Ubuntu Security :: Tar Vulnerability? Leading ./ (dot Slash) Makes The --directory Option Fail?
Jun 8, 2010
I ran across this problem when I used checkinstall and then tried to extract the contents of data.tar.gz (which you can find inside any .deb).tar has an option to extract the contents of a file in a given directory.From tar's manpage:
Code:
-C, --directory DIR
change to directory DIR
[code]....
View 2 Replies
ADVERTISEMENT
Sep 10, 2010
I'm thinking of a few ways to do this I'm curious how many better/equal ways there are to do the same task.in a file with format like: 20 text Gi0/2 some other junk I have it reformatted to look like this before going in a database: 0/2 20 text. But for whatever reason some of the new input text looks like this now: 20 text Gi1/0/2 some other junk
My script makes it look like this: 1/0/2 20 text. I want it to remove the leading number and slash if the input file is in the new format.
View 5 Replies
View Related
Apr 2, 2010
So yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?
View 9 Replies
View Related
Aug 26, 2010
I noticed that when typing in your password after locking the screen or a screensaver, the program focussed behind it is able to catch the input...
This sounds like a huge security risk to me, is there anyone who can test this? (Only noticed with game in wine, perhaps you need low level xorg access)
View 1 Replies
View Related
Jan 13, 2011
I i've virtual machine that is running BackTrack4r2. I need to use the built-in tool Metaspolit in bt for assessing the security and vulnerability in websites The prob is that i dont have any about the Metaspolit tool.
View 10 Replies
View Related
Feb 24, 2010
I decided to report what happened me lately so that someone more clever could find the hole in the latest ubuntu. So: I have a machine connected 24/7 on high speed network. i had karmic on it. i ran openssh and apache2 (without any mod, plain apache2) on it. In addition i ran firefox, ktorrent, and amule on it. Nothing else. The system didnt have any rule in iptables.
Recently chkrootkit signaled a SuckIT rootkit in the system. I was scared, i googled for it and i saw that on ubuntu this actually happened and it was a false positive. Ok, i kept going. Yesterday i nmapped myself and i found an open port around 64000 that i couldnt see with netstat -atpnl so i concluded i was actually infected and erased the drive and tried to install lucid alpha2 so, one day of lucid,
- with a firewall this time that let open only the port 22 and 80 from internet
- with only openssh as service (no apache2)
- ran firefox3.6 , ktorrent and amule , nothing else
chkrootkit didnt find anything
debsums reported
debsums: changed file /sbin/initctl (from upstart package)
i did an apt-get install --reinstall upstart and that file didnt warn anymore. So i concluded there must be some kind of vulnerability either in
a) firefox
b) ktorrent
c) amule
View 6 Replies
View Related
Sep 28, 2010
Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
View 4 Replies
View Related
Feb 11, 2010
Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
View 5 Replies
View Related
May 12, 2010
I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies
View Related
Jan 9, 2010
I upgraded from 9.04 to 9.10.SSH, samba, LAMP server, etc etc etc are now failing to start when the os boots. I can start all of these services manually but is a bit of an annoyance.Maybe something simple but am not sure where to look to fix this.
View 4 Replies
View Related
Jan 1, 2010
So after a win7 wubi install, I updated through system update. Now after I choose ubuntu in the win bootloader it takes me to a grub screen. How can I boot into linux and remove grub? (This isn't my computer otherwise I would dual boot and let grub take care of it).
View 5 Replies
View Related
Aug 10, 2010
Quote: Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssls3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.
View 1 Replies
View Related
Aug 2, 2015
I just updated Nvidia driver with sgfxi to 352.30 (Debian testing), and X doesn't load.
My current display manager is sddm, used with KDE Plasma 5. Is it a known issue? I couldn't find any sensible error messages in Xorg logs.
View 4 Replies
View Related
Mar 23, 2011
I would like to make a cronjob who makes a tag.gz of everything inside a directory in a recursive way. BUT there is a HUGE directory full of jpg's. I don't want this one in the backup.Additional points if it can backup symbolic links.
View 2 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Nov 18, 2010
According to Security standards given in[URL]Quote:Unless otherwise approved the following setuid root binaries are the only ones allowed on production servers:
* /bin/su
* /usr/bin/sudo
* /usr/bin/passwd
[code]....
View 3 Replies
View Related
Oct 20, 2010
I've been using Firestarter for a while and have used it to set-up inbound and outbound policies (which are probably way too restricitve) but since turning on boot logging the other day I have noted that the boot log contains the message:
Code:
* Starting the Firestarter firewall [fail] I find this somewhat alarming. I have seen post[URL].ht= firestarter (although have not added it the auto startup list and do not wish to have it start without the root password). What I would like to know is as the computer boots up does it set the iptables to their last setting irrespective of whether firestarter starts or does firestarter need to start to set the iptables and therefore my policies?
View 2 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Sep 26, 2015
I came to debian from fedora so there I used ( su - ) to become root user. So my question is that in debian, is it same using ( su ) and ( su - ) or here also using ( su - ) is preferred with slash or without slash. What is the correct and secure way in debian with full root status.
One more question relating gedit sources.list
I use as root account : gedit /etc/apt/sources.list (and then enter and sources file in gedit open)
Is this correct method or any other way as when save after changing entries inside it says error.
View 3 Replies
View Related
Feb 17, 2011
I have a couple directories in the following format:
+ Dir 1
----+ Dir A
-------- file1
----+ Dir B
-------- file2
+ Dir 2
----+ Dir A
-------- file3
----+ Dir C
-------- file2
+ Dir 3
----+ Dir B
-------- file2
----+ Dir C
-------- file1
My desired structure is:
+ Dir Final
----+ Dir A
-------- file1
-------- file3
----+ Dir B
-------- file2-1 [or something so that the two files don't overwrite]
-------- file2-2
----+ Dir C
-------- file2
-------- file1
Basically, I would like to combine all the directories that I can, without deleting/overwriting any files. I have looked at Rsync, but I could not find the correct options to do what I wanted.
View 1 Replies
View Related
May 11, 2011
I followed this tutorial to setup a mail server, followed it to the letter, double/triple/quadruple checked everything for human error, and I can't find anything.[URL].. What's happening is it seems that postfix is adding a trailing slash to usernames when it does the user lookup, so they don't exist and then fail. I've attached the log below.
Code:
May 11 01:06:27 vmail postfix/smtpd[1688]: connect from localhost[127.0.0.1]
May 11 01:06:55 vmail postfix/smtpd[1688]: 3372E982BC: client=localhost[127.0.0.1]
May 11 01:07:18 vmail postfix/cleanup[1691]: 3372E982BC: message-
[Code]...
View 1 Replies
View Related
May 22, 2010
I can't mount nfs directory without option "-o nolock".NFS server is slackware 11 and client is Slackware 13 (full installation).I tested with Centos 5.4 and works fine. Using which rpc.lockd print is no rpc.lockd and slackware 11 is /usr/sbin/rpc.lockd.following services starting on client using rc.rpc ( rpc.statd and rpc.portmap)
View 2 Replies
View Related
Nov 2, 2010
i want to replace
Code: <trus.analytics.platform.model.version>2.0.0-SNAPSHOT</trus.analytics.platform.model.version> with
Code: <trus.analytics.platform.model.version>2.0.0-b-20</trus.analytics.platform.model.version> using sed command. Code: sed -i
[Code]....
I think there is a problem with front-slash but not sure how to resolve it.
View 2 Replies
View Related
Feb 12, 2010
I keep getting messages that I need to update fuse gnome-screensaver and gnutils security updates. However, everytime I try to update either by YAST Online Update or the toolbar icon, it fails to update. The message is that can't remove fuse, gnutls, etc.
View 4 Replies
View Related
Feb 23, 2010
I've got a partition, let's say sdb6, which is one of the partitions of my second hard disk.On boot ubuntu only mount my boot partition, let's say sda2, which is on my first drive.Once ubuntu started if I want to mount a partition I usually click on it under the Places menu and an authorization is required.As I would like to add acl to a partition following this thread
Quote:
http://ubuntuforums.org/showthread.php?p=8787962
I've tried to add acl option to my fstab, but my /etc/fstab doesn't have any info of any of my partitions and it originaly looks like:
Quote:
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name[code]...
My goal is to mount/unmount any partition with acl loaded and graphically ,but I reached my limit on my linux knoweledge.
View 9 Replies
View Related
Aug 14, 2014
I am downloading online videos with a bash script this is the code of script test.sh:
Code: Select all#!/bin/bash
while read line
do
"/usr/bin/wget" $line
sed -i "/$line/d" urls
done <urls
The while loop read the videos url from the urls file and parse them to the wget for dwonlaod, i write the wget for easy of exmple in this code otherwise i use another script to downlaod the embed videos , the code
Code: Select allsed -i "/$line/d" urls delete the url of videos from the urls file when it is download is complete.
The problem is http address contain the foreward slashes "/" and sed cannot delete them and get error, this is the urls file:
Code: Select allhttp://download.wavetlan.com/SVV/Media/HTTP/MP4/ConvertedFiles/Media-Convert/Unsupported/test7.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test3_Talkingheadclipped_mp4_480x360.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test4_Talkingheadclipped_mp4_480x320.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Other_Media/H264_test8_voiceclip_mp4_480x320.mp4
This is output of the test.sh:
Code: Select all# ./test.sh
http://download.wavetlan.com/SVV/Media/HTTP/MP4/ConvertedFiles/Media-Convert/Unsupported/test7.mp4
sed: -e expression #1, char 8: unknown command: `/'
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test3_Talkingheadclipped_mp4_480x360.mp4
[Code] .....
View 3 Replies
View Related
May 6, 2011
I need to have a shell script which does the following,
1. Remove '/' in the file
2. Replace ';' with new line
Input file (sample):
TL/01039;TL/07014;TL/07016;TL/07046;TL/09476;TL/09522
Output file should be:
View 2 Replies
View Related
May 2, 2011
I am trying to use sed command to repalce one string with other but somehow replacement string contains forwards slash hence getting the error statement garbled!
[Code]...
View 4 Replies
View Related
Jul 12, 2010
I am setting up a web server and SElinux keeps stopping httpd/appache and making it fail. Everything works fine when SElinux is set to permisive, so I know it is SElinux causing the problem. I have all the apache/httpd items allowed in the SElinux bool and even added the line the troubleshooter told me to add but the problem still persists. Here is what SElinux puts out:
[Code].....
several times and it does nothing. I have all the permissions set to Apache as owner and group and allow execution on all the files.
View 1 Replies
View Related
Oct 24, 2010
If the moderators permit (because it's a security issue), the security vulnerability was shown in the ubuntu 10.04(64 bits) first by VSR, a security research firm. Now kindly view the link i will give and suggest what to do! I have the same version ,but the 32 bits(Intel).
View 2 Replies
View Related