Re: Vulnerability

This was announced on security-advisor...@freebsd.org on September 10th, 2013. The relevant commits, as taken from the announcement, are: Branch/path Revision - - stable/8/

Re: Vulnerability

Jerry writes: > Has this been rectified: > If you read the page at that link, you will find the answer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/list

Re: Vulnerability

On 9/30/2013 10:05, Jerry wrote: Has this been rectified: Yes. http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc http://svnweb.freebsd.org/base?view=revision&revision=255442 -- staticsafe O< ascii ribbon campa

Vulnerability

Has this been rectified: -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___

Re: How to handle postgresql82-client vulnerability

On Fri, Apr 13, 2012 at 5:41 PM, Matthew Seaman wrote: > On 13/04/2012 12:23, Carmel wrote: > > I am working on an older machine that has "postgresql-client-8.2.23" > > installed. I have the following information regarding the program: > > > > $ pkg_info -R postgresql-client-8.2.23 > > Informatio

Re: How to handle postgresql82-client vulnerability

On 13/04/2012 12:23, Carmel wrote: > I am working on an older machine that has "postgresql-client-8.2.23" > installed. I have the following information regarding the program: > > $ pkg_info -R postgresql-client-8.2.23 > Information for postgresql-client-8.2.23: > > Required by: > koffice-kde4-2.3

How to handle postgresql82-client vulnerability

I am working on an older machine that has "postgresql-client-8.2.23" installed. I have the following information regarding the program: $ pkg_info -R postgresql-client-8.2.23 Information for postgresql-client-8.2.23: Required by: koffice-kde4-2.3.3_7 postgresql-libpqxx-3.0.2 Attempting to build

Re: Updating bzip2 to remove potential security vulnerability

On 01/10/2010 21:59:40, Jerry wrote: > On Fri, 1 Oct 2010 12:14:20 -0500 > Dan Nelson articulated: > >> You must have missed >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; >> patches for 6, 7, and 8 are available there, and freebsd-update has >> fixed binaries if you use

Re: Updating bzip2 to remove potential security vulnerability

Jerry wrote: [snip]. > > OK, I just updated my sources; however, this notation from the UPDATING > file does NOT appear in the UPDATING file on my machine: > > 20100920: p1 FreeBSD-SA-10:08.bzip2 > Fix an integer overflow in RLE length parsing when decompressing > corrupt bzip2 data. >

Re: Updating bzip2 to remove potential security vulnerability

On Fri, 1 Oct 2010 17:49:29 -0400 Jerry wrote: > OK, I just updated my sources; however, this notation from the > UPDATING file does NOT appear in the UPDATING file on my machine: > > 20100920: p1 FreeBSD-SA-10:08.bzip2 > Fix an integer overflow in RLE length parsing when > decomp

Re: Updating bzip2 to remove potential security vulnerability

On Fri, 1 Oct 2010 22:23:16 +0100 Bruce Cran articulated: > On Fri, 1 Oct 2010 14:00:16 -0700 > Jason wrote: > > > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > > >On Fri, 1 Oct 2010 12:14:20 -0500 > > >Dan Nelson articulated: > > > > > >> You must have missed > > >> http://sec

Re: Updating bzip2 to remove potential security vulnerability

On Fri, 1 Oct 2010 14:00:16 -0700 Jason articulated: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches f

Re: Updating bzip2 to remove potential security vulnerability

On Fri, 1 Oct 2010 14:00:16 -0700 Jason wrote: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches for 6,

Re: Updating bzip2 to remove potential security vulnerability

On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: On Fri, 1 Oct 2010 12:14:20 -0500 Dan Nelson articulated: You must have missed http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches for 6, 7, and 8 are available there, and freebsd-update has fixed binaries if y

Re: Updating bzip2 to remove potential security vulnerability

On Fri, 1 Oct 2010 12:14:20 -0500 Dan Nelson articulated: > You must have missed > http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > patches for 6, 7, and 8 are available there, and freebsd-update has > fixed binaries if you use that. Never saw it. So I am assuming that simp

Re: Updating bzip2 to remove potential security vulnerability

a potential security vulnerability, > CVE-2010-0405, so all users are recommended to upgrade immediately. > > > The version supplied on FreeBSD-8.1/amd64 is version 1.0.5, > 10-Dec-2007. Are there any plans to update this supplied version? You must have missed http://security.fre

Updating bzip2 to remove potential security vulnerability

I have seen several notices on other forums regarding the update of bzip2 to correct a potential security problem. From the bzip2 web site: The current version is 1.0.6, released 20 Sept 2010. Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended

Re: Vulnerability Database,Compile ports under Security Warnings.

ecurity updated with a security patch? It sounds like it. > Is there a way to compile without the security updated/patched tree? # make DISABLE_VULNERABILITIES=yes install clean Before doing that, make sure that the vulnerability portaudit reports isn't going to leave you open to compromise

Vulnerability Database,Compile ports under Security Warnings.

Krb5-1.8.1 is object of a security warning,and I am not able to compile it.It tells me to update the ports tree and try again,which I have done several times but the same warning stands. Is this port not yet security updated with a security patch? Is there a way to compile without the security upda

Re: java/jdk16 vulnerability?

On Mon, Sep 28, 2009 at 08:48:37PM -0700, Greg Lewis wrote: > On Mon, Sep 28, 2009 at 12:10:48PM +0200, cpghost wrote: > > Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system > > complains about an old and vulnerable Java version: > > > > Your installed version of Java is vulnera

Re: java/jdk16 vulnerability?

Greg Lewis writes: > > Your installed version of Java is vulnerable to a severe remote > > exploit (remote code execution!). You must upgrade to at least Java > > 5 update 20 or Java 6 update 15 as soon as possible. Freenet has > > disabled any plugins handling XML for the time being,

Re: java/jdk16 vulnerability?

On Mon, Sep 28, 2009 at 12:10:48PM +0200, cpghost wrote: > Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system > complains about an old and vulnerable Java version: > > Your installed version of Java is vulnerable to a severe remote > exploit (remote code execution!). You must

java/jdk16 vulnerability?

[Sorry for resending: I didn't get any replies] Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system complains about an old and vulnerable Java version: Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at leas

java/jdk16 vulnerability?

Hi Greg, Freenet (http://www.freenetproject.org/) on my FreeBSD/amd64 system complains about an old and vulnerable Java version: Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at least Java 5 update 20 or Java 6 update 1

Re: Security vulnerability in 7.x

look for this subject on the maillist "reporter on deadline seeks comment about reported security bug in FreeBSD" You will find an almost 50 chained... topic about this... ;o) btw, yes, it does. 2009/9/18 Alex R : > Hi All, > > I was sent this by a friend, could someone confirm if this exploit

Security vulnerability in 7.x

Hi All, I was sent this by a friend, could someone confirm if this exploit is really existant? http://www.vimeo.com/6580991 (requires flash) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions T

Re: Software Vulnerability Scanner

On Thu, 25 Oct 2007 14:29:40 +0330 "Bahman M." <[EMAIL PROTECTED]> wrote: > Hi all, > > I'm starting my career as a security analyst and I'd like to know if > there are any vulnerability scanners -Blackbox or Whitebox- available for > FreeBSD, in >

Software Vulnerability Scanner

Hi all, I'm starting my career as a security analyst and I'd like to know if there are any vulnerability scanners -Blackbox or Whitebox- available for FreeBSD, in particular for Java applications. There are some softwares out there, e.g. HailStorm or SourceScope however most o

Re: Hello :Regarding the vulnerability

/handbook/eresources.html#ERESOURCES-MAIL Of particular interest to you might be this list: http://lists.freebsd.org/mailman/listinfo/freebsd-security Top-posting is also generally frowned apon. > I also wanted to know what features to you consider when publishing the > vulnerability Information

Re: Hello :Regarding the vulnerability

in xml format > and this is really very useful to parse this information for analysis > i was checking your website where advisiories are present and i could not > find any risk level alloted to the vulnerability > It is difficult to analyse them without that , I just wanted to know is >

Hello :Regarding the vulnerability

was checking your website where advisiories are present and i could not find any risk level alloted to the vulnerability It is difficult to analyse them without that , I just wanted to know is there any particular reason for this Thank you and Best regards darshan

Re: FreeBSD UFS "vulnerability": Is NIST off its medication, or am I missing something?

In response to Colin Percival <[EMAIL PROTECTED]>: > Bill Moran wrote: > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824 > > > > Following the links around, it seems that you would have to mount a > > "corrupt" or > > "malicio

Re: FreeBSD UFS "vulnerability": Is NIST off its medication, or am I missing something?

Bill Moran wrote: > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824 > > Following the links around, it seems that you would have to mount a "corrupt" > or > "malicious" filesystem in order to exploit this "vulnerability". > > Yes, NIST cl

FreeBSD UFS "vulnerability": Is NIST off its medication, or am I missing something?

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824 Following the links around, it seems that you would have to mount a "corrupt" or "malicious" filesystem in order to exploit this "vulnerability". Yes, NIST claims there is no authentication required to exploit?

Re: ruby Vulnerability / portupgrade

Hi Jeff, On 13/11/2006 16:35, Jeff Dickens wrote: > Regarding the following vulnerabilities as detected by portaudit: > >Affected package: ruby-1.8.4_4,1 >Type of problem: ruby -- cgi.rb library Denial of Service. >Reference: > >

ruby Vulnerability / portupgrade

: ruby-1.8.4_4,1 Type of problem: ruby - multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html> I see that ruby is only required by portupgrade. Anyone know if there going to be a fix for this vulnerability any time

Re: Is the vulnerability database up to date?

Josh Carroll wrote: So - what's the point? I mean updating the port to a newer port with the same or newer known vulnerabilities? # portaudit 0 problem(s) in your installed packages found. # pkg_info| grep firefox firefox-2.0_2,1 Web browser based on the browser portion of Mozilla Seems ok

Re: Is the vulnerability database up to date?

So - what's the point? I mean updating the port to a newer port with the same or newer known vulnerabilities? # portaudit 0 problem(s) in your installed packages found. # pkg_info| grep firefox firefox-2.0_2,1 Web browser based on the browser portion of Mozilla Seems ok to me. Which version

Is the vulnerability database up to date?

Hi: I updated my ports tree a few days ago, and again today (right now). The firefox port was updated. I then updated the vulnerability database - or so I thought with portaudit. But building firefox complain about remaining vulnerabilities. So - what's the point? I mean updating the

portaudit thinks a vulnerability just disappeared

I have a 4.11-RELEASE system. Prior to doing some minor portupdates, I had this portaudit report: Checking for packages with security vulnerabilities: Affected package: php4-4.4.1_3 Type of problem: php -- open_basedir Race Condition Vulnerability. Reference: <http://www.FreeBSD.org/po

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

In response to Colin Percival <[EMAIL PROTECTED]>: > Bill Moran wrote: > > Colin Percival <[EMAIL PROTECTED]> wrote: > >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD > ^^^ > > That was what I expected. Section III seems to hint t

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Bill Moran wrote: > Colin Percival <[EMAIL PROTECTED]> wrote: >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD ^^^ > That was what I expected. Section III seems to hint that it could be > used by an unprivilidged user to crash or lo

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Colin Percival <[EMAIL PROTECTED]> wrote: > Bill Moran wrote: > > This report seems pretty vague. I'm unsure as to whether the alleged > > "bug" gives the user any more permissions than he'd already have? Anyone > > know any details? > > This is a local denial of service bug, which was fixed 6

Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunit

iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

This report seems pretty vague. I'm unsure as to whether the alleged "bug" gives the user any more permissions than he'd already have? Anyone know any details? FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability iDefense Security Advisory 10.10.06 http://www.idefe

Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080).

te 7 binaries for >> FreeBSD 6.1/i386: >> Affected package: diablo-jdk-freebsd6.i386.1.5.0.07.00 >> Type of problem: jdk -- jar directory traversal vulnerability. >> Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f- >> ae7c-11d9-837d-000e0c2e438a.html>

Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080).

pe of problem: jdk -- jar directory traversal vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f- ae7c-11d9-837d-000e0c2e438a.html> Many thanks, David Hello david, I corrected the entry, it should be fixed within little notice :) Hey, hold on a second... are you su

Re: jdk -- jar directory traversal vulnerability (CVE-2005-1080).

ersal vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html> Many thanks, David Hello david, I corrected the entry, it should be fixed within little notice :) Thanks for the report! -- Kind regards, Remko Lodder

jdk -- jar directory traversal vulnerability (CVE-2005-1080).

Hi everyone, Are there any workaround or a patch for this security problem? FreeBSD Foundation's Java JDK and JRE 5.0 Update 7 binaries for FreeBSD 6.1/i386: Affected package: diablo-jdk-freebsd6.i386.1.5.0.07.00 Type of problem: jdk -- jar directory traversal vulnerability. Reference:

Re: portupgrade ruby vulnerability

On 8/3/06, Dave <[EMAIL PROTECTED]> wrote: Hello, I'm getting an error from ruby whenever i run a portupgrade. Checking portaudit i see this is a vulnerability. Is there a fiix for it? Thanks. Dave. i had these warnings too, just use portupgrade or portmanager to upgrade your p

Re: portupgrade ruby vulnerability

On Thu, Aug 03, 2006 at 09:08:03AM -0400, Dave wrote: > > Hello, >I'm getting an error from ruby whenever i run a portupgrade. Checking > portaudit i see this is a vulnerability. Is there a fiix for it? > Thanks. > Dave. > cvsup your ports tree and rebuild ruby1

Re: portupgrade ruby vulnerability

Sent by: [EMAIL PROTECTED] 03.08.2006 16:08 Please respond to Dave <[EMAIL PROTECTED]> To cc Subject portupgrade ruby vulnerability Hello, I'm getting an error from ruby whenever i run a portupgrade. Checking portaudit i see this is a vulnerability.

Re: portupgrade ruby vulnerability

On 03/08/06 Dave said: > Hello, >I'm getting an error from ruby whenever i run a portupgrade. Checking > portaudit i see this is a vulnerability. Is there a fiix for it? I believe that the vulnerability is ruby itself, is it not? Mike -- Michael P. Soulier <[EMAIL

portupgrade ruby vulnerability

Hello, I'm getting an error from ruby whenever i run a portupgrade. Checking portaudit i see this is a vulnerability. Is there a fiix for it? Thanks. Dave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/lis

Re: Samba vulnerability & make problem

ll for smbclient in /usr/ports/net/samba ===> samba-2.2.12_2 has known vulnerabilities: => samba -- integer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/3b3676be-52e1-11d9-a9e7-0001020eed82.html> => Please update your ports tree and try again. *** Error

Re: Samba vulnerability & make problem

able: smbclient - not found > ===>Verifying install for smbclient in /usr/ports/net/samba > ===> samba-2.2.12_2 has known vulnerabilities: > => samba -- integer overflow vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/3b3676be-52e1-11d9-a9e7-0001020eed82.

Samba vulnerability & make problem

t; samba-2.2.12_2 has known vulnerabilities: => samba -- integer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/3b3676be-52e1-11d9-a9e7-0001020eed82.html> => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/net/samba. ***

Re: portaudit reports: how to exclude a specific vulnerability

"Michael C. Shultz" <[EMAIL PROTECTED]> writes: > On Sunday 30 October 2005 22:45, you wrote: G'day. [...] >> I can't work out how to tell portaudit to stop bothering me about >> [a single] particular vulnerability, though. >> >> Can I

Re: portaudit reports: how to exclude a specific vulnerability

On Sunday 30 October 2005 22:45, you wrote: > G'day. I am relatively new to FreeBSD, but failed to find an answer to > this question in the handbook, manual pages, or other references about > portaudit: > > At the moment, portaudit is reporting one vulnerability on my system,

portaudit reports: how to exclude a specific vulnerability

G'day. I am relatively new to FreeBSD, but failed to find an answer to this question in the handbook, manual pages, or other references about portaudit: At the moment, portaudit is reporting one vulnerability on my system, with the 'p5-Crypt-OpenPGP' package. There isn&#

Re: openssl vulnerability

And more importantly, does anyone care to start an informal list of quote "any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled." ~BAS On Tue, 11 Oct 2005, DW wrote: Hi, Does anybody know a c

openssl vulnerability

Hi, Does anybody know a command to tell which options I have compiled into my openssl? Is there a way to tell if I have SSL_OP_MSIE_SSLV2_RSA_PADDING in there before I go unnecessarily rebuilding and reinstall world on all my servers? Thanks, DW

Re: PAWS security vulnerability

MAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim Traver Sent: Friday, May 20, 2005 9:33 AM To: Ted Mittelstaedt Cc: bsd Subject: Re: PAWS security vulnerability Ted, you just can't stop being a dickhead, can you ??? I admitted what I did wrong (unlike you), and yes, I posted this to

RE: PAWS security vulnerability

> Sent: Friday, May 20, 2005 9:33 AM > To: Ted Mittelstaedt > Cc: bsd > Subject: Re: PAWS security vulnerability > > > Ted, > > you just can't stop being a dickhead, can you ??? > > I admitted what I did wrong (unlike you), and yes, I posted > this to the >

Re: PAWS security vulnerability

your first post about who you are, what you are doing, why you even give a shit about this issue. If you had simply opened your first post with "I was shown this vulnerability by our network security person and I have to respond to him in some fashion" or something like that, it would have g

RE: PAWS security vulnerability

tions. You still, as far as I know, have not done this. So, OK maybe your not a troll and I assumed wrong. But I will point out that you said absolutely nothing in your first post about who you are, what you are doing, why you even give a shit about this issue. If you had simply opened your fir

Re: PAWS security vulnerability

this "vulnerability" by our network security person, read it over, and thought that it might be a legitimate exploit. I even picked up on the fact that Microsoft had already patched it in the service pack 2, which may mean that it was under wraps for a while, and was suspicious. So, after

RE: PAWS security vulnerability

or ANY of their patched OSs. I would therefore assume that the release of this so-called vulnerability was carefully timed to take place AFTER Microsoft had got it's ass covered, to make them look good, and everyone else look bad. I continue therefore to assume that this is a political security

Re: PAWS security vulnerability

976,984 --- 976,992 * record the timestamp. * NOTE that the test is modified according to the latest * proposal of the [EMAIL PROTECTED] list (Braden 1993/04/26). +* NOTE2 additional check added as a result of PAWS vulnerability +* doc

RE: PAWS security vulnerability

record the timestamp. * NOTE that the test is modified according to the latest * proposal of the [EMAIL PROTECTED] list (Braden 1993/04/26). +* NOTE2 additional check added as a result of PAWS vulnerability +* documented in Cisco secu

PAWS security vulnerability

Hi all, ok, this article was just published about a PAWS TCP DOS vulnerability, and lists freeBSD 4.x as affected. http://www.securityfocus.com/bid/13676/info/ Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ? and is 5.4 affected too ? Tim

Re: Clock slew vulnerability in FreeBSD?

Bart Silverstrim writes: > Wouldn't the skew resolution necessary for this tracking technique > become useless with temperature variations, humidity, etc. that can > affect most systems over the course of the day/week/year? That's one of my questions, too. A technique that could identify 100 mi

Re: Clock slew vulnerability in FreeBSD?

On Mar 10, 2005, at 10:44 PM, Anthony Atkielski wrote: Kris Kennaway writes: Isn't this a non-problem if you use ntpd? Unfortunately, no, because the TCP stacks on most systems don't use the disciplined clock provided by NTP for the timestamps. Instead they use a clock based directly on the RTC, w

RE: Clock slew vulnerability in FreeBSD?

g a NAT. Ted > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Anthony > Atkielski > Sent: Thursday, March 10, 2005 6:46 PM > To: freebsd-questions@freebsd.org > Subject: Clock slew vulnerability in FreeBSD? > > > How vulnerab

Re: Clock slew vulnerability in FreeBSD?

Kris Kennaway writes: > Isn't this a non-problem if you use ntpd? Unfortunately, no, because the TCP stacks on most systems don't use the disciplined clock provided by NTP for the timestamps. Instead they use a clock based directly on the RTC, which reveals a characteristic skew that is unique t

Re: Clock slew vulnerability in FreeBSD?

Bnonn writes: > Is this technically a vulnerability, or is it just a side-effect of how > computers operate? It's a vulnerability in the sense that it can leak confidential information about a system's identity. It's not a side-effect of how computers operate, but rather

Re: Clock slew vulnerability in FreeBSD?

address the vulnerability? Isn't this a non-problem if you use ntpd? Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Clock slew vulnerability in FreeBSD?

Is this technically a vulnerability, or is it just a side-effect of how computers operate? I was of the impression that this is quite an unavoidable issue, given how it seems to apply to any computer regardless of OS, but I haven't researched the issue much myself. Interesting que

Clock slew vulnerability in FreeBSD?

How vulnerable is FreeBSD to the recently announced technique for individually identifying computers by the clock slew apparent in TCP packets? If it is vulnerable to this, will there be any plans to address the vulnerability? -- Anthony ___ freebsd

SMBFS vulnerability

I just read about Linux's vulernability WRT SMBFS. Does FreeBSD suffer from the same vulnerability? -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.os2.dhs.org/~skylar/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/ma

Re: ports vulnerability check

On Sun, Feb 15, 2004 at 01:22:51AM -0500, dave wrote: > Hello, > I started seeing this in late 5.1 and now in 5.2 as well. When i am > compiling a port the first message is get is "Vulnerability check disabled" > What is this? Should i be worried about it? See /u

ports vulnerability check

Hello, I started seeing this in late 5.1 and now in 5.2 as well. When i am compiling a port the first message is get is "Vulnerability check disabled" What is this? Should i be worried about it? Thanks. Dave. ___ [EMAIL PROTECTED] mailing

Re: Vulnerability check disabled

> > > > [madras!/usr/ports/www/apache13]# make fetch-recursive > > > > ===> Fetching all distfiles for apache-1.3.29_1 and dependencies > > > > ===> Vulnerability check disabled [..] > > This thread doesn't cover the vulnerability change. Basi

Re: Vulnerability check disabled

ive security auditing tool. > /usr/local/etc/periodic/daily/330.fetchaudit > To test: > cd /usr/ports/security/vulnerability-test-port > make INSTALLATION_DATE=`date -u -v-14d "+%Y.%m.%d"` install > > A message like this should appear: > ===> vulnerability-test-po

Re: Vulnerability check disabled

> > > > Hope I'm not missing something obvious, but since today morning, I've > > > been getting wierd warnings when running make in the ports: > > > > > > [madras!/usr/ports/www/apache13]# make fetch-recursive > > > ===> Fetching all dist

Re: Vulnerability check disabled

ope I'm not missing something obvious, but since today morning, I've > > > been getting wierd warnings when running make in the ports: > > > > > > [madras!/usr/ports/www/apache13]# make fetch-recursive > > > ===> Fetching all distfiles for ap

Re: Vulnerability check disabled

ing wierd warnings when running make in the ports: > > > > [madras!/usr/ports/www/apache13]# make fetch-recursive > > ===> Fetching all distfiles for apache-1.3.29_1 and dependencies > > ===> Vulnerability check disabled > > ===> Vulnerability check disabled &

Re: Vulnerability check disabled

ww/apache13]# make fetch-recursive > ===> Fetching all distfiles for apache-1.3.29_1 and dependencies > ===> Vulnerability check disabled > ===> Vulnerability check disabled > ===> Vulnerability check disabled > ===> Vulnerability check disabled > [madras!/usr/ports/www

Re: Vulnerability check disabled

On Wed, Feb 04, 2004 at 07:31:27PM +1100, Gautam Gopalakrishnan wrote: > Hello, > > Hope I'm not missing something obvious, but since today morning, I've > been getting wierd warnings when running make in the ports: Ports questions should be asked on ports@ Kris pgp0.pgp Description: PGP s

Vulnerability check disabled

Hello, Hope I'm not missing something obvious, but since today morning, I've been getting wierd warnings when running make in the ports: [madras!/usr/ports/www/apache13]# make fetch-recursive ===> Fetching all distfiles for apache-1.3.29_1 and dependencies ===> Vulnerabilit

Re: vulnerability in su?

On Sat, Nov 08, 2003 at 10:49:35PM -0800, Derrick Ryalls wrote: > > > > while recently cvsup'ing my box here at home, i had a weird > > thing happen... > > > > i had already built world, built and installed the kernel, > > installed world (including all > > appropriate reboots), and when i bro

Re: vulnerability in su?

On Sat, Nov 08, 2003 at 08:23:25PM -0500, kirt wrote: > is this a known issue? i didn't search to hard for a fix or anything since i > quickly > fixed it myself, but i thought that a situation like that could make for some > interesting > (read *bad*) situations. It's certainly possible to c

RE: vulnerability in su?

> > while recently cvsup'ing my box here at home, i had a weird > thing happen... > > i had already built world, built and installed the kernel, > installed world (including all > appropriate reboots), and when i brought it back up, but > prior to running mergemaster, i > popped the jumper o

vulnerability in su?

while recently cvsup'ing my box here at home, i had a weird thing happen... i had already built world, built and installed the kernel, installed world (including all appropriate reboots), and when i brought it back up, but prior to running mergemaster, i popped the jumper on the circuit the bo

Re: security vulnerability in dump

Kirk Strauser wrote: At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: Normally the master.passwd is backed up regularly by cron (/var/backups), so maybe no need to backup it again. Were you joking? Surely you're not implying that there's no need to copy the data to tape (

Data vulnerability (Was: security vulnerability in dump)

In <[EMAIL PROTECTED]>, Andrew Prewett <[EMAIL PROTECTED]> typed: > Today Mike Meyer wrote: > > In <[EMAIL PROTECTED]>, Andrew Prewett ><[EMAIL PROTECTED]> typed: > > > Today Kirk Strauser wrote: > > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > > > Normally the m

Re: security vulnerability in dump

At 2003-01-07T22:50:08Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > No, "umgekehrt", ideally / should be on a separate drive and /home, /var, > /usr on another drive(s). I mean, I wouldn't put my company database, > fileserver, etc. on a machine with only one drive. So, my wording was > maybe

Re: security vulnerability in dump

Today Ed Hall wrote: > > Today Kirk Strauser wrote: > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> > writes: > > > > Normally the master.passwd is backed up regularly by cron > (/var/backups), > > > > so maybe no need to backup it again. > > > > > Were you joking? Surely you'r

Re: security vulnerability in dump

Today Mike Meyer wrote: > In <[EMAIL PROTECTED]>, Andrew Prewett ><[EMAIL PROTECTED]> typed: > > Today Kirk Strauser wrote: > > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > > > so maybe

Re: security vulnerability in dump

In <[EMAIL PROTECTED]>, Andrew Prewett <[EMAIL PROTECTED]> typed: > Today Kirk Strauser wrote: > > At 2003-01-07T17:35:49Z, Andrew Prewett <[EMAIL PROTECTED]> writes: > > > Normally the master.passwd is backed up regularly by cron (/var/backups), > > > so maybe no need to backup it again. > > Wer

  1   2   >