Hello
I tried to install the apache 2.0.53 from SUSE's rpm.
I found them in SUSE's site. i installed these rpms (apache and other
related with the 2.0.53 version packages like prefork, etc)
I ran YOU and i surprising found that a patch was available for apache
2.0.53.
Can this be true or not? Is there any patch for apache 2.0.53 ?
One more issue.
I tried to install php using Yast and the rpm from the CD.
After having done the proper configuration for the php support,
i tried to startapache 2.0.53 but it failed and gave me an error
(in the error_log)
Segmation Fault (pointed the line that php get loaded)
What was wrong with that?
Thanks in advance
John
Hi everyone,
I still get the error message "kernel: ip_conntrack: table full,
dropping packet." on SuSE 9.0 with SuSEfirewall2 (all updates installed)
about every 2-4 weeks (there was a discussion about this some month ago,
but no solution...). The only thing that seems to help when this occurs
is rebooting the machine (as far as I could figure). The machine does
have some servers behind it and filters about 500MB of traffic average
per day. Below are some informations about the error-messages and the
configuration and the state of the server when the problem occurs:
linux:~ # cat /var/log/messages | grep ip_
Feb 24 12:13:05 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:09 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:15 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:20 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:24 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:38 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:39 linux kernel: ip_conntrack: table full, dropping packet.
Feb 24 12:13:56 linux kernel: ip_conntrack: table full, dropping packet.
linux:~ # cat /proc/net/ip_conntrack | wc -l
1913
linux:~ # cat /proc/sys/net/ipv4/ip_conntrack_max
32760
linux:~ # iptables-save | wc -l
922
Does anybody have the same problem and hopefully a solution? Any ideas
how I can at least find out, which packets are dropped?
Greetings,
Ralf
This is possibly not a SuSE specific problem, but since the two systems
involved are both running 9.2 Pro, and it's their integrity that's at
stake, and since I've no idea what the underlying mechanism is, I
thought I'd start here ;)
The situation:
PC1 - SuSE 9.2 Pro AMD32
PC2 - SuSE 9.2 Pro AMD64
Run Firefox as root@PC2 for browsing local files (the files are only
readable by root).
Still on PC2, run ssh -X to get a shell as normal-user@PC1.
Start Evolution on PC1, opening on PC2's display.
Click on an http link in an email.
A Firefox window opens with the link displayed.
By chance, I noticed that the Adblock extension was missing and I
happened to click on the About menu. I was surprised to see that it
claimed to be the x86_64 version.
Further investigation revealed that Evolution had connected to the
root-invoked Firefox on PC2, rather than starting a fresh instance by
normal-user@PC1 displaying on PC2.
Had I not noticed this, it would have been easy for me to enable
java/javascript and installed plugins etc., in the belief that the
browser was running as normal-user@PC1.
Note that Evolution is an innocent party here, just starting Firefox
directly from the ssh session produces the same effect. The reason for
mentioning it is that a link in an email can be a seductive way to trap
the unwitting user.
Also note that the situation does not appear to occur if the remote
connection is not involved. I.e. when root@PC2 runs Firefox, then
user@PC2 starts Firefox, this results in 2 instances of Firefox.
IMHO, Firefox should only connect with an already running instance if
that instance was started by the same user on the same host. It is
questionable whether normal-user@PC1 should even be aware of the
existence of the root@PC2 instance.
Phil
Looks this problem is directly inherited from the way how X works.
SELinux will be the right way to solve this problem.
Thanks
Jose
-----Original Message-----
From: Phil Betts [mailto:phil_betts@ntlworld.com]
Sent: Thursday, March 31, 2005 1:52 AM
To: suse-security(a)suse.com
Subject: Re: [suse-security] Firefox invocation allows unintended
rootaccess
On Wed, 2005-03-30 at 11:27 +0200, Marcus Meissner wrote:
> Your remote side can do even more things, like snooping or inserting
> keyboard input into the main X session.
>
> If you are on the same X Server you have basically full user access.
>
Of course, but that's not what one expects of a browser whose reputation
is built, at least partly, on security. If you invite your trustworthy
neighbour in for a drink, you'd be pretty upset if he took control of
the TV remote, emptied your fridge and rearranged the furniture!
>
> I do not see this is as a problem, but workin as intended.
>
Hmm, "as intended" != "correctly" (except perhaps in Redmond).
If by "intended", you mean that there should only ever be one instance
of firefox per X display, then firefox is broken, because two different
users on the _same_ box start independent firefox instances, each with
their own set of bookmarks, cookies, extensions etc. Why should this
policy be different when running a firefox from a session on a second
box?
The fact remains that I clicked on a link in an email message as an
unprivileged user on my web-facing machine, but found that I had
connected to the web as root on a machine that normally only connects to
the web for system updates. I would NEVER have connected to the web for
any other purpose using my root account (on either box) by choice. If
the link I had clicked was actually to a page containing some malicious
exploit, I would have been completely stuffed. I can't believe that
this is "as intended".
Also, regardless of the security implications, if I start a session on a
remote box and start firefox, I do this because I want THAT user's set
of bookmarks etc., not those of some arbitrary user on a different
machine. As it stands, the only way to achieve this is to shut down all
prior instances of firefox first, which is neither intuitive, nor
desirable.
As I mentioned in my original post, I don't know the details of the
underlying mechanism, as it involves the interaction of X, ssh and
firefox. If you have more knowledge on this, I'll be happy to raise it
with the most appropriate party. My guess would be the firefox
developers, but for all I know, they may just be using some
connect_to_existing_instance() routine in an independently written
shared library, which could mean that many apps may be subject to the
same problem.
Phil
--
Check the headers for your unsubscription address For additional
commands, e-mail: suse-security-help(a)suse.com Security-related bug
reports go to security(a)suse.de, not here
Are there any plans to include the ATI drivers for X.org into the YaST
graphics card selection?
Alternatively, is there any way to force YaST to run a specific command
after each kernel update?
Every kernel update breaks the ATI drivers (expected), loosing 3D
support and requiring a manual re-installation of the ATI rpm which
builds the driver for the current kernel...
Thanks in advance!
Hi,
I'm seeking for solution, that would let me ecrypt partition of file on
disk, but be somehow automatically mounted on reboot (without prompting for
password) , but still secured if someone takes disk out and tries to mount
on another system...
I'm newbie, so please be gentle - it could be impossible to achieve...
How to do this?
Can I somehow sign disk to be used/mounted only in certain HW and not on
another HW ?
If proof solution is not possible, could I at least automate mounting of
encrypted file and give at least some problems to enyone that stoles disk
and tries to mount it outside PC ?
Thanks in advance,
regards,
Rob.
Hi,
I've noticed a message on the Full-Disclosure mailinglist. The message states that there is no fix supplied in the vanilla kernel and that there is probably no fix in vendor supplied kernels for the CAN-2004-1074 vulnerability.
The message to FD can be found at the following link:
http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html
Can any of you guys confirm that SuSE is still vulnerable?
TIA
Bone Machine
---
"I can hardly wait Betty" - The Pixies
Hello.
I have:
Suse 9.1
kernel 2.6.5
Susefirewall2
I would like to know how to use FW_CUSTOMRULES in order to perform more
detailed filtering.
If there are any docs available, or online references, please point them to
me.
Thx,
Vali.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Thursday 2005-03-24 at 17:29 +0100, Marcus Meissner wrote:
> SUSE Security Announcement
>
> Package: kernel
> Announcement-ID: SUSE-SA:2005:018
> Date: Thu, 24 Mar 2005 15:00:00 +0000
> Affected products: 8.2, 9.0, 9.1, 9.2
> SUSE Linux Desktop 1.0
> SUSE Linux Enterprise Server 8, 9
> Novell Linux Desktop 9
Just for the record, YOU update for SuSE 9.1 of this patch forgets to run
mkinitrd. The most visible problem is the missing splash in tty1. It is
not the fisrt time this happens.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFCR+IstTMYHG2NR9URAsMBAJsHj4SKDNeuaTUzsr2KB9koElYMowCgiLPl
5quBxpMZpmYVHuQZucMyZzs=
=EY0s
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
There are several exploits in the described packages, but why aren't
there any packages for YOU or am I too fast with my conclusion?
The normal way was to write an announcement and then provide the
patch-rpm's via YOU or is there a slightly change after novell is in
the business?
Reguards
Philippe
- --
Diese Nachricht ist digital signiert und enthält weder Siegel noch
Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQD1AwUBQkMbk0Ng1DRVIGjBAQLn5gb9HQfh2+GLGUZk2UIzvsgwIAtSJL76hyVe
Sf4PgbkDh3xnT3jfahoQnM4jtna5xemfFil1hl3VUu16MF8+Dd0Z7LFJ/LMREmJq
S2QQjnT02XsiGcA2+QrZQfKkE5DlDG6jk+FH9jsZ3lPk6dnt+WGfs+PzNUMDhISz
qiYJRmD3KaE35nAsDIoxe2XddsmGP6eXN/WM9ylHYQtaZj9Xw1xoYFq1ZrEA/Jqh
hcXCh7Rvxxa2MPK9UGNgJcyeVNBxjxm6dmjB4gUsNC46wNypDjayNIPP4JkcllmX
Ele8wfMRqxQ=
=94g2
-----END PGP SIGNATURE-----