Displaying 20 results from an estimated 4000 matches similar to: "[PATCH] Tighten /etc/crontab permissions"
2005 Jul 03
2
bind() on 127.0.0.1 in jail: bound to the outside address?
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail
2004 Nov 10
2
Is there any way to know if userland is patched?
Dear folks,
I'm recently investigating large scale deployment and upgrading FreeBSD
RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch
is applied, however, it seems that there is less method to determine
whether the userland is patched, which is somewhat important for large
site managements.
So is "uname -sr" the only way to differencate the
2003 Oct 23
3
/var partition overflow (due to spyware?) in FreeBSD default install
All:
I'm posting this to FreeBSD-security (rather than FreeBSD-net) because
the problems I'm seeing appear to have been caused by spyware, and
because they constitute a possible avenue for denial of service on
FreeBSD machines with default installs of the operating system.
Several of the FreeBSD machines on our network began to act strangely
during the past week. Some have started to
2001 Apr 06
3
$MAIL surprise
I got email yesterday from a user who had run 'from' and got the message
"No mail in /home/stevev/$USER" (where $USER was that person's
username). At first I thought he had pilfered my .bashrc, but on
further investigation I discovered that my home directory path had been
compiled in to sshd, because the configuration tests assume that the
directory part of $MAIL is the
2004 Feb 05
2
Status Check: CVE CAN-2004-0002
Hi,
Just want to ask about the status of this:-
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002
>From list archives I gather the fix is still under refinement (but
committed (and removed?) in HEAD and RELENG_5_2).
One paranoid little shop is running a public web server on RELENG_4_9, and
contemplating this patch:-
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello!
Port security/portaudit reports the following problem:
Affected package: FreeBSD-491000
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
<http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm
l>
Note: To disable this check add the uuid to `portaudit_fixed' in
/usr/local/etc/portaudit.conf
I have 2 related questions:
1)
2000 Sep 08
6
-1 and friends
Yo All!
Well I work on a diverse number of OS's with a diverse number of
clients. Some use F-Secure, SecureCRT, PuTTY, SSH.COM. OpenSSH, etc.
with a wide variety of versions between each, some from source,
some from rpms, etc... Basically a lot of legacy stuff that no one
has the time to update.
In fact I am working on a couple of OpenSSH config problems in the
last few days. Sometimes we
2004 Dec 27
4
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home
page defaced one dark morning. The patch for phpBB is here.
http://www.phpbb.com/downloads.php
The excerpt of the log is attached.
I believe the link to the described exploit is here.
http://secunia.com/advisories/13239
The defacement braggen page is here filter to show the exploited FreeBSD
machines that aneurysm.inc
2008 Dec 02
8
RELENG_7_1: bce driver change generating too much interrupts ?
Since last upgrade, I see much more CPU time "eated" by interrupts (at
least 10% cpu in top)
(see http://dgeo.perso.ec-marseille.fr/cpu-week.png)
The server behave correctly (Or seems to?), and high interrupt number
seems to come from bce cards (source: systat -vmstat)
I just upgraded from
"RELENG_7 Mon Sep 8 12:33:06 CEST 2008"
to
"RELENG_7_1 Sat Nov 29 16:20:35 CET
2007 Jan 13
3
Permission denied by op
i am invoking op from a python proggy which does an op.system() of
op chmod 640 /usr/local/etc/tac_plus.conf
i get "Permission denied by op"
% ls -l /usr/local/etc/op.access
-r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access
% cat /usr/local/etc/op.access
# 2007.01.13
#
#DEFAULT users=src
#
chown /usr/sbin/chown $* ; users=src
chmod /bin/chmod $* ; users=src
2015 May 16
4
charset_to_utf8 assertion of remaining src_size
On 16 May 2015, at 09:39, Xin Li <delphij at delphij.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> On 5/15/15 10:58, Xin Li wrote:
>> Hi,
>>
>> I have seen the following assertion fails on my own mail server
>> (indexer-worker):
>>
>> Panic: file charset-iconv.c: line 132 (charset_to_utf8):
2009 Sep 15
3
FreeBSD bug grants local root access (FreeBSD 6.x)
Hi,
Any info on this subject on
http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/
-- Frederique
2008 Jan 23
1
FreeBSD 6.3-Release + squid 2.6.17 = Hang process.
Hi:
We have a machine running 6.2-R-p10 and squid 2.6.17,
and upgrade it to 6.3R yesterday,
but squid will hang and eat 100% cpu time after restart about 1 hour later,
machine still alive, and no response from squid.
downgrade to 6.2-R-p10, everything ok again..
here is some infomations:
machine type:
FreeBSD 6.3-RELEASE #0: Wed Jan 23 01:58:39 CST 2008
CPU: Intel(R) Xeon(TM) CPU 2.40GHz
2003 Aug 20
1
5.1-R: zero byte core file.
While using 5.1-RELEASE, I find that if my application program seg
faults, it produces "programname.core"; but it is 0 bytes.
I ran the exact same program on another machine that was running
4.4-RELEASE, and I do get a core file that I can use with gdb.
I'd really appreciate if someone could help me resolve this.
Additional details:
- It is not specific to the application
2011 Jun 08
4
On-delivery deduplication?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
A feature of Cyrus-IMAPd I really missed after migrated to Dovecot is
their optional "duplicate suppression", which eliminates duplicate
message at deliver time, if their envelope sender, recipient and
message-id matches. For example, if one subscribes to a mailing list,
and someone hit "Reply All" to reply to him, there
2004 Aug 11
1
FreeBSD-SA-04:13.linux in the wild
Has anyone else seen this in the wild?
We just had an attempted attack yesterday from a live attacker on one of
our machines using this vulnerability. It wasn't all that clever, and
they're long gone, but I *did* manage to catch them in the act and grab
a copy of the binary they tried to run from /tmp/, as well as the PHP
injection code they used to subvert a virtual web site's
2008 Dec 15
1
bce reporting fantom input errors?
Hi,
After changing cables,switches,ports, I came to the conclusion
that bce is reporting input errors that are not there, or creating them.
I checked this with 3 different boxes, all Dell-2950/Broadcom NetXtreme II
BCM5708 1000Base-T (B2), and one of them, while running Solaris, reported
0 errors after a week, and freebsd after a few minutes its count was > 100.
The errors appear under
2008 Apr 08
4
ZFS deadlock
Hello
A box of mine running RELENG_7_0 and ZFS over a couple of disks (6
disks, 3 mirrors) seems to have gotten stuck. From Ctrl-T:
load: 0.50 cmd: zsh 40188 [zfs:&buf_hash_table.ht_locks[i].ht_lock]
0.02u 0.04s 0% 3404k
load: 0.43 cmd: zsh 40188 [zfs:&buf_hash_table.ht_locks[i].ht_lock]
0.02u 0.04s 0% 3404k
load: 0.10 cmd: zsh 40188 [zfs:&buf_hash_table.ht_locks[i].ht_lock]
2008 Apr 30
2
[RFC] FreeBSD port for dovecot 1.1 series
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have put together a preliminary patchset for dovecot 1.1 at:
http://people.freebsd.org/~delphij/misc/dovecot-1.1-rc4.diff
My intention is to repocopy the current dovecot port to dovecot11 and
make changes on the latter. In this version of patchset, I have
intentionally removed the following chunk of change which by default
allows gid=0
2015 May 15
2
charset_to_utf8 assertion of remaining src_size
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I have seen the following assertion fails on my own mail server
(indexer-worker):
Panic: file charset-iconv.c: line 132 (charset_to_utf8): assertion
failed: (*src_size - pos <= CHARSET_MAX_PENDING_BUF_SIZE)
However, when charset_to_utf8_try returns FALSE (e.g. iconv() got
EINVAL or EILSEQ), the for loop in charset_to_utf8 may end earlier,