HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
8afc8f239df57d7e59887fc1c7a662a5e5cd9b87c22db29ea11bae50881dc1ceThis patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
8c85de6b8d937a46c60b6fad37711f51d73f43cd096bed407e03d37ddd76ffe9The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup. The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups. If you have any questions check our website at http://www.msec.net or email support@msec.net.
608ab66a3bdace92d180a2bce3e621367db4fbed4a386c2c3d85293c863151afLinux Kernel Patch from the segfault.net project - This patch for kernel v2.2.19 allows you to specify GID's which are allowed to bind to each interface. This patch could be very useful for shell providers or admins who wants to restrict the using of more interfaces.
0ab604f42e9c8656bf07b1286bd56f0d7f1d756a9d7ffda62764507085a0e115Patch to the UnrealIRCD v3.1.1 which fixes a bug allowing users to dump the DNS cache, defeating hostname masking.
0e08b97aacda2e44609a1dbf551355b759789472323a04cfdcfa978c6f898374OpenBSD 2.7/2.8 patch which causes the timestamp to start at 0 for each connection, confusing nmap's remote uptime guess.
9f8d780d338bfcf9705e50d5403172b5cecfa21ac94b2d592238d13110f33a83HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
26e213583a40c8da84ee0f58e090065625adfafc3bb4fe27bbc33426328f874fHAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
e4308abac01e5491aacb30967a7fd233944e2cd1fe0c9cce3558b119b04f5382HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
1ec3f85589533a855813a3831a0426e8c5df488ec2e2d29e74188b4d63c9dd09Ctk-adm-dns-chroot creates the minimum file structure needed to run bind as a chrooted unprivileged user.
d0892e3bbb07cddf13eba6857fe2725f1058bd0e138e2605f6b0495deb59da3dPatch for GnuPG v1.04 to fix the signature verification vulnerability which can easily lead to false positives.
81673aa4b233497ea537475462b2a2d09fdd7a1b1b86e3fd833f5e1c7b3b3ba7OpenBSD ftpd unofficial patch - The patch released to remedy the problem with the 1 byte overflow problem was junk, to remedy i recoded the original ftpd.c file with the fix. This takes the bite out of fixing this problem. Replace the original ftpd.c with this and recompile.
f19e7b22d424c83f3307f0c01b0a5fb8088df00d3f3e6247a3a9fa902f059d43RNA (Resources Not for All) is a collection of security improvements for FreeBSD 4.0-Release. Features a restricted kernel process table, restricted /proc filesystem, and restricted who/w/last.
c7c37a44e6fc5bf549d0598c968459e42cd545344043a6cab341a3513b51e48eInstructions for Sendmail and Postfix to stop messages with long Date: headers.
0a78732b5488a64a94bdb50e95db3aa08911ecb7b7737f1988d5d3fc12311f30Bind-8.2.2P5 patch which logs all bind version requests to syslog.
8f2aee92d405daba443d0178423cc93d73c437944166a54146dfe95825fd2a6eSecure BitchX - Patches and instructions which allow you to run BitchX in a chrooted environment.
32ff28b7d431ce94eb1c3848887b9989495b40566b22a017b01c222e880561b8Patch for Bash 2.02 and 2.03 which will log all user commands to /var/log/histories/(name), Disallow and log execution attempts when uid != euid, and sets a limit on the highest UID that can run the shell.
a6b294895fa7688a2df91f6d204db1e74bb9c4584284bb32a4703d9d68a84cd9Patch for wu-ftpd 2.6.0 to protect against the recent remote exploits. This was put together by MIT Information Systems as a stopgap until the wu-ftpd developers come up with an official fix.
a84057119accc24e45fd62bf82d749599c2a358dc5572038a8ef720ee3ca1f58Unofficial FreeBSD patch to drop all ICMP packets with a size greater than 8,184 bytes.
a71b3b0b939c6e6d229c913bdca2f7e3ed0bb6df6f34dbc1a979de1a4e7a4f16Unofficial FreeBSD patchfile with recommended unused bit attack patch from LigerTeam.
bd4b03760419f88ad3e8c031f8c9e3f2f739d9d5a86f4e8719b6f93466529135Unofficial FreeBSD patch to drop all TCP packets with a sequence and/or acknowledgement number of 0.
bddfb3e361bb24d9627c76791fcc131730673d50ed341fc805e404d50e389e7fAlpha patch for FreeBSD that randomizes the sequence numbers sent by TCP to circumvent connection hijacking and/or spoofed connections (3-way handshake acheived by guessing sequence numbers).
ab5c71478fa83d7120ef65390ec11a21f1ec6c3dee83be9dcba8edf4dd6bf895Patch for tcp_input.c in FreeBSD in response to stream.c/raped.c.
7d2e64495b07163ff141ebd639ee1e8b8b1f20967e0d3a890b09919bbe58fa35Secure Sunos shell script. Disables a few commonly exploited holes.
322c583635c8fbd0e1b5abdf4a0e7777cc242083eecc4248c2fff3b71da1ffb2exploit.dat
57e5fbf6ca32ad081d91cfc6767c1ee1377f30ee8605c283ec914b50cbdab509
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed