a bugfix ? > >greetings >daniel > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com >For additional commands, e-mail: suse-security-help(a)suse.com > > Erwin Zierler | Web-/Hostmaster - Stubainet | Email: Erwin.Zierler(a)stubainet.at / webmaster(a)stubainet.at | Mobil: 0664 - 130 67 91 Tel.: 05225 - 64325 Fax 99

1 0

Re: [suse-security] named can't write to named.pid
by Markus Gaugusch 06 Mar '00

06 Mar '00

Jurjen Oskam wrote: > > Since then (presumably because it doesn't run under root privileges > anymore?) named complains: > > Mar 6 00:25:02 calvin named[5129]: couldn't create pid file > '/var/run/named.pid' > > I already tried to make named.pid owned by user named. since named.pid is re-created every time named is restarted, named must have write privileges in /var/run the default of this dir in suse 6.3 is drwxrwxr-x 3 root uucp 1024 Mar 6 12:18 run so named must run in group uucp ... hth Markus -- ________________________________________ Markus Gaugusch markus(a)gaugusch.dhs.org ICQ-ID: 11374583 [www.mirabilis.com]

1 0

FTP through SSH
by list 06 Mar '00

06 Mar '00

Hi! I would like to connect to my FTP Server wich is running on my Linux Server.. The Ftp server can only be reached via SSH Tunnel cause the firewall doesn't permit the packets through. The FTP server is ony for emergeny file access. I can connect to the FTP server if I do a port forward of port 21, but I the ftp server can't send me the file list cause I need an second port. How I can configure these ports? I use wu.ftpd and for example CuteFTP or FTP Voyager on Windows Machine. the FTP-server error message: 500 Illegal PORT Command 500 Can't build data connection: no PORT specified Please help me.. How I can define static ports for ftp ? thanks, chris

8 8

dump
by Oles Filonenko 06 Mar '00

06 Mar '00

Hi. What about "ctime" in glibc? Command was: ltrace -S -o /tmp/dump.out /sbin/dump -0 `perl -e 'print "a" x 1024'` SuSe 6.3

1 0