Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerabilities in FreeBSD

Posted by timothy on from the finding-and-plugging dept.

flynn_nrg writes: "O'Reilly has an interesting article about vulnerabilities in common programs found on most FreeBSD boxes. From the article: "Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in OpenSSH, Squid, Listar/Ecartis, slrnpull, and IRIX's syslogd; problems in Sudo, MHonArc, and Mosix; and a local root hole and denial-of-service attack vulnerability in FreeBSD.""

5 of 63 comments (clear)

  1. FreeBSD vulnerabilities? by rsidd · · Score: 5, Insightful

    The article covered two vulnerabilities specific to FreeBSD, a few in third party programs which apply to all platforms (the article itself makes no reference to FreeBSD), and some vulnerabilities (mosix, IRIX syslogd) which are specific to other platforms (Linux and IRIX respectively) and have nothing whatever to do with FreeBSD
    So how does that make it an article on FreeBSD vulnerabilities?

  2. Lame Article by smnolde · · Score: 5, Insightful

    Gee, just two FreeBSD vulnerabilities in that article.... I run several FreeBSD workstations and servers and neither of them would be affected because it's easy to workaround those problems and equally simple to track -STABLE.

    Ever get into rpm hell on a redhat box? Debian might be a little better, but still, Debian is barely more than a kernel from being FreeBSD. FreeBSD is infinitely simpler to tailor to your needs and manage than any other *nix system I've tried.

    This article doesn't discourage me a bit, since fixes for the mentioned vulnerabilities were available so soon after the announcements. I absolutely love FreeBSD for all me needs and encourage other to install and learn it.

  3. wow... by tcc · · Score: 4, Interesting

    only 2?

    Heck, I'm waiting for my Service pack 3 for win2k to apply the 14 pages of hotfix and security patch automatically to my newer systems without having to reload the windowsupdate/rebooting 3 times (explorer 5.5sp2, reboot, security roolup jan 2002, reboot and finally the critical, and that doesn't include post-sp2 hotfixes that aren't "critical").

    No wonder I am considering FreeBSD for my email server, yeah it'll need maintenance and security, yes I hate the overhead and everything is so much simpler in windows, that I have to give it to microsoft, but GOD, I don't want to reboot a zillion time after applying patches every week, heck, I don't want to apply patches every week :).

    --
    --- Metamoderating abusive downgraders since my 300th post.
  4. *BSD is living by Anonymous Coward · · Score: 5, Funny
    It is official; Netcraft confirms: *BSD is living!

    Another piece of great news hit the already prosperous *BSD community when IDC confirmed that *BSD market share has risen yet again, now up to more than of 18 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has gained more market share, this news serves to reinforce what we've known all along. *BSD is growing in complete unity, as fittingly exemplified by coming dead first in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a superb future. In fact there will be a wonderful future for *BSD because *BSD is living. Things are looking very good for *BSD. As many of us are already aware, *BSD continues to gain market share. Black ink flows like a river of cash. FreeBSD is the most successful of them all, having acquired 93% more core developers.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 70000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 2 to 1. Therefore there are about 70000/2 = 35000 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 15000 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (70000+35000+7000)*4 = 448000 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the success of Walnut Creek, excellent sales and so on, FreeBSD became a viable business and was taken over by BSDI who sell another popular OS. Now BSDI is also growing, its success acquired by yet another software house.

    All major surveys show that *BSD has steadily increased in market share. *BSD is very strong and its long term survival prospects are very good. If *BSD is to keep growing it will be among those who appreciate solid, fast and well-engineered OSes. *BSD continues to succeed. Nothing short of a miracle could kill it at this point in time. For all practical purposes, *BSD is here for good.

    Fact: *BSD is living

  5. Oh dear, my FreeBSD box is insecure... by Thornae · · Score: 4, Informative
    Better fix that:


    #cvsup /etc/cvsupfile
    #cd /usr/src
    #make buildworld
    #make installworld

    There. I feel much safer now.

    --
    |>
    Here be Dragons