similar to: fstack protector

Displaying 20 results from an estimated 100 matches similar to: "fstack protector"

2004 Feb 29
5
mbuf vulnerability
In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer
2004 Apr 20
3
[Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >
2005 Apr 04
1
Strange messages in dmesg after DDoS-attack.
Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and
2003 Aug 10
2
Heads up: New if_xl committed
As promised, the updated if_xl with full busdma support / other improvements has been MFC'd to 4.8-stable. While I have put this driver through extensive testing, it is possible that there may be bugs which are either present in the -current version or that I added in the MFC process. So, if you cvsup to -stable anytime in the future and notice problems with if_xl, please tell me ASAP!
2007 Dec 25
3
ProPolice/SSP in 7.0
Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that
2003 Sep 16
3
Release Engineering Status Report
Mike Silbersack wrote: > On Tue, 16 Sep 2003, Scott Long wrote: > > >>Patches have been floated on the mailing list that revert PAE in its >>various stages. Maybe those need to be brought back up. Silby? Tor? >> >>Scott > > > I believe that Tor's commit on August 30th resolved the PAE-related > problems, so there is no need for a reversion.
2004 Apr 23
1
Proposed RST patch
Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...
2004 Sep 18
2
Random source ports in FreeBSD?
Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me
2003 Apr 14
2
(OT) rfc1948 question
Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:
2004 Aug 13
1
ICMP attacks against TCP
Has anyone seen the recently published IETF draft regarding ICMP attacks against TCP? [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt] I'm interested in any comments as to the vulnerability of FreeBSD's TCP to such attacks and the need for or usefulness of the various solutions proposed in the paper. Thanks, all - Steve -- Steve Zweep Senior Software
2004 Feb 18
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]
Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date:
2003 May 19
5
FreeBSD firewall block syn flood attack
Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net
2003 Nov 13
2
What could be on udp:48152
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running stock FreeBSD with services running: samba (connections allowed only from local network), lpd (same), bind (all interfaces), apache (all), zope (local) This machine is home gateway/http/printserver. Recently some strange things happened as my printer all of sudden started to print stuff when nobody prints... luckily (or
2003 Aug 30
4
Heads up: panics should be fixed!
As others have noted, Tor's patch appears to be a total solution to the recent instability the PAE patch introduced. So, if you're experiencing panics with a recent kernel, or are in a position to stress a machine, please cvsup and give it a test! Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 30 Aug 2003 08:39:08 -0700 (PDT) From: Tor Egge
2023 Aug 21
1
Editing user password hashes
Hi all. I'm migrating from a small OpenLDAP setup and currently have users' password hashes in {SSHA} and {CRYPT}$5$.16s format. Can I just ldbedit or ldbmodify user's supplementalCredentials fields in /var/lib/samba/private/sam.ldb.d/DC%3DAD%2CDC%3DEXAMPLE%2CDC%3DCOM.ldb to migrate passwords? Provided that I could get the data structure right. (Documentations about
2003 Mar 31
5
rfc3514 - Security Flag in the IPv4 Header
Any chance of this being implemented in fbsd? Could be usefull ;-) ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/
2020 Feb 04
1
Problem after join samba 4.11 into windows-domain
We joined a samba 4.11 DC (sernet-packages) into a windows domain? with round about 170.000 objects. After "commiting SAM database" has finished after 21 hours we now have a database-file but if we try to list the content with "ldbsearch --url=/var/lib/samba/privat/sam.ldb" we get the following error: ------------------------- ldbsearch --url=/var/lib/samba/private/sam.ldb
2006 Jan 28
1
Should I use gbde or geli?
Hello out there, everybody! I was actually expecting to find several (hundred) threads with this subject being discussed. To my surprise I didn't find a single one either on these mailing lists or in the newsgroups - at least not in a language I understand. :-) I realize that gbde and geli are not designed to be better than the other but that both fit different needs and different tastes.
2003 Aug 22
3
PAE removal patch for testing
If you're one of the people who has cvsup'd to 4.8-stable since August 8th and you've since begun to experience panics on a previously stable system, please apply the attached patch and see if your previous stability has been restored. Please tell me your results. Thanks, Mike "Silby" Silbersack -------------- next part -------------- diff -u -r
2006 Apr 28
0
if_bfe and > 1 GB of ram is now fixed
If anyone was using a bfe card and seeing interrupt storms when you attempted to bring the card up, this is the fix for you. The driver wasn't previously taking into account the fact that the chipset doesn't like addresses over the 1GB mark. If you'd like an even quicker fix, just add hw.mem = "1000M" to your loader.conf and reboot. :) Mike "Silby" Silbersack