Displaying 20 results from an estimated 3000 matches similar to: "iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability"
2006 Sep 28
1
Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
Bill Moran wrote:
> Can anyone define "exceptionally large" as noted in this statement?:
>
> "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> prohibiting the use of exceptionally large public keys. It is believed
> that no existing applications legitimately use such key lengths as would
> be affected by this change."
>
> It
2007 Aug 23
3
RELENG_6_2 EoL Date?
I'm curious about the estimated EoL date on 6.2-RELEASE. Current estimate
is listed as Jan 31 2008. That's just about 5 months away now. Suggestions
for those who are about to be EoL'ed?
Thanks.
2003 Apr 08
0
[labs@idefense.com: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x]
FYI
-------------- next part --------------
An embedded message was scrubbed...
From: "iDEFENSE Labs" <labs@idefense.com>
Subject: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP
Server 2.x
Date: Tue, 8 Apr 2003 12:44:39 -0400
Size: 4554
Url: http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030408/43598086/attachment.eml
2006 Mar 30
3
Fundraising for FreeBSD security development
Dear FreeBSD users,
Slightly more than three years ago, I released FreeBSD Update, my first
major contribution to FreeBSD. Since then, I have become a FreeBSD
committer, joined the FreeBSD Security Team, released Portsnap, and
become the FreeBSD Security Officer. However, as I have gone from
being a graduate student at Oxford University -- busy writing my thesis
-- to a researcher at Simon
2006 May 10
4
Freebsd-update and 6.1-RELEASE
Hi guys,
Does anybody know if freebsd-update is going to be available for
6.1-RELEASE before the end of Colin's "summer of FreeBSD work"?
I wouldn't like to bother Colin directly via e-mail, so if anyone
already asked for this or something....
Thanx, regards
--
Pietro Cerutti
<pietro.cerutti@gmail.com>
2004 Mar 05
2
Security Officer-supported branches update
The FreeBSD Security Officer would normally be sending out this email,
but he's a bit busy right now and it is clear from reactions to FreeBSD
Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of
the current status of the RELENG_5_1 branch, so I'm going to send out
this reminder myself.
The branches supported by the FreeBSD Security Officer have been
updated to reflect
2006 Dec 06
2
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:25.kmem Security Advisory
The FreeBSD Project
Topic: Kernel memory disclosure in firewire(4)
Category: core
Module: sys_dev
Announced:
2005 Jun 29
3
Perl master site changed to tobez.org?
Tobez: no disrespect intended, obviously you saw a problem with the
master sites for perl 5.8.7 and did what you could to help, and with
your position as a maintainer, I know that the trust we have in you and
your patches is well earned, so don't take this question as anything but
my well-earned paranoia rearing its ugly head:
Yes, building perl5.8.7 did seem like it had a lot of problems
2004 Sep 24
1
sharing /etc/passwd
How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that
can't do PAM, perhaps NIS is the way to go (assuming, of course, you're
behind a firewall). You can store login information in LDAP like you want,
then use a home-grown script to extract the information to a NIS map. Or,
if you have a Solaris 8 machine lying around, you can cut out the middle
step and use
2008 Apr 02
1
freebsd-security Digest, Vol 246, Issue 1
Here's another project for us. We'll want to upgrade to 6.3-RELEASE in May.
On Wed, Apr 2, 2008 at 7:00 AM, <freebsd-security-request@freebsd.org> wrote:
> Send freebsd-security mailing list submissions to
> freebsd-security@freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
2005 Aug 18
4
New FreeBSD Security Officer
Hello Everyone!
It has been my pleasure and privilege to serve as the FreeBSD
Security Officer for the past 3+ years. With the crucial support of
the FreeBSD Security Team members, a lot has been accomplished:
hundreds of security issues have been researched and tracked, with
some resulting in security advisories and patches; software in the
Ports Collection are updated more quickly
2009 Jul 08
1
rumours of openssh vulnerability
Hi all,
There are rumours flying around about a supposed vulnerability in OpenSSH. Two
details which I've seen mentioned many times are
(a) that this exploit was used to break into a RedHat system running OpenSSH 4.3
plus backported security patches, and
(b) that "recent" versions of OpenSSH are not affected;
but it's not clear if there is any basis for these rumours.
Given
2004 Nov 08
0
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Subject: Potential Remote Denial of Service
CVE #: CAN-2004-0930
Affected
Versions: Samba 3.0.x <= 3.0.7
Summary: A remote attacker could cause and smbd process
to consume abnormal amounts of system resources
due to an input validation error when matching
filenames containing wildcard characters.
Patch Availability
- ------------------
A
2006 Apr 24
1
cvs commit: src/sys/amd64/amd64 mp_machdep.c src/sys/i386/i386 mp_machdep.c
Am 24.04.2006 um 23:17 schrieb Colin Percival:
> cperciva 2006-04-24 21:17:02 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/amd64/amd64 mp_machdep.c
> sys/i386/i386 mp_machdep.c
> Log:
> Adjust dangerous-shared-cache-detection logic from "all shared data
> caches are dangerous" to "a shared L1 data cache is
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
2019 Oct 01
1
Re: [NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit
On 9/20/19 8:58 AM, Eric Blake wrote:
> On 9/12/19 12:41 PM, Richard W.M. Jones wrote:
>> We have discovered a potential Denial of Service / Amplification Attack
>> in nbdkit.
>
> Unfortunately, our fix for this issue cause another potential Denial of
> Service attack:
>
>>
>> Lifecycle
>> ---------
>>
>> Reported: 2019-09-11 Fixed:
2008 Feb 06
2
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
TITLE:
KAME Project "ipcomp6_input()" Denial of Service
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
DESCRIPTION:
A vulnerability has been reported in the KAME Project, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the
"ipcomp6_input()" function in
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
1996 Nov 26
7
denial of service attack on login
Hi,
I''ve been writing a login application to utilize the features of both PAM
and libpwdb. Not surprisingly, this has meant looking at some old code..
The following denial of service attack seems to work quite nicely on my
ancient Red Hat 3.0.3 system with the standard login application. Perhaps
this is not a problem with 4.0? Does anyone know about other distributions?
joe$ nvi
2004 Mar 02
7
FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-04:04.tcp Security Advisory
The FreeBSD Project
Topic: many out-of-sequence TCP packets denial-of-service
Category: core
Module: kernel