Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Operating Systems BSD

Vulnerabilities in FreeBSD 63

flynn_nrg writes: "O'Reilly has an interesting article about vulnerabilities in common programs found on most FreeBSD boxes. From the article: "Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at buffer overflows in OpenSSH, Squid, Listar/Ecartis, slrnpull, and IRIX's syslogd; problems in Sudo, MHonArc, and Mosix; and a local root hole and denial-of-service attack vulnerability in FreeBSD.""
This discussion has been archived. No new comments can be posted.

Vulnerabilities in FreeBSD

Comments Filter:
  • by rsidd ( 6328 ) on Wednesday May 01, 2002 @12:27PM (#3444230)
    The article covered two vulnerabilities specific to FreeBSD, a few in third party programs which apply to all platforms (the article itself makes no reference to FreeBSD), and some vulnerabilities (mosix, IRIX syslogd) which are specific to other platforms (Linux and IRIX respectively) and have nothing whatever to do with FreeBSD
    So how does that make it an article on FreeBSD vulnerabilities?
    • I'm thinking the "BSD Is Dying" trolls bribed the /. editors to put this up.

    • The title is 100% FUD. It might as well have been titled "All nixes full of security holes. MS to make $$$. It is not the kind of thing I expect out of O'Rielly. I am also surprised it was posted here on /. The article is out of date relative to the fixes. It would be one thing if after all this time, there were still no fixes. I think the article should be pulled from /. it is of no value. Anyone who manages a system should have fixes the mentioned problems long ago. It was just a catchy title with no thought or substance.
  • please ... (Score:3, Informative)

    by Anonymous Coward on Wednesday May 01, 2002 @01:33PM (#3444785)
    what timothy forgot to mention is that the freebsd group had already released patches before posting this article. i guess he could have actually gone out and checked, but alas, this is /. ... home of editors that don't give a shit

    go on, mod me down
  • Lame Article (Score:5, Insightful)

    by smnolde ( 209197 ) on Wednesday May 01, 2002 @04:34PM (#3446356) Homepage
    Gee, just two FreeBSD vulnerabilities in that article.... I run several FreeBSD workstations and servers and neither of them would be affected because it's easy to workaround those problems and equally simple to track -STABLE.

    Ever get into rpm hell on a redhat box? Debian might be a little better, but still, Debian is barely more than a kernel from being FreeBSD. FreeBSD is infinitely simpler to tailor to your needs and manage than any other *nix system I've tried.

    This article doesn't discourage me a bit, since fixes for the mentioned vulnerabilities were available so soon after the announcements. I absolutely love FreeBSD for all me needs and encourage other to install and learn it.
    • Re:Lame Article (Score:3, Informative)

      by Anonymous Coward
      Its kind of sad that so few people seem to
      understand the open source community. The bugs
      are old. They are not BSD specific(except 2).
      Anybody running BSD probably knows his or her
      stuff and checks security problems on a regular
      basis.
      Sounds like the writer needed some lunch money.
      O'Reilly must be really hard up.
      Unlike Microsoft the open source community embraces
      its faults and posts every single bug and security
      threat as soon as ANYONE finds a problem. The
      reason a big deal is made about problems on microsoft
      software is that the doors are closed and until
      you pay your little fee, or the problem is a threat
      to microsofts monopoly NOONE knows there
      was a problem except the blackHATS.
      Running OpenBSD here.
    • by Anonymous Coward
      www.gentoo.org
  • wow... (Score:4, Interesting)

    by tcc ( 140386 ) on Thursday May 02, 2002 @12:32AM (#3448561) Homepage Journal
    only 2?

    Heck, I'm waiting for my Service pack 3 for win2k to apply the 14 pages of hotfix and security patch automatically to my newer systems without having to reload the windowsupdate/rebooting 3 times (explorer 5.5sp2, reboot, security roolup jan 2002, reboot and finally the critical, and that doesn't include post-sp2 hotfixes that aren't "critical").

    No wonder I am considering FreeBSD for my email server, yeah it'll need maintenance and security, yes I hate the overhead and everything is so much simpler in windows, that I have to give it to microsoft, but GOD, I don't want to reboot a zillion time after applying patches every week, heck, I don't want to apply patches every week :).

  • by Anonymous Coward on Thursday May 02, 2002 @06:50AM (#3449537)
    It is official; Netcraft confirms: *BSD is living!

    Another piece of great news hit the already prosperous *BSD community when IDC confirmed that *BSD market share has risen yet again, now up to more than of 18 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has gained more market share, this news serves to reinforce what we've known all along. *BSD is growing in complete unity, as fittingly exemplified by coming dead first [samag.com] in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin [amdest.com] [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a superb future. In fact there will be a wonderful future for *BSD because *BSD is living. Things are looking very good for *BSD. As many of us are already aware, *BSD continues to gain market share. Black ink flows like a river of cash. FreeBSD is the most successful of them all, having acquired 93% more core developers.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 70000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 2 to 1. Therefore there are about 70000/2 = 35000 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 15000 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (70000+35000+7000)*4 = 448000 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the success of Walnut Creek, excellent sales and so on, FreeBSD became a viable business and was taken over by BSDI who sell another popular OS. Now BSDI is also growing, its success acquired by yet another software house.

    All major surveys show that *BSD has steadily increased in market share. *BSD is very strong and its long term survival prospects are very good. If *BSD is to keep growing it will be among those who appreciate solid, fast and well-engineered OSes. *BSD continues to succeed. Nothing short of a miracle could kill it at this point in time. For all practical purposes, *BSD is here for good.

    Fact: *BSD is living


    • Dear God, this is the funniest thing I've ever read in my entire life, so help me Theo.

      Although I post this from a Linux box, I had to take a moment to gaze fondly upon my OpenBSD server in the corner :).

      I'm only torn on whether this should be "+5 Funny" or "+5 Insightful". Truly a prime example of geek wit at its finest, in any event...

  • by Thornae ( 53316 ) on Thursday May 02, 2002 @07:45AM (#3449766)
    Better fix that:


    #cvsup /etc/cvsupfile
    #cd /usr/src
    #make buildworld
    #make installworld

    There. I feel much safer now.

  • The patch to fix the IRIX problem was included in the standard IRIX maintenance patches that were released 18 months ago. I would hope if someone had a system on the internet they would patch it more often than every 18 months.

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...