Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerabilities in FreeBSD

Posted by timothy on from the finding-and-plugging dept.

flynn_nrg writes: "O'Reilly has an interesting article about vulnerabilities in common programs found on most FreeBSD boxes. From the article: "Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in OpenSSH, Squid, Listar/Ecartis, slrnpull, and IRIX's syslogd; problems in Sudo, MHonArc, and Mosix; and a local root hole and denial-of-service attack vulnerability in FreeBSD.""

8 of 63 comments (clear)

  1. please ... by Anonymous Coward · · Score: 3, Informative

    what timothy forgot to mention is that the freebsd group had already released patches before posting this article. i guess he could have actually gone out and checked, but alas, this is /. ... home of editors that don't give a shit

    go on, mod me down

  2. Re:FreeBSD vulnerabilities? by rakjr · · Score: 3, Informative

    The title is 100% FUD. It might as well have been titled "All nixes full of security holes. MS to make $$$. It is not the kind of thing I expect out of O'Rielly. I am also surprised it was posted here on /. The article is out of date relative to the fixes. It would be one thing if after all this time, there were still no fixes. I think the article should be pulled from /. it is of no value. Anyone who manages a system should have fixes the mentioned problems long ago. It was just a catchy title with no thought or substance.

    --
    In a place beyond time and space, in a land far better than this, look for me there...
  3. Re:Lame Article by Anonymous Coward · · Score: 3, Informative

    Its kind of sad that so few people seem to
    understand the open source community. The bugs
    are old. They are not BSD specific(except 2).
    Anybody running BSD probably knows his or her
    stuff and checks security problems on a regular
    basis.
    Sounds like the writer needed some lunch money.
    O'Reilly must be really hard up.
    Unlike Microsoft the open source community embraces
    its faults and posts every single bug and security
    threat as soon as ANYONE finds a problem. The
    reason a big deal is made about problems on microsoft
    software is that the doors are closed and until
    you pay your little fee, or the problem is a threat
    to microsofts monopoly NOONE knows there
    was a problem except the blackHATS.
    Running OpenBSD here.

  4. Oh dear, my FreeBSD box is insecure... by Thornae · · Score: 4, Informative
    Better fix that:


    #cvsup /etc/cvsupfile
    #cd /usr/src
    #make buildworld
    #make installworld

    There. I feel much safer now.

    --
    |>
    Here be Dragons
    1. Re:Oh dear, my FreeBSD box is insecure... by OpperNerd · · Score: 3, Informative

      should be

      #cvsup /etc/cvsupfile
      #cd /usr/src
      #make buildworld
      #make buildkernel && make installkernel
      #mergemaster
      #make installworld

      --
      -- unix is for people without a social life - Patrick van Eijk
  5. Re:Lame Article by smnolde · · Score: 2, Informative

    Perhaps I made myself unclear by leaving a word out. My original statement should have read to the effecct that "debian is little more than a kernel away from being FreeBSD...".

    I was trying to complement the debian project since I've heard so many good things about it's automation and package management. At the same time, I believe it's the FreeBSD of the GNU/Linux world.

    I still like FreeBSD and will desperately avoid having to administer a RedHat box again.

  6. I have seen the light www.gentoo.org by Anonymous Coward · · Score: 1, Informative

    www.gentoo.org

  7. Re:Almost forgot... by ChocoboKnight · · Score: 3, Informative

    Everybody should try "man jail". A chroot on steroids, go on, try it. You won't be disappointed.