similar to: no patch, is there a problem

it was said: >>On Fri, Mar 18, 2005 at 08:52:30AM +1000, Timothy Smith wrote: >> http://www.securityfocus.com/bid/12825/info/ > >That URL doesn't seem to have any details. > >> openbsd and netbsd have taken action on this, but i see no >>movment in >> the freebsd camp.... > >Well, you wouldn't, on the freebsd-questions list. Security

Hy! I receive an nxge driver messages on console: Aug 18 11:08:42 [hostname] nxge: NOTICE: nxge_ipp_eccue_valid_check: rd_ptr = XXX wr_ptr = YYY I find the bug description/correction at sun web page, and i know i can ignore it. I thinking about how can i delete from console only these messages (here is my first version, what is not (so) elegant): #!/usr/sbin/dtrace -qs #pragma D option

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene

Hi, Please advice me about the below reported vulnerability. High OpenSSH X Connections Session Hijacking Vulnerability Risk: High Application: ssh Port: 22 Protocol: tcp ScriptID: 100584 Overview: OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges

Hello security gurus, yesterday, I mistakenly posted a question on the questions list about this article : http://www.securityfocus.com/bid/13676/info/ which talks about a form of DOS vulnerability. I was curious as to the possibility of FreeBSD 5.x being affected, and if anyone was working on this or not. Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : in

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

Hi, Is there a fix available from openssh for the reported vulnerability when pam is enabled. http://www.securityfocus.com/bid/11781 thanks -logu

Hi List.. I m getting this mesg while trying to dial an extension, both SIP UAs are registered with asterisk, m trying to dial extension 1015 from UA 12321@xyz.com to extension 1016 of UA 77777@xyz.com In extensions.conf I added exten => 1015,1, Dial(SIP/77777,20,tr) Any hint? JF WARNING[16397]: File pbx.c, Line 1153 (pbx_extension_helper): No application ' Dial' for

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

Hello Eric, call progress detection is the problem. Asterisk mistakenly recognizes the call to be answered and then still "hears" the ringing that should not be there if the line was really up. To solve the problem you would have to either implement a progress detection matching your country's indication tones or at least adjust the existing one for US or Costa Rica in dsp.c. By

Colin, good day! Spotted two patches for x11-servers/xorg-server port: see entries for x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html Seems like they are not applied to the xorg-server-6.9.0_5. May be it should be added to the VuXML document? There is a ports/107733 issue that incorporates these patches. May be you

hello, maybe an outdated question: there was a message on the securityfocus mailing list (bugtraq) today (and several month before) about a remote buffer overflow in icecast v1.3.10 (which seems to be a package in debian). does this affect 1.3.11 too or is the version at http://www.icecast.org/download.html fixed? thanks, uno <p>--- >8 ---- List archives: http://www.xiph.org/archives/

Hi there, I am trying to delay sending out DTMF from Voicetronix OpenLine4 to the CO line. The reason being is that Voicetronix sends out the DTMF too fast even before the line is fully established with the carrier. Usually when dialing an 8 digit number, only 7 digits are actually successfully heard by the carrier. Currently, my dial plan is: exten => _9.,1,Dial(vpb/1-1/${EXTEN:1}) Daniel

Hi, I recently noticed that kldstat(8) started to dump core for me on RELENG_7. I traced the problem down to kldstat(2). r182231 (DTrace MFC) introduced a new version of kld_file_stat struct and added some code to support the old version of the structure in kldstat(). In the new code the old structure is known as kld_file_stat_1. Unfortunately there's a bug in this code: kldstat() copies

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

Hi, I'm using Samba (currently samba-3.0.10-1.fc3) in an intranet environment under Fedora Core 3. I learned that I have to upgrade to Samba 3.3.4 or higher in order to join new Windows 7 clients to the domain. Hints to binaries for this setting would be greatly appreciated. Cheers, Jo

I did not see any commits to the OpenSSL code, recently; is anybody going to commit the fix? See http://www.securityfocus.com/archive/1/480855/30/0 for details ... Regards, STefan

What does mean this bizarre msgid? maillog: Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>, size=1737, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] -- Nikolaj I. Potanin, SA http://www.drweb.ru ID