[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[linux-security] Re: [RHSA-1999:029-01] Denial of service attackin in.telnetd

From: Sergio Ballestrero <s ballestrero c-sistemi it>
To: Mihai Ibanescu <misa necomm ro>
Cc: linux-security redhat com
Subject: [linux-security] Re: [RHSA-1999:029-01] Denial of service attackin in.telnetd
Date: Tue, 24 Aug 1999 22:46:05 +0200 (CEST)

On Mon, 23 Aug 1999, Mihai Ibanescu wrote:

> On Sat, 21 Aug 1999, Sergio Ballestrero wrote:
> 
> > On Sat, 21 Aug 1999, Rogier Wolff wrote:
> > 
> >  As far as i know (and remember - it's a few months that i run 6.0 )
> > there's practically no difference between a fully updated 5.1 and a 5.2.
> > So after you have installed all the 5.1 updates, you can quite painlessly
> > start installing the 5.2 updates. I basically did the 5.1->5.2 upgrade "by
> > hand", and had no real problem - but don't try this with major releases.
> 
> 	This is not 100% true. It was a pain to upgrade from RedHat 4.2 to
> 5.x. It really was. But from 5.2 to 6.0 it's not a problem, if packages
> are updated in the right order. This is the great thing about rpm - you
> can upgrade a server without the need to reboot it!

 Nice to hear this. 4.2 -> 5.0 had been such a nightmare that i had not
even tried 5.2 -> 6.0; and anyway i needed to keep a dual boot (5.2/6.0)
for other reasons.

> 	Should anyone want to try it, I am ready to further explain how it
> should be done.

 It would very nice: here at CERN we have a lot of RH5.2 boxes ('cause it
still the CERN officially supported version) and i'll have to upgrade a
few. Or even better, what about a web page ? if you don't have a place, i
can host it.

> 	Sure, an updated 5.[0-1] should be equivalent with an updated 5.2,
> but since it's always possible to have an original 5.1 package that is
> buggy, and the original 5.2 was not, I feel more comfortable if I upgrade
> the system to 5.2.

me too - but the bugs left around are of no security concern, AFAIK.

> > PS i do have a "rpm_upd" perl script that does some sanity checks before
> > installing an upgrade (no install if any file has been modified and the
> > alikes). Mail me if you want it.

i've received quite a lot of mails for my rpm_upd, so i simply decided
that it's easier for everybody if i just put it on the web. The rest of my
web site is terrible - please don't look at it ;-)

http://home.cern.ch/~sash/scripts/

 Cheers, Sergio

--------------------------------------------------------------------------
 Things will get better despite             Sergio Ballestrero
our efforts to improve them.                  Sergio Ballestrero cern ch
	-- Will Rogers                             S Ballestrero iname com

References:
- [linux-security] Re: [RHSA-1999:029-01] Denial of service attackin in.telnetd
  - From: Mihai Ibanescu

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]