April 2003 - openSUSE Security - openSUSE Mailing Lists

Re: [suse-security] IP Tunnel in only one direction possible
by telest＠gmx.net 23 Apr '03

23 Apr '03

1 0

IP Tunnel in only one direction possible
by telest＠gmx.net 23 Apr '03

23 Apr '03

Hello to everyone, I have a big problem, that today the VPN tunnel is only usable in one direction. NET(1) --- FW1/VPN Gateway ---- internet ---- FW2 / VPN Gateway ---- NET(2) I can ping from NET1 to NET2 and get replies. ( I also can use different other thinks like pcanywhere, file access to the pc's on net2,...) I cannot ping from NET2 to NET1. There is nothing in the logfiles. I can only see on the interface statistik that the 4 ping packets are dropped. I use on both sides: Freeswan 1.98b iptables Suse Linux 8.0 FW1: static IP Adresses , SDSL Connection FW2: dynamic IP Adresses, SDSL PPPoE Connection I'm really stucked and help will be appreaciated. Thanks Peter -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

3 2

Re: [suse-security] running ftp daemon in chrooted jail - how?
by Michael Ryan 22 Apr '03

22 Apr '03

Guys, Thanks for all the help/suggestions, esp to Philippe for taking the time :) will probably go with vsftp Michael

1 0

running ftp daemon in chrooted jail - how?
by Michael Ryan 22 Apr '03

22 Apr '03

Hi list, Anyone point me to a good doc on how to set up ftp daemon in a chrooted environment. (I am running SuSE 8.1 which comes with the BSD FTP daemon ftpd-0.3.2-333 ... should I use this or would something like ProFTP be more 'secure'?) Many thanks, Michael

5 4

Need help with Postfix configuration
by news-it＠hilger-online.com 22 Apr '03

22 Apr '03

Hi folks, i need your held.. I got a Server running SuSE 8.1 Pro which acts as a firewall & proxy. Now i want to set up a mail server on the same machine.. I collect the mails with fetchmail from a pop3 server. But i need some help with the postfix configuration. Maybe someone can help me with that. Thanks a lot. T.

1 0

no KDE/Postscript Updates for SuSE <= 8.0
by Clemens Gesell 22 Apr '03

22 Apr '03

Hello folks, Why isn't there a Security Anouncement for the insecure Postscript handling Bug in KDE from SuSE. I have seen Update Packages for SuSE Linux 8.2 and 8.1, but nothing for <= 8.0 ? Thanks, Clemens

1 0

RE: [suse-security] connection via telnet, XServer, ssh
by Habichtsberg, R. 21 Apr '03

21 Apr '03

That is what I call a fast answer :-). Only 10 Minutes! Thank you, Markus and Stefan. I will try the ssh-clients. What I didn't know is that Cyqwin includes a XServer. Thanks again, Reinhard. > -----Original Message----- > From: Peer Stefan [SMTP:stefan.peer@tiwag.at] > Sent: Wednesday, April 16, 2003 10:57 AM > To: suse-security(a)suse.com > Subject: RE: [suse-security] connection via telnet, XServer, ssh > > Hi > > > From: Habichtsberg, R. [mailto:reinhard.habichtsberg@unilux.de] > > Hi all, > > > > how do you estimate the security risk of the following situation: > > > > I log into a linux-server from a windows-client via telnet as > > normal user. > > Why don't you use ssh? There are many nice windows ssh clients out there, putty for example. > > > From the linux-server I start a x-session > > (command: konsole -display windows-client:0,0) > > to a x-server (MIXServer 5.6) on the windows-client. > > > > From this session I open a ssh-session to a second linux-server > > where I have to work as root (su -). > > > > Now, if I would scan the data between the windows PC and the > > linux-servers > > could I read them not coded, particularly could I read the > > root password > > in plaintext? > > Yes. The password is transmitted via X over the network, which isn't encrypted afaik. > But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log." > > > > > TIA, > > Reinhard > > regards, > Stefan > > -- > Check the headers for your unsubscription address > For additional commands, e-mail: suse-security-help(a)suse.com > Security-related bug reports go to security(a)suse.de, not here >

2 1

Re: [suse-security] Suse 7.3 Crash
by Nick LeRoy 21 Apr '03

21 Apr '03

> Hi to all! Hi. I know that others have replied, but I don't think that anybody has hit on the most likely causes. The first thing that I'd do is get a modern version of memtest86 (I think they're up to 2.9 now), boot it up, and let it run overnight, or longer. IMHO, it's grown into a pretty good RAM tester. Another great system h/w test is to boot it up into text only mode, and put it in a loop building kernels. Nothing tests RAM and the system h/w as well as gcc.. > I don't know if this subject belongs to this list, but here it goes..... > > I have a Pentium 4 2.4Ghz with 1G of RAM and instaled the SuSe 7.3 Professional distribution. > > The installed system is very unstable and once and a while it just reboots without a warning. > > I installed the stable kernel 2.4.20 and disabled APM in bios and in the kernel configuration. Now only ACPI works. > > The crashes remained. > > The behaviour remains the same if i boot in failsafe mode. > > Any ideas ? > > I also noticed (with top) that the memory used is growing in time. When the system boots there is 126M used and after 3 hours it has > 800M used with the same processes. I also noticed that the biggest RSS process value is 11M. That's most likely just buffers / cache. -Nick -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze

4 4

YOU has no notion of update 8.1 -> 8.2
by Arjen de Korte 21 Apr '03

21 Apr '03

After an update from SuSE 8.1 to 8.2, YOU on one of my systems (a mailserver) fails to recognize the update. Although all packages seem to have been updated, YOU still shows "Version 8.1" in the System Information box. BTW, I run YOU though a SSH session from another system, as the server has no screen nor keyboard attached permanently. I'm a litlle worried that it will not be able to locate the correct security updates, without knowledge of the actual installed version. Arjen -- 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57

1 0

8.1 Crypto FS (loop_fish2) module with recompiled 2.4.20 kernel for amd
by David M. Fetter 20 Apr '03

20 Apr '03

I recently upgraded my system and in doing so I moved from a PIII Intel processor to an AMD Athlon XP. Currently, I'm running the kernel compiled against the (586/K5/5x86/6x86/6x86MX) Processor family because for some reason when I recompile the kernel against (Athlon/Duron/K7) Processor family the kernel module for loop_fish2 doesn't build. Does anyone know how to resolve this or even if it can? Also, something of note is that I do download the kernel source trees from the mantel dist and not from kernel.org, therefore the module should be present. -- David M. Fetter - http://www.fetterconsulting.com/ "The world is full of power and energy and a person can go far by just skimming off a tiny bit of it." Neal Stephenson - Snow Crash

1 0