similar to: freebsd-security Digest, Vol 61, Issue 3

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

I'm just one of those weirdos, who wanna make a powerfull queues shaper (not QoS but near) with ipfw2 on their freebsd 4.x-stable. My server is using frequently used configuration with NAT+FW ADSL router with one external ip on external network interface (we're using ADSL modem in bringe mode). I've configured single pipe, configured queues to use that pipe, add queues with different

Hallo, I?m using tincd now since the old days of 1.0pre4 and ist pretty good software. Ths week I went to upgrade from 1.0pre7 to 1.0.1 and failed. The tincd process gets aborted inside the libcrypto library with OPENSSL_assert (inl >0). Tracking down that problem I found, that the EVP_DecryptUpdate gets called in meta.c with the last argument containing a negativ value (lenin is -204).

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

running (4-Stable) Hi, short form question: how does one run XDM under securelevel>0 ? long version: i've searched for an answer on how to run Xfree/Xorg at a securelevel the X server likes access to /dev/io and some other resources but is not granted access after security is switched on. one way of doing it seems to be to start it before setting the securelevel, but then is doesnt

If lwIP encounters a half-open connection (e.g. due to a restarted application reusing the same port numbers) it will correctly send a RST but will not resend the SYN until one retransmission timeout later (approximately three seconds). This can increase the time taken by lpxelinux.0 to fetch its configuration file from a few milliseconds to around 30 seconds. Fix by immediately retransmitting

Please see below Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7 -----Original Message----- From: Flechsenhaar, Jon J Sent: Wednesday, September 27, 2006 10:30 AM To: lartc@mailman.ds9a.nl Subject: FW: [LARTC] 2.6.14 - HTB/SFQ QoS broken? Please see below Jon Flechsenhaar Boeing WNW Team Network Services (714)-762-1231 202-E7 -----Original Message----- From:

Hi there, I'm seeing quite frequent segfaults around check_dead_connections() and terminate_connection() when the tcp meta connection to a node times out (or is e.g. firewalled), usually it happens when there's heavy packet loss: Program terminated with signal 11, Segmentation fault. #0 edge_del (e=0x1b71ba0) at edge.c:96 96 avl_delete(e->from->edge_tree, e); (gdb)

1. HFSC have 4 curve such sc, rc, ls, ul and 1.1 In leaf class can specify rc for guarantee service (bandwidth and delay) and If want to sharing fairness exceess service, we must specify ls and ul curve too (ls curve with paramater m2 specify at lease sharing bandwidth in that class will receive and ul curve mean maximum bandwidth in that class will receive) so i''m doubt .. about if i

has anyone played with the securelevel variable in the kernel and the immutable flags in the ext2 file system? The only way I have found to change the flag is by patching sched.c from int securelevel=0 to int securelevel=1 The sysctrl code seems to allow the setting of the flag only by init (PID=1) and only upwards (0->1, etc). The problem is that I haven''t found a way to get init

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:02 Security Advisory FreeBSD, Inc. Topic: security compromise via mmap Category: core Module: kernel Announced: 1998-03-12 Affects:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:77 Security Advisory FreeBSD, Inc. Topic: Several vulnerabilities in procfs Category: core Module: procfs Announced: 2000-12-18

Thanks for the module, I think its a good idea to commit it to FreeBSD for a few reasons: 1) Some folks just prefer more static kernels. 2) Securelevel is a great thing, but can be a pain to do upgrades around remotely. [A lot of folks use FreeBSD simply because its a breeze to run remotely]. 3) Until someone writes code to add modules to a kernel via /dev/mem and releases it to the script

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

I've read about securelevel in the mailing list archive, and found some pitfalls (and seems to me to be discarded soon). But According to me, the following configuration should offer a good security: - mount root fs read only at boot; - set securelevel to 3; - do not permit to unmount/remount roots fs read-write (now it is possible by means of "mount -uw /"); - the only way to make

Alexander O. Yuriev wrote: > > Your message dated: Wed, 20 Nov 1996 18:04:39 EST > > >has anyone played with the securelevel variable in the kernel and the > > >immutable flags in the ext2 file system? > > > > Yes, and its actualy quite nice. > > > > >The sysctrl code seems to allow the setting of the flag > > >only by init (PID=1)

On Tue 2012-09-18 (23:31), Gareth de Vaux wrote: > Looking at /usr/src/share/mk/bsd.prog.mk and /usr/src/share/mk/bsd.lib.mk - > bins and libs get installed with schg if PRECIOUSPROG and PRECIOUSLIB are > set respectively in their makefiles, both of which can be overridden by > setting NO_FSCHG, presumably in /etc/make.conf. > > Without this doing jail maintenance/upgrades is a

Hi, I'm running 4.8-STABLE but I'm having some problems installing a new kernel. (in /usr/src make installkernel). mv /kernel /kernel.old operation not permitted My securelevel is currently set to -1 (kern_securelevel=-1) and kern_securelevel_enable="NO" I have already executed chflags noschg /kernel and /kernel.old (while in single user mode). What am I missing? Thanks.

Hi, Sorry for cross posting. I have with FreeBSD 5.3-stable server which serves as a public shell server. FreeBSD public.ub.mng.net 5.3-STABLE FreeBSD 5.3-STABLE #6: Wed Nov 24 15:55:36 ULAT 2004 tsgan@public.ub.mng.net:/usr/obj/usr/src/sys/PSH i386 It has ssh and proftp-1.2.10 daemons. However it was hacked and I'm trying to analyze it and having some difficulties. Machine is

This message is reporting 2 possible bugs: a possible problem with sshd from OpenSSH 2.2 on FreeBSD 4.2, and a possible security hole in FreeBSD's boot process (??) I am not an expert on these kinds of issues and therefore do not have the knowledge necessary to trace the origins of the problem to the extent that would probably be helpful. Nevertheless, here goes: Here is the physical