Vulnerabilities in FreeBSD

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday May 1, 2002 @05:10AM from the finding-and-plugging dept.

flynn_nrg writes: "O'Reilly has an interesting article about vulnerabilities in common programs found on most FreeBSD boxes. From the article: "Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in OpenSSH, Squid, Listar/Ecartis, slrnpull, and IRIX's syslogd; problems in Sudo, MHonArc, and Mosix; and a local root hole and denial-of-service attack vulnerability in FreeBSD.""

16 of 63 comments (clear)

Min score:

Reason:

Sort:

Re:A real treatment of why this is true. by PD · 2002-05-01 05:24 · Score: 2

Hmmm. Let me consider that again. Yup. I am quite sure that it WAS a troll. Besides the overused of the bold tag, the author used the word Berzerkeley. Definitely a troll.

In any case, a few security bugs can't kill an OS. Windows would be dead a hundred times if that were true.

--
If tits were wings it'd be flying around.
FreeBSD vulnerabilities? by rsidd · 2002-05-01 05:27 · Score: 5, Insightful

The article covered two vulnerabilities specific to FreeBSD, a few in third party programs which apply to all platforms (the article itself makes no reference to FreeBSD), and some vulnerabilities (mosix, IRIX syslogd) which are specific to other platforms (Linux and IRIX respectively) and have nothing whatever to do with FreeBSD
So how does that make it an article on FreeBSD vulnerabilities?
1. Re:FreeBSD vulnerabilities? by JoeWalsh · 2002-05-01 05:54 · Score: 3, Funny
  
  I'm thinking the "BSD Is Dying" trolls bribed the /. editors to put this up.
2. Re:FreeBSD vulnerabilities? by rakjr · 2002-05-01 07:34 · Score: 3, Informative
  
  The title is 100% FUD. It might as well have been titled "All nixes full of security holes. MS to make $$$. It is not the kind of thing I expect out of O'Rielly. I am also surprised it was posted here on /. The article is out of date relative to the fixes. It would be one thing if after all this time, there were still no fixes. I think the article should be pulled from /. it is of no value. Anyone who manages a system should have fixes the mentioned problems long ago. It was just a catchy title with no thought or substance.
  
  --
  In a place beyond time and space, in a land far better than this, look for me there...
please ... by Anonymous Coward · 2002-05-01 06:33 · Score: 3, Informative

what timothy forgot to mention is that the freebsd group had already released patches before posting this article. i guess he could have actually gone out and checked, but alas, this is /. ... home of editors that don't give a shit

go on, mod me down
Lame Article by smnolde · 2002-05-01 09:34 · Score: 5, Insightful

Gee, just two FreeBSD vulnerabilities in that article.... I run several FreeBSD workstations and servers and neither of them would be affected because it's easy to workaround those problems and equally simple to track -STABLE.

Ever get into rpm hell on a redhat box? Debian might be a little better, but still, Debian is barely more than a kernel from being FreeBSD. FreeBSD is infinitely simpler to tailor to your needs and manage than any other *nix system I've tried.

This article doesn't discourage me a bit, since fixes for the mentioned vulnerabilities were available so soon after the announcements. I absolutely love FreeBSD for all me needs and encourage other to install and learn it.
1. Re:Lame Article by Anonymous Coward · 2002-05-01 15:48 · Score: 3, Informative
  
  Its kind of sad that so few people seem to
  understand the open source community. The bugs
  are old. They are not BSD specific(except 2).
  Anybody running BSD probably knows his or her
  stuff and checks security problems on a regular
  basis.
  Sounds like the writer needed some lunch money.
  O'Reilly must be really hard up.
  Unlike Microsoft the open source community embraces
  its faults and posts every single bug and security
  threat as soon as ANYONE finds a problem. The
  reason a big deal is made about problems on microsoft
  software is that the doors are closed and until
  you pay your little fee, or the problem is a threat
  to microsofts monopoly NOONE knows there
  was a problem except the blackHATS.
  Running OpenBSD here.
2. Re:Lame Article by smnolde · 2002-05-02 07:18 · Score: 2, Informative
  
  Perhaps I made myself unclear by leaving a word out. My original statement should have read to the effecct that "debian is little more than a kernel away from being FreeBSD...".
  
  I was trying to complement the debian project since I've heard so many good things about it's automation and package management. At the same time, I believe it's the FreeBSD of the GNU/Linux world.
  
  I still like FreeBSD and will desperately avoid having to administer a RedHat box again.
wow... by tcc · 2002-05-01 17:32 · Score: 4, Interesting

only 2?

Heck, I'm waiting for my Service pack 3 for win2k to apply the 14 pages of hotfix and security patch automatically to my newer systems without having to reload the windowsupdate/rebooting 3 times (explorer 5.5sp2, reboot, security roolup jan 2002, reboot and finally the critical, and that doesn't include post-sp2 hotfixes that aren't "critical").

No wonder I am considering FreeBSD for my email server, yeah it'll need maintenance and security, yes I hate the overhead and everything is so much simpler in windows, that I have to give it to microsoft, but GOD, I don't want to reboot a zillion time after applying patches every week, heck, I don't want to apply patches every week :).

--
--- Metamoderating abusive downgraders since my 300th post.
1. Re:wow... by DrSkwid · 2002-05-01 19:03 · Score: 2
  
  overhead?
  
  nah mate, I never even touch mine
  
  uptime :
  7:03AM up 36 days, 16:49, 5 users
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
*BSD is living by Anonymous Coward · 2002-05-01 23:50 · Score: 5, Funny

It is official; Netcraft confirms: *BSD is living!
Another piece of great news hit the already prosperous *BSD community when IDC confirmed that *BSD market share has risen yet again, now up to more than of 18 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has gained more market share, this news serves to reinforce what we've known all along. *BSD is growing in complete unity, as fittingly exemplified by coming dead first in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a superb future. In fact there will be a wonderful future for *BSD because *BSD is living. Things are looking very good for *BSD. As many of us are already aware, *BSD continues to gain market share. Black ink flows like a river of cash. FreeBSD is the most successful of them all, having acquired 93% more core developers.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 70000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 2 to 1. Therefore there are about 70000/2 = 35000 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 15000 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (70000+35000+7000)*4 = 448000 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the success of Walnut Creek, excellent sales and so on, FreeBSD became a viable business and was taken over by BSDI who sell another popular OS. Now BSDI is also growing, its success acquired by yet another software house.
All major surveys show that *BSD has steadily increased in market share. *BSD is very strong and its long term survival prospects are very good. If *BSD is to keep growing it will be among those who appreciate solid, fast and well-engineered OSes. *BSD continues to succeed. Nothing short of a miracle could kill it at this point in time. For all practical purposes, *BSD is here for good.
Fact: *BSD is living
Oh dear, my FreeBSD box is insecure... by Thornae · 2002-05-02 00:45 · Score: 4, Informative

Better fix that:

#cvsup /etc/cvsupfile
#cd /usr/src
#make buildworld
#make installworld

There. I feel much safer now.

--
|>
Here be Dragons
1. Re:Oh dear, my FreeBSD box is insecure... by OpperNerd · 2002-05-02 07:39 · Score: 3, Informative
  
  should be
  
  #cvsup /etc/cvsupfile
  #cd /usr/src
  #make buildworld
  #make buildkernel && make installkernel
  #mergemaster
  #make installworld
  
  --
  -- unix is for people without a social life - Patrick van Eijk
Almost forgot... by Thornae · 2002-05-02 00:51 · Score: 2

Nearly missed one of the other vulns on the list.

#portupgrade sudo

Now I'm done.

(Not that I use sudo, but it's there for completeness)

--
|>
Here be Dragons
1. Re:Almost forgot... by ChocoboKnight · 2002-05-07 04:39 · Score: 3, Informative
  
  Everybody should try "man jail". A chroot on steroids, go on, try it. You won't be disappointed.
Re:Linux has becoming more and more unstable by Shanep · 2002-05-15 14:00 · Score: 2

The average user of FreeBSD does'nt really care about GUI speed.

My smb/afp/lpd/web proxy server runs FreeBSD. Suffice to say, it does not even have a video card, mouse or even keyboard for that matter.

However, does your video card require AGP extensions to opperate at full speed in XF86?

--
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?