[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Installing RedHat 7.0 + Windows NT+ Windows 2000 on a single machine.
Hi folks,
Has any one done this?
That is installed redhat 7.0 + Windows NT+ Windows 2000 on a
single machine.
I can understand this is rather weird to install Nt and 2000 on
the same machine since 2000 is but NT.
However, there's a friend of mine (hard to convince :) ) who
wants it this way.
So, I was just wondering if someone could tell if he's done this before.
Sure windows NT and linux will work alright togather.
However, if someone can educate me on installing win2000 also on
the same machine, it would be great.
Thanks,
Akshay
> -----Original Message-----
> From: linux-india-general-owner@xxxxxxxxxxxxxxxxxxxxx
> [mailto:linux-india-general-owner@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
> Raju Mathur
> Sent: Wednesday, January 24, 2001 10:28 AM
> To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx;
> linux-india-general@xxxxxxxxxxxxxxxxxxxxx
> Subject: [LIG] (fwd) Security Update: CSSA-2001-005.0 password sniffing
> in kdesu
>
>
> [Looks like all KDE2's are vulnerable. Will update when I get some
> more info. In the meantime, if you use kdesu, please follow the
> instructions in this advisory -- Raju]
>
> This is an RFC 1153 digest.
> (1 message)
> ----------------------------------------------------------------------
>
> Return-Path: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
> Approved-By: beng@xxxxxxxxxxxxxxxxx
> Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> X-Mailer: Mutt 0.95.6us
> Message-ID: <20010123103936.A24899@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Reply-To: Caldera Support Info <sup-info@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> X-To: announce@xxxxxxxxxxxxxxxxxxxxxxxx,
> linux-security@xxxxxxxxxx,
> linuxlist@xxxxxxxxxxxxxxxxxx
> From: Caldera Support Info <sup-info@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
> To: BUGTRAQ@xxxxxxxxxxxxxxxxx
> Subject: Security Update: CSSA-2001-005.0 password sniffing in kdesu
> Date: Tue, 23 Jan 2001 10:39:36 -0700
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> __________________________________________________________________
> ____________
> Caldera Systems, Inc. Security Advisory
>
> Subject: password sniffing in kdesu
> Advisory number: CSSA-2001-005.0
> Issue date: 2001 January, 23
> Cross reference:
> __________________________________________________________________
> ____________
>
>
> 1. Problem Description
>
> KDE2 comes with a program called kdesu that is used to run certain
> administration commands under the account of the super user (for
> instance, every time the KDE control center asks you for the root
> password, you actually talk to kdesu).
>
> There is a bug in kdesu that allows any user on the system to steal
> the passwords you enter at the kdesu prompt.
>
> 2. Vulnerable Versions
>
> System Package
> -----------------------------------------------------------
> OpenLinux eDesktop 2.4 All packages previous to
> kdebase2-2.0-6 and kdelibs2-2.0-6
> Note that you are not vulnerable
> if you didn't install the KDE2
> update.
>
> 3. Solution
>
> Workaround:
>
> There is no real workaround for this bug, and the following is _not_
> a permanent solution to the problem; this is merely a temporary
> solution until you have installed the update.
>
> As the super user, create directories in /tmp that have the same
> name as the socket used by kdesu:
>
> mkdir /tmp/kdesud_UID_0
>
> where UID ranges over all user IDs of users on your system. Note
> that the trailing 0 is the display number, so if you run several
> X servers on your machine, you need to repeat the process for
> display 1, 2, etc.
>
> In order to protect just yourself, the following will do the trick:
>
> mkdir /tmp/kdesud_`id -u`_0
>
> The proper solution is to upgrade to the fixed packages.
>
> 4. OpenLinux eDesktop 2.4
>
> 5.1 Location of Fixed Packages
>
> The upgrade packages can be found on Caldera's FTP site at:
>
> ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
>
> The corresponding source code package can be found at:
>
> ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
>
> 5.2 Verification
>
> 23a677755332e24db259ebce9a754e14 SRPMS/kdebase2-2.0-6.src.rpm
> 083b8ddaf4f67d2d0b4146245034229b RPMS/kdebase2-2.0-6.i386.rpm
> b759a751da20a2d6c6c296da94e1656e
> RPMS/kdebase2-opengl-2.0-6.i386.rpm
> 7970d51bc04e4e23e03b01f001f56780 SRPMS/kdelibs2-2.0-6.src.rpm
> 20aa5f2327d8978700c22c8afce9df34 RPMS/kdelibs2-2.0-6.i386.rpm
> cfd8744b1950a9c5f5cf4ecd7adc0f3b
> RPMS/kdelibs2-devel-2.0-6.i386.rpm
> c922e03e8f1024a134d2542e61afca22
> RPMS/kdelibs2-devel-static-2.0-6.i386.rpm
> d394c163bda790719881fc0defc3dca9 RPMS/kdelibs2-doc-2.0-6.i386.rpm
>
> 5.3 Installing Fixed Packages
>
> Upgrade the affected packages with the following commands:
>
> rpm -Fhv kde*2.0-6.i386.rpm
>
> 5. References
>
> This and other Caldera security resources are located at:
>
> http://www.calderasystems.com/support/security/index.html
>
> This security fix closes Caldera's internal Problem Report 8718.
>
> 6. Disclaimer
>
> Caldera Systems, Inc. is not responsible for the misuse of any of the
> information we provide on this website and/or through our security
> advisories. Our advisories are a service to our customers intended to
> promote secure installation and use of Caldera OpenLinux.
>
> 7. Acknowledgements
>
> Caldera Systems, Inc. wishes to thank Sebastian Krahmer (SuSE) and
> Waldo Bastian (KDE) for their assistance.
>
> __________________________________________________________________
> ____________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6bWEY18sy83A/qfwRAt0AAKC1eQpXRqVC2d4crHFEXaYuO08EDACfek/L
> XOoqPc1KETiu0+vLLy5XelU=
> =UqjX
> -----END PGP SIGNATURE-----
>
> ------------------------------
>
> End of this Digest
> ******************
>
> --
> Raju Mathur raju@xxxxxxxxxxxxx http://kandalaya.org/
>
> ----------------------------------------------
> Find out more about this and other Linux India
> mailing lists at http://lists.linux-india.org/