similar to: alleged freebsd local root exploit youtube video

Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, A short time ago a "local root" exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root. Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 6.3 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 6.3. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 6.3 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

Well, I *tried* to CC: freebsd-security... I'm forwarding this to get around the "posting from wrong address" filter. -------- Original Message -------- Subject: Re: FW:FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 04:42:48 -0800 From: Colin Percival <cperciva@freebsd.org> To: Jonathan Weiss <tomonage2@gmx.de> CC: freebsd-security@freebsd.org, FreeBSD-Hackers

The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On April 30th, FreeBSD 7.0 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 7.0 are strongly encouraged to upgrade to FreeBSD 7.1 before that date. Note that the End of Life date for FreeBSD 7.0 was originally announced as being February 28, but was delayed by two months in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On April 30th, FreeBSD 7.0 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 7.0 are strongly encouraged to upgrade to FreeBSD 7.1 before that date. Note that the End of Life date for FreeBSD 7.0 was originally announced as being February 28, but was delayed by two months in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be supported until the end of March 2012. Please note that since FreeBSD 7.1 has been designated for

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On June 30th, FreeBSD 7.2 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to FreeBSD 7.3 before that date; FreeBSD 7.3 will be supported until the end of March 2012. Please note that since FreeBSD 7.1 has been designated for

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, In keeping with the FreeBSD Security Team policy concerning the EoL dates for "Normal" support releases, "a minimum of 12 months after the release, and for sufficient additional time (if needed) to ensure that there is a newer release for at least 3 months before the older Normal release expires" the EoL date

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, In keeping with the FreeBSD Security Team policy concerning the EoL dates for "Normal" support releases, "a minimum of 12 months after the release, and for sufficient additional time (if needed) to ensure that there is a newer release for at least 3 months before the older Normal release expires" the EoL date

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.1. The new list of supported branches is below and at < http://security.freebsd.org/ >. Users of FreeBSD 7.1 are advised to upgrade promptly to a newer release (most likely the recently announced FreeBSD 7.4)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.1. The new list of supported branches is below and at < http://security.freebsd.org/ >. Users of FreeBSD 7.1 are advised to upgrade promptly to a newer release (most likely the recently announced FreeBSD 7.4)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.2. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 7.2 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.2. The new list is below and at <URL: http://security.freebsd.org/ >. Users of FreeBSD 7.2 are advised to upgrade promptly to a newer release, either by downloading an updated source tree and building updates

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. >

freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You

Dear FreeBSD users, Slightly more than three years ago, I released FreeBSD Update, my first major contribution to FreeBSD. Since then, I have become a FreeBSD committer, joined the FreeBSD Security Team, released Portsnap, and become the FreeBSD Security Officer. However, as I have gone from being a graduate student at Oxford University -- busy writing my thesis -- to a researcher at Simon

Hi,There is an alleged OpenSSH vulnerability, see http://www.cpni.gov.uk/Products/alerts/3718.aspx.According to this vulnerability an attacker can potentially recover 32 bits of plaintext from an arbitrary block of ciphertext. After having read the vulnerability note in more detail, my understanding is that the 32 bits of plaintext do not come from the exchange between the client and server of the