openSUSE Security April 2003

security@lists.opensuse.org

151 participants
116 discussions

Lock with Apache+Php+MySql
by Pedro Cáliz 29 Apr '03

29 Apr '03

Hello list, There are some days I've configured 'phpMyAdmin' as comented in '.../phpMyAdmin/Documentation.html', and I've try it. All was working fine till the moment I've try to logout (from phpMyAdmin session): no way. From this point I was unable to run apache, not only phpMyAdmin. After trying to access my main page (pure html), in the /var/log/httpd/error.log I've: .... PHP Fatal error: Unable to start session mm module in Unknown on line 0 PHP Fatal error: Unable to start session mm module in Unknown on line 0 ..... I've unloaded mod_php4, then the message was: .... Wed Apr 16 18:06:08 2003] [notice] child pid 8006 exit signal Segmentation fault (11) [Wed Apr 16 18:54:17 2003] [notice] child pid 8011 exit signal Segmentation fault (11) ..... Somebody knows how to unlock that? On the other hand, today I've seen the last SuSE 8.1 update for glibc is 2.2.5-161, but surprisingly YOU tell me my instaled version is 2.2.5-164 (installed on 9.Apr.2003, I think via YOU because I've no .rpm file, nor .gz on my system), and now it seems this update don't exists. Somebody in SuSE knows about this?. I don't know if there are some relation between this two issues, but phpMyAdmin uses 'iconv' for translations of charsets, that is included on glibc package.... Thanks in advance (...I'll cut mine veins with the tape of the printer....)

3 10

New logging message
by Matthias Riese 29 Apr '03

29 Apr '03

Hi, I have a couple of these in my logs: Apr 29 05:01:03 p15089763 PAM-warn[19900]: user: (uid=0) -> admin [remote: ?nobody@?nowhere] Apr 29 05:01:03 p15089763 server [218.79.178.192] cmd read[19900]: NOQUEUE: [218.79.178.192] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA They repeat 14 times within 2 minutes. Afterward I see just one of the above two lines: Apr 29 05:01:49 p15089763 server [218.79.178.192] cmd read[19922]: NOQUEUE: [218.79.178.192] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA They repeat 110 times within 13 minutes. What triggered these logging messages? 218.79.178.192 is the IP of an attacker. He also did an extensive port scan, tried for some httpd security holes and so on. Best regards, Matthias -- See header for e-mail address and name.

2 1

[suse-security] Susefirewall2?
by Trey 29 Apr '03

29 Apr '03

Just a quick newbie question. I have several pcs w/their default gateways set to my Susefirewall2. However, I have a couple stations that are never used to access the internet. Would it be more secure to have them use the firewall as def. gateway, or just give them a def. gateway of 0.0.0.0? They are only used locally, so never need internet access of any kind. I figured if I gave them a bogus DG it would make them very safe. Just wanted to double check, before learning the hard way. Thanks, -Trey

2 1

Setting up Kerberos
by Geoff Beaumont 28 Apr '03

28 Apr '03

Hi, I'm in the process of setting up a small network using SuSE 8.2 pro - as this network needs the ability to scale rapidly in the future, and to be as unobstructive as possible to end users, I decided to build it round a Kerberos/LDAP authentication system. Following the instructions in the SuSE 8.2 Admin Guide, I've created a Kerberos realm named the same as my internal DNS domain, but upper case, and can obtain tickets from this using kinit on the local machine. However, I can't obtain a ticket from a remote machine, instead getting the following error: Exception: krb_error 38 Incorrect net address (38) Incorrect net address KrbException: Incorrect net address (38) at sun.security.krb5.KrbAsRep.<init>(DashoA6275:62) at sun.security.krb5.KrbAsReq.getReply(DashoA6275:308) at sun.security.krb5.KrbAsReq.getReply(DashoA6275:271) at sun.security.krb5.internal.tools.Kinit.<init>(DashoA6275:264) at sun.security.krb5.internal.tools.Kinit.main(DashoA6275:104) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.af.a(DashoA6275:129) at sun.security.krb5.internal.au.a(DashoA6275:58) at sun.security.krb5.internal.au.<init>(DashoA6275:53) at sun.security.krb5.KrbAsRep.<init>(DashoA6275:48) ... 4 more As far as I can see, everything is set up correctly in the local /etc/krb.conf. The default_realm is correct, there is a realms entry for it giving the FQDN of the Kerberos server for kdc, kpasswd_server and admin_server. I did attempt to set up Kerberos via DNS but got a message saying it couldn't identify the kdc, so it's presumably getting further than that now - I'll have another go at the DNS route once I know the basics are working. I've searched the web trying to find out what the above error actually means, and drawn a blank - can anyone enlighten me? If it's any help I can post details from the actual configuration files - this is tucked away on a private network, so there's no real risk, and I can change everything afterwards once I know how to do it. TIA, -- Geoff Beaumont Geoff(a)stormhammer.com

1 2

Newer Squid RPM's for SuSE 7.x
by Drew J. Como 28 Apr '03

28 Apr '03

All, Does anyone have rpm sources for Squid 2.5 that will build on a SuSE 7.x box? Thanks :-) Drew

3 2

Re Spam and attacks
by Derek (on Linux) 27 Apr '03

27 Apr '03

Hi All Hope this is the corect email address to use. I have a small network with windows machines behind a Linux 8.1 machine. The Linux machine connects to the internet the windows machines talk to the internet through the Linux machine. Does anyone know how to configure the Linux firewall to track and block attacks? Also I notice I get some spy ware via web sites are these imposible to block? Regards Derek

2 1

sendmail, avoiding open relay
by Carsten Becher 26 Apr '03

26 Apr '03

Hoi ! I´ve a mailserver running at home (for 2 clients - nothing serious), SuSE 7.2. I´ve already restrictet access by using the /etc/mail/access to 192.168 . That´s enough or should i do something more? Background is, i got me this message by my system : ----- The following addresses had permanent fatal errors ----- <xxxxxx(a)xx.xx> (reason: 550 relaying to <johan(a)mi.cl> prohibited by administrator) ----- Transcript of session follows ----- ... while talking to smtp.kundenserver.de: >>> RCPT To:<xxxxx(a)xx.xx> <<< 550 relaying to <xxxxx(a)xx.xx> prohibited by administrator 550 5.1.1 <xxxxx(a)xx.xx>... User unknown Look´s tight to me, or did i miss something important? cu Carsten

5 7

Re: [suse-security] sendmail, avoiding open relay
by Carsten Becher 26 Apr '03

26 Apr '03

Hoi ! anyware(a)wachtler.de schrieb: > On Sat, Apr 26, 2003 at 08:30:27PM +0200, Carsten Becher wrote: > > Perhaps the directory where libgssapi.so.1 resides is not listed in > /etc/ld.so.conf ? > > Assuming the full path name ist /abc/def/libgssapi.so.1 then add a > line like: > /abc/def > to the file /etc/ld.so.conf and run ldconfig. > Then it should be found on starting programs > > HTH Klaus Unfortunately no. If i remember correctly there could be a problem with a loader, but its some months past :-( cu Carsten

1 0

Re: [suse-security] mailx dumps core if line with NUL character in mail
by Peter Karl Müller 26 Apr '03

26 Apr '03

Steffen Dettmer wrote: >>Program received signal SIGSEGV, Segmentation fault. >>0x40090428 in fwrite () from /lib/libc.so.6 >>(gdb) bt >>#0 0x40090428 in fwrite () from /lib/libc.so.6 >>#1 0x0804f186 in append (mp=0xbffff22c, f=0x5e698) at fio.c:309 >>#2 0x0804ea3b in setptr (ibuf=0x805e010) at fio.c:97 >>#3 0x0804fe33 in setfile (name=0xbffff566 "./minimal") at lex.c:155 >>#4 0x08051dd9 in main (argc=3, argv=0xbffff384) at main.c:263 > > > mmm... the line numbers does not match the piece of code you > mailed? Sorry, my fault again. I've used a modified version with couples of printfs so the line numbers do not match. Here is the result of the original code with debug enabled: Program received signal SIGSEGV, Segmentation fault. 0x40090428 in fwrite () from /lib/libc.so.6 (gdb) bt #0 0x40090428 in fwrite () from /lib/libc.so.6 #1 0x0804f2f7 in append (mp=0xbffff23c, f=0x5eb80) at fio.c:286 #2 0x0804ec4a in setptr (ibuf=0x805e4f8) at fio.c:95 #3 0x0804fff3 in setfile (name=0xbffff573 "minimal") at lex.c:155 #4 0x08052269 in main (argc=3, argv=0xbffff394) at main.c:263 #5 0x400467ee in __libc_start_main () from /lib/libc.so.6 Very interesitingly rpm -bp sets RPM_OPT_FLAGS so that the sources are compiled with -O2 -mcpu=i486 -fno-strength-reduce -funroll-loops If you lower the optimization level i.e. by make RPM_OPT_FLAGS='-O -mcpu=i486 -fno-strength-reduce' or make RPM_OPT_FLAGS='-O -g3 -mcpu=i486 -fno-strength-reduce' then mailx no longer dumps core. Regards PKM

1 0

Re: [suse-security] sendmail, avoiding open relay]
by Carsten Becher 26 Apr '03

26 Apr '03

Hoi ! konold(a)erfrakon.de schrieb: > Yes, you missed that smtp.kundenserver.de is listed as an open relay and > therefor a lot of people deny email via this gateway. > > Please check with your provider about alternatives. AFAIK puretec/1&1 > offers an alternative with smtp auth. Sorry , didn?t miss that. But unfortunately i couldn?t get smtp-auth to work with pop.1und1.com. Sendmail complaint about couldn?t dlopen a library. Don?t know which anymore, would have to have a look in my old logs if need to. After trying for some time i decided to go for smtp.kundenserver.de. Lame, i know, but have been out of ideas at that time. Thx & cu carsten

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security April 2003