[ale] returned to the list...

Jim Kinney jkinney at jimkinney.us
Sun Sep 28 22:05:28 EDT 2014


Sounds like the scan has an update bug. We hit stuff like that at IBM monthly with upstream release at version 2.3.4 and rhel at 2.2.3-123 as the ran back ported patches and changed build numbers only.
Only way to really test is to run the exploit(s) since build #foo as reported by package check 

None of the scanners EVER ran rpm -Va prior to checking version numbers against CVE codes to check for altered binaries.

</sigh>

On September 28, 2014 4:14:30 PM EDT, Wolf Halton <wolf.halton at gmail.com> wrote:
>I am still seeing it as a vulnerability (false positive) on qualys
>reports.  At least on Rhel 5.x.
>
>Wolf Halton
>
>--
>This Apt Has Super Cow Powers - http://sourcefreedom.com
>Security in the Cloud - http://AtlantaCloudTech.com
><http://atlantaCloudTech.com>
>
>
>On Sun, Sep 28, 2014 at 9:32 AM, Jim Kinney <jim.kinney at gmail.com>
>wrote:
>
>> That openssh fork was folded back in (I think). It merged pam into
>ssh to
>> allow multiple authentication tools on the back end. That allowed
>things
>> like searching LDAP for both password and ssh pubkey.
>> On Sep 28, 2014 9:20 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:
>>
>> > Ubuntu Studio - Stable, minimalist desktop and runs on my old
>laptop.
>> > Debian for servers - doesn't have the forked OpenSSH that RHEL has.
>> >
>> > Wolf Halton
>> >
>> > --
>> > This Apt Has Super Cow Powers - http://sourcefreedom.com
>> > Security in the Cloud - http://AtlantaCloudTech.com
>> > <http://atlantaCloudTech.com>
>> >
>> >
>> > On Fri, Sep 26, 2014 at 8:02 AM, Brian Stanaland
><brian at stanaland.org>
>> > wrote:
>> >
>> > > OpenSUSE. Because SLES is the preferred OS for the systems we
>make at
>> > SGI.
>> > >
>> > > --Brian
>> > >
>> > > On Thu, Sep 25, 2014 at 11:09 PM, Scott Castaline
><skotchman at gmail.com
>> >
>> > > wrote:
>> > >
>> > > > C&S!!!
>> > > >
>> > > >
>> > > > On 09/25/2014 08:45 PM, Boris Borisov wrote:
>> > > >
>> > > >> Ed
>> > > >> On Sep 25, 2014 8:45 PM, "Pete Hardie" <pete.hardie at gmail.com>
>> wrote:
>> > > >>
>> > > >>  vi or emacs?
>> > > >>>
>> > > >>> On Thu, Sep 25, 2014 at 7:13 PM, Michael Trausch
><mike at trausch.us>
>> > > >>> wrote:
>> > > >>>
>> > > >>>  I'll jump in, and true to recent form, right back out. :)
>> > > >>>>
>> > > >>>> Fedora and CentOS, depending on the reason for the system.
>Why?
>> > > Because
>> > > >>>> I
>> > > >>>> can very easily support dozens and dozens of the boxes while
>> lifting
>> > > >>>> very
>> > > >>>> few fingers. It's not ideal---and believe you me, no
>distribution
>> > is,
>> > > >>>>
>> > > >>> yet.
>> > > >>>
>> > > >>>> The closer I get to end-users, the more I realize the truth
>that
>> it
>> > > >>>> isn't
>> > > >>>> about the system. It isn't even about the support. It is
>about the
>> > > >>>>
>> > > >>> ability
>> > > >>>
>> > > >>>> to provide SUPERIOR support with minimum resources. An ideal
>> > > >>>> distribution
>> > > >>>> would cover that on all consumer visible fronts. We
>posixheads are
>> > > great
>> > > >>>> great great with the stuff the end user doesn't see or the
>PHB
>> > doesn't
>> > > >>>> support. We need to become better about the other area in
>the
>> > pool...
>> > > >>>>
>> > > >>>> Anyway I am throwing away today's soapbox. Back to your
>regular
>> > > >>>>
>> > > >>> chatter....
>> > > >>>
>> > > >>>> Sent from my iPad
>> > > >>>>
>> > > >>>>  On Sep 25, 2014, at 6:49 PM, Jim Kinney
><jkinney at jimkinney.us>
>> > > wrote:
>> > > >>>>>
>> > > >>>>> Welcome back!
>> > > >>>>>
>> > > >>>>> Let's start a flame war with what distro you most recently
>> > installed
>> > > >>>>>
>> > > >>>> and
>> > > >>>
>> > > >>>> why didn't you use <fill in another favorite>?
>> > > >>>>
>> > > >>>>> :-)
>> > > >>>>>
>> > > >>>>>  On September 25, 2014 5:22:05 PM EDT, David Jackson <
>> > > >>>>>>
>> > > >>>>> deepbsd at yahoo.com>
>> > > >>>
>> > > >>>> wrote:
>> > > >>>>
>> > > >>>>> It's been a long time since I've been on the list (maybe
>8-9
>> > years?),
>> > > >>>>>> and I thought I'd say hi.
>> > > >>>>>>
>> > > >>>>>>
>> > > >>>>>> I set up some Linux boxes here at home and am getting in
>the
>> swing
>> > > of
>> > > >>>>>> it all once again  I'm sure I'll have questions, because
>prior
>> to
>> > > >>>>>> recently, the last distro I installed was Slackware 10.1! 
>:-)
>> My
>> > > how
>> > > >>>>>> things have changed on the distro front.
>> > > >>>>>>
>> > > >>>>>> Well, I'll sit back and watch for a while and raise my
>hand
>> when I
>> > > >>>>>> break something.
>> > > >>>>>>
>> > > >>>>>>
>> > > >>>>>> Good to be back!
>> > > >>>>>>
>> > > >>>>>> Dave
>> > > >>>>>> -------------- next part --------------
>> > > >>>>>> An HTML attachment was scrubbed...
>> > > >>>>>> URL:
>> > > >>>>>> <
>> > > >>>>>>
>> > > >>>>> http://mail.ale.org/pipermail/ale/attachments/20140925/
>> > > >>> da548cff/attachment.html
>> > > >>>
>> > > >>>> _______________________________________________
>> > > >>>>>> Ale mailing list
>> > > >>>>>> Ale at ale.org
>> > > >>>>>> http://mail.ale.org/mailman/listinfo/ale
>> > > >>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >>>>>> http://mail.ale.org/mailman/listinfo
>> > > >>>>>>
>> > > >>>>> --
>> > > >>>>> Jim Kinney
>> > > >>>>> Linux Systems Analyst
>> > > >>>>> Physicist/Brewer
>> > > >>>>> http://jimkinney.us
>> > > >>>>> -------------- next part --------------
>> > > >>>>> An HTML attachment was scrubbed...
>> > > >>>>> URL: <
>> > > >>>>>
>> > > >>>> http://mail.ale.org/pipermail/ale/attachments/20140925/
>> > > >>> a82a3e4f/attachment.html
>> > > >>>
>> > > >>>> _______________________________________________
>> > > >>>>> Ale mailing list
>> > > >>>>> Ale at ale.org
>> > > >>>>> http://mail.ale.org/mailman/listinfo/ale
>> > > >>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >>>>> http://mail.ale.org/mailman/listinfo
>> > > >>>>>
>> > > >>>> _______________________________________________
>> > > >>>> Ale mailing list
>> > > >>>> Ale at ale.org
>> > > >>>> http://mail.ale.org/mailman/listinfo/ale
>> > > >>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >>>> http://mail.ale.org/mailman/listinfo
>> > > >>>>
>> > > >>>>
>> > > >>>
>> > > >>> --
>> > > >>> Pete Hardie
>> > > >>> --------
>> > > >>> Better Living Through Bitmaps
>> > > >>> -------------- next part --------------
>> > > >>> An HTML attachment was scrubbed...
>> > > >>> URL: <
>> > > >>> http://mail.ale.org/pipermail/ale/attachments/20140925/
>> > > >>> 06cc359d/attachment.html
>> > > >>> _______________________________________________
>> > > >>> Ale mailing list
>> > > >>> Ale at ale.org
>> > > >>> http://mail.ale.org/mailman/listinfo/ale
>> > > >>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >>> http://mail.ale.org/mailman/listinfo
>> > > >>>
>> > > >>>  -------------- next part --------------
>> > > >> An HTML attachment was scrubbed...
>> > > >> URL: <http://mail.ale.org/pipermail/ale/attachments/
>> > > >> 20140925/469775dc/attachment.html>
>> > > >> _______________________________________________
>> > > >> Ale mailing list
>> > > >> Ale at ale.org
>> > > >> http://mail.ale.org/mailman/listinfo/ale
>> > > >> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >> http://mail.ale.org/mailman/listinfo
>> > > >>
>> > > >
>> > > >
>> > > > --
>> > > > Sent from my Fedora Linux PC to you, NSA, the CIA, FBI, HSA and
>God
>> > only
>> > > > knows who else?!
>> > > >
>> > > >
>> > > > _______________________________________________
>> > > > Ale mailing list
>> > > > Ale at ale.org
>> > > > http://mail.ale.org/mailman/listinfo/ale
>> > > > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > > http://mail.ale.org/mailman/listinfo
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > "Anyone who has never made a mistake has never tried anything
>new."
>> > -Albert
>> > > Einstein
>> > > -------------- next part --------------
>> > > An HTML attachment was scrubbed...
>> > > URL: <
>> > >
>> >
>>
>http://mail.ale.org/pipermail/ale/attachments/20140926/018b1942/attachment.html
>> > > >
>> > > _______________________________________________
>> > > Ale mailing list
>> > > Ale at ale.org
>> > > http://mail.ale.org/mailman/listinfo/ale
>> > > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > http://mail.ale.org/mailman/listinfo
>> > >
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL: <
>> >
>>
>http://mail.ale.org/pipermail/ale/attachments/20140928/e0279a63/attachment.html
>> > >
>> > _______________________________________________
>> > Ale mailing list
>> > Ale at ale.org
>> > http://mail.ale.org/mailman/listinfo/ale
>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > http://mail.ale.org/mailman/listinfo
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>>
>http://mail.ale.org/pipermail/ale/attachments/20140928/5665b6af/attachment.html
>> >
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://mail.ale.org/pipermail/ale/attachments/20140928/f1312648/attachment.html>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

--
Jim Kinney
Linux Systems Analyst
Physicist/Brewer
http://jimkinney.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140928/74e65e74/attachment.html>


More information about the Ale mailing list