Date: Tue, 20 Mar 2001 11:07:43 -0700 (MST) From: Nate Williams <nate@yogotech.com> To: Brett Glass <brett@lariat.org> Cc: Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: Odd event -- possible security hole or DoS? Message-ID: <15031.40047.731987.194238@nomad.yogotech.com> In-Reply-To: <4.3.2.7.2.20010320001710.00d88950@localhost> References: <4.3.2.7.2.20010319172800.00cf9c60@localhost> <4.3.2.7.2.20010320001710.00d88950@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I can't even begin to remember all of the TCP, kernel and application > >bugs fixed in the 2 1/2 years since 2.2.8. There are probably a > >number of ways someone could have caused something like this. > > I guess what I'm concerned about is that I don't know if it's > an intentional DoS and/or if it's present in current versions. There were at least 3 remote vulnerabilities in 2.2.8 TCP/IP stack, and 2-3 vulnerabilities in the shipped software. Fixes to the stack were merged into the code-base a long time back, although the shipped software (BIND and SENDMAIL were two of the them) require you back-porting the software to the box. (Trivial to do). Inetd may have had problems as well, but I believe they were DOS types, related to local users and not remote users. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15031.40047.731987.194238>