Displaying 20 results from an estimated 7000 matches similar to: "FreeBSD Security Advisory FreeBSD-SA-03:08.realpath"
2003 Aug 05
4
FreeBSD Security Advisory FreeBSD-SA-03:08.realpath [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:08.realpath Security Advisory
The FreeBSD Project
Topic: Single byte buffer overflow in realpath(3)
Category: core
Module: libc
Announced:
2003 Aug 05
4
FreeBSD Security Advisory FreeBSD-SA-03:08.realpath [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:08.realpath Security Advisory
The FreeBSD Project
Topic: Single byte buffer overflow in realpath(3)
Category: core
Module: libc
Announced:
2003 Aug 06
2
Checking realpath file up to date
On the advisory about the realpath problem it says that it was corrected:
RELENG_4_8
src/UPDATING 1.73.2.80.2.3
src/lib/libc/stdlib/realpath.c 1.9.14.1
src/sys/conf/newvers.sh 1.44.2.29.2.2
I ran cvsup and when I look at my src/lib/libc/stdlib/realpath.c I see
2004 Aug 17
1
remotely exploitable vulnerability in lukemftpd / tnftpd
Hi Everyone,
http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later). However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default. So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you
2003 Sep 23
3
OpenSSH: multiple vulnerabilities in the new PAM code
This affects only 3.7p1 and 3.7.1p1. The advice to leave
PAM disabled is far from heartening, nor is the semi-lame
blaming the PAM spec for implementation bugs.
I happen to like OPIE for remote access.
Subject: Portable OpenSSH Security Advisory: sshpam.adv
This document can be found at: http://www.openssh.com/txt/sshpam.adv
1. Versions affected:
Portable OpenSSH versions 3.7p1
2003 Oct 02
3
HEADS UP: upcoming security advisories
Hello Folks,
Just a status on upcoming advisories.
FreeBSD-SA-03:15.openssh
This is in final review and should be released today. Fixes
for this issue entered the tree on September 24. I apologize
for the delay in getting this one out.
FreeBSD-SA-03:16.filedesc
A reference counting bug was discovered that could lead to
kernel memory disclosure or a system panic.
2003 Oct 03
6
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-03:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced:
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and
2003 Sep 17
4
ftp.freebsd.org out of date? (WRT security advisories)
It seems (at least for me) the patches on ftp.freebsd.org are out of
date for the 03:12 security advisory (openssh). ftp2.freebsd.org has
them fine.
I'm wondering if this is a mirror issue or perhaps round-robin DNS problem?
What compounds the issue is that right now the old openssh 3.7 patches
are there (on ftp.freebsd.org), but not the 3.7.1 patches (which can be
found on
2003 Mar 26
2
what actually uses xdr_mem.c?
In regards to FreeBSD-SA-03:05.xdr, does anyone know which static binaries
or tools under /bin or /sbin actually use that problem code?
The recent XDR fixes the xdrmem_getlong_aligned(),
xdrmem_putlong_aligned(), xdrmem_getlong_unaligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
functions, but it is difficult to know what uses these (going backwards
manually).
2003 Mar 31
8
what was that?
What does mean this bizarre msgid?
maillog:
Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>,
size=1737, class=0, nrcpts=1,
msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf,
proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219]
--
Nikolaj I. Potanin, SA http://www.drweb.ru
ID
2004 Feb 29
5
mbuf vulnerability
In
http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
it seems RELENG_4 is vulnerable. Is there any work around to a system that
has to have ports open ?
Version: 1 2/18/2004@03:47:29 GMT
>Initial report
>
<<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650;
>ID#207650:
>FreeBSD Memory Buffer
2003 Nov 28
2
Kerberized applications in FreeBSD 5.x
In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos.
Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ?
Thanks!
2005 Mar 28
3
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:01.telnet Security Advisory
The FreeBSD Project
Topic: telnet client buffer overflows
Category: contrib
Module: contrib/telnet
Announced:
2003 Aug 05
1
What's the thing? FreeBSD Security AdvisoryFreeBSD-SA-03:08.realpath (fwd)
Hello there.
I tried make update using the following stable-supfile:
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_4
*default delete use-rel-suffix
and my two nearest Russian CVS mirrors showed no changes in realpath.
Heck, I downloaded the patch and said in /usr/src:
# patch < realpath.patch
so it was rejected. Then I looked into realpath.c's revision and
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2003 Sep 17
3
Sendmail vulnerability
You've probably already seen the latest sendmail vulnerability.
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
I believe you can apply the following patch to any of the security
branches:
http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
Download the patch and:
# cd /usr/src
# patch -p1 < /path/to/patch
#
2004 Feb 26
3
Environment Poisoning and login -p
There's been an ongoing discussion (started by
Colin Percival's recent work on nologin) about
environment-poisoning attacks via "login -p".
I thought I saw a way to address this, but the more I learn,
the uglier this looks. Maybe some of the good folks who read
freebsd-security can puzzle this one out:
Problem: login -p can be used to propagate environment flags
in order to
2003 Aug 11
1
Kernel build fails (RELENG_4_5)
Hi Jacques, list,
On Mon, Aug 11, 2003 at 09:09:18AM +0100, Bruce M Simpson wrote:
> cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include -I/usr/src/sys/contrib/ipfilter -D_KERNEL -include opt_global.h -elf
2003 Aug 11
5
realpath(3) et al
First, I hope that this message is not considered flame bait. As someone
who has used FreeBSD for for 5+ years now, I have a genuine interest in
the integrity of our source code.
Second, I hope that this message is not taken as any form of insult or
finger pointing. Software without bugs does not exist, and I think we all
know that. Acknowledging that point and working to mitigate the risks