September 2005 - openSUSE Security - openSUSE Mailing Lists

No clamav db compiled package for SuSE9.1?
by webmaster＠rhone.ch 21 Sep '05

21 Sep '05

There seems to be no clamav-db-0.87-0.1.i586.rpm for SuSE 9.1 at ftp://ftp.suse.com/pub/projects/clamav/clamav-0.87/ Is there a reason for this? Thank you Ralf Zenklusen --- BAR Informatik AG Gliserallee 16 3902 Brig-Glis Switzerland T: 0041 27 9224848 F: 0041 27 9224849

2 1

smbfs
by Ger Lautenbach 21 Sep '05

21 Sep '05

Hello list, sorry that this is not really for this list, but anyway. Where can i find the smbfs module for SLES 9? I need it to mount a vfat drive on a windows machine with smbmount. Thanks for the coop, regards Ger

3 2

does xen improve security?
by Joe Knall 20 Sep '05

20 Sep '05

Hi all, imagine a ftpserver and a webserver running in two xen virtual machines on one box; now say the ftpserver is hacked, the attacker gains root privileges; How much does xen protect the other vm (webserver) against the attacker? Is it as if the webserver was running on a different physical box? In /usr/share/doc/packages/xen the main focus seems to be flexibility rather than security. Anyone with experience? Thanks, Joe

1 0

ClamAV remote DOS.
by suse-list 20 Sep '05

20 Sep '05

waiting for updates!! ./rsync ./rsync ;) http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml CAN-2005-2919 CAN-2005-2920

2 1

vsftpd-pam-mysql login issue
by Munkius Munkius 19 Sep '05

19 Sep '05

Hi all, I'm experiencing troubles with the configuration of using pam_mysql for vsftpd. I've created a database called 'ftp' containing a 'user' table consisting of two columns: 'username' and 'password'. The latter contains encrypted passwords using the mysql password() function. The user table contains a single record with username 'test' and password 'test' (though encoded). Doing the following: *** # ftp 127.0.0.1 <http://127.0.0.1> Connected to localhost. 220 (vsFTPd 1.2.0) Name: test 331 Please specify the password. Password: 530 Login incorrect. ftp: Login failed. ftp> ^D 221 Goodbye. *** As you can see it fails. However... the mysql select statement worked fine. The problem is as follows (considering /var/log/messages): *** Sep 18 14:40:22 Srv vsftpd: pam_mysql - SELECT password FROM user WHERE username = 'test' Sep 18 14:40:22 Srv vsftpd: pam_mysql - pam_mysql_sql_log() called. Sep 18 14:40:22 Srv vsftpd: pam_mysql - pam_mysql_sql_log() returning 0. Sep 18 14:40:22 Srv vsftpd: pam_mysql - pam_mysql_check_passwd() returning 0. Sep 18 14:40:22 Srv vsftpd: pam_mysql - pam_sm_authenticate() returning 0. Sep 18 14:40:22 Srv PAM-warn[11642]: function=[pam_sm_acct_mgmt] service=[vsftpd] terminal=[] user=[test] ruser=[] rhost=[127.0.0.1<http://127.0.0.1> ] Sep 18 14:40:22 Srv vsftpd[11642]: pam_mysql - pam_mysql_release_ctx() called. Sep 18 14:40:22 Srv vsftpd[11642]: pam_mysql - pam_mysql_destroy_ctx() called. Sep 18 14:40:22 Srv vsftpd[11642]: pam_mysql - pam_mysql_close_db() called. *** The PAM-warn statement is what bugs me. When I add a new user using 'useradd test' (without password) I can make use of the ftp login providing my test/test account from the db. I cannot login passing an other password. I would like to decouple the pam_mysql stuff completely from the linux account management. PAM should just stop at the succesful mysql authentication. I want to be able to insert ftp users in my database, not adding actual linux accounts. My /etc/pam.d/vsftpd contains the following: *** #%PAM-1.0 auth required pam_mysql.so \ verbose=1 user=xxx passwd=xxx db=ftp table=user \ usercolumn=username passwdcolumn=password \ crypt=2 *** Hope anyone has any ideas. Cheers, Sander

1 0

SuSEfirewall causes network delay after kernel upgrade on 9.1
by Ashley Gould 15 Sep '05

15 Sep '05

SuSE Prof. 9.1 2.6.5-7.201-smp SuSEfirewall2-3.1-310.3 After updating to the latest kernel rpm on our webserver, we experience consistant delay in access times to all web pages of about .2 seconds. Running tcpdump on page access shows a pause just before server pushes first full data packet after acknowlaging get request from client. After many days of hair pulling, flapping about of managers and pestering of network people, I traced this down to the SuSEfirewall, specifically a mangle rule in the postrouting table: -A OUTPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --sport 80 -j TOS --set-tos 0x08 After extracting this rule with iptables-save/restore, the delay is gone. iptables-save -c >/tmp/fw_rules.before cp /tmp/fw_rules.before /tmp/fw_rules.after vi /tmp/fw_rules.after iptables-restore < /tmp/fw_rules.after Boring example section: before: isis:/tmp # time wget http://web4.ucop.edu/welcome.html 2>/dev/null real 0m0.214s user 0m0.004s sys 0m0.002s 17:37:49.368030 IP isis.ucop.edu.56928 > web4.ucop.edu.http: S 976613069:976613069(0) win 5840 <mss 1460,sackOK,timestamp 1061325334 0,nop,wscale 0> 17:37:49.369175 IP web4.ucop.edu.http > isis.ucop.edu.56928: S 3542901817:3542901817(0) ack 976613070 win 5792 <mss 1460,sackOK,timestamp 1058046393 1061325334,nop,wscale 0> 17:37:49.369256 IP isis.ucop.edu.56928 > web4.ucop.edu.http: . ack 1 win 5840 <nop,nop,timestamp 1061325335 1058046393> 17:37:49.369971 IP isis.ucop.edu.56928 > web4.ucop.edu.http: P 1:119(118) ack 1 win 5840 <nop,nop,timestamp 1061325336 1058046393> 17:37:49.370298 IP web4.ucop.edu.http > isis.ucop.edu.56928: . ack 119 win 5792 <nop,nop,timestamp 1058046394 1061325336> 17:37:49.572037 IP web4.ucop.edu.http > isis.ucop.edu.56928: P 1:1449(1448) ack 119 win 5792 <nop,nop,timestamp 1058046595 1061325336> 17:37:49.572056 IP isis.ucop.edu.56928 > web4.ucop.edu.http: . ack 1449 win 8688 <nop,nop,timestamp 1061325538 1058046595> 17:37:49.572713 IP web4.ucop.edu.http > isis.ucop.edu.56928: P 1449:2897(1448) ack 119 win 5792 <nop,nop,timestamp 1058046596 1061325538> after: isis:/tmp # time wget http://web4.ucop.edu/welcome.html 2>/dev/null real 0m0.014s user 0m0.002s sys 0m0.003s 17:41:07.739979 IP isis.ucop.edu.56929 > web4.ucop.edu.http: S 1175547782:1175547782(0) win 5840 <mss 1460,sackOK,timestamp 1061523741 0,nop,wscale 0> 17:41:07.740787 IP web4.ucop.edu.http > isis.ucop.edu.56929: S 3744031582:3744031582(0) ack 1175547783 win 5792 <mss 1460,sackOK,timestamp 1058244790 1061523741,nop,wscale 0> 17:41:07.740814 IP isis.ucop.edu.56929 > web4.ucop.edu.http: . ack 1 win 5840 <nop,nop,timestamp 1061523742 1058244790> 17:41:07.741554 IP isis.ucop.edu.56929 > web4.ucop.edu.http: P 1:119(118) ack 1 win 5840 <nop,nop,timestamp 1061523742 1058244790> 17:41:07.741981 IP web4.ucop.edu.http > isis.ucop.edu.56929: . ack 119 win 5792 <nop,nop,timestamp 1058244792 1061523742> 17:41:07.742705 IP web4.ucop.edu.http > isis.ucop.edu.56929: . 1:1449(1448) ack 119 win 5792 <nop,nop,timestamp 1058244792 1061523742> 17:41:07.742729 IP isis.ucop.edu.56929 > web4.ucop.edu.http: . ack 1449 win 8688 <nop,nop,timestamp 1061523743 1058244792> 17:41:07.742823 IP web4.ucop.edu.http > isis.ucop.edu.56929: . 1449:2897(1448) ack 119 win 5792 <nop,nop,timestamp 1058244792 1061523742> -- -ashley Did you try poking at it with a stick?

2 2

Portmap binding
by Simon Oliver 14 Sep '05

14 Sep '05

I want to make portmap bind to a single ip address. This is not only for security reasons - I have found that if I block the portmapper on the external interface NFS and NIS can hang because the portmapper binds to both addresses and makes connection using the first IP, which happens to be the one that is blocked by the firewall, so it never receives any responses from the NFS server. I googled this: http://forums.suselinuxsupport.de/lofiversion/index.php/t18145.html Which suggests a solution, but I'm afraid that if I implement it some later SuSE update might overwrite my mods. How can I install a custom portmapper, so that it satisfies dependant packages and does not get replaced by SuSE updates? Or am I missing something basic above? Regards -- Simon Oliver

2 1

Problem adding Cisco Aironet WLAN-card
by Odd Arne Beck 14 Sep '05

14 Sep '05

Hello! I'm not sure I should have posted this question here, but since I'm subscribing to this group I dare giving it a shot: The problem is that SuSE 9.2 can't find my Aironet when I try adding it through YAST, so I try to add it manually using all the tricks I know - through YAST. Yast finds eth0 and eth1. I still get this error when I run "/etc/init.d/network start": "eth2 No configuration found for eth2 unused" I've been "grep-ing" my entire disk looking for files that might reference "eth0" and "eth1" thinking that I could edit a file and everything would be OK. Needless to say: I didn't find any info on it! As far I can tell, the "network" rc-file checks "/sys/class/net" looking for devices. If I "rmmod airo" then there is no "eth2"-directory in /sys/class/net" and "/etc/init.d/network start" doesn't bother checking for eth2. Can anyone help me out here? I need to make the network-rc-file to somehow understand that "eth2" should be connected to /etc/sysconfig/network/ifcfg-eth-id.... etc, thus I get rid of the "No configuration found for eth2"-message. Best regards, Odd Arne Beck

2 1

SuSEfirewall2 restrict access to specific networks to hosts?
by Simon Oliver 12 Sep '05

12 Sep '05

I have a SuSE 9.3 machine using SuSEfirewall2 (as configured via YAST) to open a few ports for services such as sshd and cups. However I want to restrict which hosts and/or networks can connect. For this purpose I have used hosts.allow/deny for ssh and /etc/cups/cupsd.conf for cups. But is possible to add an ACL via SuSEfirewall2? Regards -- Simon Oliver

3 4

RE: [suse-security] SPAM: This email confirms that you paid MICROBAZAR (sales@microbazaar.com) $175.85 USD using PayPal
by Farmer, Alan 11 Sep '05

11 Sep '05

Does anyone know what the story is behind these in my inbox? -----Original Message----- From: PayPal [mailto:zjdzaoveykwuqz@mail15.com] Sent: Friday, September 09, 2005 2:57 PM To: suse-security(a)suse.com Subject: [suse-security] SPAM: This email confirms that you paid MICROBAZAR (sales(a)microbazaar.com) $175.85 USD using PayPal wedding dress from mating ritual, over rattlesnake, and over turkey are what made America great!Any gypsy can take a peek at spider over, but it takes a real ribbon to inside lover.toward hockey player sell to dust bunny living with tomato.

7 9