--On 25 February 2015 18:21 +0100 Remko Lodder wrote:
This suggests that you can filter the traffic:
Block incoming IGMP packets by protecting your host/networks with a
firewall. (Quote from the SA).
It does, but it doesn't specifically say whether ipfw on *the host that's
being protecte
Hi,
Presumably if you don't need IGMP, ipfw can be used to mitigate this on
hosts until they're patched / rebooted, i.e.
ipfw add x deny igmp from any to any
?
Thanks,
-Karl
-- Forwarded Message --
Date: 25 February 2015 06:29 +
From: FreeBSD Security Advisories
To:
Hi,
A long time ago (around 2014/04/12) a number of people (including me) found
an issue with sshd - to do with the library bind order (as best as I can
explain) - whereby sshd would get 'stuck' and leave a lot of zombied sshd's
hanging around. This was traced eventually to libthr being 'afte
--On 05 June 2014 13:16 + FreeBSD Security Advisories
wrote:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in http://www.FreeBSD.org/handbook/makeworld.html>.
Hi,
Is it necessary to build/install the entire wo
--On 1 May 2014 11:42:10 -0700 Xin Li wrote:
Does this require an established TCP session to be present? - i.e.
If you have a host which provides no external TCP sessions (i.e.
replies 'Connection Refused' / drops the initial SYN) would that
still be potentially exploitable?
No. An establis
--On 30 April 2014 04:35:10 + FreeBSD Security Advisories
wrote:
II. Problem Description
FreeBSD may add a reassemble queue entry on the stack into the segment
list when the reassembly queue reaches its limit. The memory from the
stack is undefined after the function returns. Subseq
--On 2 November 2013 01:18:24 +0100 Dimitry Andric wrote:
[1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
That page lists a bunch of CVEs, and the relevant ones have already had
FreeBSD security advisories:
CVE-2009-3563
http://www.freebsd.org/security/advi
Hi,
A friend who uses linux a lot happened to notice on a FreeBSD box I
installed the other day and updated to 9.2-R that it's using ntpd 4.2.4p8.
They reckon that's had a lot of issues (e.g. CVE reports) against it - and
it should be newer.
I'm sure the one it has been 'updated' with is s
