Emanuele Gentili | emgent blog http://en.emanuele-gentili.com Thu, 10 Apr 2008 23:35:23 +0000 http://wordpress.org/?v=2.2.2 en Shell history http://en.emanuele-gentili.com/index.php/2008/04/11/shell-history/ http://en.emanuele-gentili.com/index.php/2008/04/11/shell-history/#comments Thu, 10 Apr 2008 23:35:23 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/04/11/shell-history/ emgent@emanuele-gentili:~$ history|awk ‘{a[$2]++ } END{for(i in a){print a[i] ” ” i}}’ |sort -rn|head
108 ls
97 vim
97 cd
27 sudo
20 bzr
18 rm
16 git
11 python
10 quilt
9 wget

]]> http://en.emanuele-gentili.com/index.php/2008/04/11/shell-history/feed/ Security Corner 0.3: lighttpd Denial of Service http://en.emanuele-gentili.com/index.php/2008/04/07/security-corner-03-lighttpd-denial-of-service/ http://en.emanuele-gentili.com/index.php/2008/04/07/security-corner-03-lighttpd-denial-of-service/#comments Mon, 07 Apr 2008 20:24:55 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/04/07/security-corner-03-lighttpd-denial-of-service/ Affected by security bug quite significant, lighttpd is still be vulnerable to Ubuntu repositories.

Lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Vulnerable Version:

  • Hardy (upgraded)
  • Gutsy
  • Feisty
  • Edgy

CVE

Debdiffs:

Upgrade by .deb packages:

 

Upgrade by Repository:

  • Gutsy
deb http://ppa.launchpad.net/emgent/ubuntu gutsy main
deb-src http://ppa.launchpad.net/emgent/ubuntu gutsy main

apt-get update

apt-get upgrade

 

  •  Feisty
deb http://ppa.launchpad.net/emgent/ubuntu feisty main
deb-src http://ppa.launchpad.net/emgent/ubuntu feisty main

 apt-get update

 apt-get upgrade

 

  • Edgy
deb http://ppa.launchpad.net/emgent/ubuntu edgy main
deb-src http://ppa.launchpad.net/emgent/ubuntu edgy main

 apt-get update

 apt-get upgrade

]]> http://en.emanuele-gentili.com/index.php/2008/04/07/security-corner-03-lighttpd-denial-of-service/feed/ Horde3 security patch preview http://en.emanuele-gentili.com/index.php/2008/03/27/horde3-security-patch-preview/ http://en.emanuele-gentili.com/index.php/2008/03/27/horde3-security-patch-preview/#comments Thu, 27 Mar 2008 16:11:19 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/03/27/horde3-security-patch-preview/ Affected by security bug quite significant, horde3 is still be vulnerable to Ubuntu repositories.

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary files via “..” sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted
path sequences.

Vulnerable Version:

  • Hardy (upgraded)
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiffs:

Upgrade by .deb packages:

Upgrade by Repository:

  • Gutsy
deb http://ppa.launchpad.net/emgent/ubuntu gutsy main
deb-src http://ppa.launchpad.net/emgent/ubuntu gutsy main

 apt-get update

apt-get upgrade

 

  •  Feisty
deb http://ppa.launchpad.net/emgent/ubuntu feisty main
deb-src http://ppa.launchpad.net/emgent/ubuntu feisty main

 apt-get update

 apt-get upgrade

 

  • Edgy
deb http://ppa.launchpad.net/emgent/ubuntu edgy main
deb-src http://ppa.launchpad.net/emgent/ubuntu edgy main

 apt-get update

 apt-get upgrade

 

  • Dapper
deb http://ppa.launchpad.net/emgent/ubuntu dapper main
deb-src http://ppa.launchpad.net/emgent/ubuntu dapper main

 apt-get update

 apt-get upgrade

]]> http://en.emanuele-gentili.com/index.php/2008/03/27/horde3-security-patch-preview/feed/ lighttpd security patch preview http://en.emanuele-gentili.com/index.php/2008/03/11/lighttpd-security-patch-preview/ http://en.emanuele-gentili.com/index.php/2008/03/11/lighttpd-security-patch-preview/#comments Tue, 11 Mar 2008 14:30:40 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/03/11/lighttpd-security-patch-preview/ Affected by security bug quite significant, lighttpd is still be vulnerable to Ubuntu repositories.

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

Hence a preview of the bug and my relative debdiff that will be placed in a circle in the mirror:

lighttpd

Vulnerable Version:

  • Hardy
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiff Relatives:

]]> http://en.emanuele-gentili.com/index.php/2008/03/11/lighttpd-security-patch-preview/feed/ VLC security patch preview http://en.emanuele-gentili.com/index.php/2008/03/11/vlc-security-patch-preview/ http://en.emanuele-gentili.com/index.php/2008/03/11/vlc-security-patch-preview/#comments Tue, 11 Mar 2008 02:05:54 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/03/11/vlc-security-patch-preview/ Affected by security bug quite significant, VLC is still be vulnerable to Ubuntu repositories.

Hence a preview of the bug and my relative debdiff that will be placed in a circle in the mirror:

VLC

Vulnerable Version:

  • Hardy
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiff Relatives:

]]> http://en.emanuele-gentili.com/index.php/2008/03/11/vlc-security-patch-preview/feed/ hello world. http://en.emanuele-gentili.com/index.php/2008/02/28/hello-world/ http://en.emanuele-gentili.com/index.php/2008/02/28/hello-world/#comments Thu, 28 Feb 2008 03:15:42 +0000 emgent http://en.emanuele-gentili.com/index.php/2008/02/28/hello-world/ This is the first post in my ENGRISH blog :P

]]> http://en.emanuele-gentili.com/index.php/2008/02/28/hello-world/feed/