RE: Laboratory Setup Help (RS)

["Javier Fernandez-Sanguino" <jfernandez () germinus com>]

You can find information on vulnerable packages from the distribution's
main site. I don't know about others, but Debian, for example, dedicates
security.debian.org for this. Since the advisories are there you can
check out which Debian GNU/Linux packages are vulnerable.

Of course, you can always use Bugtraq (www.securityfocus.com) for
information on vulnerabilities and see the cross-relationships with
GNU/Linux distributions (either the database or the advisories sent to
the mailing list). 
Regards

Javier Fernandez-Sanguino

> -----Mensaje original-----
> De: Arturo "Buanzo" Busleiman [mailto:buanzo () buanzo com ar]
> Enviado el: miercoles, 30 de enero de 2002 18:09
> Para: pen-test () securityfocus com
> Asunto: Laboratory Setup Help (RS)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =- To moderator -=
> Moderator, my last post didn't go thru because you told me to 
> search the
> archives. I did that, and found a couple of results, but I 
> kindly request
> you to let this post pass, as my findings weren't exactly 
> what I needed.
> *please* :)
> =- EOM
>
> Hello world's pen-testers!
>
> I was employeed last month by a company who wants to setup a Pen-Test
> laboratory that I will lead. The environment would be an homogeneous
> GNU/Linux network.
>
> What I need is you to recommend versions of the following
> packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc
>
> that are remotely exploitable for gaining shell access (or 
> the possibility
> to execute commands on the remote system), AND some local exploits to
> acquire root privileges.
>
> Of course, if you can lead me to specific documentation regarding the
> exploits of those packages versions, I will greatly 
> appreciate it and be
> most thankful.
>
> Thank you very much to all of you!
>
> Arturo "Buanzo" Busleiman
> - -=( RareGaZz-Team Member )=-
> GNU/Linux USERS, MP Ediciones
> GNU's es_AR Translation Team Leader
> Moderador de Seguridad () alipso com
> Turcin Soluciones Informaticas http://www.turcin.com.ar
> http://www.buanzo.com.ar
> PGP/GnuPG Public Key available at horowitz.surfnet.nl
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA
> 4OvlZoAueBCUXWCCPTEwvTM=
> =1Mku
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security 
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security 
> vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/