similar to: Fwd: FreeBSD kernel buffer overflow

More patch-o-rama :-( ---Mike >From: Michal Zalewski <lcamtuf@dione.ids.pl> >To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>, > <full-disclosure@netsys.com> >X-Nmymbofr: Nir Orb Buk >Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) >[CAN-2003-0694] >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere:

Hello, I see a reproducable panic when doing ibping and aborting it with ^C. My setup is two machines with Mellanox Infinihost III HCAs (one Linux one FreeBSD) connected back-to-back. Details below. I can upload 2 crash dumps, if this is useful. For some reason the port doesn't become ACTIVE, so no packets arrive, but that is probably unrelated. % uname -a FreeBSD cosel.inf.tu-dresden.de

Commit-ID: acd0936c5f8b4f5d94065ca46714d17e6a882cf2 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=acd0936c5f8b4f5d94065ca46714d17e6a882cf2 Author: Harald van Dijk <harald at gigawatt.nl> AuthorDate: Thu, 8 Mar 2018 08:37:11 +0100 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Fri, 25 Jan 2019 02:57:21 +0000 [klibc] parser: use pgetc_eatbnl()

Commit-ID: a4659bfa776f24f790c3ec071c5c9ef9459cdb70 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=a4659bfa776f24f790c3ec071c5c9ef9459cdb70 Author: Harald van Dijk <harald at gigawatt.nl> AuthorDate: Thu, 8 Mar 2018 08:37:11 +0100 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:54 +0000 [klibc] dash: parser: use

Commit-ID: 166a88f4568067378ddce23b91be7b4ec9a9dfb4 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=166a88f4568067378ddce23b91be7b4ec9a9dfb4 Author: Herbert Xu <herbert at gondor.apana.org.au> AuthorDate: Sat, 19 May 2018 02:39:52 +0800 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 28 Mar 2020 21:42:55 +0000 [klibc] dash: eval: Add

Since there never was an answer on the secureshell at securityfocus.com list to this question, I thought I'd ask you guys on your own list and maybe I'll even get an answer. If the answer involves PAM in any way, then the most obvious question becomes "what about IRIX, Tru64, or any other platforms whose login procedure does not have PAM?". ----- Forwarded message from Atro

Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com

---------- Forwarded message ---------- Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4]) by blues.jpj.net (right/backatcha) with SMTP id VAA15167 for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT) Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4) by lists.securityfocus.com

Hi There, re. the recently reported buffer overflow in icecast, is there any "official" security patch against 1.3.11 ? I am reluctant to take any un-official patch like this one ;-) There is nothing on www.icecast.org/releases, maybe it's somewhere else ? Thanks. Alfredo <p><p>>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id:

Does anyone know the practicality of this attack ? i.e. is this trivial to do ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada

Is the version in FreeBSD vulnerable ? http://www.openssh.com/txt/release-4.4 I know version 1 is disabled by default, but if its not, does it impact the daemon ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing

Cisco released an advisory about their ntp client and server having a bug http://www.cisco.com/warp/public/707/NTP-pub.shtml Is there a common code base at all that would have relevance to the code in FreeBSD ? I noticed in the COPYRIGHT file cisco has made some contributions. ---Mike -------------------------------------------------------------------- Mike Tancsa,

An interesting paper http://www.acm.org/sigcomm/sigcomm2003/papers/p75-kuzmanovic.pdf ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike

I noticed with active ftp clients (specifically IMP's .forward modification plugin), an sbsize of something under 32M in /etc/login.conf on the target server now gives Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available. in the ftp logs. What is a safe value to prevent users from abusing the system by eating up all mbufs ? There is a local DoS if

I dont have too many production RELENG_7 boxes post TOE MFC, but on the ones I do, apart from applying # diff -u src/sys/netinet/tcp_offload.c src/sys/netinet/tcp_offload.c.disable --- src/sys/netinet/tcp_offload.c 2008-07-31 18:25:51.000000000 -0400 +++ src/sys/netinet/tcp_offload.c.disable 2008-08-21 09:39:07.000000000 -0400 @@ -58,6 +58,8 @@ struct rtentry *rt;

Any chance someone can look at / commit the fix in PR 52349 before 4.9R ? Its a simple fix. As it is to netstat, I dont know of anyone who 'owns' that program to bug other than to make a general plea :-) ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications,

Thanks to Tor Egge for providing the binary patch and procedure below! ------- begin 644 3dmd.bpatch.144284 6#[IL)`0-N/L```#-@'+KA=)T`C'`PP`` ` end ------- The resulting 3dmd works with a STABLE as of today. Perhaps there should be a note in the port ? ---Mike >If you unpack the following snippet > >using uudecode, you should the following checksum: > >MD5

I noticed with active ftp clients (specifically IMP's .forward modification plugin), an sbsize of something under 32M in /etc/login.conf on the target server now gives Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available. in the ftp logs. What is a safe value to prevent users from abusing the system by eating up all mbufs ? There is a local DoS if

I was suggesting to someone that they enable crash dumps on their server but they have everything on an IDE raid partition. -------------------- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xbed557c5 fault code = supervisor read, page not present instruction pointer = 0x8:0xc027c38d stack pointer = 0x10:0xdea01ecc frame pointer =

Hi, Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip. hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff irq 5 at device 0.0 on pci1 hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions vs hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions When it says "n