Kernelupdate on SuSE 9.1 with problems
Hello! Since novell is here I get strange errors after each updates and it seems for me there is not enough error-checking of updates since then. The server (web & mailserver behind a firewall) has been rebooted after the kernel update to get changes affected on it. Now I see something is broken within latest kernelupdate. I get errors on FTP, imap, smtp while authentificating (strange, with samba and ssh there is no such error): FTP-Login: Status: Connecting with x.x.x.x... Status: Connecting with x.x.x.x. Waiting for welcome message... Antwort: 220 "Welcome message." Befehl: USER my_user Antwort: 331 Please specify the password. Befehl: PASS ***** Antwort: 500 OOPS: capset Antwort: 230 Login successful. Fehler: Connection cannot be established! E-Mail: I get errors that the server cannot be connected. Once I restart the related service I don't get any errors back. I didn't check if the error occurs a second time. Any suggestions? Architecture (if that helps): P4/3.0 GHz w. HT, Intel 865PE, Softraid (mirroring) Strange as well after update to 9.1 the loggs are too full and logrotate does not rotate them as well (any hints there as well?). Reguards Philippe
Content of this advisory: 1) security vulnerability resolved: CRAM-MD5 authentication bug problem description
1) problem description, brief discussion
The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol.
This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.
This is tracked by the Mitre CVE ID CAN-2005-0198.
Maybe this is related to this and a new thing is broken within. Anybody with the same Problems? Since novell is here I get strange errors after each updates and it seems for me there is not enough error-checking of updates since then. The server (web & mailserver behind a firewall) has been rebooted after the kernel update to get changes affected on it. Now I see something is broken within latest kernelupdate. I get errors on FTP, imap, smtp while authentificating (strange, with samba and ssh there is no such error): Output on FTP-Login from my ftp-client: Status: Connecting with x.x.x.x... Status: Connecting with x.x.x.x. Waiting for welcome message... Answer: 220 "Welcome message." Command: USER my_user Answer: 331 Please specify the password. Command: PASS ***** Answer: 500 OOPS: capset Answer: 230 Login successful. Error: Connection cannot be established! E-Mail: I get errors that the server cannot be connected. Once I restart the related service I don't get any errors back. I didn't check if the error occurs a second time. Any suggestions? Strange as well: After update to 9.1 the loggs are too full and logrotate does not rotate them as well (any hints there as well?). Especially SuSE-Firewall-Logs. Reguards Philippe
On Tue, Mar 01, 2005 at 05:59:28PM +0100, Philippe Vogel wrote:
Hello!
Since novell is here I get strange errors after each updates and it seems for me there is not enough error-checking of updates since then.
The server (web & mailserver behind a firewall) has been rebooted after the kernel update to get changes affected on it. Now I see something is broken within latest kernelupdate. I get errors on FTP, imap, smtp while authentificating (strange, with samba and ssh there is no such error):
FTP-Login:
Status: Connecting with x.x.x.x... Status: Connecting with x.x.x.x. Waiting for welcome message... Antwort: 220 "Welcome message." Befehl: USER my_user Antwort: 331 Please specify the password. Befehl: PASS ***** Antwort: 500 OOPS: capset Antwort: 230 Login successful. Fehler: Connection cannot be established!
E-Mail:
I get errors that the server cannot be connected.
Once I restart the related service I don't get any errors back. I didn't check if the error occurs a second time.
Any suggestions?
Architecture (if that helps): P4/3.0 GHz w. HT, Intel 865PE, Softraid (mirroring)
Strange as well after update to 9.1 the loggs are too full and logrotate does not rotate them as well (any hints there as well?).
Do you have installed any kind of LSM based kernel security module , like dazuko or similar? Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcus Meissner schrieb: | On Tue, Mar 01, 2005 at 05:59:28PM +0100, Philippe Vogel wrote: | |> Hello! |> |> Since novell is here I get strange errors after each updates and |> it seems for me there is not enough error-checking of updates |> since then. |> |> The server (web & mailserver behind a firewall) has been rebooted |> after the kernel update to get changes affected on it. Now I see |> something is broken within latest kernelupdate. I get errors on |> FTP, imap, smtp while authentificating (strange, with samba and |> ssh there is no such error): |> |> FTP-Login: |> |> Status: Connecting with x.x.x.x... Status: Connecting with |> x.x.x.x. Waiting for welcome message... Antwort: 220 "Welcome |> message." Befehl: USER my_user Antwort: 331 Please specify |> the password. Befehl: PASS ***** Antwort: 500 OOPS: capset |> Antwort: 230 Login successful. Fehler: Connection cannot be |> established! |> |> E-Mail: |> |> I get errors that the server cannot be connected. |> |> Once I restart the related service I don't get any errors back. I |> didn't check if the error occurs a second time. |> |> Any suggestions? |> |> Architecture (if that helps): P4/3.0 GHz w. HT, Intel 865PE, |> Softraid (mirroring) |> |> Strange as well after update to 9.1 the loggs are too full and |> logrotate does not rotate them as well (any hints there as |> well?). | | | | Do you have installed any kind of LSM based kernel security module | , like dazuko or similar? | | Ciao, Marcus Dazuko is installed (with amavis+spamassassin+cyrus+smtp-auth over cyrus+postfix(chroot)+without SuSEconfig - complex spam/virus-scanner setup but works), what does this mean for me? Reguards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQiWSpkNg1DRVIGjBAQJKLAb+Oacv4v/PXtCr8sQZJprQWko/wzIgBB1Q Fr9dVumlW9C01dEC3u6hkg1QyAyY1Aun/JFJcVLl4hasGFG5yPkYjmsNI64PKBFj tTbYMKwKM3LL2X5I9fHaY+W09s0tNO74AA2dk7jYrAatsZTdcIGfjRHcfhNce9Vi xgzSyUuaywCpOrWxvcMskzjeJz8eZLoWJ7AgnuYDfibKhrR124nPSJQaMgtGmleb zZH7LRAWWyTHcQ27rxJMedFPQGEpeK6A4ayKvdpSlBA+l+puK7RsJbo7c8KujZ6X f9/E9Xadovc= =HNeC -----END PGP SIGNATURE-----
On Wed, Mar 02, 2005 at 11:17:10AM +0100, Philippe Vogel wrote:
|> the password. Befehl: PASS ***** Antwort: 500 OOPS: capset |> Antwort: 230 Login successful. Fehler: Connection cannot be |> established! | Do you have installed any kind of LSM based kernel security module | , like dazuko or similar?
Dazuko is installed (with amavis+spamassassin+cyrus+smtp-auth over cyrus+postfix(chroot)+without SuSEconfig - complex spam/virus-scanner setup but works), what does this mean for me?
There is a bug in the dazuko kernel module on 9.1 which will exhibit your observed behaviour. Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcus Meissner schrieb: | On Wed, Mar 02, 2005 at 11:17:10AM +0100, Philippe Vogel wrote: | |> |> the password. Befehl: PASS ***** Antwort: 500 OOPS: |> capset |> Antwort: 230 Login successful. Fehler: Connection |> cannot be |> established! | Do you have installed any kind of LSM |> based kernel security module | , like dazuko or similar? |> |> Dazuko is installed (with amavis+spamassassin+cyrus+smtp-auth |> over cyrus+postfix(chroot)+without SuSEconfig - complex |> spam/virus-scanner setup but works), what does this mean for me? | | | There is a bug in the dazuko kernel module on 9.1 which will | exhibit your observed behaviour. | | Ciao, Marcus Fine! I did a "rmmod dazuko" => server unavailable sshclient lost connection - - wtf - ack ack ack noooooooooooo! Would be nice to post such things on the list I will uninstall dazuko + antivir (as I use 2 different virusscaners as well for the mailfilter) asap! So I will have to drive to the server today to mentain it locally (and some of my users will be very disappointed right now) :( Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQiWXjkNg1DRVIGjBAQLBRAb+JjdJ4sCJkn2ADdgJ95BNW22/52FbeiSq g+SNyDA6d4o2BZ1ViggWyf/PNFYzv/0/eQzdbNUuKR1uvV4IKDP3tRNSWBwj8HUO eo7g7o2qpCigTX4nX7NYKjs1VvcNmJeGlfsFiWKsosgUPxDbrxAv9RXK1C+F7gXL DE+vBKwWkMNePTyDkqRcdgl1ADOX3RA5eDi+ESvqQ0xGaReZW1YBlBjK+W6Ua5lC IGX2eBpH9+QeuGyRRi+SU7iblazsgl36Uw+p83w0jU7dr5WMQjDctJ08uxRZ1TCN 5J3Jkl8QEGc= =jNas -----END PGP SIGNATURE-----
The Wednesday 2005-03-02 at 11:38 +0100, Philippe Vogel wrote:
I did a "rmmod dazuko" => server unavailable sshclient lost connection - wtf - ack ack ack noooooooooooo!
Would be nice to post such things on the list I will uninstall dazuko + antivir (as I use 2 different virusscaners as well for the mailfilter) asap!
You do not need dazuko for mail scanning with H+BEDV antivir. It is only needed, I understand, to protect samba shares. -- Cheers, Carlos Robinson
participants (3)
-
Carlos E. R. -
Marcus Meissner -
Philippe Vogel