HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
8afc8f239df57d7e59887fc1c7a662a5e5cd9b87c22db29ea11bae50881dc1ce
This patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
8c85de6b8d937a46c60b6fad37711f51d73f43cd096bed407e03d37ddd76ffe9
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup. The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups. If you have any questions check our website at http://www.msec.net or email support@msec.net.
608ab66a3bdace92d180a2bce3e621367db4fbed4a386c2c3d85293c863151af
Linux Kernel Patch from the segfault.net project - This patch for kernel v2.2.19 allows you to specify GID's which are allowed to bind to each interface. This patch could be very useful for shell providers or admins who wants to restrict the using of more interfaces.
0ab604f42e9c8656bf07b1286bd56f0d7f1d756a9d7ffda62764507085a0e115
Patch to the UnrealIRCD v3.1.1 which fixes a bug allowing users to dump the DNS cache, defeating hostname masking.
0e08b97aacda2e44609a1dbf551355b759789472323a04cfdcfa978c6f898374
OpenBSD 2.7/2.8 patch which causes the timestamp to start at 0 for each connection, confusing nmap's remote uptime guess.
9f8d780d338bfcf9705e50d5403172b5cecfa21ac94b2d592238d13110f33a83
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
26e213583a40c8da84ee0f58e090065625adfafc3bb4fe27bbc33426328f874f
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
e4308abac01e5491aacb30967a7fd233944e2cd1fe0c9cce3558b119b04f5382
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
1ec3f85589533a855813a3831a0426e8c5df488ec2e2d29e74188b4d63c9dd09
Ctk-adm-dns-chroot creates the minimum file structure needed to run bind as a chrooted unprivileged user.
d0892e3bbb07cddf13eba6857fe2725f1058bd0e138e2605f6b0495deb59da3d
Patch for GnuPG v1.04 to fix the signature verification vulnerability which can easily lead to false positives.
81673aa4b233497ea537475462b2a2d09fdd7a1b1b86e3fd833f5e1c7b3b3ba7
OpenBSD ftpd unofficial patch - The patch released to remedy the problem with the 1 byte overflow problem was junk, to remedy i recoded the original ftpd.c file with the fix. This takes the bite out of fixing this problem. Replace the original ftpd.c with this and recompile.
f19e7b22d424c83f3307f0c01b0a5fb8088df00d3f3e6247a3a9fa902f059d43
RNA (Resources Not for All) is a collection of security improvements for FreeBSD 4.0-Release. Features a restricted kernel process table, restricted /proc filesystem, and restricted who/w/last.
c7c37a44e6fc5bf549d0598c968459e42cd545344043a6cab341a3513b51e48e
Instructions for Sendmail and Postfix to stop messages with long Date: headers.
0a78732b5488a64a94bdb50e95db3aa08911ecb7b7737f1988d5d3fc12311f30
Bind-8.2.2P5 patch which logs all bind version requests to syslog.
8f2aee92d405daba443d0178423cc93d73c437944166a54146dfe95825fd2a6e
Secure BitchX - Patches and instructions which allow you to run BitchX in a chrooted environment.
32ff28b7d431ce94eb1c3848887b9989495b40566b22a017b01c222e880561b8
Patch for Bash 2.02 and 2.03 which will log all user commands to /var/log/histories/(name), Disallow and log execution attempts when uid != euid, and sets a limit on the highest UID that can run the shell.
a6b294895fa7688a2df91f6d204db1e74bb9c4584284bb32a4703d9d68a84cd9
Patch for wu-ftpd 2.6.0 to protect against the recent remote exploits. This was put together by MIT Information Systems as a stopgap until the wu-ftpd developers come up with an official fix.
a84057119accc24e45fd62bf82d749599c2a358dc5572038a8ef720ee3ca1f58
Unofficial FreeBSD patch to drop all ICMP packets with a size greater than 8,184 bytes.
a71b3b0b939c6e6d229c913bdca2f7e3ed0bb6df6f34dbc1a979de1a4e7a4f16
Unofficial FreeBSD patchfile with recommended unused bit attack patch from LigerTeam.
bd4b03760419f88ad3e8c031f8c9e3f2f739d9d5a86f4e8719b6f93466529135
Unofficial FreeBSD patch to drop all TCP packets with a sequence and/or acknowledgement number of 0.
bddfb3e361bb24d9627c76791fcc131730673d50ed341fc805e404d50e389e7f
Alpha patch for FreeBSD that randomizes the sequence numbers sent by TCP to circumvent connection hijacking and/or spoofed connections (3-way handshake acheived by guessing sequence numbers).
ab5c71478fa83d7120ef65390ec11a21f1ec6c3dee83be9dcba8edf4dd6bf895
Patch for tcp_input.c in FreeBSD in response to stream.c/raped.c.
7d2e64495b07163ff141ebd639ee1e8b8b1f20967e0d3a890b09919bbe58fa35
Secure Sunos shell script. Disables a few commonly exploited holes.
322c583635c8fbd0e1b5abdf4a0e7777cc242083eecc4248c2fff3b71da1ffb2
exploit.dat
57e5fbf6ca32ad081d91cfc6767c1ee1377f30ee8605c283ec914b50cbdab509