Displaying 20 results from an estimated 2000 matches similar to: "Longest known unpatched FreeBSD security issue ?"
2015 Aug 13
2
unpatched local root on centos 5?
Hi List,
Looks like this affects on centos 5 and is unpatched like on rhel 5?
https://access.redhat.com/articles/1537873
Trying to test if this affects on centos 5. can someone compile this
exploit on centos 5?
https://www.qualys.com/research/security-advisories/roothelper.c
any ideas how to compile it on centos 5?
--
Eero
2003 Mar 29
1
Security fix (Fwd: sendmail 8.12.9 available
From bugtraq :-(
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Sendmail, Inc., and the Sendmail Consortium announce the availability
>of sendmail 8.12.9. It contains a fix for a critical security
>problem discovered by Michal Zalewski whom we thank for bringing
>this problem to our attention. Sendmail urges all users to either
>upgrade to sendmail 8.12.9 or apply a patch for
2015 Aug 13
0
unpatched local root on centos 5?
On 08/12/2015 10:43 PM, Eero Volotinen wrote:
> Hi List,
>
> Looks like this affects on centos 5 and is unpatched like on rhel 5?
>
> https://access.redhat.com/articles/1537873
>
> Trying to test if this affects on centos 5. can someone compile this
> exploit on centos 5?
> https://www.qualys.com/research/security-advisories/roothelper.c
>
> any ideas how to
2015 Aug 13
0
unpatched local root on centos 5?
On 08/13/2015 12:41 PM, Eero Volotinen wrote:
> well, very sad to hear as I use commercial rhel 5 and paying for it..
>
Well, in that case, I would recommend RHEL-6 or RHEL-7 for your RHEL-5
workloads :)
>
> 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>:
>
>> On 08/12/2015 10:43 PM, Eero Volotinen wrote:
>>> Hi List,
>>>
2015 Aug 14
1
unpatched local root on centos 5?
Sound very weird, that supported os is not patched. is the list of non
patched security issues in rhel 5 / centos 5
--
Eero
2015-08-14 7:59 GMT+03:00 Mark Milhollan <mlm at pixelgate.net>:
> On Thu, 13 Aug 2015, Eero Volotinen wrote:
>
> >Looks like this affects on centos 5 and is unpatched like on rhel 5?
>
> >Trying to test if this affects on centos 5.
>
> It
2015 Aug 13
2
unpatched local root on centos 5?
well, very sad to hear as I use commercial rhel 5 and paying for it..
Eero
2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>:
> On 08/12/2015 10:43 PM, Eero Volotinen wrote:
> > Hi List,
> >
> > Looks like this affects on centos 5 and is unpatched like on rhel 5?
> >
> > https://access.redhat.com/articles/1537873
> >
> > Trying to
2006 Sep 05
2
http://www.openssl.org/news/secadv_20060905.txt
Does anyone know the practicality of this attack ? i.e. is this trivial to do ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada
2003 Aug 28
1
new DoS technique (exploiting TCP retransmission timeouts)
An interesting paper
http://www.acm.org/sigcomm/sigcomm2003/papers/p75-kuzmanovic.pdf
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
2004 Jan 16
1
HiFn / FAST_IPSEC question
Hi,
Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip.
hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff
irq 5 at device 0.0 on pci1
hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions
vs
hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0
on pci0
hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions
When it says "n
2003 Jul 01
2
4.9R bug fix ?
Any chance someone can look at / commit the fix in PR 52349 before 4.9R ?
Its a simple fix. As it is to netstat, I dont know of anyone who 'owns'
that program to bug other than to make a general plea :-)
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,
2003 Sep 17
0
Fwd: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
More patch-o-rama :-(
---Mike
>From: Michal Zalewski <lcamtuf@dione.ids.pl>
>To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>,
> <full-disclosure@netsys.com>
>X-Nmymbofr: Nir Orb Buk
>Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one)
>[CAN-2003-0694]
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere:
2003 Sep 15
1
Fwd: Re: [Full-Disclosure] new ssh exploit?
Has anyone around here heard of this ?
---Mike
>Subject: Re: [Full-Disclosure] new ssh exploit?
>From: christopher neitzert <chris@neitzert.com>
>Reply-To: chris@neitzert.com
>To: full-disclosure@lists.netsys.com
>X-Mailer: Ximian Evolution 1.4.3.99
>Sender: full-disclosure-admin@lists.netsys.com
>X-BeenThere: full-disclosure@lists.netsys.com
2011 Dec 28
8
what percent of time are there unpatched exploits against default config?
Suppose I have a CentOS 5.7 machine running the default Apache with no
extra modules enabled, and with the "yum-updatesd" service running to pull
down and install updates as soon as they become available from the
repository. (Assume further the password is strong, etc.) On the other
hand, suppose that as the admin, I'm not subscribed to any security alert
mailing lists which send
2017 Sep 26
2
tweaking max sessions / scaling
Other than cranking up logging to debug2, is there a way to better tune
logging on a server to see if I am running into max sessions ? On
FreeBSD RELENG11 I am periodically seeing connections being refused-
3way handshake not completing or completing and then FINs.
Typically, I have a hundred or so connections at one time, but they can
bounce up to a few hundred on occasion. Without leaving the
2006 Sep 28
1
OpenSSH DoS issue ?
Is the version in FreeBSD vulnerable ?
http://www.openssh.com/txt/release-4.4
I know version 1 is disabled by default, but if its not, does it
impact the daemon ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing
2003 Sep 23
1
NTP common code base ?
Cisco released an advisory about their ntp client and server having a bug
http://www.cisco.com/warp/public/707/NTP-pub.shtml
Is there a common code base at all that would have relevance to the code in
FreeBSD ? I noticed in the COPYRIGHT file cisco has made some contributions.
---Mike
--------------------------------------------------------------------
Mike Tancsa,
2003 Jun 02
0
sbsize and local DoS issue via kernel panic
I noticed with active ftp clients (specifically IMP's .forward modification
plugin), an sbsize of something under 32M in /etc/login.conf on the target
server now gives
Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available.
in the ftp logs. What is a safe value to prevent users from abusing the
system by eating up all mbufs ? There is a local DoS if
2008 Aug 21
0
working around TOE bug
I dont have too many production RELENG_7 boxes post TOE MFC, but on
the ones I do, apart from applying
# diff -u src/sys/netinet/tcp_offload.c src/sys/netinet/tcp_offload.c.disable
--- src/sys/netinet/tcp_offload.c 2008-07-31 18:25:51.000000000 -0400
+++ src/sys/netinet/tcp_offload.c.disable 2008-08-21
09:39:07.000000000 -0400
@@ -58,6 +58,8 @@
struct rtentry *rt;
2003 Apr 09
0
Fwd: Re: 3ware 3dmd broken in STABLE ( due to cvs commit: src/sys/kern kern_descrip.c kern_fork.c )
Thanks to Tor Egge for providing the binary patch and procedure below!
-------
begin 644 3dmd.bpatch.144284
6#[IL)`0-N/L```#-@'+KA=)T`C'`PP``
`
end
-------
The resulting 3dmd works with a STABLE as of today. Perhaps there should
be a note in the port ?
---Mike
>If you unpack the following snippet
>
>using uudecode, you should the following checksum:
>
>MD5
2003 May 29
0
sbsize and active ftp sessions (login.conf)
I noticed with active ftp clients (specifically IMP's .forward modification
plugin), an sbsize of something under 32M in /etc/login.conf on the target
server now gives
Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available.
in the ftp logs. What is a safe value to prevent users from abusing the
system by eating up all mbufs ? There is a local DoS if