From owner-freebsd-security Fri Dec 3 7:34: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.wzrd.com (mail.wzrd.com [206.99.165.3]) by hub.freebsd.org (Postfix) with ESMTP id 5D64614A1B for ; Fri, 3 Dec 1999 07:33:59 -0800 (PST) (envelope-from danh@wzrd.com) Received: by mail.wzrd.com (Postfix, from userid 91) id 5FB085D026; Fri, 3 Dec 1999 10:33:53 -0500 (EST) Subject: Re: Other outstanding vulnerabilities In-Reply-To: <3.0.5.32.19991202154308.01bc93c0@staff.sentex.ca> from Mike Tancsa at "Dec 2, 1999 3:43: 8 pm" To: mike@sentex.net (Mike Tancsa) Date: Fri, 3 Dec 1999 10:33:53 -0500 (EST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1198 Message-Id: <19991203153353.5FB085D026@mail.wzrd.com> From: danh@wzrd.com (Dan Harnett) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, It has been my experience that the setsockopt() DoS can be avoided by setting NMBCLUSTERS to a reasonably high level and setting a limit on the number of file descriptors that any given user can use (be it through the shell or through /etc/login.conf). I realize this is not a fix, but it seems to work until there is a fix available. Dan Harnett > > While on the topic of vulnerabilities etc, has there been any progress on > these two DoSes ? > > http://www.securityfocus.com/vdb/bottom.html?vid=622 > http://www.securityfocus.com/vdb/bottom.html?vid=526 > > they are the setsockopt() and mmap DoSes... There was talk of the mmap > being patched up in Current, but I havent seen anything official. Bugtraq > still lists all versions of FreeBSD vulnerable. > > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message