openSUSE Security January 2006

security@lists.opensuse.org

41 participants
27 discussions

Start a nNew thread

PayPal Security Measures
by PayPal 31 Jan '06

31 Jan '06

1 0

Problem with last Hylafax update (notify script)
by Carlos E. R. 29 Jan '06

29 Jan '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After updating hylafax by YOU, in SuSE 9.3, to version "hylafax-4.2.1-4.3", notify email is not sent: Jan 25 21:23:11 nimrodel FaxSend[8086]: MODEM U.S. ROBOTICS 56K FAX / Jan 25 21:23:11 nimrodel FaxSend[8086]: SEND FAX: JOB 11 DEST 915811939 COMMID 000000023 DEVICE '/dev/modem' Jan 25 21:24:50 nimrodel FaxSend[8086]: SEND FAX: JOB 11 SENT in 1:17 Jan 25 21:24:51 nimrodel FaxQueuer[7765]: NOTIFY: bin/notify "doneq/q11" "done" "1:55" Jan 25 21:24:52 nimrodel FaxQueuer[7765]: NOTIFY exit status: 0 (8135) * Jan 25 21:24:51 nimrodel postfix/sendmail[8143]: fatal: No recipient addresses found in message header Jan 25 21:25:08 nimrodel FaxGetty[7745]: MODEM U.S. ROBOTICS 56K FAX / This patch modified precisely the notify script: | Longdescription.english: | This update fixes an issue in the hylafax notify script, | which could maybe be used by remote attackers with a valid | faxuser account to run arbitrary commands. I would recommend not to apply it till SuSE corrects the problem. I'll probably roll back. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFD1/3mtTMYHG2NR9URAtRhAJwNKXwBx/zXD+fDY4IFp/Ivs5aHjwCfVpff ULmUIV9ndb9mpr6LmQTA/Ss= =EDj0 -----END PGP SIGNATURE-----

3 8

SuSEFirewall One-To-One NAT
by Michael MB. Beck 28 Jan '06

28 Jan '06

Hi, ist there a possibility to use "One-To-One NAT" with SuSEfirewall2? Michael

1 0

Error compiling kernel with exec-shield patch
by David Huecking 26 Jan '06

26 Jan '06

Hello! I know that this is not the very right but also not the very wrong place to ask... but it's the fastest one for me for now. :-) david@alpha6:~/> uname -a Linux alpha6 2.6.14 #1 Sun Nov 27 18:09:29 EET 2005 x86_64 GNU/Linux When I try to compile the kernel source 2.6.15.1 on an AMD Opteron in 64 Bit mode with applied exec-shield-nx-2.6.15.patch I get the error: --- 8< --- CC arch/x86_64/ia32/ia32_binfmt.o arch/x86_64/ia32/ia32_binfmt.c:391: error: conflicting types for 'elf32_map' arch/x86_64/ia32/../../../fs/binfmt_elf.c:50: error: previous declaration of 'elf32_map' was here make[2]: *** [arch/x86_64/ia32/ia32_binfmt.o] Error 1 make[1]: *** [arch/x86_64/ia32] Error 2 make[1]: Leaving directory `/usr/local/src/linux-2.6.15.1_exec-shield' make: *** [stamp-build] Error 2 --- 8< --- Applying the patch with cd /usr/src/linux patch -p1 < exec-shield-nx-2.6.15.patch > patch.out 2> patch.error works fine according to patch.out. Every file and hook is handled. Can anybody give me a hint how I can solve the problem or where to look or ask further? Thanks in advance, -- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216

1 0

susefirewall2
by Walter Pabon Guerra 26 Jan '06

26 Jan '06

hi, i have a problem with susefirewall2, i need close all ports and open only 80 and ssh for lan internal, for external i need open 80, but i can't, this are my lines: FW_DEV_EXT="eth-id-00:11:25:65:19:a8" FW_DEV_INT="eth-id-00:11:95:e1:d0:a2" # FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_FORWARD="172.19.1.101/16,192.168.0.1,tcp,80" FW_MASQ_DEV="$FW_DEV_EXT" FW_SERVICES_DNS="yes" # FW_SERVICES_INT_TCP="www" FW_TRUSTED_NETS="192.168.0.0/24" FW_SERVICES_EXT_TCP="www ssh" # FW_PROTECT_FROM_INT="yes" FW_PROTECT_FROM_EXT="no" FW_AUTOPROTECT_SERVICES="yes" FW_ALLOW_PING_FW="no" FW_ALLOW_PING_EXT="no" # FW_FORWARD_MASQ="172.19.1.101/16,192.168.0.1,tcp,80" FW_ALLOW_FW_BROADCAST_EXT="yes" FW_ALLOW_FW_BROADCAST_INT="yes" FW_IGNORE_FW_BROADCAST_EXT="yes" FW_IGNORE_FW_BROADCAST_INT="no" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_IPSEC_TRUST="no" i waiting your help, thanks...!!! -- Atte. <<_waltico_>> Walter Pabon Guerra "Don't worry, Be Linux..." http://www.utpinux.org http://waltico.utpinux.org

10 12

problem with susefirewall2 and squid
by Walter Pabon Guerra 26 Jan '06

26 Jan '06

hi, i have a problem with susefirewall2, i can make ping to google from internal network, but i cant open any site from firefox i have a squid server but i can't establish connection between proxy and firewall....the proxy runs and the susefirewall then, but in my lan don't connect for proxy squid.... this are my lines....agane: /* SuSEfirewall2 configuration file */ FW_DEV_EXT="eth-id-00:11:25:65:19:a8" #eth0 FW_DEV_INT="eth-id-00:11:95:e1:d0:a2" #eth1 # FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_FORWARD="172.19.1.101/16,192.168.0.1,tcp,80" FW_MASQ_DEV="$FW_DEV_EXT" # FW_SERVICES_ACCEPT_EXT="" # FW_SERVICES_EXT_TCP="22" #FW_SERVICES_EXT_IP="" # FW_SERVICES_INT_TCP="3128 80" #FW_SERVICES_INT_IP="" # FW_PROTECT_FROM_INT="yes" # #FW_ALLOW_PING_INT="yes" # FW_REDIRECT="192.168.0.1/24,0/0,tcp,80,3128" /* end SuSEfirewall2 configuration file */ and this is my squid server configuration: /* squid configuration files */ GNU nano 1.3.8 Fichero: /etc/squid/squid.conf http_port 3128 cache_dir ufs /usr/local/squid/cache 700 16 256 # # Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 192.168.0.1/255.255.255.255 acl red-lan src 192.168.0.0/255.255.255.0 # visible_hostname localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # http_access allow localhost http_access allow red-lan #http_access deny all /* end squid configuration files */ I will be waiting for suggestions !..... thanks ! Atte. <<_waltico_>> Walter Pabon Guerra "Don't worry, Be Linux..." http://www.utpinux.org http://waltico.utpinux.org

1 0

Null bytes padded resolv.conf
by Dirk Wetter 26 Jan '06

26 Jan '06

Hi, I got strange /etc/resolv.conf's with Suse 10.0: phoenix:~ # xxd /etc/resolv.conf 0000000: 2323 2320 4245 4749 4e20 494e 464f 0a23 ### BEGIN INFO.# 0000010: 0a23 204d 6f64 6966 6965 645f 6279 3a20 .# Modified_by: 0000020: 2064 6863 7063 640a 2320 4261 636b 7570 dhcpcd.# Backup 0000030: 3a20 2020 2020 2020 2f65 7463 2f72 6573 : /etc/res 0000040: 6f6c 762e 636f 6e66 2e73 6176 6564 2e62 olv.conf.saved.b 0000050: 792e 6468 6370 6364 2e65 7468 300a 2320 y.dhcpcd.eth0.# 0000060: 5072 6f63 6573 733a 2020 2020 2020 6468 Process: dh 0000070: 6370 6364 0a23 2050 726f 6365 7373 5f69 cpcd.# Process_i 0000080: 643a 2020 2031 3334 3332 0a23 2053 6372 d: 13432.# Scr [..] 00004b0: 7468 6520 2d4b 206f 7074 696f 6e2e 0a23 the -K option..# 00004c0: 0a23 2323 2045 4e44 2049 4e46 4f0a 0000 .### END INFO... 00004d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00004e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00004f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000500: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000510: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0000520: 0000 0000 0000 0000 0000 0000 0000 0000 ................ [..more lines like this ..] 00009a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00009b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00009c0: 0000 0000 0000 0000 0000 0000 0073 6561 .............sea 00009d0: 7263 6820 rch [correct domain ] [ correct EOF ] DHCP server is on a Suse 9.1 system and is providing fixed IP adresses for most of the clients. Run's w/o problems for quite a variety of operating systems since eternity. So I guess the server is not the culprit. The clients run with: /sbin/dhcpcd -C -D -K -Y -t 999999 -h [myhostname] -c \ /etc/sysconfig/network/scripts/dhcpcd-hook ethX This doesn't happen the first time the lease is given, but after renewing the leases. Needless to say that the resolver cannot cope with it. So, what is happening? Cheers, Dirk -- Dr. Wetter IT-Consulting http://drwetter.org IT Security + Open Source Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

1 0

Re: [pdx] Re: [suse-security] Does Rich Text hold the same risks as html ?
by Crispin Cowan 26 Jan '06

26 Jan '06

Seth Arnold wrote: > On Wed, Jan 25, 2006 at 04:01:30PM -0800, Crispin Cowan wrote: > >> * Rich Text: While I use it every day (I really like HTML in my >> e-mail in Thunderbird, it enables a lot of expression) I am not >> technically familiar with the difference between this and HTML. >> > RTF and HTML are quite distinct -- they are more or less completely > unrelated beyond both being text markup languages. > RTF and HTML are unrelated, but several e-mail clients, including Outlook and Google GMail, refer to HTML-encoded e-mail as "rich text". This is stupid, but I didn't do it :) Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Olympic Games: The Bi-Annual Festival of Corruption

1 0

Open Source AppArmor
by Crispin Cowan 21 Jan '06

21 Jan '06

When I have talked about AppArmor here before, people have complained about corporate marketing of a commercial product that costs too much. So for those who may have missed the news announcement last week, I thought I'd let people know that AppArmor has been fully released under the GPL http://www.linuxplanet.com/linuxplanet/newss/6132/1/ The AppArmor open source home page is now here http://www.opensuse.org/AppArmor and you can freely download it. AppArmor is also included in SUSE Linux 10.1, which released beta1 this week http://www.opensuse.org/Download Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Olympic Games: The Bi-Annual Festival of Corruption

1 0

Hexediting on a unmountable filesystem?
by Rikard Johnels 14 Jan '06

14 Jan '06

Hello list. Complicated question: I have a old SGI box with an installed IRIX 5.something, that i got for free a while back. Problem: No root passsword. Only "Guest" account access. Linux cant read the older 5.x XFS system Thus having an unmountable filesystem. So i can't mount it and change the password manually. Question: Can i somehow find the exact place on any given disc for a file, and hexedit the "device" and thereby changing it? (In this case; the entry for root in /etc/password) I know i can get the IRIX media for almost nothing, but i see this as an opportunity to delve deeper into security issues... -- /Rikard ----------------------------------------------------------------------------- email : rikard.j(a)rikjoh.com web : http://www.rikjoh.com mob : +46 (0)736 19 76 25 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >

4 3

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security January 2006