Ubuntu Security :: Tar Vulnerability? Leading ./ (dot Slash) Makes The --directory Option Fail?

Jun 8, 2010

I ran across this problem when I used checkinstall and then tried to extract the contents of data.tar.gz (which you can find inside any .deb).tar has an option to extract the contents of a file in a given directory.From tar's manpage:

Code:
-C, --directory DIR
change to directory DIR

[code]....

View 2 Replies


ADVERTISEMENT

Ubuntu Servers :: Remove The Leading Number And Slash If The Input File Is In The New Format?

Sep 10, 2010

I'm thinking of a few ways to do this I'm curious how many better/equal ways there are to do the same task.in a file with format like: 20 text Gi0/2 some other junk I have it reformatted to look like this before going in a database: 0/2 20 text. But for whatever reason some of the new input text looks like this now: 20 text Gi1/0/2 some other junk

My script makes it look like this: 1/0/2 20 text. I want it to remove the leading number and slash if the input file is in the new format.

View 5 Replies View Related

Ubuntu Security :: Thunderbird Security Vulnerability Updates

Apr 2, 2010

So yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?

View 9 Replies View Related

Ubuntu :: Gnome Screensaver Security Vulnerability?

Aug 26, 2010

I noticed that when typing in your password after locking the screen or a screensaver, the program focussed behind it is able to catch the input...

This sounds like a huge security risk to me, is there anyone who can test this? (Only noticed with game in wine, perhaps you need low level xorg access)

View 1 Replies View Related

Security :: BackTrack For Web Vulnerability Assessment?

Jan 13, 2011

I i've virtual machine that is running BackTrack4r2. I need to use the built-in tool Metaspolit in bt for assessing the security and vulnerability in websites The prob is that i dont have any about the Metaspolit tool.

View 10 Replies View Related

Ubuntu Security :: Vulnerability In Karmic And Intrepid Alpha2?

Feb 24, 2010

I decided to report what happened me lately so that someone more clever could find the hole in the latest ubuntu. So: I have a machine connected 24/7 on high speed network. i had karmic on it. i ran openssh and apache2 (without any mod, plain apache2) on it. In addition i ran firefox, ktorrent, and amule on it. Nothing else. The system didnt have any rule in iptables.


Recently chkrootkit signaled a SuckIT rootkit in the system. I was scared, i googled for it and i saw that on ubuntu this actually happened and it was a false positive. Ok, i kept going. Yesterday i nmapped myself and i found an open port around 64000 that i couldnt see with netstat -atpnl so i concluded i was actually infected and erased the drive and tried to install lucid alpha2 so, one day of lucid,

- with a firewall this time that let open only the port 22 and 80 from internet
- with only openssh as service (no apache2)
- ran firefox3.6 , ktorrent and amule , nothing else

chkrootkit didnt find anything
debsums reported
debsums: changed file /sbin/initctl (from upstart package)

i did an apt-get install --reinstall upstart and that file didnt warn anymore. So i concluded there must be some kind of vulnerability either in

a) firefox
b) ktorrent
c) amule

View 6 Replies View Related

Ubuntu Security :: MITM Attack - TLS Renegotiation Vulnerability

Sep 28, 2010

Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.

My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?

View 4 Replies View Related

Ubuntu Security :: Free Outside Vulnerability Scan That Works With Server

Feb 11, 2010

Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.

View 5 Replies View Related

Ubuntu Security :: Locked-Screen Login Window Vulnerability?

May 12, 2010

I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?

View 5 Replies View Related

Ubuntu Installation :: Upgrading To 9.10 Makes All Services FAIL On Startup?

Jan 9, 2010

I upgraded from 9.04 to 9.10.SSH, samba, LAMP server, etc etc etc are now failing to start when the os boots. I can start all of these services manually but is a bit of an annoyance.Maybe something simple but am not sure where to look to fix this.

View 4 Replies View Related

General :: Update After Wubi Install Makes Ubuntu Fail To Load

Jan 1, 2010

So after a win7 wubi install, I updated through system update. Now after I choose ubuntu in the win bootloader it takes me to a grub screen. How can I boot into linux and remove grub? (This isn't my computer otherwise I would dual boot and let grub take care of it).

View 5 Replies View Related

Security :: Vulnerability - 1.0.x Branch Of OpenSSL That Potentially Allows SSL Servers To Compromise Clients

Aug 10, 2010

Quote: Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssls3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.

View 1 Replies View Related

Debian Multimedia :: Installing Nvidia 352.30 Makes Sddm Fail (KDE Plasma 5)

Aug 2, 2015

I just updated Nvidia driver with sgfxi to 352.30 (Debian testing), and X doesn't load.

My current display manager is sddm, used with KDE Plasma 5. Is it a known issue? I couldn't find any sensible error messages in Xorg logs.

View 4 Replies View Related

General :: Make A Cronjob Who Makes A Tag.gz Of Everything Inside A Directory In A Recursive Way?

Mar 23, 2011

I would like to make a cronjob who makes a tag.gz of everything inside a directory in a recursive way. BUT there is a HUGE directory full of jpg's. I don't want this one in the backup.Additional points if it can backup symbolic links.

View 2 Replies View Related

Ubuntu Security :: Selecting The 'Available To All Users' Option In Network Mgr Mess With Security?

Oct 15, 2010

To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?

View 3 Replies View Related

Security :: Removing Setuid Option For Security?

Nov 18, 2010

According to Security standards given in[URL]Quote:Unless otherwise approved the following setuid root binaries are the only ones allowed on production servers:

* /bin/su
* /usr/bin/sudo
* /usr/bin/passwd

[code]....

View 3 Replies View Related

Ubuntu Security :: Firestarter Fail In Boot Log?

Oct 20, 2010

I've been using Firestarter for a while and have used it to set-up inbound and outbound policies (which are probably way too restricitve) but since turning on boot logging the other day I have noted that the boot log contains the message:

Code:
* Starting the Firestarter firewall [fail] I find this somewhat alarming. I have seen post[URL].ht= firestarter (although have not added it the auto startup list and do not wish to have it start without the root password). What I would like to know is as the computer boots up does it set the iptables to their last setting irrespective of whether firestarter starts or does firestarter need to start to set the iptables and therefore my policies?

View 2 Replies View Related

Ubuntu Security :: Right Click - Automatically Get The Encrypt Process To Delete The Un-encrypted File When It Makes The New Encrypted Copy?

Jan 5, 2010

I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?

View 6 Replies View Related

Debian :: Using Root Account With Or Without Slash?

Sep 26, 2015

I came to debian from fedora so there I used ( su - ) to become root user. So my question is that in debian, is it same using ( su ) and ( su - ) or here also using ( su - ) is preferred with slash or without slash. What is the correct and secure way in debian with full root status.

One more question relating gedit sources.list

I use as root account : gedit /etc/apt/sources.list (and then enter and sources file in gedit open)

Is this correct method or any other way as when save after changing entries inside it says error.

View 3 Replies View Related

Ubuntu :: Correct Option To Merge Directory Trees?

Feb 17, 2011

I have a couple directories in the following format:
+ Dir 1
----+ Dir A
-------- file1
----+ Dir B
-------- file2
+ Dir 2
----+ Dir A
-------- file3
----+ Dir C
-------- file2
+ Dir 3
----+ Dir B
-------- file2
----+ Dir C
-------- file1

My desired structure is:
+ Dir Final
----+ Dir A
-------- file1
-------- file3
----+ Dir B
-------- file2-1 [or something so that the two files don't overwrite]
-------- file2-2
----+ Dir C
-------- file2
-------- file1

Basically, I would like to combine all the directories that I can, without deleting/overwriting any files. I have looked at Rsync, but I could not find the correct options to do what I wanted.

View 1 Replies View Related

Ubuntu Servers :: Postfix Adds Trailing Slash To Users?

May 11, 2011

I followed this tutorial to setup a mail server, followed it to the letter, double/triple/quadruple checked everything for human error, and I can't find anything.[URL].. What's happening is it seems that postfix is adding a trailing slash to usernames when it does the user lookup, so they don't exist and then fail. I've attached the log below.

Code:
May 11 01:06:27 vmail postfix/smtpd[1688]: connect from localhost[127.0.0.1]
May 11 01:06:55 vmail postfix/smtpd[1688]: 3372E982BC: client=localhost[127.0.0.1]
May 11 01:07:18 vmail postfix/cleanup[1691]: 3372E982BC: message-

[Code]...

View 1 Replies View Related

Slackware :: Can't Mount Nfs Directory Without Option

May 22, 2010

I can't mount nfs directory without option "-o nolock".NFS server is slackware 11 and client is Slackware 13 (full installation).I tested with Centos 5.4 and works fine. Using which rpc.lockd print is no rpc.lockd and slackware 11 is /usr/sbin/rpc.lockd.following services starting on client using rc.rpc ( rpc.statd and rpc.portmap)

View 2 Replies View Related

Programming :: Escaping Forward Slash In Sed Command?

Nov 2, 2010

i want to replace

Code: <trus.analytics.platform.model.version>2.0.0-SNAPSHOT</trus.analytics.platform.model.version> with
Code: <trus.analytics.platform.model.version>2.0.0-b-20</trus.analytics.platform.model.version> using sed command. Code: sed -i

[Code]....

I think there is a problem with front-slash but not sure how to resolve it.

View 2 Replies View Related

OpenSUSE :: Fuse, Gnome-screensaver, Gnutils Security Updates Fail

Feb 12, 2010

I keep getting messages that I need to update fuse gnome-screensaver and gnutils security updates. However, everytime I try to update either by YAST Online Update or the toolbar icon, it fails to update. The message is that can't remove fuse, gnutls, etc.

View 4 Replies View Related

Ubuntu Security :: Add Acl Option To Fstab?

Feb 23, 2010

I've got a partition, let's say sdb6, which is one of the partitions of my second hard disk.On boot ubuntu only mount my boot partition, let's say sda2, which is on my first drive.Once ubuntu started if I want to mount a partition I usually click on it under the Places menu and an authorization is required.As I would like to add acl to a partition following this thread

Quote:

http://ubuntuforums.org/showthread.php?p=8787962

I've tried to add acl option to my fstab, but my /etc/fstab doesn't have any info of any of my partitions and it originaly looks like:

Quote:

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier

# for a device; this may be used with UUID= as a more robust way to name[code]...

My goal is to mount/unmount any partition with acl loaded and graphically ,but I reached my limit on my linux knoweledge.

View 9 Replies View Related

Debian Programming :: Sed Cannot Delete Forward Slash In While Loop?

Aug 14, 2014

I am downloading online videos with a bash script this is the code of script test.sh:

Code: Select all#!/bin/bash
while read line
 do
"/usr/bin/wget" $line
sed -i "/$line/d" urls
done  <urls

The while loop read the videos url from the urls file and parse them to the wget for dwonlaod, i write the wget for easy of exmple in this code otherwise i use another script to downlaod the embed videos , the code

Code: Select allsed -i "/$line/d" urls delete the url of videos from the urls file when it is download is complete.

The problem is http address contain the foreward slashes "/" and sed cannot delete them and get error, this is the urls file:

Code: Select allhttp://download.wavetlan.com/SVV/Media/HTTP/MP4/ConvertedFiles/Media-Convert/Unsupported/test7.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test3_Talkingheadclipped_mp4_480x360.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test4_Talkingheadclipped_mp4_480x320.mp4
http://download.wavetlan.com/SVV/Media/HTTP/H264/Other_Media/H264_test8_voiceclip_mp4_480x320.mp4

This is output of the test.sh:

Code: Select all# ./test.sh
http://download.wavetlan.com/SVV/Media/HTTP/MP4/ConvertedFiles/Media-Convert/Unsupported/test7.mp4
sed: -e expression #1, char 8: unknown command: `/'
http://download.wavetlan.com/SVV/Media/HTTP/H264/Talkinghead_Media/H264_test3_Talkingheadclipped_mp4_480x360.mp4

[Code] .....

View 3 Replies View Related

General :: Remove / (slash) And Replace - (semi-colon) With New Line

May 6, 2011

I need to have a shell script which does the following,

1. Remove '/' in the file
2. Replace ';' with new line

Input file (sample):

TL/01039;TL/07014;TL/07016;TL/07046;TL/09476;TL/09522

Output file should be:

View 2 Replies View Related

General :: Escape Forward Slash But Not Working Statement Garbled?

May 2, 2011

I am trying to use sed command to repalce one string with other but somehow replacement string contains forwards slash hence getting the error statement garbled!

[Code]...

View 4 Replies View Related

Fedora Security :: Setting Up A Webserver And SElinux Keeps Stopping Httpd / Appache And Making It Fail

Jul 12, 2010

I am setting up a web server and SElinux keeps stopping httpd/appache and making it fail. Everything works fine when SElinux is set to permisive, so I know it is SElinux causing the problem. I have all the apache/httpd items allowed in the SElinux bool and even added the line the troubleshooter told me to add but the problem still persists. Here is what SElinux puts out:

[Code].....

several times and it does nothing. I have all the permissions set to Apache as owner and group and allow execution on all the files.

View 1 Replies View Related

Ubuntu :: Linux Kernel Vulnerability Openly Demonstrated

Oct 24, 2010

If the moderators permit (because it's a security issue), the security vulnerability was shown in the ubuntu 10.04(64 bits) first by VSR, a security research firm. Now kindly view the link i will give and suggest what to do! I have the same version ,but the 32 bits(Intel).

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved