search for: ryabinkin

Displaying 14 results from an estimated 14 matches for "ryabinkin".

Did you mean: ryabinin
2007 Mar 14
2
OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene
2009 Dec 01
1
LD_PRELOAD temporary patch
I've used that patch to close the hole. This patch is temporary and doesn't fix real trouble maker - problem in new version in getenv() (after 6.3 it got changed to something monstrous and non-working right if environment has only one variable), hope it will get fixed soon. *** rtld.c.orig Tue Dec 1 16:55:13 2009 --- rtld.c Tue Dec 1 16:55:55 2009 *************** *** 357,374 ****
2008 Mar 02
2
*BSD user-ppp local root (when conditions permit)
Good day. Fri, Feb 29, 2008 at 04:39:03PM -0000, sipherr@gmail.com wrote: > I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2) > > Steps to reproduce: > > 1. Run ppp > > 2. type the following (or atleat some variation of) > >
2008 Nov 22
0
[patch] [vuxml] net/wireshark: fix DoS in SMTP dissector
>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [patch] [vuxml] net/wireshark: fix DoS in SMTP dissector >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 &g...
2007 Jan 10
1
Recent vulnerabilities in xorg-server
Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you
2008 Nov 24
0
[vuxml] editors/vim: document netrw issues
>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] editors/vim: document netrw issues >Severity: serious >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Descriptio...
2007 Mar 16
0
freebsd-security Digest, Vol 201, Issue 2
.../a6be0eb3/attachment-0001.pgp > > ------------------------------ > > Message: 5 > Date: Thu, 15 Mar 2007 12:02:24 +0100 (BST) > From: Robert Watson <rwatson@FreeBSD.org> > Subject: Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has > this too? > To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> > Cc: freebsd-security@freebsd.org > Message-ID: <20070315120009.A60010@fledge.watson.org> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > > On Wed, 14 Mar 2007, Eygene Ryabinkin wrote: > >> Just spotted the new advisory...
2007 Oct 05
2
FastIPSec and OCF
Hi, Does FASTIPSec in FreeBSD use OCF framework ? Where can I find more documentation ? I wish to run cryptographic algorithms after setting a VPN. What command should I use to run a particular crytographic algorithm (e.g. 3DES etc.) Where can I find all such information ? -- Regards, Bubble
2008 Feb 24
0
Zeroing sensitive memory chunks [Was: Security Flaw in Popular Disk Encryption Technologies]
Good day. I am posting the follow-up to the -hackers and CC'ing to the -security, because some more-or-less nasty points were found. Sat, Feb 23, 2008 at 10:32:02PM +0300, Eygene Ryabinkin wrote: > But there is another concern with bzero(): it is well-known function. > Especially for compilers. And it is bad: some arrays inside g_eli, > that hold decryption keys are the local variables. And they are > not used after the final bzero() call, so optimizing compiler can &gt...
2007 Mar 21
4
Reality check: IPFW sees SSH traffic that sshd does not?
This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that
2007 Dec 02
6
MD5 Collisions...
Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attacks on MD5 are in the
2008 Nov 13
0
ports/128837: [vuxml] net-mgmt/net-snmp and net-mgmt/net-snmp53: CVE-2008-4309
I thought I had added Cc to the freebsd-security, but I hadn't seen the PR in the list. So I am bouncing this message to the freebsd-security. Thu, Nov 13, 2008 at 11:00:11AM +0000, FreeBSD-gnats-submit@FreeBSD.org wrote: > http://www.freebsd.org/cgi/query-pr.cgi?pr=128837 > > >Category: ports > >Responsible: freebsd-ports-bugs > >Synopsis: [vuxml]
2009 May 21
0
FYI: ntpd, CVE-2009-1252, remote code execution with enabled Autokey authentication
For those who are running Autokey with stock NTPD: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://www.freebsd.org/cgi/query-pr.cgi?pr=134787 For users of net/ntp: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134755 http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134756 -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'`
2007 Apr 17
0
VuXML entry for CVE-2007-1870: ClamAV CAB File Unstore Buffer Overflow
Good day. Spotted the CVE-2007-1870: the clamav 0.90.2 is already in the ports, but no sign of the issue in the VuXML. The entry is attached. One thing that is a bit strange is that the ChangeLog for the ClamAV (http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog) says about CVE-2007-1997 as the libclamav/cab.c log entry, but I think they are messed the numbers -- there is no such CVE, at