Re: chroot'ed environment?
oea!owner-bugtraq@oea.xs4all.nl
Thu, 20 Apr 1995 01:31:08 +0200
>From fc.net!owner-bugtraq Sat Apr 08 17:39:24 1995 remote from oea
Received: from hacktic by oea.xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sat, 08 Apr 1995 17:39:24 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA05674
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 01:15:56 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id NAA01213 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 13:11:34 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id NAA28207 for bugtraq-outgoing; Fri, 7 Apr 1995 13:13:03 -0500
Received: from poly.phys.cwru.edu (poly.PHYS.CWRU.Edu [129.22.176.4]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id NAA28196 for <bugtraq@fc.net>; Fri, 7 Apr 1995 13:12:57 -0500
Received: (from jstott@localhost) by poly.phys.cwru.edu (8.6.11/8.6.11) id OAA06417; Fri, 7 Apr 1995 14:14:26 -0400
Date: Fri, 7 Apr 1995 14:14:26 -0400
From: Jonathan Stott <jstott@poly.phys.cwru.edu>
Message-Id: <199504071814.OAA06417@poly.phys.cwru.edu>
To: cklaus@iss.net
Subject: Re: SATAN ATTACKS EVERYWHERE
Cc: bugtraq@fc.net
Sender: owner-bugtraq@fc.net
Precedence: bulk
Sender: Ahmed M. Naas <ahmed@oea.xs4all.nl>
> 1. It is HUGE. It eats up tons of disk and ram space. [...]
You don't need to load the whole thing to run the scan (see below). It's
disk space requirements are proportional to the number of hosts you plan on
scanning.
> 2. It requires installing other packages like perl. Most hackers aren't
> able to run anything unless it's a no brainer script. "Gee the bad thing
> is we've been hacked and someone used SATAN, the good thing is that we
> got perl5 and a web browser installed."
Fortunately :-)
> 3. Since you have to use a web browser, you have to either run SATAN from
> the console (umm, really stupid hacker scanning from his own machine) or
> redirect the X Display to his own machine (still really stupid). [...]
You don't need a web browser to run the scan, the command line works
just fine. For example
satan -a 2 somehost
will run a 'heavy' scan against somehost without going through the
browser. The browser becomes really handy when you want to view the
results (but even so, it's not essential - you could make do with just grep
if you were really stuck).
-JS
>From fc.net!owner-bugtraq Sat Apr 08 17:39:25 1995 remote from oea
Received: from hacktic by oea.xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sat, 08 Apr 1995 17:39:24 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA06764
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 01:26:11 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id MAA01100 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 12:24:41 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id MAA27262 for bugtraq-outgoing; Fri, 7 Apr 1995 12:26:08 -0500
Received: from fiji.oc.nps.navy.mil (fiji.oc.nps.navy.mil [131.120.60.55]) by freeside.fc.net (8.6.10/8.6.6) with SMTP id MAA27250 for <bugtraq@fc.net>; Fri, 7 Apr 1995 12:25:56 -0500
Received: by fiji.oc.nps.navy.mil (940406.SGI/931108.SGI.ANONFTP)
for bugtraq@fc.net id AA04175; Fri, 7 Apr 95 10:23:59 -0700
From: forsythe@fiji.oc.nps.navy.mil (Carl R. Forsythe)
Message-Id: <9504071723.AA04175@fiji.oc.nps.navy.mil>
Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP
To: bugtraq@fc.net
Date: Fri, 7 Apr 1995 10:23:58 -0700 (PDT)
In-Reply-To: <Pine.3.88.9504061647.C17974-0100000@wu1.wl.aecl.ca> from "Software Test Account" at Apr 6, 95 04:22:54 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1404
Sender: owner-bugtraq@fc.net
Precedence: bulk
According to Software Test Account:
>
> On Thu, 6 Apr 1995, Wietse Venema wrote:
>
> >
> For some reason when I test SATAN against VMS systems running either UCX or
> Wollongong TCP/IP stacks the systems crash.
>
> This seems to be true for the heavy test only. Other potentially
> coincidental events include:
> 1. First test on a given node; when system reboots and a test
> is again performed a successful test seems to be made.
> 2. The first test uses the FQDN and the second test uses the
> IP address.
>
> I have no idea where to look? The crash logs do not reveal anything helpful.
> A message coming from SATAN says:
> bin/udp_scan: are we talking to a dead host or network?
>
> NOTE: The hosts were most certainly alive prior to the test.
>
We noticed the same thing with one of our VMS nodes that happened to
have SATAN hit it in heavy mode. Since I am not the VMS admin I am not
sure of all the details other than the fact that the machine rebooted when
it was scanned with a heavy scan....I will forward for info as I find
it.....
-Carl
--
=================================================================
Carl R. Forsythe System Administrator, Oceanography Department
NPGS Monterey, CA. E-Mail: forsythe@oc.nps.navy.mil
PGP Version 2.6.2 key available on request
=================================================================
>From fc.net!owner-bugtraq Sat Apr 08 17:39:25 1995 remote from oea
Received: from hacktic by oea.xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sat, 08 Apr 1995 17:39:25 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA09572
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 01:49:56 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id LAA01077 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 11:58:09 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id LAA26837 for bugtraq-outgoing; Fri, 7 Apr 1995 11:59:35 -0500
Received: from merlin.eglin.af.mil ([129.61.1.150]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id LAA26826 for <bugtraq@fc.net>; Fri, 7 Apr 1995 11:59:29 -0500
Received: (from sears@localhost) by merlin.eglin.af.mil (8.6.10/8.6.9) id LAA23435; Fri, 7 Apr 1995 11:57:49 -0500
Date: Fri, 7 Apr 1995 11:57:47 -0500 (CDT)
From: "David R. Sears" <sears@eglin.af.mil>
Subject: Problem with SATAN/VMS
To: wietse@wzv.win.tue.nl
Cc: bugtraq@fc.net
Message-Id: <Pine.3.89.9504071117.E20707-0100000@merlin.eglin.af.mil>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-bugtraq@fc.net
Precedence: bulk
The bourne shell script 'rsh.satan' falsely reports a vulnerability on
hosts that are running DEC VMS 6.1 This is because the OS sends the
following message to standard output:
UCX$RSHD - Permission denied - host IP addr
To fix, just add a test for the above string to the 'if $TEST -s
"$tmp_file"' test in 'rsh.satan'.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
David R. Sears sears@merlin.eglin.af.mil
96 CCSG/SCTXL (904) 882-2678
Eglin AFB, FL 32542 DSN 872-2678
... Any resemblance between the above views and those of my employer,
my terminal, or the view out my window are purely coincidental. Any
resemblance between the above and my own views is non-deterministic.
The question of the existence of views in the absence of anyone to hold
them is left as an exercise for the reader. The question of the
existence of the reader is left as an exercise for the second god
coefficient. (A discussion of non-orthogonal, non-integral polytheism
is beyond the scope of this article.)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>From gorgan.mti.sgi.com!anoosh Sat Apr 08 17:39:27 1995 remote from oea
Received: from hacktic by oea.xs4all.nl (UUPC/extended 1.12n) with UUCP
for ahmed; Sat, 08 Apr 1995 17:39:27 +0100
Received: from hardy.u.washington.edu by xs1.xs4all.nl with SMTP id AA22622
(5.67b/IDA-1.5 for <ahmed@oea.xs4all.nl>); Sat, 8 Apr 1995 03:54:12 +0200
Received: from prism.poly.edu by hardy.u.washington.edu
(5.65+UW95.02/UW-NDC Revision: 2.32 ) id AA12081;
Fri, 7 Apr 95 18:47:27 -0700
Received: from rama.poly.edu by prism.poly.edu (5.64/1.34-032891-Polytechnic University)
id AA24147; Fri, 7 Apr 95 21:31:37 -0400
Received: from sgi.sgi.com (SGI.COM) by rama.poly.edu.photon (4.1/SMI-4.1)
id AA22154; Fri, 7 Apr 95 21:47:28 EDT
Received: from sgihub.corp.sgi.com by sgi.sgi.com via ESMTP (950405.SGI.8.6.12/910110.SGI)
id SAA08919; Fri, 7 Apr 1995 18:47:05 -0700
Received: from mti.mti.sgi.com by sgihub.corp.sgi.com via SMTP (940519.SGI.8.6.9/911001.SGI)
id SAA08466; Fri, 7 Apr 1995 18:46:51 -0700
Received: from gorgan.mti.sgi.com by mti.mti.sgi.com via SMTP (931110.SGI/911001.SGI)
for @sgi.com:heer@u.washington.edu id AA04322; Fri, 7 Apr 95 18:46:38 -0700
Received: by gorgan.mti.sgi.com (940816.SGI.8.6.9/911001.SGI)
id SAA21019; Fri, 7 Apr 1995 18:48:48 -0700
From: "Anoosh Hosseini" <anoosh@gorgan.mti.sgi.com>
Message-Id: <9504071848.ZM21017@gorgan.mti.sgi.com>
Date: Fri, 7 Apr 1995 18:48:47 -0700
In-Reply-To: Nicholas Heer <heer@u.washington.edu>
"ISO8859-6 -> ISIRI-3342 (fwd)" (Apr 7, 3:56pm)
References: <Pine.OSF.3.91a.950407154703.13105B-100000@saul3.u.washington.edu>
X-Mailer: Z-Mail (3.2.0 26oct94 MediaMail)
To: Nicholas Heer <heer@u.washington.edu>
Subject: Re: ISO8859-6 -> ISIRI-3342 (fwd)
Cc: reader <reader@rama.poly.edu>, ITISALAT <ITISALAT@GUVM.CCF.GEORGETOWN.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
On Apr 7, 3:56pm, Nicholas Heer wrote:
> Subject: ISO8859-6 -> ISIRI-3342 (fwd)
> Anoosh,
>
> Where can I get a copy of the ISIRI-3342 code page? I've already
> looked at tehran.stanford.edu. Has this code page supplanted the iscii
> code page? Is there a Persianization program that could load this code
> page into my computer in the same way Arabic DOS and Sakhr can load Arabic
> code pages? I don't want a word processor just a code page with screen
> fonts that I could use with an editor or use to read Persian texts on
> line.
>
> Nicholas
I would be glad to Mail anyone the English spec. Yes ISIRI-3342 has replaced
ISCII. As to whether everyone over there uses ISIRI-3342, that is an another
story. The producers of Persian DOS and Sakr equivalents use their own
encoding which only they support. In fact there are about as many encoding
as there are major Persian software companies. In a few weeks I will have a
Windows viewer for ISIRI-3342 since I assume you wanted a PC solution.
regards
-anoosh
>From fc.net!owner-bugtraq Sun Apr 09 00:40:17 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sun, 09 Apr 1995 00:40:17 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA27943
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 04:56:34 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id QAA01540 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 16:52:31 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id QAA02953 for bugtraq-outgoing; Fri, 7 Apr 1995 16:54:02 -0500
Received: from mail.Germany.EU.net (mail.Germany.EU.net [192.76.144.65]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id QAA02942 for <bugtraq@fc.net>; Fri, 7 Apr 1995 16:53:55 -0500
Received: by mail.Germany.EU.net with SMTP (8.6.5:29/EUnetD-2.5.1.d) via EUnet
id XAA12998; Fri, 7 Apr 1995 23:53:47 +0200
Received: from barolo.ak.munich.ibm.com by prosecco.munich.ibm.de (4.03afxG1.2)
id AA06553; Fri, 7 Apr 1995 23:48:05 +0200
Received: by barolo (AIX 3.2/UCB 5.64/afx1.8)
id AA21930; Fri, 7 Apr 1995 23:50:56 +0200
From: afx@ibm.de (Andreas Siegert)
Message-Id: <9504072150.AA21930@barolo>
Subject: Re: Problem with SATAN/VMS
To: sears@eglin.af.mil (David R. Sears)
Date: Fri, 7 Apr 1995 23:50:55 +0200 (CEST)
Cc: wietse@wzv.win.tue.nl, bugtraq@fc.net
In-Reply-To: <Pine.3.89.9504071117.E20707-0100000@merlin.eglin.af.mil> from "David R. Sears" at Apr 7, 95 11:57:47 am
X-Organisation: EMEA AIX Security CoC / AIX ATG IBM Germany
X-Address: Anzinger Strasse 29, 81617 Muenchen, Germany
X-Phone: +49-89-4504-4509 (internal 945-4509), Fax -4233
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 701
Sender: owner-bugtraq@fc.net
Precedence: bulk
SATAN on AIX has a similar problem.
AIX emits a permission denied that the simple test (test -s) doesn't catch
> The bourne shell script 'rsh.satan' falsely reports a vulnerability on
> hosts that are running DEC VMS 6.1 This is because the OS sends the
> following message to standard output:
>
> UCX$RSHD - Permission denied - host IP addr
>
> To fix, just add a test for the above string to the 'if $TEST -s
> "$tmp_file"' test in 'rsh.satan'.
--
Andreas Siegert afx@ibm.de / afx@barolo.ak.munich.ibm.com / AFX at IPNET
Every time we've moved ahead in IBM, it was because someone was willing to take
a chance, put his head on the block, and try something new - Thomas Watson, Jr.
>From fc.net!owner-bugtraq Sun Apr 09 00:40:19 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sun, 09 Apr 1995 00:40:19 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA17616
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 08:55:38 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id UAA01773 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 20:16:23 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id UAA07065 for bugtraq-outgoing; Fri, 7 Apr 1995 20:17:53 -0500
Received: from dc.anjura.com (cbaltzer.ott.hookup.net [165.154.16.24]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id UAA07053 for <bugtraq@fc.net>; Fri, 7 Apr 1995 20:17:44 -0500
Received: from Microsoft Mail (PU Serial #1043)
by dc.anjura.com (PostalUnion/SMTP(tm) v2.1.5c for Windows NT(tm))
id AA-1995Apr07.211200.1043.14638; Fri, 07 Apr 1995 21:16:26 -0600
From: cbaltzer@anjura.com (Baltzer, Craig)
To: bugtraq@fc.net (bugtraq)
Message-Id: <1995Apr07.211200.1043.14638@dc.anjura.com>
X-Mailer: Microsoft Mail via PostalUnion/SMTP for Windows NT
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Organization: Anjura Technology Corporation, Ottawa, Ontario
Date: Fri, 07 Apr 1995 21:16:26 -0600
Subject: All.Net's security testing service
Sender: owner-bugtraq@fc.net
Precedence: bulk
Anyone tried running this against a non-UNIX box?? I ran it against one of
our NT boxes. It generated an email message over 30MB (prob. more, but I
killed it at 30MB) as a report...
Craig
=======================================================
Craig Baltzer EMail: cbaltzer@anjura.com
Anjura Technology Corp Phone: (613) 727-1411
Ottawa, Ontario (Canada) FAX : (613) 727-1412
=======================================================
>From vger.rutgers.edu!owner-linux-ibcs2 Sun Apr 09 00:40:20 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for ibcs2; Sun, 09 Apr 1995 00:40:19 +0100
Received: from vger.rutgers.edu by xs1.xs4all.nl with SMTP id AA28919
(5.67b/IDA-1.5 for <ibcs2@oea.xs4all.nl>); Sat, 8 Apr 1995 10:49:28 +0200
Received: (from daemon@localhost) by vger.rutgers.edu (8.6.10/8.6.10) id EAA12914 for linux-ibcs2-outgoing; Sat, 8 Apr 1995 04:19:10 -0400
Message-Id: <199504080715.QAA04724@mustang.sdc.com.au>
From: "Stephen Davies" <scldad@sdc.com.au>
Subject: Getting closer (?)
To: linux-ibcs2@vger.rutgers.edu
Date: Sat, 8 Apr 95 16:45:37 +0930
Encoding: 53 TEXT , 4 TEXT
Sender: owner-linux-ibcs2@vger.rutgers.edu
Precedence: bulk
I have built ibcs-pre1.2-950308.tar.gz and successfuly run the SVR4 program
that installs my package. I cannot, however, get the package itself to run.
This may be insufficient memory but hopefully the attached trace will pin
down the cause.
In case it helps, the code was built on Dell UNIX System V.4 - x32.
Thanks,
Stephen
<6>iBCS: devtrace registered on character major 31
<7>iBCS: trace code set to 0xffffeff
<7>[194]4692 trace returns 268435199 {273}
<7>COFF: exec /d2/mstat
<7>COFF: bad filehdr magic
<7>COFF: binfmt_coff: result = -8
<7>XOUT: binfmt_xout entry: /d2/mstat
<7>XOUT: bad magic 0a3a
<7>[195]4694 open("/dev/zero", 00, 01166740)
<7>[195]4694 open returns 3 {1342297932}
<7>[196]4694 mmap(0x0, 0x1000, 0x3, 0x2, 3, 0x0)
<7>[196]4694 mmap returns 1342320640 {0}
<7>[197]4694 close(3)
<7>[197]4694 close returns 0 {3}
<7>[198]4694 mprotect(0x50000000, 116540, 0x7)
<7>[198]4694 mprotect returns 0 {576}
<7>[199]4694 mprotect(0x8048000, 75073, 0x7)
<7>[199]4694 mprotect returns 0 {75073}
<7>[200]4694 getuid()
<7>[200]4694 getuid returns 200 {200}
<7>[201]4694 getgid()
<7>[201]4694 getgid returns 200 {200}
<7>[202]4694 open("/d2/lib/libcrlib.so", 00, 012000352010)
<7>[202]4694 open returns 3 {1342321091}
<7>[203]4694 open("/dev/zero", 00, 012000352010)
<7>[203]4694 open returns 4 {1342321091}
<7>[204]4694 read(3, 0xbfffe794, 4096)
<7>[204]4694 read returns 4096 {1342321091}
<7>[205]4694 mmap(0x0, 0xb2ba4, 0x7, 0x2, 3, 0x0)
<7>[205]4694 mmap returns 1342324736 {0}
<7>[206]4694 mmap(0x500d7000, 0x6c54, 0x7, 0x12, 3, 0xb2000)
<7>[206]4694 mmap returns 1343057920 {1343057920}
<7>[207]4694 mmap(0x500de000, 0xa100, 0x7, 0x12, 4, 0x0)
<7>[207]4694 mmap returns 1343086592 {41216}
<7>[208]4694 close(4)
<7>[208]4694 close returns 0 {41216}
<7>[209]4694 close(3)
<7>[209]4694 close returns 0 {41216}
<7>[210]4695 trace(-1)
<7>[210]4695 trace returns 268435199 {1652}
<7>[211]4695 trace(0)
<7>iBCS: trace code set to 0x0
========================================================================
Stephen Davies Consulting scldad@sdc.com.au
Adelaide, South Australia. Voice: 61-8-2728863
Computing & Network solutions. Fax : 61-8-2741015
>From fc.net!owner-bugtraq Sun Apr 09 00:40:20 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sun, 09 Apr 1995 00:40:20 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA00785
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 12:36:27 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id XAA01833 for <bugtraq-outgoing@sprawl.fc.net>; Fri, 7 Apr 1995 23:33:56 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id XAA11466 for bugtraq-outgoing; Fri, 7 Apr 1995 23:35:28 -0500
Received: from durian.usc.edu.ph (durian.usc.edu.ph [165.220.28.253]) by freeside.fc.net (8.6.10/8.6.6) with SMTP id XAA11453 for <bugtraq@fc.net>; Fri, 7 Apr 1995 23:35:18 -0500
Received: by durian.usc.edu.ph; id AA08749; Sat, 8 Apr 1995 12:33:07 +0800
Date: Sat, 8 Apr 1995 12:33:07 +0800 (HKT)
From: "Cenon B.C. Marana Jr." <bonn@durian.usc.edu.ph>
To: lenex <lenex@psyber.com>
Cc: bugtraq@fc.net
Subject: Re: Shadowed PW file under Linux
In-Reply-To: <199504070543.WAA11406@jasmine.psyber.com>
Message-Id: <Pine.OSF.3.91.950408123103.6486B-100000@durian.usc.edu.ph>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-bugtraq@fc.net
Precedence: bulk
On Thu, 6 Apr 1995, lenex wrote:
Hello All!
> Could someone reccomend a good tool for shaddowing the PW file under Linux?
> This will be my first time setting one up so If you have a Howto that would
> also be much appreciated.
Me too.. how about for OSF/1? or is there a good/recommended tool for
such?
Many thanks.
Bonn
:)
>From fc.net!owner-bugtraq Sun Apr 09 00:40:21 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Sun, 09 Apr 1995 00:40:21 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA26482
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Sat, 8 Apr 1995 16:55:19 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id EAA02175 for <bugtraq-outgoing@sprawl.fc.net>; Sat, 8 Apr 1995 04:34:50 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id EAA15317 for bugtraq-outgoing; Sat, 8 Apr 1995 04:36:23 -0500
Received: from crimelab.crimelab.com (crimelab.com [198.64.127.1]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id EAA15306 for <bugtraq@fc.net>; Sat, 8 Apr 1995 04:36:14 -0500
Received: from canik.bcc.bilkent.edu.tr (canik.bcc.bilkent.edu.tr [139.179.10.17]) by crimelab.crimelab.com (8.6.10/8.6.10) with SMTP id DAA09970 for <bugtraq@crimelab.com>; Sat, 8 Apr 1995 03:34:00 -0600
Received: from biber.bcc.bilkent.edu.tr by bilkent.edu.tr (5.65c/IDA-1.4)
id AA14740; Sat, 8 Apr 1995 12:32:28 +0400
Received: by biber.bcc.bilkent.edu.tr (5.65c/1.4IDA)
id AA21470; Sat, 8 Apr 1995 12:32:24 +0400
From: pevrul@bilkent.edu.tr (Pevrul Sahin)
Message-Id: <199504080832.AA21470@biber.bcc.bilkent.edu.tr>
Subject: sub
To: bugtraq@crimelab.com
Date: Sat, 8 Apr 1995 12:32:23 +0400 (EET DST)
X-Mailer: ELM [version 2.4 PL24]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 353
Sender: owner-bugtraq@fc.net
Precedence: bulk
Please put me on the BUGTRAQ mailing list
Thank you
--
_
P E V R U L
Bilkent University
Bilkent Computer Center
pevrul@bilkent.edu.tr
>From eesun2.tamu.edu!iskandar Sun Apr 09 00:40:24 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for ahmed; Sun, 09 Apr 1995 00:40:24 +0100
Received: from hardy.u.washington.edu by xs1.xs4all.nl with SMTP id AA10488
(5.67b/IDA-1.5 for <ahmed@oea.xs4all.nl>); Sat, 8 Apr 1995 19:15:15 +0200
Received: from prism.poly.edu by hardy.u.washington.edu
(5.65+UW95.02/UW-NDC Revision: 2.32 ) id AA14219;
Sat, 8 Apr 95 09:59:15 -0700
Received: from rama.poly.edu by prism.poly.edu (5.64/1.34-032891-Polytechnic University)
id AA12286; Sat, 8 Apr 95 12:43:26 -0400
Received: from eesun2.tamu.edu by rama.poly.edu.photon (4.1/SMI-4.1)
id AA23033; Sat, 8 Apr 95 12:59:18 EDT
Received: (from iskandar@localhost) by eesun2.tamu.edu (8.6.9/8.6.9) id LAA05744; Sat, 8 Apr 1995 11:59:07 -0500
Date: Sat, 8 Apr 1995 11:59:07 -0500 (CDT)
From: Alexandre Khalil <iskandar@eesun1.tamu.edu>
X-Sender: iskandar@eesun2.tamu.edu
To: Arabic script mailing list <reader@rama.poly.edu>
Cc: NCC%SAKACS00@GUVM.CCF.GEORGETOWN.EDU
Subject: Forwarded mail.... (fwd)
Message-Id: <Pine.SOL.3.90.950408115755.5247F-100000@eesun2.tamu.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---------- Forwarded message ----------
Date: Sat, 8 Apr 1995 09:50:05 -0400
From:NCC.at.SAKACS00@GUVM.CCF.GEORGETOWN.EDU
To: ITISALAT@GUVM.CCF.GEORGETOWN.EDU, at@GUVM.CCF.GEORGETOWN.EDU,
GUVM@GUVM.CCF.GEORGETOWN.EDU
Subject:
Infabs product surveys and documents work in the area of informaticse
in the region (Saudi and Gulf area). First version cited all papers
published through the National Computer Conferences (14 conferences
till now) wich is about 600 papers in both Arabic and English.
Each entry in this work shows full bibliographic information including
title, subject, author(s), abstract and list of descriptives.
For more info please contact:
Chip Computer Services
P. O. Box 51176, Riyadh 11543
Saudi Arabia
Tel: (011966 1) 465-5353
Fax: (011966 1) 464-1442
>From fc.net!owner-bugtraq Mon Apr 10 03:07:38 1995 remote from oea
Received: from hacktic by xs4all.nl (UUPC/extended 1.12n) with UUCP
for root; Mon, 10 Apr 1995 03:07:38 +0100
Received: from sprawl.fc.net by xs1.xs4all.nl with SMTP id AA13686
(5.67b/IDA-1.5 for <root@oea.hacktic.nl>); Mon, 10 Apr 1995 01:07:04 +0200
Received: from freeside.fc.net (freeside.fc.net [198.6.198.2]) by sprawl.fc.net (8.6.10/8.6.10) with ESMTP id LAA03380 for <bugtraq-outgoing@sprawl.fc.net>; Sun, 9 Apr 1995 11:26:08 -0500
Received: (from majordom@localhost) by freeside.fc.net (8.6.8.1/8.6.6) id LAA00346 for bugtraq-outgoing; Sun, 9 Apr 1995 11:27:50 -0500
Received: from trance.helix.net (trance.helix.net [204.244.2.2]) by freeside.fc.net (8.6.10/8.6.6) with ESMTP id LAA00335 for <bugtraq@fc.net>; Sun, 9 Apr 1995 11:27:42 -0500
Received: from trance.helix.net (chowes@trance.helix.net [204.244.2.2]) by trance.helix.net (8.6.12/8.6.9) with ESMTP id EAA03082; Sun, 9 Apr 1995 04:07:05 -0700
Date: Sun, 9 Apr 1995 04:07:05 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: Michael Shields <shields@tembel.org>
Cc: bugtraq@fc.net
Subject: Re: All.Net's security testing service
In-Reply-To: <m0rxeue-000DJtC@yage.tembel.org>
Message-Id: <Pine.SUN.3.91.950409040549.2747D-100000@trance.helix.net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-bugtraq@fc.net
Precedence: bulk
On Sat, 8 Apr 1995, Michael Shields wrote:
> > You're allowed to run it only once, since crackers have been abusing it.
>
> If you run it, it reports some holes, and you make some changes that
> should fix them, shouldn't you be able to run it again to make sure your
> system is now clean?
Well, it is a tradeoff.
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971