Security :: Some Distros Vulnerable To Version Of DLL Hijacking Bug?
Aug 28, 2010
In the wake of all of the stories about the Windows DLL hijacking bug, it appears that certain Linux distributions may be vulnerable to a similar problem related to the way that Linux handles a specific variable in some cases. The bug apparently was introduced via a Debian patch last year.The discussion on the possible bug in Linux began with a blog post by Tim Brown, a UK-based security researcher, who detailed a specific case in which Linux could be vulnerable to an attack similar to those designed to exploit the Windows DLL bug. The post spawned a related discussion on the Full-Disclosure mailing list, in which several others confirmed that they'd seen the problematic behavior in certain Linux distributions, including Fedora, Ubuntu and Debian.
View 1 Replies
ADVERTISEMENT
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
May 28, 2010
My laptop is beginning to show its age so it may be time for a new PC soon, and most likely it'll come with Windows 7 preloaded. I currently run a dual boot with Lucid and Windows XP, and although I hardly use XP anymore I would repeat this configuration on the new PC. So now I'm wondering if Windows 7 is any less vulnerable to viruses and malware than its earlier predecessors because I don't plan to renew any virus checking software that may come with it.
View 9 Replies
View Related
Dec 15, 2010
I used Avast webfilter (proxied webtraffic through Avast) when running Windows. Sometimes Avast would alert and "protect" me from being infected by a compromised website. NOTE: Avast would alert even absent clicking any links. Just viewing the page could result in infection. Should I be running some kind of proxy webfilter for protection? My understanding is that Firefox can be compromised and this can in turn compromise Ubuntu.Are these kinds of threats specific to Windows running Firefox, or Firefox per se. If Firefox per se it seems like I need some sort of Proxy webfiltering like Avast provides.
View 9 Replies
View Related
Mar 14, 2011
I currently have UNR dual booted with Win7 on my Netbook. I'm thinking about changing to another version of Linux (maybe Cruncheee) by overwriting the UNR partition with a different distribution.
My concern is that doing so will screw up grub. So I just wanted to make sure that if I got rid of the Linux partition I have now, there will still be a boot-loader in place on the computer.
View 1 Replies
View Related
Mar 22, 2011
how to use hunt hijacking
View 4 Replies
View Related
Sep 18, 2010
How do i check for updates to the current version of rkhunter and if possible upgrade to a new version?
View 2 Replies
View Related
May 12, 2011
I've heard of attacks using PDF files on Windows with Adobe Acrobat and Foxit Reader. Is Linux vulnerable to these attacks when using the default PDF viewers in KDE or Gnome or even xpdf? What is a good PDF scanner to determine if a PDF file is evil?
View 2 Replies
View Related
Jul 13, 2010
I installed lampserver and took measures to see that apache would only serve 127.0.0.1 (Which appears to be a software switch as ipconfig says it's port is still "Open")
Mysql however, could be vulnerable: Do I need to secure it or does it only serve localhost? If so, how do I secure it?
View 4 Replies
View Related
Dec 18, 2010
Is Linux vulnerable to Java drive-by exploits? Another computer I run on windows 7 just notified me that it was infected through Java, and I'm wondering if my Linux box (ubuntu 10) with Java installed is vulnerable.
View 1 Replies
View Related
Nov 2, 2010
I have been reading about this new Firefox extension that can grab Twitter account information of computers connected to unprotected networks. Info: url
I occasionally have to connect to public, unprotected, WiFi networks and use Twitter via Gwibber. So, here is my question: is Gwibber vulnerable to Firesheep in an unprotected network? Is there a way of protecting it from this attacks? (I know that using https stops Firesheep attacks to the web version of Gwibber, but i don't think if this method is possible or applicable to Gwibber)
View 2 Replies
View Related
May 10, 2011
CentOS using yum to update Exim. Exim is configured to not allow remote connections using the local_interfaces config option.My old version was 4.63-5.el5_5.2 and after using:
yum update exim
View 4 Replies
View Related
Dec 14, 2010
I'm currently running OpenSuSE 11.3. I'm afraid as newer versions are released they will demand more of my old PC (Dell Optiplex GX270). Also, I've heard of issues with newer Linux distributions having issues with older Intel hardware (just hearsay, not personal experience). However, patches for specific OpenSuSE releases have a limited window of time.So,
Am I much more at risk to security issues if I keep a version of Linux past its patch date?Is it possible to keep a specific Linux release but still be able to receive security essential updates based on my repository selection?
View 2 Replies
View Related
May 26, 2011
I'd like to set up a fileserver for myself and a few trusted individuals. I'm computer savvy and I use various linux servers frequently for work, but this is my first time trying to setup my own. Is it possible to have a Samba server setup so it is both secure and facing the Internet? Two questions:
Will opening Samba ports make my default Ubuntu server particularly vulnerable to penetration? More than having an SSH server running? Does Samba/ can Samba be configured to encrypt traffic or is it sent plainly? If so, does Windows and Mac support this secure communication?
If not, what would you suggest? I'd like to achieve something like a network drive and at a difficulty level that my parents could use this if they really wanted to. I will be storing things like financial information and tax returns, but no weapons-grade secrets.
View 9 Replies
View Related
Mar 2, 2010
I've made OpenPGP keys using gpg 1.4.9.I have a public key and a sub key.And a passphrase.I can distribute the pub key. What is sub key? Can I distribute sub key?I think the phasephrase is the private key. Right ? (in the RSA Algorithm)?Where to use the Secure Shell Key? And why to distribute it?
View 1 Replies
View Related
Feb 8, 2011
I checked on clamav web site but no way to install it yet on Maverick.
View 4 Replies
View Related
Mar 12, 2010
How to detect intrusion in my desktop ubunta 9.10 version ? which command that could direct tell me about any change in my files ? I would like the procedures that protect my system from intrusion , i am using firestarter and keep tracing the network by using netsta -tap ?
View 2 Replies
View Related
Mar 10, 2011
I'm trying to turn off SSH root login on Ubuntu 10.10. However, changing PermitRootLogin=no (/etc/ssh/sshd_config) do not work. Here is the sshd_config:
[code]...
View 9 Replies
View Related
Jun 4, 2010
I want to run Debian as a live version from my USB flash drive. Does this provide the same amount of security from hackers as installing Debian as the only OS on my netbook. Windows ce would still be on my netbook?
View 5 Replies
View Related
Nov 10, 2010
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com
(20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received.
(20:27:14) oscar: unable to connect to FLAP server of type 0x0002
(20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
View 2 Replies
View Related
Jun 24, 2011
For compiling ArpON on my server the cmake command says 'libpcap not found' when a newer version libpcap-1.0.0-5.20091201git117cb5.fc13.i686.rpm is already exiting which I am unable to erase as other rpms depend on it.
View 5 Replies
View Related
May 17, 2010
If I wanted to transfer a home folder that was encrypted to another ubuntu computer could I? If I had a separate home partition that was encrypted, but I wanted to upgrade ubuntu to the latest version by doing a clean install is there an easy way so that I can still read the data encrypted with the old version?
View 5 Replies
View Related
Jan 8, 2010
I have a doubt, may sound funny but wanna know whether it is possible to share DVD drive in windows [version 7] and use it in Linux system [version fedora 12]?
View 4 Replies
View Related
Oct 18, 2010
Is it possible to just roll back the version of Mesa on my install to an earlier version...I think this is the key to getting my game to work.
View 2 Replies
View Related
Apr 6, 2011
I am trying to install ns2.1b5 on fedora and I am getting the following error:
No rule to make target `VERSION', needed by `gen/version.c'
View 2 Replies
View Related
Sep 17, 2010
Which LXDE version of Linux has the newest version of Firefox and Open Office included?
I am looking for an iso file, and I am trying to run this off of a live CD for now. So I want a light version of Linux, probably LXDE, or if not, then probably XFCE. But I need a new version of Firefox and OpenOffice included.
Because, I tried burning the customizable NimbleX @ custom.nimblex.net . Pretty good, except it uses Firefox 2, and Open Office 2.3, which are outdated.
And I tried Mint XFCE, which might have been pretty good too, but it had some issue of blanking and requiring relogin after I opened hotmail frequently (user id: mint, password: blank).
The web browser and the word processing program are the most important and essential applications to me.
So are there any Linux versions in LXDE on LiveCD that include newer versions of Firefox (or at least another good browser) and Open Office (oo seems better than abi)? (Again, if no LXDE, perhaps XFCE?)
I just want to download a good version in an iso file, and burn it to a CD and get to work. Like I said the web browser and the word processing program are all important.
So really, what iso/LiveCD versions are the fastest for running on an older system, and yet have the newest browser and word processor included?
View 6 Replies
View Related
Feb 26, 2011
Here are my system specs, which version of Ubuntu, or other Linux distros would run the best on my PC?
View 3 Replies
View Related
Feb 25, 2011
I installed debian squeeze on an old computer that I found. (Pentium 4 3.2GHz HT) I installed from the i386 version, but now the uname command shows that its an i686. I don't find many packages that I need using apt-get. Do I need to compile each package I need from source or use dpkg to install the deb of an i386 version?
Can I use the i386 version on this computer rather than the i686 version? Will it cause a signifncant performance decreaes? (I use this computer to mostly do some reading and writing and file storage, no gaming etc.) How do I force the installer to use the i386 version?
[Code]...
View 3 Replies
View Related
Dec 13, 2009
How do I replace a 32bit version of 11.1 with a 64bit version of 11.2 or is it even possible?
View 2 Replies
View Related
Jun 4, 2010
Installed Zend Server CE on 10.04 - install mostly fine. But phpmyadmin shows this error; "Your PHP MySQL library version 5.0.83 differs from your MySQL server version 5.1.41" I have followed the Zend online docs and used a DEB install. Why would these versions be different?how do I fix it so that the two are in sync?
View 3 Replies
View Related