Slashdot Mirror
FreeBSD security Advisories: FreeBSD-SA-03:09.sign
Dan writes "FreeBSD security team has released two new advisories. The first advisory entitled "Insufficient range checking of signal numbers" could allow a malicious local user to use this vulnerability as a local denial-of-service attack. The second advisory "Kernel memory disclosure via ibcs2" could allow a malicious user to call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory containing sensitive information."
It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major marketing surveys show that *BSD has steadily declined in market share. *BSD is extremely sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dilettante dabblers. In truth, for all practical purposes *BSD is already dead. It is a dead man walking.
Fact: *BSD is dying
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major marketing surveys show that *BSD has steadily declined in market share. *BSD is extremely sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among hobbyist dilettante dabblers. In truth, for all practical purposes *BSD is already dead. It is a dead man walking.
It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major marketing surveys show that *BSD has steadily declined in market share. *BSD is extremely sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dilettante dabblers. In truth, for all practical purposes *BSD is already dead. It is a dead man walking
Here a scoop to BSDers which is just now hitting us security pro's.- 11">MSBLAST.exe</a>s _k=100547">virusInfo</a>3 -026.asp">. worm.html">worm</a>
<P> There is a first vulnerability that uses the MS Bug that MS addressed
with MS 03-026 two weeks ago. <P> It is calling itself
<a href="http://isc.sans.org/diary.html?date=2003-08
and is spreading in the wild unbelievably fast.
<P> A first advisory from McAffee has just been published --
<a href="http://us.mcafee.com/virusInfo/defa...&viru
Once it finds a vulnerable system, it will spawn a shell on port
4444 and use it to download the actual worm via tftp. The exploit itself
is very close to 'dcom.c' and so far appears to use
the "universal Win2k" offset only. <P>
In other words we need to make sure port 4444 is blocked inbound AND outbound.
<P> Of course this is in addition to the MS03-026 patch being installed which
Microsoft released two weeks ago (more info regarding the patch here --
<a href="http://www.microsoft.com/technet/tr...n/MS0
MS03-026.asp</a>. <P> Another advisory was JUST posted by Symantec:
<a href="http://www.symantec.com/avcenter/ve...aster
<P> Just thought everyone ought to know. <P> Thanks...