From owner-freebsd-security Fri Mar 16 1:40: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-202.dsl.lsan03.pacbell.net [63.207.60.202]) by hub.freebsd.org (Postfix) with ESMTP id CBA3237B719 for ; Fri, 16 Mar 2001 01:40:04 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5236166EAE; Fri, 16 Mar 2001 01:40:04 -0800 (PST) Date: Fri, 16 Mar 2001 01:40:04 -0800 From: Kris Kennaway To: Peter McGarvey Cc: freebsd-security Subject: Re: What's vunerable? Message-ID: <20010316014004.A86953@mollari.cthul.hu> References: <3AB1DBF9.C721E3D6@vianetworks.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk>; from peterm@vianetworks.co.uk on Fri, Mar 16, 2001 at 09:25:13AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 16, 2001 at 09:25:13AM +0000, Peter McGarvey wrote: > I've just inherited several FreeBSD boxes. The versions range from > 3.2_RELEASE to 4.1_RELEASE. >=20 > On the BSD boxes I already maintain I cvsup and make world on a monthly > basis - or as soon as I see a CERT advisory that I know relates to > something that can bite. But the inherited boxes need a lot of work, > and I cannot guarantee to "The Powers That Be" that a make world wont > break the box. >=20 > What I really need to know is what vulnerabilities exist on each box - > so that I can present the boss with a risk assessment, and make him > decide if the box stays as is, or gets a make world. >=20 > So any advice anyone can give me, on how to find out what's vunerable > with any particular FreeBSD version, would be greatly appreciated. Read the advisories. Kris --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6sd9zWry0BWjoQKURAkV/AKDyVoMztBFCT/2lhHFyE7u9M9WQigCgmvNw nu+GOtfOmqeRzeZ7zCkFe/I= =Nghs -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message