search for: senselab

Update to the mozilla vulnerabilities wich were not Publicly reported (To MY standard, for BSD/Cros platform users) , so i performed my own research,PoC's etc, and have submitted all my results. I wont say i had ANYTHING atall todo with the Update, BUT please Update a.s.a.p to mozilla v1.0.4 , that should stop atleast ONE exploit, the other may be a simple matter oif not allowing your

Hi all, There has been another vulnerability [1] discovered in apache2. This affects only version 2.0.51 (where it was introduced). The ports tree is frozen, pending 5.3-R, so I assume that an update of the apache2 port to 2.0.52 is not forthcoming any time soon. The question is this -- since the apache2 in the ports tree is 2.0.50 plus patches, does the version in the ports tree have this

Hi: I Read these security advisory. http://lab.mediaservice.net/advisory/2003-01-openssh.txt Is my FreeBSD 5.0 afected? What other versions are afected? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url :

I have done a cvsup of the openssh port. It builds correctly, but refuses to install with the following: ===> Installing for openssh-3.6.1_5 ===> openssh-3.6.1_5 conflicts with installed package(s): ssh2-3.2.9.1_1 They install files into the same place. Please remove them first with pkg_delete(1). *** Error code 1 Stop in /usr/ports/security/openssh. I was unable to

Hi, freebsd-security. I have FreeBSD 5.3-STABLE. When I try to change user's password (via passwd) I recieve the following: passwd: entry inconsistent passwd: pam_chauthtok(): error in service module passwd: in pam_sm_chauthtok(): pw_copy() failed and password stays unchanged. There are no other errors in the authorization system at all. Contents of /etc/pam.d stayed unchanged (compared to

...d rely on that for ports operational security? I'm not subscribed to -ports, -questions, or -current, which were apparently where the portaudit introduction discussions took place. -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL vulnerabilities in ASN.1 parsing Category: crypto Module: openssl Announced:

Heya.. By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me one of the forks are runned as root and listening on port 80 as well as the other forks are runned by www:www.. If I got a lot of users connecting to my server on port 80, will thier requests ever be

Dear folks, I'm recently investigating large scale deployment and upgrading FreeBSD RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch is applied, however, it seems that there is less method to determine whether the userland is patched, which is somewhat important for large site managements. So is "uname -sr" the only way to differencate the

> Message: 1 > Date: Thu, 16 Dec 2004 20:31:05 +0800 > From: Ganbold <ganbold@micom.mng.net> > Subject: Strange command histories in hacked shell server Just a minor comment on one portion of your message. [All deleted except the pertinent part - wjv] > Machine is configured in such way that everyone can create an account itself. > Some user dir permissions: > ...

Hi, I am using IPFW on FreeBSD 4.11 I am facing two problems: - SSH sessions timeout after a while - When I run "/sbin/ipfw -q -f flush" in the rules script all connection get reset (and I am thrown out of the box). Is this standard functioning of ipfw or do I need to change any configuration? Thanks, Siddhartha

Just got a pointer to this via ACM "TechNews Alert" for today: http://www.acm.org/technews/articles/2004-6/0818w.html#item2 Seems that "... French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures...." There's more in the article cited above. Peace, david -- David H. Wolfskill

Hi, I need to know what the implications are to make use of the hosts.allow file on a FreeBSD Production Server (ISP Setup)? The reason I'm asking, is that I've recently decommisioned a Linux SendMail Server to a FreeBSD Exim Server, but with no Firewall (IPTABLES) yet. Besides the fact that it only runs EXIM and Apache, is it necessary to Configure rc.Firewall? or can I only make use of

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Hi all, I found similar sequences in the /var/auth.log files of freebsd boxes, I supervise.: Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20 Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20 Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20 Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20 Aug 13 13:56:21 www

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

or "How do I know my copy of FreeBSD is the same as yours?" I have recently been meditating on the issue of validating X.509 root certificates. An obvious extension to that is validating FreeBSD itself. Under "The Cutting Edge", the handbook lists 3 methods of synchronising your personal copy of FreeBSD with the Project's copy: Anonymous CVS, CTM and CVSup. There are

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old