<Security Alert>
Summary:
A race condition in Sudo's command pathname handling prior
to Sudo version 1.6.8p9 that could allow a user with Sudo
privileges to run arbitrary commands.
Sudo versions affected:
Sudo versions 1.3.1 up to and including 1.6.8p8.
</Security Alert>
More information about this incident available at:
http://www.sudo.ws/sudo/alerts/path_race.html
- Improve the last couple of entries a bit:
- Whilespace cleanup.
- Use standard topic format (port name first, then description
starting with lower case).
- Make sure SpamAssasin entry also match other 3.0.3 port revisions.
This is a tool that uses ARP poisoning to have a scenario
like this: we have a LAN and we want offer connectivity to every-
one coming here with his laptop for example. It could happen that
our customer has his network parameters already configured to
work correctly in his own LAN, but not working here. We can have
then this scenario:
Customer's host (10.0.0.2/8 and default gateway set to 10.0.0.1)
Our LAN (192.168.0.0/24 with real gateway 192.168.0.254).
All that we want is that our customer plugs his laptop and joins
the internet without changing nothing of his network parameters.
Here comes this tool installed in my real gw(192.168.0.254) It's
a sort of sniffer, because it sniffs broadcast ARP requests for
the gateway and answers that the gateway is itself In our example
our customer's laptop sends this request: arp who-has 10.0.0.1
tell 10.0.0.2 Now our gateway does the following: 1) Sends back
this reply to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address
2)Create the alias 10.0.0.254 (ARP is not routable so we need one
alias for each subnet that is not our one) 3)Sends itself an ARP
reply to refresh his ARP cache
It is different from proxy arp for two reasons: first it runs in
user space, then in this case we can plug machines belonging to
whatever subnet, while proxy arp is used in the case of only two
different ones.
PR: ports/79676
Submitted by: Luigi Pizzirani <sviat@opengeeks.it>
- full PAMification
- code cleanup & silmplification
- fixes (some of them will/are in 2.8.6 too).
Thomas (thomas@) has agreed to maintain it too although as the author, I may
update things with his approval from times to times.
Repocopied by: marcus
Michael Trojnara[1].
Also, add the build-time WITH_FORK, WITH_PTHREAD, and WITH_UCONTEXT knobs
to control the stunnel threading model used, based on Vasil Dimov's PR's
with some modifications [2].
While I'm here, add in a <sys/types.h> inclusion that seems to be needed
for <ucontext.h> at least on FreeBSD 6.0/sparc64.
Reported by: many
Pointy hat to: roam (myself) for both not noticing this and then letting
it linger for a while
Obtained from: Michael Trojnara's BSD patch from
<53594c631989fde6ca0bdb3435b93dfe@mirt.net> [1]
PR: 81289, 82202 [2]
Submitted by: Vasil Dimov
+ add devel/p5-PathTools, remove devel/p5-File-Spec
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
module was renamed
* reflect renaming on CPAN PodParser to Pod-Parser
+ add textproc/p5-Pod-Parser, remove textproc/p5-PodParser
+ update dependencies for all affected ports (make them unconditional),
bump PORTREVISION for these ports
* for all changed ports make dependencies on File::Temp, Digest::MD5,
Storable unconditional
* remove 'CONFIGURE_ARGS= INSTALLDIRS=site' from Makefile's
(this variable is forced by bsd.port.mk now)
* update Class-Autouse to 1.17
* update POE-API-Hooks to 1.05
* make portlint happy (clean IGNORE, convert spaces to tabs and so on)
- add a CFS bootstrap directory to the port (${PREFIX}/cfsd-bootstrap)
- mount that CFS bootstrap directory in cfsd.sh (default mountpoint is /crypt,
configurable in /etc/rc.conf)
- explain how to quickly setup cfsd in pkg-message
- do display pkg-message
- while here, use USE_RC_SUBR
PR: ports/18800
Submitted by: Louis Mamakos <louie@TransSys.COM>, myself
Approved by: green (maintainer)
Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery.
PR: ports/77426
Submitted by: Paul Schmehl
Approved by: nectar (mentor)
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
writing
