From owner-freebsd-security Fri Mar 16 8:46:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from castle.dreaming.org (castle.dreaming.org [216.221.214.170]) by hub.freebsd.org (Postfix) with ESMTP id 8A91A37B719 for ; Fri, 16 Mar 2001 08:46:46 -0800 (PST) (envelope-from mit@mitayai.net) Received: (from root@localhost) by castle.dreaming.org (8.11.3/8.11.2) id f2GGkeu37698; Fri, 16 Mar 2001 11:46:40 -0500 (EST) (envelope-from mit@mitayai.net) Received: from cr592943a (cr592943-a.bloor1.on.wave.home.com [24.156.38.199]) by castle.dreaming.org (8.11.3/8.11.2av) with SMTP id f2GGkca37690; Fri, 16 Mar 2001 11:46:38 -0500 (EST) (envelope-from mit@mitayai.net) From: "Will Mitayai Keeso Rowe" To: "Peter McGarvey" , "freebsd-security" Subject: RE: What's vunerable? Date: Fri, 16 Mar 2001 11:43:40 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org inherited? need a lot of work? then assume everything is vulnerable due to ex-employees, past trojan horses, bad administrative practices and configurations, etc. go through the FreeBSD Security Advisories at http://www.freebsd.org/security/#adv for alkl the listed advisories. make sure you pay attention to all the installed packages, ports, and user-installed third-party stuff. -Mit :-----Original Message----- :From: owner-freebsd-security@FreeBSD.ORG :[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter McGarvey :Sent: March 16, 2001 04:25 AM :To: freebsd-security :Subject: What's vunerable? : : :I've just inherited several FreeBSD boxes. The versions range from :3.2_RELEASE to 4.1_RELEASE. : :On the BSD boxes I already maintain I cvsup and make world on a monthly :basis - or as soon as I see a CERT advisory that I know relates to :something that can bite. But the inherited boxes need a lot of work, :and I cannot guarantee to "The Powers That Be" that a make world wont :break the box. : :What I really need to know is what vulnerabilities exist on each box - :so that I can present the boss with a risk assessment, and make him :decide if the box stays as is, or gets a make world. : :So any advice anyone can give me, on how to find out what's vunerable :with any particular FreeBSD version, would be greatly appreciated. : :-- :TTFN, FNORD : :Peter McGarvey :System Administrator :Network Operations, VIA Networks UK : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message