Jan 16 14

sourcecodeToday OpenSSH project reported an bug in the client component of OpenSSH versions 5.4 up to 7.1.
The announced issue could allow an OpenSSH client to leak client memory to the connected SSH server including (private) key information. The vulnerability was discovered in the roaming feature of OpenSSH client which is default active.

This vulnerabilities affects the OpenSSH client on most operating systems like Linux, FreeBSD and Mac OSX. Continue reading »

written by d45id \\ tags: , , ,

Apr 14 07

heartbleed„A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012.“ Juha Saarien

„A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.“ security advisory

The attack may be repeated and it appears trivial to acquire the host’s private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian’s fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

written by d45id \\ tags: , , , ,

Nov 13 08

puffy-sshWie heute das OpenSSH-Projekt in einem Advisory bekannt gab existiert eine Memory Corruption-Problem, welches im Prinzip zu einer aus der Ferne ausnützbaren Sicherheitslücke führen kann.
Zwar lässt sich diese Lücke anscheinend nur nach erfolgreicher Anmeldung am System ausnutzen, dennoch empfiehlt es sich den angegebenen Workaround zu implementieren bzw. auf die entsprechend gepatchte Version upzugraden.

Noch ist nicht bekannt, dass Exploits die dieses Problem ausnützen können, existieren bzw. in Verwendung sind – da der Quellcode von OpenSSH offen ist, ist jedoch davon auszugehen, dass dies sehr bald der Fall sein wird. Continue reading »

written by d45id \\ tags: , , ,

Nov 13 02

Konsole 1:

root@nyx:/home/d45id# dd if=/dev/urandom of=/dev/sdb bs=4M

Konsole 2 (PID ermitteln):

d45id@nyx:~$ ps -ef | grep -w '[d]d'
root      2851  2841 99 17:20 pts/1    00:00:14 dd if=/dev/urandom
of=/dev/sdb bs=4M

Konsole 2 (USR1 abschicken):

root@nyx:/home/d45id# kill -USR1 2851
root@nyx:/home/d45id# kill -USR1 2851

Jedes mal, wenn dd dieses Signal erhält, gibt es auf dem ersten Terminal
eine kurze Statistik der bis dahin gesendeten und empfangenen Bytes aus:

109+0 Datensätze ein
108+0 Datensätze aus
452984832 Bytes (453 MB) kopiert, 51,2639 s, 8,8 MB/s
250+0 Datensätze ein
249+0 Datensätze aus
1044381696 Bytes (1,0 GB) kopiert, 117,451 s, 8,9 MB/s

written by d45id \\ tags: , ,

Nov 13 02

25 Years ago, the first internet worm saw the light of day.

written by d45id \\ tags: , , , ,

Mrz 13 28

TerminalAus gegebenen Anlass möchte ich aufzeigen wie sich Rechenoperationen auf UNIX/Linux CLI durchführen lassen. Diese Operationen lassen sich natürlich auch in Skripten verwenden.
Im folgenden möchte ich vier Möglichkeiten zur Berechnung vorstellen, die sich auf so ziemlich jedem aktuellen UNIX/Linux anwenden lassen. Continue reading »

written by d45id \\ tags: , , , , , , , ,

Jul 12 20

Hard disks are going to be cheaper and cheaper and we are going to need even more space. So why not build your own cheap storage? Thanks to linux 3.1 and 3.2 and its btrfs support is now very easy to setup a fully redundant, scalable, storage made of many hard drives. Set up a btrfs storage is really easy. I’m using btrfs because it performs really good in a lot of scenarios like oracle demonstrated. Do not rely on old benchmarks, Btrfs has been out from a while now, and early versions are not comparable with old ones. One of the best features of this filesystem is scalability: you can start with one disk and then attach new disks as soon you need them. You just attach and add to the btrfs volume the new hard disk. That’s it.

To create a fully redundant hard disk just do:

root@sid:~$ install btrfs-tools

root@sid:~$ mkfs.btrfs -d raid1 /dev/sdb /dev/sdc

You can see the newly created filesystem. You will see also the UUID. That’s an important information since we can setup automount at startup thanks to that info.

Suppose that you want to attach the newly created storage to /storage and you want it to be mounted by default as soon as the computer starts. You just do add this line to /etc/fstab:

root@sid:~$ sudo btrfs filesystem show

Label: none uuid: cace4a04-38e8-42-8581-82bfada35ea7
Total devices 2 FS bytes used 28.00KB
devid 1 size 1.0B used 212.75MB path /dev/sdb
devid 2 size 1.0GB used 212.75MB path /dev/sdc

Btrfs Btrfs v0.19

UUID=cace4a04-38e8-42-8581-82bfada35ea7 /storage btrfs defaults 0 0

written by d45id \\ tags: , , ,

Dez 10 19

Vergangen Donnerstag installierte Solaris 11 express x86 auf meiner Workstation und hatte das Problem, dass mein deutsches Tastaturlayout nicht richtig geladen wurde.

Folgender trick behob mein Problem:

  • Anlegen der Datei /etc/hal/fdi/policy/10-x11-input.fdi
  • Angelegte Datei mit folgenden Inhalt füttern:
    <?xml version="1.0" encoding="UTF-8"?>
    <deviceinfo version="0.2">
       <match key="info.capabilities" contains="input.keys">
        <merge key="input.x11_options.XkbRules" type="string">base</merge>
        <merge key="input.x11_options.XkbModel" type="string">pc105</merge>
        <merge key="input.x11_options.XkbLayout" type="string">de</merge>
        <merge key="input.x11_options.XkbOptions" type="string">shift:breaks_caps,terminate:ctrl_alt_bksp</merge>
    • reboot

    written by d45id \\ tags: , , ,