[nycbug-talk] Fwd: Merry Christmas from the FreeBSD Security Team

George Rosamond george at ceetonetechnology.com
Sat Dec 24 15:54:43 EST 2011


On 12/24/11 15:04, Jesse Callaway wrote:
> telnet might be useful for running things like machinery such as a
> generator or maybe an industrial centrifuge...
> of course such things only run in a network which is properly firewalled.
> an internal private network where node based security need not be worried
> about in the first place.

Yeah, very valid point.  Mock telnet all you want, but it's still there.

Same with ftp.  Rumor has it lots of trading data moves between the 
various players by ftp.  Still.

Of course, there were other vulnerabilities revealed, like the pam and 
libc-related stuff.

I had no problem updating boxes from source with make with FreeBSD 7.x 
and 8.x, but freebsd-update seemed to bork, as I mentioned earlier, with 
libc stuff on both 7.x and 8.x.

/usr/src/lib/libc/gen/libc_dlopen.c

This 'cheat' solves it. . . but icky.

http://icesquare.com/wordpress/freebsd-updateinstalling-updates-install-usrsrcliblibcgenlibc_dlopen-c-no-such-file-or-directory/

g



More information about the talk mailing list