Displaying 20 results from an estimated 4000 matches similar to: "Is there any way to know if userland is patched?"
2004 Dec 27
4
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home
page defaced one dark morning. The patch for phpBB is here.
http://www.phpbb.com/downloads.php
The excerpt of the log is attached.
I believe the link to the described exploit is here.
http://secunia.com/advisories/13239
The defacement braggen page is here filter to show the exploited FreeBSD
machines that aneurysm.inc
2005 Jul 03
2
bind() on 127.0.0.1 in jail: bound to the outside address?
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail
2004 Aug 10
3
[PATCH] Tighten /etc/crontab permissions
Hi folks,
While investigating OpenBSD's cron implementation, I found that they set
the systemwide crontab (a.k.a. /etc/crontab) to be readable by the
superuser only. The attached patch will bring this to FreeBSD by moving
crontab out from BIN1 group and install it along with master.passwd.
This change should not affect the current cron(1) behavior.
Cheers,
--
Xin LI <delphij frontfree
2005 Jan 10
1
update for 4.11 Security Officer-supported branches
Hello...
In regards to http://www.freebsd.org/security/ , from what I understand
the FreeBSD 4.x branch is generally winding down in favor of the 5.x/6.x
branches. It would be nice to know ahead of time if 4.11 will also be
an extended release, or if that would fall to 4.12. For those of
running 4.8 (expiring about the same time as 4.11 is released) we would
be in a better position to know
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello!
Port security/portaudit reports the following problem:
Affected package: FreeBSD-491000
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
<http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm
l>
Note: To disable this check add the uuid to `portaudit_fixed' in
/usr/local/etc/portaudit.conf
I have 2 related questions:
1)
2006 Aug 08
9
Handling userland char ** pointers
I''ve been trying to get access to a userland string that''s behind a
second level pointer using DTrace, but I can''t seem to get it to work.
I started with the example on the Team DTrace Tips and Tricks slides:
trace(copyinstr(*(uintptr_t *)copyin(arg0, curpsinfo->pr_dmodel ==
PR_MODEL_ILP32 ? 4 : 8)));
And when I couldn''t get it to work, I started
2004 Feb 05
2
Status Check: CVE CAN-2004-0002
Hi,
Just want to ask about the status of this:-
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002
>From list archives I gather the fix is still under refinement (but
committed (and removed?) in HEAD and RELENG_5_2).
One paranoid little shop is running a public web server on RELENG_4_9, and
contemplating this patch:-
2008 Jan 23
1
FreeBSD 6.3-Release + squid 2.6.17 = Hang process.
Hi:
We have a machine running 6.2-R-p10 and squid 2.6.17,
and upgrade it to 6.3R yesterday,
but squid will hang and eat 100% cpu time after restart about 1 hour later,
machine still alive, and no response from squid.
downgrade to 6.2-R-p10, everything ok again..
here is some infomations:
machine type:
FreeBSD 6.3-RELEASE #0: Wed Jan 23 01:58:39 CST 2008
CPU: Intel(R) Xeon(TM) CPU 2.40GHz
2005 Dec 19
7
Brute Force Detection + Advanced Firewall Policy
Any BFD/AFP softwares available for FreeBSD 4.10?
Im getting flooded with ssh and ftp attempts.
2016 Dec 14
0
Release for CentOS userland 7(1611) on armhfp
I am pleased to announce the general availability of CentOS Linux 7
(1611) for armhfp compatible machines.
This is the current release for CentOS Linux
7 and is tagged as 1611, derived from Red Hat Enterprise Linux 7.3
== Download
You can download new images for armhfp boards on
http://mirror.centos.org/altarch/7/isos/armhfp/
Images and sha256sums :
2003 Mar 31
5
rfc3514 - Security Flag in the IPv4 Header
Any chance of this being implemented in fbsd? Could be usefull ;-)
ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
2009 Sep 03
0
Problem with userland/module versions
Hi,
I am using a centos 5.3 and after a kernel upgrade I've reinstalled the
kmod so it could copy/create the links to the .ko files.
When I start the drbd I receive messages like this:
DRBD module version: 8.2.6
userland version: 8.3.2
preferably kernel and userland versions should match.
I'd like to know how 'serious' is this difference (in terms of potential
problems) and
2006 Oct 31
0
4970475 There should be a stackdepth equivalent for userland
Author: ahl
Repository: /hg/zfs-crypto/gate
Revision: a2677fc0a5fb6895ed56fc4698646ece44978a48
Log message:
4970475 There should be a stackdepth equivalent for userland
5084954 value of dip can be incorrect in autovec
6181505 dtrace sysinfo:::modload probe does not fire when using ''modload''
6265417 schedctl-yield isn''t listed in sdt_subr.c
6272558 gcc and dtrace
2015 Feb 19
0
[PATCH] VMCI: Check userland-provided datagram size
Ensure that the size filled in by userland in the datagram header
matches the size of the buffer passed down in the IOCTL. Note that we
account for the size of the header itself in the check.
Acked-by: Jorgen Hansen <jhansen at vmware.com>
Acked-by: Aditya Sarwade <asarwade at vmware.com>
Signed-off-by: Andy King <acking at vmware.com>
Reported-by: David Ramos <daramos at
2015 Feb 19
0
[PATCH] VMCI: Check userland-provided datagram size
Ensure that the size filled in by userland in the datagram header
matches the size of the buffer passed down in the IOCTL. Note that we
account for the size of the header itself in the check.
Acked-by: Jorgen Hansen <jhansen at vmware.com>
Acked-by: Aditya Sarwade <asarwade at vmware.com>
Signed-off-by: Andy King <acking at vmware.com>
Reported-by: David Ramos <daramos at
2009 Jun 01
0
A couple of small, paid userland hacker projects.
Hey there,
I'm looking for someone to implement each of the following:
(1) Make pkg_add(1) not use system(3) to execute external programs to
do things that it can implement internally (i.e. calling out to tar(1)
is fine, calling out to mkdir(1) is not.) Alternately, rewrite
pkg_add as a sh(1) shell script, with perhaps a minimal utility
written in C (pkg_admin?) to muck with /var/db/pkg.
2006 Jun 30
1
Determining vulnerability to issues described by SAs
Hi,
I've been trying for the past few days to come up with a method for
checking a FreeBSD system to see if it is vulnerable to an issue
described by a FreeBSD security advisory in some automated way, similar
to the way portaudit can use VuXML to check for vulnerabilities in
ports. Right now, I'm a bit stuck--there seem to be fairly major issues
with all the methods I've come up
2004 Jul 20
1
Samba as a portable userland FS basis?
Recently, I looked at some options implementing unusual file systems
in userland.
On Linux, there is LUFS and similar stuff which frees one from touching
any kernel code. The design is always similar: a generic kernel module
forwards calls to a user level daemon and forwards returned results
back. The user level daemon implements or serves as a basis for
unusual user land filesystem
2006 Jan 24
3
IPsec, VPN and FreeBSD
Hi:
We intend to build IPSec based VPN server on FreeBSD
platform so that we can access internal network of a
lab. The remote side will use VPN client and could be
from anywhere of the Internet, or may be from the
another site of the company. From the hnadbook, I saw
the sample of site-to-site configurations and we do
have one FreeBSD firewall (running ipfw) on both site
and another one on
2005 Oct 26
1
Non-executable stack
Hi all
Does FreeBSD support a non-executable stack on any of the tier 1 and 2
platforms that has this feature?
If not, are there any plans of implementing this and is there a patch I can
use for 6.0 (when it is released)?
Best regards
db