Displaying 20 results from an estimated 77 matches for "jvidrin".
Did you mean:
jvidrine
2003 Sep 16
9
OpenSSH heads-up
...buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier
Currently, I don't believe that this bug is actually exploitable for
code execution on FreeBSD, but I reserve the right to be wrong :-)
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
-------------- next part --------------
Index: crypto/openssh/buffer.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
retrieving revision 1.1.1.1.2.3
diff -c -c -r1.1.1.1.2.3 buff...
2003 Mar 31
8
what was that?
What does mean this bizarre msgid?
maillog:
Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>,
size=1737, class=0, nrcpts=1,
msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf,
proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219]
--
Nikolaj I. Potanin, SA http://www.drweb.ru
ID
2003 Nov 28
2
Kerberized applications in FreeBSD 5.x
In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos.
Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ?
Thanks!
2003 Sep 23
3
OpenSSH: multiple vulnerabilities in the new PAM code
This affects only 3.7p1 and 3.7.1p1. The advice to leave
PAM disabled is far from heartening, nor is the semi-lame
blaming the PAM spec for implementation bugs.
I happen to like OPIE for remote access.
Subject: Portable OpenSSH Security Advisory: sshpam.adv
This document can be found at: http://www.openssh.com/txt/sshpam.adv
1. Versions affected:
Portable OpenSSH versions 3.7p1
2004 Aug 17
1
remotely exploitable vulnerability in lukemftpd / tnftpd
...eeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you should not have lukemftpd
installed.
Even in FreeBSD 4.7, lukemftpd was installed but not enabled.
More details will be available in a FreeBSD advisory to follow.
Cheers,
--
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
2003 Sep 30
1
OpenSSL heads-up
...EASE.
Fixes for the security branches will be backported and incorporated
over the next week.
Don't expect to see a security advisory until most or all of the
commits have been made.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
2003 Aug 11
1
Kernel build fails (RELENG_4_5)
Hi Jacques, list,
On Mon, Aug 11, 2003 at 09:09:18AM +0100, Bruce M Simpson wrote:
> cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include -I/usr/src/sys/contrib/ipfilter -D_KERNEL -include opt_global.h -elf
2003 Oct 02
3
HEADS UP: upcoming security advisories
...fixed version, OpenSSL 0.9.7c, was
imported into -CURRENT yesterday, and will be MFC'd to -STABLE
today, but it will be a bit longer to backport fixes for the
security branches.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
2004 Feb 29
5
mbuf vulnerability
In
http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
it seems RELENG_4 is vulnerable. Is there any work around to a system that
has to have ports open ?
Version: 1 2/18/2004@03:47:29 GMT
>Initial report
>
<<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650;
>ID#207650:
>FreeBSD Memory Buffer
2004 Mar 16
3
portaudit
Any reason why portaudit and its associated infrastructure was not announced to
this list or security-notifications? I recently discovered it, and discovered
the feature was added to bsd.port.mk in the beginning of feburary. Seeing as
the security officer apparently (without announcement) no longer issues
security notices (SNs) for ports, I am assuming that portaudit has replaced
SNs entirely,
2003 Sep 17
3
Sendmail vulnerability
...usr/src
# patch -p1 < /path/to/patch
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install
Official advisory will go out later today.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
2003 Sep 17
3
Sendmail vulnerability
...usr/src
# patch -p1 < /path/to/patch
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install
Official advisory will go out later today.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
2004 May 03
1
Bad VuXML check on PNG port ?
Hello,
The current png-1.2.5_4 port has no more vulnerability.
It has been corrected by ache@FreeBSD.org yesterday.
But when i try to install the updated port to remplace
the vulnerable one this is what i am told :
# make install
===> png-1.2.5_4 has known vulnerabilities:
>> libpng denial-of-service.
Reference:
2004 Apr 07
5
Changing `security@freebsd.org' alias
...routed to the Security
Officer.
I imagine this will have some significant impact: there must be
many references to security@freebsd.org as a public list out there.
So, I thought I'd air the issue here before sending any request to
postmaster@.
Cheers,
--
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
2003 Sep 17
4
ftp.freebsd.org out of date? (WRT security advisories)
It seems (at least for me) the patches on ftp.freebsd.org are out of
date for the 03:12 security advisory (openssh). ftp2.freebsd.org has
them fine.
I'm wondering if this is a mirror issue or perhaps round-robin DNS problem?
What compounds the issue is that right now the old openssh 3.7 patches
are there (on ftp.freebsd.org), but not the 3.7.1 patches (which can be
found on
2003 Aug 03
12
FreeBSD Security Advisory FreeBSD-SA-03:08.realpath
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:08.realpath Security Advisory
The FreeBSD Project
Topic: Single byte buffer overflow in realpath(3)
Category: core
Module: libc
Announced:
2003 Oct 03
6
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced:
2004 Mar 02
7
FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:04.tcp Security Advisory
The FreeBSD Project
Topic: many out-of-sequence TCP packets denial-of-service
Category: core
Module: kernel
2003 Mar 30
3
FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:07.sendmail Security Advisory
The FreeBSD Project
Topic: a second sendmail header parsing buffer overflow
Category: contrib
Module:
2003 Mar 26
2
what actually uses xdr_mem.c?
In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries
or tools under /bin or /sbin actually use that problem code?
The recent XDR fixes the xdrmem_getlong_aligned(),
xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
functions, but it is difficult to know what uses these (going backwards
manually).