Section: .. / UNIX / patches /
| /// File Name: |
pspa-2.4.10-9.tar.gz |
Description:
|
The Linux Port/Socket Pseudo ACLs project is a patch to Linux kernel v2.4 which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
| | Homepage: | http://original.killa.net/infosec/acls | | Changes: | Ported to kernel v2.4.10, some bugs were fixed, and a "make config" warning when packet socket is modular has been added. | | File Size: | 5614 | | Last Modified: | Sep 27 01:25:05 2001 |
| MD5 Checksum: | 99b0fe735c0465b02dbca45959674732 |
|
| /// File Name: |
pspa-2.4.9-6.tar.gz |
Description:
|
The Linux Port/Socket Pseudo ACLs project is a patch to Linux kernel v2.4 which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
| | Homepage: | http://original.killa.net/infosec/acls | | Changes: | Kernel 2.4.9 is supported. | | File Size: | 5503 | | Last Modified: | Aug 17 19:27:41 2001 |
| MD5 Checksum: | c4d3d6221bf3d0b6df18ae41d59f4441 |
|
| /// File Name: |
ippersonality-20010724-2.4.7.tar.gz |
Description:
|
The IP Personality project is a patch to Linux 2.4 kernels that adds netfilter features: it enables the emulation of other OSes at network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. The characteristics that can be changed are TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, values and order in the packet), IP ID numbers, answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland and Jean-Marc Saffroy | | Homepage: | http://ippersonality.sourceforge.net | | Changes: | This release adds new manglings to fool latest versions of nmap (2.54BETA), and has lots of code improvement. Ported to kernel v2.4.7. | | File Size: | 150069 | | Last Modified: | Jul 29 05:22:40 2001 |
| MD5 Checksum: | 47004368805cffd9ff53ac4079961c9b |
|
| /// File Name: |
rpcinfo-diff |
Description:
|
rpcinfo-diff is a patch for the netkit version 0.17 rpc package, allowing a target port to be set for rpcinfo. This is useful for targeting older sun machines, which run rpcbind on a udp port greater than 32770.
| | Author: | Spaceork | | Homepage: | http://www.dhp.com/~spaceork | | File Size: | 2382 | | Last Modified: | Jul 19 19:50:49 2001 |
| MD5 Checksum: | fea8d8026f341ea193f4024849a66861 |
|
| /// File Name: |
tcsh-bofh-6.10-0.0.1.tar.gz |
Description:
|
Tcsh-bofh is a patch to provide true BOFH log functions to tcsh 6.10. Features the ability to log all commands to syslog.
| | Author: | EF | | Homepage: | http://www.ccitt5.net | | Changes: | Loglevel and logfacility configurable through --with-bofh-loglevel and --with-bofh-logfacility. split-userlog utility included to split the generated logfile into $USERNAME.log files for each user. | | File Size: | 6736 | | Last Modified: | May 30 14:50:03 2001 |
| MD5 Checksum: | e76964a6bf0144666179eca94ef2623d |
|
| /// File Name: |
bash-bofh-2.05-0.0.1.tar.gz |
Description:
|
Bash-bofh is a patch to provide true BOFH log functions to bash 2.05. Features the ability to log all commands to syslog.
| | Author: | EF | | Homepage: | http://www.ccitt5.net | | Changes: | Loglevel and logfacility configurable through --with-bofh-loglevel and --with-bofh-logfacility. split-userlog utility included to split the generated logfile into $USERNAME.log files for each user. | | File Size: | 18361 | | Last Modified: | May 30 14:48:31 2001 |
| MD5 Checksum: | c12e922de63d450b15d2e26d2987beb2 |
|
| /// File Name: |
hap-linux-2.2.19-3.diff.gz |
Description:
|
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
| | Homepage: | http://www.doutlets.com/downloadables/hap.phtml | | Changes: | A fix for a compile bug on non-x86 platforms, and a fix for weakening hardlink restrictions when CONFIG_SECURE_NOTSOMUCH is enabled. | | File Size: | 12838 | | Last Modified: | May 8 19:29:13 2001 |
| MD5 Checksum: | 4e90fc9810ee92e68a3b4af18b6dd0b1 |
|
| /// File Name: |
openssh-2.5.2p2+SecurID_v1.patch.gz |
Description:
|
This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
| | Homepage: | http://www.omniti.com/~jesus/projects | | Changes: | This release includes fixes for next token handling code. The patch is for OpenSSH 2.5.2p2. | | File Size: | 26678 | | Last Modified: | Apr 24 21:22:14 2001 |
| MD5 Checksum: | 82009d8962cffb0484ca6ba6fb992261 |
|
| /// File Name: |
MSEC.single-user.patch.pkg.sit |
Description:
|
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup. The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups. If you have any questions check our website at http://www.msec.net or email support[at]msec.net.
| | Author: | Marukka Der Inhaber | | Homepage: | http://www.msec.net | | File Size: | 54251 | | Last Modified: | Apr 24 20:33:05 2001 |
| MD5 Checksum: | 0baf8d8626527794ad26e2e0ee0aa5ce |
|
| /// File Name: |
linux-2.2.19-sf1.tar.gz |
Description:
|
Linux Kernel Patch from the segfault.net project - This patch for kernel v2.2.19 allows you to specify GID's which are allowed to bind to each interface. This patch could be very useful for shell providers or admins who wants to restrict the using of more interfaces.
| | Author: | Andi | | Homepage: | http://segfault.net | | File Size: | 7446 | | Last Modified: | Apr 16 20:52:27 2001 |
| MD5 Checksum: | 32dfda21cd473387d033e608e02230ed |
|
| /// File Name: |
res.c.diff |
Description:
|
Patch to the UnrealIRCD v3.1.1 which fixes a bug allowing users to dump the DNS cache, defeating hostname masking.
| | Author: | Ph3wl | | File Size: | 802 | | Last Modified: | Apr 9 01:35:20 2001 |
| MD5 Checksum: | 93cdba367c2fddcdc787ef24333d8ac4 |
|
| /// File Name: |
rfc1323.patch |
Description:
|
OpenBSD 2.7/2.8 patch which causes the timestamp to start at 0 for each connection, confusing nmap's remote uptime guess.
| | Author: | Ted | | Homepage: | http://heorot.stanford.edu/ | | File Size: | 3384 | | Last Modified: | Mar 16 21:45:03 2001 |
| MD5 Checksum: | 6c0dbc55eb5d6004e4bf7a83b0a3ed7e |
|
| /// File Name: |
hap-linux-2.0.38-5.diff.gz |
Description:
|
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
| | Homepage: | http://www.doutlets.com/downloadables/hap.phtml | | Changes: | Minor security fixes - ioctl protections in chroot, and other bug fixes. | | File Size: | 10959 | | Last Modified: | Feb 21 17:12:19 2001 |
| MD5 Checksum: | e3fe345fa59e5f5835a785154ce25880 |
|
| /// File Name: |
hap-linux-2.2.18-4.diff.gz |
Description:
|
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
| | Homepage: | http://www.doutlets.com/downloadables/hap.phtml | | Changes: | Minor security fixes - ioctl protections in chroot, and other bug fixes. | | File Size: | 11930 | | Last Modified: | Feb 21 17:10:43 2001 |
| MD5 Checksum: | bec6b72aff70d0ac802b89a593af4ea5 |
|
| /// File Name: |
hap-linux-2.2.18-2.diff.gz |
Description:
|
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
| | Homepage: | http://www.doutlets.com/downloadables/hap.phtml | | File Size: | 11346 | | Last Modified: | Feb 6 15:39:45 2001 |
| MD5 Checksum: | 631921ff0e6e194844a7b3caa0221aff |
|
| /// File Name: |
ctk-adm-dns-chroot-0.2.tar.bz2 |
Description:
|
Ctk-adm-dns-chroot creates the minimum file structure needed to run bind as a chrooted unprivileged user.
| | Homepage: | http://sourceforge.net/projects/ctk-dns-chroot | | Changes: | More transparent chroot installation without compromising security. | | File Size: | 16838 | | Last Modified: | Jan 15 01:58:48 2001 |
| MD5 Checksum: | 2b36125f9267efe8187df25aeff81bc1 |
|
| /// File Name: |
gnupg-1.0.4.security-patch1.diff |
Description:
|
Patch for GnuPG v1.04 to fix the signature verification vulnerability which can easily lead to false positives.
| | Homepage: | http://www.gnupg.org | | File Size: | 4961 | | Last Modified: | Dec 22 00:33:59 2000 |
| MD5 Checksum: | 5ecf97501eeaa8b8feef1d0a63747657 |
|
| /// File Name: |
ftpd.c |
Description:
|
OpenBSD ftpd unofficial patch - The patch released to remedy the problem with the 1 byte overflow problem was junk, to remedy i recoded the original ftpd.c file with the fix. This takes the bite out of fixing this problem. Replace the original ftpd.c with this and recompile.
| | Author: | Malicious Code | | Homepage: | http://www.teamvirus.net | | File Size: | 62388 | | Last Modified: | Dec 21 18:29:15 2000 |
| MD5 Checksum: | f71cc0a7ea0094aedbc7e4ade631f83e |
|
| /// File Name: |
linux-2.2.18-stealth1.diff |
Description:
|
The Stealth Kernel Patch for Linux v2.2.18 makes the linux kernel discard the packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Does a very good job of confusing nmap and queso.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Fixed 2.2->2.4 connectivity problems and ported to kernel 2.2.18. | | File Size: | 17836 | | Last Modified: | Dec 20 16:03:03 2000 |
| MD5 Checksum: | a0a77e93859e7bd2b2dba329fc459516 |
|
| /// File Name: |
rna.tar.gz |
Description:
|
RNA (Resources Not for All) is a collection of security improvements for FreeBSD 4.0-Release. Features a restricted kernel process table, restricted /proc filesystem, and restricted who/w/last.
| | Author: | Yeti | | Homepage: | ftp://ftp.eth-security.net/pub | | File Size: | 8063 | | Last Modified: | Oct 4 20:45:52 2000 |
| MD5 Checksum: | 96d3a6af33fdf84af236852660f29026 |
|
| /// File Name: |
longdate.fix.txt |
Description:
|
Instructions for Sendmail and Postfix to stop messages with long Date: headers.
| | Author: | Koos van den Hout and Mark Lastdrager. | | File Size: | 2331 | | Last Modified: | Jul 24 23:02:56 2000 |
| MD5 Checksum: | 7ed0c8340998a6071f42c7cd6a464fde |
|
| /// File Name: |
sirc.tar.gz |
Description:
|
Secure BitchX - Patches and instructions which allow you to run BitchX in a chrooted environment.
| | Author: | Naif | | Homepage: | http://naif.itapac.net | | File Size: | 6326 | | Last Modified: | Jul 6 18:58:04 2000 |
| MD5 Checksum: | c8ad597782ee4728a4d1411ced349cdf |
|
| /// File Name: |
bash.security.patch.tgz |
Description:
|
Patch for Bash 2.02 and 2.03 which will log all user commands to /var/log/histories/(name), Disallow and log execution attempts when uid != euid, and sets a limit on the highest UID that can run the shell.
| | Author: | Odin | | Homepage: | http://ojnk.sourceforge.net | | File Size: | 12774 | | Last Modified: | Jul 4 00:02:42 2000 |
| MD5 Checksum: | b45e2f1613f3e75e1a411ddde2bafe41 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
