发布于 2015-12-23 03:33:17 | 229 次阅读 | 评论: 0 | 来源: 网友投递
pfSense 基于FreeBSD防火墙和路由器软件
pfSense是一个基于FressBSD,专为防火墙和路由器功能定制的开源版本。它被安装在计算机上作为网络中的防火墙和路由器存在,并以可靠性著称,且提供往往只存在于昂贵商业防火墙才具有的特性。它可以通过WEB页面进行配置,升级和管理而不需要使用者具备FreeBSD底层知识。pfSense通常被部署作为边界防火墙,路由器,无线接入点,DHCP服务器,DNS服务器和VPN端点。
pfSense 2.2.6 发布,主要更新如下:
pfSense-SA-15_08.webgui: Multiple Stored XSS Vulnerabilities in the pfSense WebGUI
The complete list of affected pages and fields is listed in the linked SA.
Updated to FreeBSD 10.1-RELEASE-p24
FreeBSD-SA-15:25.ntp Multiple vulnerabilities in NTP [REVISED]
FreeBSD-SA-15:14.bsdpatch: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to run commands in addition to the desired SCCS or RCS commands.
FreeBSD-SA-15:16.openssh: OpenSSH client does not correctly verify DNS SSHFP records when a server offers a certificate. CVE-2014-2653 OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.
FreeBSD-SA-15:18.bsdpatch: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.
FreeBSD-SA-15:20.expat: Multiple integer overflows have been discovered in the XML_GetBuffer() function in the expat library.
FreeBSD-SA-15:21.amd64: If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler.
FreeBSD-SA-15:22.openssh: A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of the sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.
The bug fixes and changes in this release are detailed here.
更多内容请看:release announcement
下载地址:pfSense-LiveCD-2.2.6-RELEASE-amd64.iso.gz (99.2MB, SHA256).
pfSense是一个FreeBSD下的免费开源的防火墙和路由器软件。
pfSense是源自于m0n0wall的操作系统。它使用的技术包括Packet Filter,FreeBSD 6.x(或DragonFly BSD,假如ALTQ和CARP完成了的话)的ALTQ(以出色地支持分组队列),集成的包管理系统(以为其环境扩展新的特性)。