similar to: fstack protector

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >

Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and

As promised, the updated if_xl with full busdma support / other improvements has been MFC'd to 4.8-stable. While I have put this driver through extensive testing, it is possible that there may be bugs which are either present in the -current version or that I added in the MFC process. So, if you cvsup to -stable anytime in the future and notice problems with if_xl, please tell me ASAP!

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

Mike Silbersack wrote: > On Tue, 16 Sep 2003, Scott Long wrote: > > >>Patches have been floated on the mailing list that revert PAE in its >>various stages. Maybe those need to be brought back up. Silby? Tor? >> >>Scott > > > I believe that Tor's commit on August 30th resolved the PAE-related > problems, so there is no need for a reversion.

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

Has anyone seen the recently published IETF draft regarding ICMP attacks against TCP? [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt] I'm interested in any comments as to the vulnerability of FreeBSD's TCP to such attacks and the need for or usefulness of the various solutions proposed in the paper. Thanks, all - Steve -- Steve Zweep Senior Software

Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date:

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running stock FreeBSD with services running: samba (connections allowed only from local network), lpd (same), bind (all interfaces), apache (all), zope (local) This machine is home gateway/http/printserver. Recently some strange things happened as my printer all of sudden started to print stuff when nobody prints... luckily (or

As others have noted, Tor's patch appears to be a total solution to the recent instability the PAE patch introduced. So, if you're experiencing panics with a recent kernel, or are in a position to stress a machine, please cvsup and give it a test! Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 30 Aug 2003 08:39:08 -0700 (PDT) From: Tor Egge

Hi all. I'm migrating from a small OpenLDAP setup and currently have users' password hashes in {SSHA} and {CRYPT}$5$.16s format. Can I just ldbedit or ldbmodify user's supplementalCredentials fields in /var/lib/samba/private/sam.ldb.d/DC%3DAD%2CDC%3DEXAMPLE%2CDC%3DCOM.ldb to migrate passwords? Provided that I could get the data structure right. (Documentations about

Any chance of this being implemented in fbsd? Could be usefull ;-) ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/

We joined a samba 4.11 DC (sernet-packages) into a windows domain? with round about 170.000 objects. After "commiting SAM database" has finished after 21 hours we now have a database-file but if we try to list the content with "ldbsearch --url=/var/lib/samba/privat/sam.ldb" we get the following error: ------------------------- ldbsearch --url=/var/lib/samba/private/sam.ldb

Hello out there, everybody! I was actually expecting to find several (hundred) threads with this subject being discussed. To my surprise I didn't find a single one either on these mailing lists or in the newsgroups - at least not in a language I understand. :-) I realize that gbde and geli are not designed to be better than the other but that both fit different needs and different tastes.

If you're one of the people who has cvsup'd to 4.8-stable since August 8th and you've since begun to experience panics on a previously stable system, please apply the attached patch and see if your previous stability has been restored. Please tell me your results. Thanks, Mike "Silby" Silbersack -------------- next part -------------- diff -u -r

If anyone was using a bfe card and seeing interrupt storms when you attempted to bring the card up, this is the fix for you. The driver wasn't previously taking into account the fact that the chipset doesn't like addresses over the 1GB mark. If you'd like an even quicker fix, just add hw.mem = "1000M" to your loader.conf and reboot. :) Mike "Silby" Silbersack