Displaying 20 results from an estimated 1000 matches similar to: "mbuf vulnerability"
2004 Feb 18
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]
Attached is a security alert from Gentoo pertaining to clam antivirus.
It seems that as of this morning, FreeBSD's ports still contain the
affected version.
Thank in advance,
Tom Veldhouse
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Yamin <plasmaroo@gentoo.org>
Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
Date:
2004 Apr 20
3
[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Forwarded message:
> From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004
> To: full-disclosure@lists.netsys.com
> From: Darren Bounds <dbounds@intrusense.com>
> Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability
> Date: Tue, 20 Apr 2004 18:19:58 -0400
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
2003 Mar 26
2
what actually uses xdr_mem.c?
In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries
or tools under /bin or /sbin actually use that problem code?
The recent XDR fixes the xdrmem_getlong_aligned(),
xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
functions, but it is difficult to know what uses these (going backwards
manually).
2003 May 31
3
Packet flow through IPFW+IPF+IPNAT ?
Hi.
On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all:
- IPFW - traffic accounting, shaping, balancing and filtering;
- IPFilter - policy routing;
- IPNAT - masquerading.
I want to know, how IP-packets flow through all of this components?
What's the path?
incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ?
outgoing: IPFW Layer2 ->
2003 Sep 23
3
OpenSSH: multiple vulnerabilities in the new PAM code
This affects only 3.7p1 and 3.7.1p1. The advice to leave
PAM disabled is far from heartening, nor is the semi-lame
blaming the PAM spec for implementation bugs.
I happen to like OPIE for remote access.
Subject: Portable OpenSSH Security Advisory: sshpam.adv
This document can be found at: http://www.openssh.com/txt/sshpam.adv
1. Versions affected:
Portable OpenSSH versions 3.7p1
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and
2003 Oct 02
3
HEADS UP: upcoming security advisories
Hello Folks,
Just a status on upcoming advisories.
FreeBSD-SA-03:15.openssh
This is in final review and should be released today. Fixes
for this issue entered the tree on September 24. I apologize
for the delay in getting this one out.
FreeBSD-SA-03:16.filedesc
A reference counting bug was discovered that could lead to
kernel memory disclosure or a system panic.
2004 Feb 26
3
Environment Poisoning and login -p
There's been an ongoing discussion (started by
Colin Percival's recent work on nologin) about
environment-poisoning attacks via "login -p".
I thought I saw a way to address this, but the more I learn,
the uglier this looks. Maybe some of the good folks who read
freebsd-security can puzzle this one out:
Problem: login -p can be used to propagate environment flags
in order to
2003 Oct 03
6
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced:
2003 Aug 11
1
Kernel build fails (RELENG_4_5)
Hi Jacques, list,
On Mon, Aug 11, 2003 at 09:09:18AM +0100, Bruce M Simpson wrote:
> cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include -I/usr/src/sys/contrib/ipfilter -D_KERNEL -include opt_global.h -elf
2004 Apr 20
10
TCP RST attack
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
----Quote----
"The impact of this vulnerability varies by vendor and application, but in
some deployment scenarios it is rated critical. Please see the vendor
section below for further information. Alternatively contact your vendor
for product specific information.
If exploited, the vulnerability could allow an attacker to create a
2005 Apr 04
1
Strange messages in dmesg after DDoS-attack.
Dear list,
A few days ago one of my machines were attacked by a DDoS-attack using UDP
on random ports.. When I later on analyzed the logs, I found this in my
dmesg:
xl0: initialization of the rx ring failed (55)
xl0: initialization of the rx ring failed (55)
xl0: initialization of the rx ring failed (55)
I tried to find out on google what it ment, but without any luck. What
does that mean and
2003 Mar 31
8
what was that?
What does mean this bizarre msgid?
maillog:
Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>,
size=1737, class=0, nrcpts=1,
msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf,
proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219]
--
Nikolaj I. Potanin, SA http://www.drweb.ru
ID
2003 Nov 28
2
Kerberized applications in FreeBSD 5.x
In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos.
Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ?
Thanks!
2003 Apr 08
3
fstack protector
hi is there any way to build 4.8 release with this fstack protection?
or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated.
//martin
2003 Apr 11
2
Ipf headers not installed per default ?
Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11
14:34:37 EDT 2003
Using the latest Makefile for squid25:
# fgrep \$FreeBSD /usr/ports/www/squid/Makefile
# $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $
Modified with:
# fgrep CONFIGURE_ARGS Makefile |fgrep -v \#
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
2003 Sep 29
4
IPFILTER_DEFAULT_BLOCK & No route to host
Hi,
After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
In addition, the machine cannot ping itself.
ping localhost (or 127.0.0.1) -> no route to host
ping itself with its own ip address -> no route to host
The freebsd box, with an external pppoe
2003 Sep 29
4
IPFILTER_DEFAULT_BLOCK & No route to host
Hi,
After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
In addition, the machine cannot ping itself.
ping localhost (or 127.0.0.1) -> no route to host
ping itself with its own ip address -> no route to host
The freebsd box, with an external pppoe
2003 Apr 14
2
(OT) rfc1948 question
Hi, folks @ freebsd-security.
First, I am not sure if this is apropriate topic for that list, so
sorry, if it is not.
Some time ago I have read rfc1948 (protection from blind TCP spoofing)
and became interested in the way how it is implemented in FreeBSD.
After some googling (BTW if you like Google you might be interested in
this: http://register.spectator.ru/img/bart.gif ), I found this: