Re: security risk: ktrace(2) in FreeBSD prior to -current.

From: Brett Glass (brett@lariat.org)
Date: 07/01/02

• Next message: Dmitry S. Rzhavin: "snort + vlans"
• Previous message: Brett Glass: "Re: SSH Patches"
• In reply to: David Pick: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
• Next in thread: Lupe Christoph: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 01 Jul 2002 10:30:44 -0600
To: David Pick <d.m.pick@qmul.ac.uk>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>

At 08:43 AM 7/1/2002, David Pick wrote:

>At least we can build a binary update "package"
>for the "ports" version using a simple "make package"; it's
>harder for the version integrated into the base.

You can make a binary updater using the currently available
port. Just do

cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE package

Beware, though, that you'll also want to install the latest
OpenSSL "engine". I believe that you can make this into
a binary package as well.

>Please note that I have *not* asked for a binary update.
>I don't want to get flamed the way Brett does...

...for asking something reasonable? ;-)

Seriously: Please do ask. If we do not have up-to-date binary
packages, a large percentage of the new installs of FreeBSD
(both network installs and those from CD-ROM) will be vulnerable
from the start, even though the holes have long been identified.
This is not only unethical but also terrible for FreeBSD's
reputation.

Already, the Apache/FreeBSD worm is making the rounds. Why
allow new installs to be vulnerable?

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Dmitry S. Rzhavin: "snort + vlans"
• Previous message: Brett Glass: "Re: SSH Patches"
• In reply to: David Pick: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
• Next in thread: Lupe Christoph: "Re: security risk: ktrace(2) in FreeBSD prior to -current."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Help - Port 80 being targeted ... URLScan installs as an ISAPI filter. ... I have port 80 open firewalls don't do me any good! ... > What you're seeing could possibly be a nimda or code red worm scanning your ... (comp.security.firewalls) Re: Help setting up COM port ... Did you look in device manager and see if there is a serial pointing device ... At which point it installs the drivers and hands ... over the port, preventing anything else from using the port. ... > port the GPS is connected. ... (microsoft.public.windowsxp.general) Re: Configuring Exchange 2003 with Symantec Anti-Virus ... Exchange and is probably actually a tad bit better for scanning incoming ... It installs using the avapi and is very nice. ... > and have set up a new Exchange 2003 server. ... > can reconfigure Exchange to receive on antoher port (is changing the the ... (microsoft.public.exchange.misc) Re: Re[2]: sendmail/postfix ports question ... What was going on with the port is beyond my ... >> The ports version of postfix by default installs all its configuration ... >> can do what I did and instruct postfix through its main.cfg to take the ... However, SendMail would not be installed, ... (freebsd-questions) Re: Help getting Win98 software to run in XP ? ... i have a software program which is basically a radio decoder ... It decodes via dedicated hardware (com port to radio ... It installs OK. ... Some older Windows programs are just fundementally unsuited to running on ... (microsoft.public.windowsxp.help_and_support)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-07