From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 11:52:11 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB84316A4CF for ; Sun, 29 Feb 2004 11:52:11 -0800 (PST) Received: from jupiter.neutron.demon.nl (neutron.demon.nl [82.161.58.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 098CC43D1F for ; Sun, 29 Feb 2004 11:52:11 -0800 (PST) (envelope-from mailinglist@neutron.demon.nl) Received: from CARDASSIA (cardassia.neutron.demon.nl [10.0.0.151]) i1TJq3o0022154; Sun, 29 Feb 2004 20:52:04 +0100 (CET) From: User Mailinglist Message-ID: <002c01c3fefd$81581400$9700000a@CARDASSIA> To: "Peter Rosa" References: <000b01c3fe29$ba244800$3501a8c0@peter> Date: Sun, 29 Feb 2004 20:52:03 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: FreeBSD Security Subject: Re: Darkstat X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mailinglist@neutron.demon.nl List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 19:52:12 -0000 Hi Peter, You can use MRTG without SNMP..., just put the values you want to graph in a file and specify the file as input file in mrtg.conf. Works for me.... Dirk Visser -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 12:14:35 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3BC616A4CE for ; Sun, 29 Feb 2004 12:14:35 -0800 (PST) Received: from duke.boxke.be (duke.boxke.be [62.213.198.10]) by mx1.FreeBSD.org (Postfix) with SMTP id A589743D1F for ; Sun, 29 Feb 2004 12:14:34 -0800 (PST) (envelope-from admin@inet-solutions.be) Received: (qmail 50643 invoked from network); 29 Feb 2004 20:14:33 -0000 Received: from localhost.boxke.be (HELO webmail.boxke.be) (127.0.0.1) by duke.boxke.be with SMTP; 29 Feb 2004 20:14:33 -0000 Received: from 213.224.103.192 (SquirrelMail authenticated user postmaster@inet-solutions.be) by webmail.boxke.be with HTTP; Sun, 29 Feb 2004 21:14:33 +0100 (CET) Message-ID: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> Date: Sun, 29 Feb 2004 21:14:33 +0100 (CET) From: "Jimmy Scott" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 20:14:35 -0000 Hello, I was wondering if it was possible to limit user access on /proc without having to use securelevels. For some reason chmod 751 /proc (or 750) does nothing. Is this possible on FreeBSD 4.9 ? Can't find anything about it in the manual pages. Just want to prevent lusers from running: for file in /proc/*/cmdline; do cat $file; echo; done Greetz, Jimmy Scott From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 12:35:48 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EC0B16A4CE for ; Sun, 29 Feb 2004 12:35:48 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4D8843D1D for ; Sun, 29 Feb 2004 12:35:47 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 74494 invoked by uid 89); 29 Feb 2004 20:35:43 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 29 Feb 2004 20:35:43 -0000 Date: Sun, 29 Feb 2004 22:35:41 +0200 From: Vlad Galu To: freebsd-security@freebsd.org Message-Id: <20040229223541.72d6a26f.dudu@diaspar.rdsnet.ro> In-Reply-To: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> X-Mailer: Sylpheed version 0.9.9 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+" Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Feb 2004 20:35:48 -0000 --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+ Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit "Jimmy Scott" writes: |Hello, | |I was wondering if it was possible to limit user access on /proc |without having to use securelevels. |For some reason chmod 751 /proc (or 750) does nothing. | |Is this possible on FreeBSD 4.9 ? Can't find anything about it in the |manual pages. Just want to prevent lusers from running: | |for file in /proc/*/cmdline; do cat $file; echo; done I usually mount procfs in a directory where only 'power-users' have access to. Then symlink /proc to that dir, so the apps that possibly need procfs and are being run by one of the power-users work. | | |Greetz, | | |Jimmy Scott |_______________________________________________ |freebsd-security@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-security |To unsubscribe, send any mail to |"freebsd-security-unsubscribe@freebsd.org" | | |!DSPAM:40424861309032038777972! | | ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAQk0eP5WtpVOrzpcRAhNCAJ4w5+5TR+gc/MWqKJW/m4Nolq+nQwCfSv/u 1gxZFk6GF/VTUQ3r40Tj2Og= =9qFD -----END PGP SIGNATURE----- --Signature=_Sun__29_Feb_2004_22_35_41_+0200_5YpzARycRi+xoY=+-- From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 16:37:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CFC516A4CE for ; Sun, 29 Feb 2004 16:37:13 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id E541A43D1F for ; Sun, 29 Feb 2004 16:37:12 -0800 (PST) (envelope-from mike@sentex.net) Received: from avscan1.sentex.ca (avscan1.sentex.ca [199.212.134.11]) by smtp3.sentex.ca (8.12.10/8.12.10) with ESMTP id i210b6Op026415 for ; Sun, 29 Feb 2004 19:37:06 -0500 (EST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan1.sentex.ca (8.12.10/8.12.10) with ESMTP id i210bCxa053433 for ; Sun, 29 Feb 2004 19:37:12 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net ([192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id i210bAZa026231 for ; Sun, 29 Feb 2004 19:37:10 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Sun, 29 Feb 2004 19:38:11 -0500 To: freebsd-security@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new Subject: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 00:37:13 -0000 In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability >(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) >vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers >to launch a DoS attack. > >By sending many out-of-sequence packets, a low bandwidth denial of >service attack is possible against FreeBSD. When the targeted system >runs out of memory buffers (mbufs), it is no longer able to accept or >create new connections. -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 17:03:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C21FD16A4CE for ; Sun, 29 Feb 2004 17:03:44 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 27E6143D2D for ; Sun, 29 Feb 2004 17:03:44 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 12558 invoked from network); 1 Mar 2004 01:03:42 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 1 Mar 2004 01:03:42 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sun, 29 Feb 2004 19:03:41 -0600 (CST) From: Mike Silbersack To: Mike Tancsa In-Reply-To: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> Message-ID: <20040229190101.V13340@odysseus.silby.com> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 01:03:44 -0000 On Sun, 29 Feb 2004, Mike Tancsa wrote: > In > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > has to have ports open ? There is no way to fix this issue without kernel modifications. A fix has been committed to -current, someone on the security team can probably provide information on when the MFC will be appearing. On the plus side, you have to establish a TCP connection to make the DoS happen, so people abusing it can be easily traced. Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Sun Feb 29 23:58:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75BC616A4CE for ; Sun, 29 Feb 2004 23:58:14 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [80.148.32.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2215443D1F for ; Sun, 29 Feb 2004 23:58:13 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9])i217wAk07098; Mon, 1 Mar 2004 08:58:11 +0100 Received: from localhost (localhost [127.0.0.1]) by antalya.lupe-christoph.de (Postfix) with ESMTP id 68932B88C; Mon, 1 Mar 2004 08:58:05 +0100 (CET) Received: from antalya.lupe-christoph.de ([127.0.0.1]) by localhost (antalya [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 04019-04; Mon, 1 Mar 2004 08:58:04 +0100 (CET) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id CD6A6B889; Mon, 1 Mar 2004 08:58:04 +0100 (CET) Date: Mon, 1 Mar 2004 08:58:04 +0100 To: User Mailinglist Message-ID: <20040301075804.GB2569@lupe-christoph.de> References: <000b01c3fe29$ba244800$3501a8c0@peter> <002c01c3fefd$81581400$9700000a@CARDASSIA> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002c01c3fefd$81581400$9700000a@CARDASSIA> User-Agent: Mutt/1.5.5.1+cvs20040105i From: lupe@lupe-christoph.de (Lupe Christoph) X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at lupe-christoph.de cc: Peter Rosa cc: FreeBSD Security Subject: Re: Darkstat X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 07:58:14 -0000 On Sunday, 2004-02-29 at 20:52:03 +0100, User Mailinglist wrote: > You can use MRTG without SNMP..., just put the values you want to graph in a > file > and specify the file as input file in mrtg.conf. Works for me.... 1) This isn't security-related. 2) If you want local or remote data collection without SNMP, use Munin and RRDtool. http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/rrdworld/lrrd.html gets you both at the same time. I'm waiting for my Munin port to be accepted. Download it from Sourceforge until it is. HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 02:36:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4DA216A4CE for ; Mon, 1 Mar 2004 02:36:28 -0800 (PST) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B20C43D3F for ; Mon, 1 Mar 2004 02:36:28 -0800 (PST) (envelope-from sheldonh@starjuice.net) Received: from 196-30-107-6.dsl.jnb6.alter.net ([196.30.107.6] helo=urchin.seasidesoftware.co.za) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 1Axkmc-000NFQ-00; Mon, 01 Mar 2004 12:36:22 +0200 Received: from axl.seasidesoftware.co.za ([10.0.0.2]) by urchin.seasidesoftware.co.za with esmtp (Exim 4.20) id 1AxkmW-000G3t-01; Mon, 01 Mar 2004 12:36:16 +0200 Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.30; FreeBSD) id 1AxkmV-00003W-Tl; Mon, 01 Mar 2004 12:36:15 +0200 Date: Mon, 1 Mar 2004 12:36:15 +0200 From: Sheldon Hearn To: Mike Silbersack Message-ID: <20040301103615.GB97298@starjuice.net> Mail-Followup-To: Mike Silbersack , Mike Tancsa , freebsd-security@freebsd.org References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040229190101.V13340@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040229190101.V13340@odysseus.silby.com> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 10:36:28 -0000 On (2004/02/29 19:03), Mike Silbersack wrote: > > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > > has to have ports open ? > > There is no way to fix this issue without kernel modifications. A fix has > been committed to -current, someone on the security team can probably > provide information on when the MFC will be appearing. Owch. The advisory says the DoS works by sending many out-of-sequence packets. Do you know how out-of-sequence do the packets have to be? I ask because if they have to be significantly staggered, then my IPFilter firewall might offer me some protection and I can start breathing again. Ciao, Sheldon. From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 04:27:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D6BB16A4CE for ; Mon, 1 Mar 2004 04:27:41 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EB0643D2D for ; Mon, 1 Mar 2004 04:27:41 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 4B0215309; Mon, 1 Mar 2004 13:27:40 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id D5E475308; Mon, 1 Mar 2004 13:27:33 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 6270933C6B; Mon, 1 Mar 2004 13:27:33 +0100 (CET) To: "Jimmy Scott" References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Mon, 01 Mar 2004 13:27:33 +0100 In-Reply-To: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> (Jimmy Scott's message of "Sun, 29 Feb 2004 21:14:33 +0100 (CET)") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63 cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 12:27:41 -0000 "Jimmy Scott" writes: > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the > manual pages. Just want to prevent lusers from running: > > for file in /proc/*/cmdline; do cat $file; echo; done Why? They can get the same information from ps(1) or the kern.proc sysctl tree. (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users from seeing other users' processes) DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 04:50:57 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAA9916A4CE for ; Mon, 1 Mar 2004 04:50:57 -0800 (PST) Received: from mx1.glbx.net (mx1.glbx.net [80.76.194.10]) by mx1.FreeBSD.org (Postfix) with SMTP id BE64F43D2D for ; Mon, 1 Mar 2004 04:50:55 -0800 (PST) (envelope-from andy@glbx.net) Received: (qmail 33795 invoked by uid 1001); 1 Mar 2004 12:50:53 -0000 Date: Mon, 1 Mar 2004 12:50:53 +0000 From: Andy Gilligan To: freebsd-security@freebsd.org Message-ID: <20040301125053.GA94405@vega.glbx.net> References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.2.1i Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 12:50:58 -0000 On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote: > "Jimmy Scott" writes: > > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the > > manual pages. Just want to prevent lusers from running: > > > > for file in /proc/*/cmdline; do cat $file; echo; done > > Why? They can get the same information from ps(1) or the kern.proc > sysctl tree. > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > from seeing other users' processes) Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? -Andy From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 05:05:52 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C92F16A4D4 for ; Mon, 1 Mar 2004 05:05:52 -0800 (PST) Received: from ns8.vianetworks.com.ar (ns8.via-net-works.net.ar [200.61.12.19]) by mx1.FreeBSD.org (Postfix) with SMTP id 3CA1843D2D for ; Mon, 1 Mar 2004 05:05:50 -0800 (PST) (envelope-from hnunez@vianetworks.com.ar) Received: (qmail 69437 invoked from network); 1 Mar 2004 10:05:39 -0300 Received: from admin-red1.via-net-works.net.ar (HELO pchnunez) (nunezh@200.61.12.51) by ns8.vianetworks.com.ar with SMTP; 1 Mar 2004 10:05:39 -0300 Message-ID: <00d801c3ff8d$cf3c1a00$330c3dc8@ms.vianetworks.net.ar> From: To: "FreeBSD Security" References: <000b01c3fe29$ba244800$3501a8c0@peter> Date: Mon, 1 Mar 2004 10:05:02 -0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Darkstat X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hnunez@vianetworks.com.ar List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 13:05:52 -0000 Hi peter .,,. MRTG have more than one method for gathering data., Please refer to *External Monitoring Scripts* section at http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-reference.html Take a look at http://people.ee.ethz.ch/~oetiker/webtools/rrdtool. It's hard to learn but it's a great tool. Peter, this topic is not a _security freebsd_ concern ., next time please refer to the correct list group Regards, Hernan Nunez ----- Original Message ----- From: "Peter Rosa" To: "FreeBSD Security" Sent: Saturday, February 28, 2004 3:36 PM Subject: Darkstat > Hi all, > > please, tell me about security of Darkstat. Is it good idea to install it on > firewall/gateway ? > > I'd like to measure our company traffic, but I do not have Apache running on > the gateway. How could I redirect Darkstat's output to web-server inside > company ? > Or is there some other tool, which can measure in/out traffic and send > output to another machine ? I know MRTG, but it uses SNMP I do not know to > work with. > > Best regards, > > Peter Rosa > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 06:33:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C495A16A4CE for ; Mon, 1 Mar 2004 06:33:34 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CB8443D41 for ; Mon, 1 Mar 2004 06:33:34 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.10/8.12.10) with ESMTP id i21EWRDL080920; Mon, 1 Mar 2004 09:32:28 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)i21EWRe5080917; Mon, 1 Mar 2004 09:32:27 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 1 Mar 2004 09:32:27 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Andy Gilligan In-Reply-To: <20040301125053.GA94405@vega.glbx.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 14:33:34 -0000 On Mon, 1 Mar 2004, Andy Gilligan wrote: > > Why? They can get the same information from ps(1) or the kern.proc > > sysctl tree. > > > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > > from seeing other users' processes) > > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? kern.ps_showallprocs changes the behavior of the ps(1) command and kernel sysctls for process listing, but does not provide comprehensive coverage against probing using kill(2), ptrace(2), and other system calls which report different protection errors when pointed at undesired targets, procfs, linprocfs, etc. In 5.x, we centralized inter-process access control, improving both its consistency and our ability to instrument it with new policies as part of the MAC Framework. So there is a pretty strong quantitative difference between kern.ps_showallprocfs in 4.x and security.bsd.see_other_uids in 5.x. These changes would be fairly straight forward to backport, but would be complicated by the fact that procfs in 4.x and procfs in 5.x are substantially different. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 06:37:25 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3D0B16A4CE for ; Mon, 1 Mar 2004 06:37:25 -0800 (PST) Received: from tapuz.co.il (mail.tapuz.co.il [212.29.242.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0358C43D39 for ; Mon, 1 Mar 2004 06:37:23 -0800 (PST) (envelope-from acid@tapuz.co.il) Received: from egzdaniel (unverified [82.166.153.121]) by tapuz.co.il (SurgeMail 1.5d2) with ESMTP id 1194494 for multiple; Mon, 01 Mar 2004 16:39:01 +0200 Message-ID: <002101c3ff9a$ec47c9c0$0200000a@egzdaniel> From: "Daniel Ben-Zvi" To: "Andy Gilligan" References: <1298.213.224.103.192.1078085673.squirrel@webmail.boxke.be> <20040301125053.GA94405@vega.glbx.net> Date: Mon, 1 Mar 2004 16:38:54 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Server: High Performance Mail Server - http://surgemail.com cc: freebsd-security@freebsd.org Subject: Re: procfs + chmod = no go X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 14:37:25 -0000 It should accomplish the same thing, but for some reason (and maybe thats how it was intended to be) the whole process tree can still be viewed from /proc This may be considered a bug but can be easily fixed with a small kernel patch. ----- Original Message ----- From: "Andy Gilligan" To: Sent: Monday, March 01, 2004 2:50 PM Subject: Re: procfs + chmod = no go > On Mon, 1 Mar 2004 at 12:27, Dag-Erling Smørgrav wrote: > > "Jimmy Scott" writes: > > > Is this possible on FreeBSD 4.9 ? Can't find anything about it in the > > > manual pages. Just want to prevent lusers from running: > > > > > > for file in /proc/*/cmdline; do cat $file; echo; done > > > > Why? They can get the same information from ps(1) or the kern.proc > > sysctl tree. > > > > (in 5.2, you can set security.bsd.see_other_uid to 0 to prevent users > > from seeing other users' processes) > > Surely kern.ps_showallprocs would accomplish the same thing in 4.x ? > > -Andy > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 06:48:31 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 655B816A4CE for ; Mon, 1 Mar 2004 06:48:31 -0800 (PST) Received: from mail.oteglobe.net (mail.oteglobe.net [62.75.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5018743D2F for ; Mon, 1 Mar 2004 06:48:30 -0800 (PST) (envelope-from bookman@oteglobe.net) Received: from bookmanlaptop (trilluser@[172.21.62.26]) by mail.oteglobe.net (8.11.7/8.11.7) with SMTP id i21EmS601231 for ; Mon, 1 Mar 2004 16:48:28 +0200 (EET) From: "Konstantinos Fotiadis" To: Date: Mon, 1 Mar 2004 16:48:07 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Subject: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bookman@oteglobe.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 14:48:31 -0000 Greetings list, As a newbie to security I would like to ask any recommendation that the list might have. We are about to "install" a new box with 4.9 stable to the nice and innocent internet world. :-P The box has no services running expect apache and we telnet to it via SSH. Main function of this box will be graphing various interfaces via rrdtool. So, I would like to ask if there is any other precautions that I must take in order to sleep safe at night. Should I check for any other opened ports ? Should I do something with the kernel to be more secure ? I know this ain't so easy, but let's say my main scope is to get a least a decent sleep :-) Kind Regards, Kostas From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:15:31 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6E2016A4CE for ; Mon, 1 Mar 2004 09:15:31 -0800 (PST) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B48643D39 for ; Mon, 1 Mar 2004 09:15:31 -0800 (PST) (envelope-from kdk@daleco.biz) Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.0); Mon, 1 Mar 2004 11:15:50 -0600 Message-ID: <40436FB0.8040600@daleco.biz> Date: Mon, 01 Mar 2004 11:15:28 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: bookman@oteglobe.net References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-7; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 01 Mar 2004 17:15:50.0968 (UTC) FILETIME=[D8981B80:01C3FFB0] cc: freebsd-security@freebsd.org Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:15:31 -0000 Konstantinos Fotiadis wrote: >Greetings list, > >As a newbie to security I would like to ask any recommendation that the list >might have. >We are about to "install" a new box with 4.9 stable to the nice and innocent >internet world. :-P >The box has no services running expect apache and we telnet to it via SSH. > > So you've disabled sendmail and inetd.conf? >Main function of this box will be graphing various interfaces via rrdtool. >So, I would like to ask if there is any other precautions that I must take >in order to sleep safe at night. Should I check for any other opened ports ? > > Good idea, always ... from inside (netstat) and outside (port scanner, like nmap).... >Should I do something with the kernel to be more secure ? > > A firewall is often considered a must. >I know this ain't so easy, but let's say my main scope is to get a least a >decent sleep :-) > >Kind Regards, > >Kostas > > > > I imagine this list would prefer that you send your questions to the questions@ list. I can't remember the list charter enough to know exactly *why* at the moment ... so I've made a comment or two. I imagine that if you can find no open ports, and stay on top of any changes to Apache and OpenSSH, you should have few worries --- except for the scripts that run on the webserver...which is a whole different topic, as I see it.... :-( Kevin Kinsey DaleCo, S.P. From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:22:37 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11C9816A4CE for ; Mon, 1 Mar 2004 09:22:37 -0800 (PST) Received: from mail.oteglobe.net (ns1.oteglobe.net [62.75.2.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFB5143D4C for ; Mon, 1 Mar 2004 09:22:35 -0800 (PST) (envelope-from bookman@oteglobe.net) Received: from bookmanlaptop (trilluser@[172.21.62.26]) by mail.oteglobe.net (8.11.7/8.11.7) with SMTP id i21HLd602226; Mon, 1 Mar 2004 19:21:39 +0200 (EET) From: "Konstantinos Fotiadis" To: "Kevin D. Kinsey, DaleCo, S.P." , Date: Mon, 1 Mar 2004 19:21:28 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <40436FB0.8040600@daleco.biz> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal cc: freebsd-security@freebsd.org Subject: RE: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bookman@oteglobe.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:22:37 -0000 Yeap, sendmail is down. However inetd.conf is up but it only starts the SSH daemon. Is this a problem-threat ? PS: Is this the right list for security questions or not ? Cause I got an e-mail from someone that this isn't.... best /kostas -----Original Message----- From: Kevin D. Kinsey, DaleCo, S.P. [mailto:kdk@daleco.biz] Sent: Monday, March 01, 2004 7:15 PM To: bookman@oteglobe.net Cc: freebsd-security@freebsd.org Subject: Re: General Security Issues Konstantinos Fotiadis wrote: >Greetings list, > >As a newbie to security I would like to ask any recommendation that the list >might have. >We are about to "install" a new box with 4.9 stable to the nice and innocent >internet world. :-P >The box has no services running expect apache and we telnet to it via SSH. > > So you've disabled sendmail and inetd.conf? >Main function of this box will be graphing various interfaces via rrdtool. >So, I would like to ask if there is any other precautions that I must take >in order to sleep safe at night. Should I check for any other opened ports ? > > Good idea, always ... from inside (netstat) and outside (port scanner, like nmap).... >Should I do something with the kernel to be more secure ? > > A firewall is often considered a must. >I know this ain't so easy, but let's say my main scope is to get a least a >decent sleep :-) > >Kind Regards, > >Kostas > > > > I imagine this list would prefer that you send your questions to the questions@ list. I can't remember the list charter enough to know exactly *why* at the moment ... so I've made a comment or two. I imagine that if you can find no open ports, and stay on top of any changes to Apache and OpenSSH, you should have few worries --- except for the scripts that run on the webserver...which is a whole different topic, as I see it.... :-( Kevin Kinsey DaleCo, S.P. From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:37:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9A7616A4CE for ; Mon, 1 Mar 2004 09:37:15 -0800 (PST) Received: from pd5mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6650A43D41 for ; Mon, 1 Mar 2004 09:37:15 -0800 (PST) (envelope-from gbaratto@superb.net) Received: from pd2mr2so.prod.shaw.ca (pd2mr2so-ser.prod.shaw.ca [10.0.141.109])2003))freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Received: from pn2ml6so.prod.shaw.ca (pn2ml6so-qfe0.prod.shaw.ca [10.0.121.150]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Received: from chivas ([24.85.92.136]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with SMTP id <0HTW00MHXRD08N@l-daemon> for freebsd-security@freebsd.org; Mon, 01 Mar 2004 10:31:49 -0700 (MST) Date: Mon, 01 Mar 2004 09:31:44 -0800 From: "Gustavo A. Baratto" To: bookman@oteglobe.net Message-id: <013801c3ffb3$11515e80$6400a8c0@chivas> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Content-type: text/plain; charset=iso-8859-7 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: cc: freebsd-security@freebsd.org Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:37:15 -0000 never hurts to read this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html why dont you run ssh standalone... I dont like inetd ----- Original Message ----- From: "Konstantinos Fotiadis" To: "Kevin D. Kinsey, DaleCo, S.P." ; Cc: Sent: Monday, March 01, 2004 9:21 AM Subject: RE: General Security Issues > > Yeap, sendmail is down. > However inetd.conf is up but it only starts the SSH daemon. Is this a > problem-threat ? > > > > PS: Is this the right list for security questions or not ? Cause I got an > e-mail from someone that this isn't.... > > best > > /kostas > > -----Original Message----- > From: Kevin D. Kinsey, DaleCo, S.P. [mailto:kdk@daleco.biz] > Sent: Monday, March 01, 2004 7:15 PM > To: bookman@oteglobe.net > Cc: freebsd-security@freebsd.org > Subject: Re: General Security Issues > > > Konstantinos Fotiadis wrote: > > >Greetings list, > > > >As a newbie to security I would like to ask any recommendation that the > list > >might have. > >We are about to "install" a new box with 4.9 stable to the nice and > innocent > >internet world. :-P > >The box has no services running expect apache and we telnet to it via SSH. > > > > > > So you've disabled sendmail and inetd.conf? > > >Main function of this box will be graphing various interfaces via rrdtool. > >So, I would like to ask if there is any other precautions that I must take > >in order to sleep safe at night. Should I check for any other opened ports > ? > > > > > > Good idea, always ... from inside (netstat) and outside > (port scanner, like nmap).... > > >Should I do something with the kernel to be more secure ? > > > > > A firewall is often considered a must. > > >I know this ain't so easy, but let's say my main scope is to get a least a > >decent sleep :-) > > > >Kind Regards, > > > >Kostas > > > > > > > > > > I imagine this list would prefer that you send your > questions to the questions@ list. I can't remember > the list charter enough to know exactly *why* at > the moment ... so I've made a comment or two. > > I imagine that if you can find no open ports, and stay > on top of any changes to Apache and OpenSSH, > you should have few worries --- except for the scripts > that run on the webserver...which is a whole different > topic, as I see it.... :-( > > Kevin Kinsey > DaleCo, S.P. > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:42:51 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8329C16A4CE for ; Mon, 1 Mar 2004 09:42:51 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 0778D43D5A for ; Mon, 1 Mar 2004 09:42:51 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 92245 invoked from network); 1 Mar 2004 17:42:48 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 1 Mar 2004 17:42:48 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 1 Mar 2004 11:42:47 -0600 (CST) From: Mike Silbersack To: Sheldon Hearn In-Reply-To: <20040301103615.GB97298@starjuice.net> Message-ID: <20040301113726.T17968@odysseus.silby.com> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301103615.GB97298@starjuice.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:42:51 -0000 On Mon, 1 Mar 2004, Sheldon Hearn wrote: > On (2004/02/29 19:03), Mike Silbersack wrote: > > > There is no way to fix this issue without kernel modifications. A fix has > > been committed to -current, someone on the security team can probably > > provide information on when the MFC will be appearing. > > Owch. > > The advisory says the DoS works by sending many out-of-sequence packets. > > Do you know how out-of-sequence do the packets have to be? I ask > because if they have to be significantly staggered, then my IPFilter > firewall might offer me some protection and I can start breathing again. > > Ciao, > Sheldon. A specially constructed stateful firewall could be constructed to deal with this DoS, but I'm certain that there's no way you could use ipf or anything preexisting to do the job. The main reason the DoS works is not because it is sending awkward packets, but rather because we use one mbuf cluster for each segment received. Since the smallest possible segment is one byte, and a mbuf cluster is 2048 bytes, that's a pretty nasty multiplicative factor. Would anyone feel better if I mention that it's generally pretty easy to DoS a box anyway? Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 09:46:40 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1599016A4CE for ; Mon, 1 Mar 2004 09:46:40 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [80.148.32.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37D1E43D1F for ; Mon, 1 Mar 2004 09:46:39 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9])i21Hk3k09291; Mon, 1 Mar 2004 18:46:03 +0100 Received: from localhost (localhost [127.0.0.1]) by antalya.lupe-christoph.de (Postfix) with ESMTP id 2705CB88C; Mon, 1 Mar 2004 18:45:58 +0100 (CET) Received: from antalya.lupe-christoph.de ([127.0.0.1]) by localhost (antalya [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 07875-01-7; Mon, 1 Mar 2004 18:45:57 +0100 (CET) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 95CA0B889; Mon, 1 Mar 2004 18:45:57 +0100 (CET) Date: Mon, 1 Mar 2004 18:45:57 +0100 To: Konstantinos Fotiadis Message-ID: <20040301174557.GD2569@lupe-christoph.de> References: <40436FB0.8040600@daleco.biz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1+cvs20040105i From: lupe@lupe-christoph.de (Lupe Christoph) X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at lupe-christoph.de cc: freebsd-security@freebsd.org Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 17:46:40 -0000 On Monday, 2004-03-01 at 19:21:28 +0200, Konstantinos Fotiadis wrote: > Yeap, sendmail is down. > However inetd.conf is up but it only starts the SSH daemon. Is this a > problem-threat ? No, but it is not needed, and you should turn off everything you do not need. Run sshd in standalone mode. It's much faster that way, anyway, because it computes a key on every start. Put this in /etc/rc.conf: sshd_enable="YES" > PS: Is this the right list for security questions or not ? Cause I got an > e-mail from someone that this isn't.... It is *meant* for developers discussion security issues. But that rarely happens, and there is no list for security-related discussions but lowly users. So this list acquired that function. The majority does not object, to that change, probably because they feel that this function is needed. So do I. I have no time to read freebsd-questions, and I mostly don't care for the discussions there. I would be entirely in favour of freebsd-security-questions, but nobody seems to be willing to start it. (Ducks in anticipation of flames.) Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 10:34:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3356216A4CF for ; Mon, 1 Mar 2004 10:34:16 -0800 (PST) Received: from cicero2.cybercity.dk (cicero2.cybercity.dk [212.242.40.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE23443D31 for ; Mon, 1 Mar 2004 10:34:15 -0800 (PST) (envelope-from db@traceroute.dk) Received: from user3.cybercity.dk (fxp0.user3.ip.cybercity.dk [212.242.41.36]) by cicero2.cybercity.dk (Postfix) with ESMTP id 5C04F18F942; Mon, 1 Mar 2004 19:34:04 +0100 (CET) Received: from main.trunet.dk (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73]) by user3.cybercity.dk (Postfix) with SMTP id 0B71693C04; Mon, 1 Mar 2004 19:34:04 +0100 (CET) Date: Mon, 1 Mar 2004 19:34:57 +0100 From: db To: bookman@oteglobe.net, security@freebsd.org Message-Id: <20040301193457.0afe52e6@main.trunet.dk> In-Reply-To: References: X-Mailer: Sylpheed version 0.9.8claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: General Security Issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 18:34:16 -0000 On Mon, 1 Mar 2004 16:48:07 +0200 "Konstantinos Fotiadis" wrote: > The box has no services running expect apache and we telnet to it via > SSH. Main function of this box will be graphing various interfaces via > rrdtool. So, I would like to ask if there is any other precautions > that I must take in order to sleep safe at night. Should I check for > any other opened ports ? sockstat -l -4 >Should I do something with the kernel to be > more secure ? I know this ain't so easy, but let's say my main scope > is to get a least a decent sleep :-) Try these ports (all under "security"): lockdown chkrootkit portaudit tripwire snort freebsd-update just to name a few. Of course you should read about OpenSSH and Apache security and keep them up to date. Maybe even run sshd at some high port like 56789? br db From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 11:04:03 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FE7F16A4EC for ; Mon, 1 Mar 2004 11:04:03 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id A601143D48 for ; Mon, 1 Mar 2004 11:04:02 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 048A754883; Mon, 1 Mar 2004 13:04:01 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 77768-05; Mon, 1 Mar 2004 13:03:50 -0600 (CST) Received: from lum.celabo.org (n00.bcrtfl01.us.wh.nameservers.net [208.55.254.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 6852454861; Mon, 1 Mar 2004 13:03:50 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id ABF0C10112D; Mon, 1 Mar 2004 13:03:39 -0600 (CST) Date: Mon, 1 Mar 2004 13:03:39 -0600 From: "Jacques A. Vidrine" To: Mike Tancsa Message-ID: <20040301190338.GB749@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Mike Tancsa , freebsd-security@freebsd.org References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> User-Agent: Mutt/1.4.1i X-Url: http://www.celabo.org/ cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 19:04:03 -0000 On Sun, Feb 29, 2004 at 07:38:11PM -0500, Mike Tancsa wrote: > In > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > has to have ports open ? There will be advisories and patches available tomorrow. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 14:09:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 731EC16A4CE for ; Mon, 1 Mar 2004 14:09:32 -0800 (PST) Received: from snafu.adept.org (adsl-67-117-158-73.dsl.snfc21.pacbell.net [67.117.158.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F51143D1F for ; Mon, 1 Mar 2004 14:09:32 -0800 (PST) (envelope-from mike@adept.org) Received: by snafu.adept.org (Postfix, from userid 1000) id 8561F9EEF0; Mon, 1 Mar 2004 14:09:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 7E19E9B148 for ; Mon, 1 Mar 2004 14:09:30 -0800 (PST) Date: Mon, 1 Mar 2004 14:09:30 -0800 (PST) From: Mike Hoskins To: security@freebsd.org In-Reply-To: <20040301113726.T17968@odysseus.silby.com> Message-ID: <20040301140900.X50257@snafu.adept.org> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301113726.T17968@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 22:09:32 -0000 On Mon, 1 Mar 2004, Mike Silbersack wrote: > Would anyone feel better if I mention that it's generally pretty easy to > DoS a box anyway? not really, that's starting to sound too microsoft-ish. ;) -m From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 22:27:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA2FC16A4CE for ; Mon, 1 Mar 2004 22:27:16 -0800 (PST) Received: from idiom.com (idiom.com [216.240.32.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAA0F43D2D for ; Mon, 1 Mar 2004 22:27:16 -0800 (PST) (envelope-from druid45@idiom.com) Received: from idiom.com (2d30ffc1ee241b6ab4b50c9e48679bcd@216-240-49-36.ip.idiom.com [216.240.49.36]) by idiom.com (8.12.9p2/8.12.9) with ESMTP id i226RD5T069140 for ; Mon, 1 Mar 2004 22:27:14 -0800 (PST) (envelope-from druid45@idiom.com) Message-ID: <4044294F.308@idiom.com> Date: Mon, 01 Mar 2004 22:27:27 -0800 From: Chris Neustrup User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6b) Gecko/20040221 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 06:27:16 -0000 I have done a cvsup of the openssh port. It builds correctly, but refuses to install with the following: ===> Installing for openssh-3.6.1_5 ===> openssh-3.6.1_5 conflicts with installed package(s): ssh2-3.2.9.1_1 They install files into the same place. Please remove them first with pkg_delete(1). *** Error code 1 Stop in /usr/ports/security/openssh. I was unable to pkg_delete the ssh2 due to other manual requirements. Do I need to delete the ssh2 in /usr/local.etc and the sshd2.sh in /usr/local/etc/rc.d? What exactly is the conflict? tia, Chris From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 22:30:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6CAA16A4CE for ; Mon, 1 Mar 2004 22:30:09 -0800 (PST) Received: from mail.keystreams.com (mail.keystreams.com [207.158.28.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 745D443D1F for ; Mon, 1 Mar 2004 22:30:09 -0800 (PST) (envelope-from volfman@keystreams.com) Received: (qmail 22543 invoked from network); 2 Mar 2004 06:30:09 -0000 Received: from ts46-01-qdr1564.wvlle.ca.charter.com (HELO keystreams.com) (66.189.142.28) by mail.keystreams.com with SMTP; 2 Mar 2004 06:30:09 -0000 Message-ID: <404429EF.1070809@keystreams.com> Date: Mon, 01 Mar 2004 22:30:07 -0800 From: Roman Volf User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Neustrup References: <4044294F.308@idiom.com> In-Reply-To: <4044294F.308@idiom.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: security@freebsd.org Subject: Re: openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 06:30:09 -0000 Have you tried doing: make install FORCE_PKG_REGISTER=yes Roman Volf Keystreams Internet Solutions volfman@keystreams.com Chris Neustrup wrote: > I have done a cvsup of the openssh port. It builds correctly, but > refuses > to install with the following: > > ===> Installing for openssh-3.6.1_5 > > ===> openssh-3.6.1_5 conflicts with installed package(s): > ssh2-3.2.9.1_1 > They install files into the same place. > Please remove them first with pkg_delete(1). > *** Error code 1 > > Stop in /usr/ports/security/openssh. > > I was unable to pkg_delete the ssh2 due to other manual requirements. > Do I need to delete the ssh2 in /usr/local.etc and > the sshd2.sh in /usr/local/etc/rc.d? What exactly is the conflict? > > tia, Chris > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 23:02:53 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66BC016A4CE for ; Mon, 1 Mar 2004 23:02:53 -0800 (PST) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id EAD9343D2F for ; Mon, 1 Mar 2004 23:02:52 -0800 (PST) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 14941 invoked by uid 1001); 2 Mar 2004 07:02:51 -0000 Date: Tue, 2 Mar 2004 02:02:50 -0500 From: "Peter C. Lai" To: Chris Neustrup Message-ID: <20040302070250.GD746@cowbert.2y.net> References: <4044294F.308@idiom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4044294F.308@idiom.com> User-Agent: Mutt/1.4i cc: security@freebsd.org Subject: Re: openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 07:02:53 -0000 openssh can't coexist with commercial ssh2, since both install to /usr/local/bin and /usr/local/lib. On Mon, Mar 01, 2004 at 10:27:27PM -0800, Chris Neustrup wrote: > I have done a cvsup of the openssh port. It builds correctly, but refuses > to install with the following: > > ===> Installing for openssh-3.6.1_5 > > ===> openssh-3.6.1_5 conflicts with installed package(s): > ssh2-3.2.9.1_1 > They install files into the same place. > Please remove them first with pkg_delete(1). > *** Error code 1 > > Stop in /usr/ports/security/openssh. > > I was unable to pkg_delete the ssh2 due to other manual requirements. > Do I need to delete the ssh2 in /usr/local.etc and > the sshd2.sh in /usr/local/etc/rc.d? What exactly is the conflict? > > tia, Chris > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 05:43:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7CBE16A4CE for ; Tue, 2 Mar 2004 05:43:44 -0800 (PST) Received: from schlepper.zs64.net (schlepper.zs64.net [212.12.50.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8123143D2F for ; Tue, 2 Mar 2004 05:43:43 -0800 (PST) (envelope-from stb@lassitu.de) Received: from [127.0.0.1] (schlepper [212.12.50.230]) by schlepper.zs64.net (8.12.10/8.11.1) with ESMTP id i22DhepG081083; Tue, 2 Mar 2004 14:43:41 +0100 (CET) (envelope-from stb@lassitu.de) In-Reply-To: <20040301113726.T17968@odysseus.silby.com> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301103615.GB97298@starjuice.net> <20040301113726.T17968@odysseus.silby.com> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9CDEFA50-6C4F-11D8-9FC0-000393496BE8@lassitu.de> Content-Transfer-Encoding: 7bit From: Stefan Bethke Date: Tue, 2 Mar 2004 14:43:39 +0100 To: Mike Silbersack X-Mailer: Apple Mail (2.612) cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 13:43:45 -0000 Am 01.03.2004 um 18:42 schrieb Mike Silbersack: > A specially constructed stateful firewall could be constructed to deal > with this DoS, but I'm certain that there's no way you could use ipf or > anything preexisting to do the job. OpenBSD's pf scrubbing should be helpful here. From the FAQ: > The scrub directive also reassembles fragmented packets, protecting > some operating systems from some forms of attack. Our port is only for 5.0 or newer, though. -- Stefan Bethke Fon +49 170 346 0140 From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 08:13:42 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EB4716A4CE for ; Tue, 2 Mar 2004 08:13:42 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E2A343D48 for ; Tue, 2 Mar 2004 08:13:41 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22GDdbF005594; Wed, 3 Mar 2004 03:13:39 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22GDcM8005592; Wed, 3 Mar 2004 03:13:38 +1100 (EST) From: Darren Reed Message-Id: <200403021613.i22GDcM8005592@caligula.anu.edu.au> To: stb@lassitu.de (Stefan Bethke) Date: Wed, 3 Mar 2004 03:13:38 +1100 (Australia/ACT) In-Reply-To: <9CDEFA50-6C4F-11D8-9FC0-000393496BE8@lassitu.de> from "Stefan Bethke" at Mar 02, 2004 02:43:39 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 16:13:42 -0000 In some mail from Stefan Bethke, sie said: > > Am 01.03.2004 um 18:42 schrieb Mike Silbersack: > > A specially constructed stateful firewall could be constructed to deal > > with this DoS, but I'm certain that there's no way you could use ipf or > > anything preexisting to do the job. IPFilter v4 can prevent this attack with: pass in .. proto tcp ... keep state(strict) > OpenBSD's pf scrubbing should be helpful here. From the FAQ: > > The scrub directive also reassembles fragmented packets, protecting > > some operating systems from some forms of attack. > Uh, no, "scrub" dosn't protect against this attack at all (or at least not according to that web page.) Darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 09:18:04 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8134A16A4CE for ; Tue, 2 Mar 2004 09:18:04 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id F0B5D43D2F for ; Tue, 2 Mar 2004 09:18:03 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 18439 invoked from network); 2 Mar 2004 17:18:02 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Mar 2004 17:18:02 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 2 Mar 2004 11:18:01 -0600 (CST) From: Mike Silbersack To: Darren Reed In-Reply-To: <200403021613.i22GDcM8005592@caligula.anu.edu.au> Message-ID: <20040302111509.E12133@odysseus.silby.com> References: <200403021613.i22GDcM8005592@caligula.anu.edu.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org cc: Stefan Bethke Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 17:18:04 -0000 On Wed, 3 Mar 2004, Darren Reed wrote: > IPFilter v4 can prevent this attack with: > > pass in .. proto tcp ... keep state(strict) Nope, I just tested this. Well, I should say that it doesn't provide any protection with "keep state"... what does (strict) mean? The ipf in FreeBSD doesn't seem to support it. > > OpenBSD's pf scrubbing should be helpful here. From the FAQ: > > > The scrub directive also reassembles fragmented packets, protecting > > > some operating systems from some forms of attack. > > > > Uh, no, "scrub" dosn't protect against this attack at all (or at least > not according to that web page.) > > Darren Also true, as this has nothing to do with ip fragments. Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 09:28:25 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7CEC16A4CE for ; Tue, 2 Mar 2004 09:28:25 -0800 (PST) Received: from schlepper.zs64.net (schlepper.zs64.net [212.12.50.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id F27DE43D3F for ; Tue, 2 Mar 2004 09:28:24 -0800 (PST) (envelope-from stb@lassitu.de) Received: from [127.0.0.1] (schlepper [212.12.50.230]) by schlepper.zs64.net (8.12.10/8.11.1) with ESMTP id i22HSKpG086585; Tue, 2 Mar 2004 18:28:20 +0100 (CET) (envelope-from stb@lassitu.de) In-Reply-To: <200403021613.i22GDcM8005592@caligula.anu.edu.au> References: <200403021613.i22GDcM8005592@caligula.anu.edu.au> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Stefan Bethke Date: Tue, 2 Mar 2004 18:28:19 +0100 To: Darren Reed X-Mailer: Apple Mail (2.612) cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 17:28:25 -0000 Am 02.03.2004 um 17:13 schrieb Darren Reed: > Uh, no, "scrub" dosn't protect against this attack at all (or at least > not according to that web page.) Sorry for spreading confusion... IP fragments obviously have nothing to do with TCP [/me blushes]. -- Stefan Bethke Fon +49 170 346 0140 From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 09:30:26 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69FC916A4CF for ; Tue, 2 Mar 2004 09:30:26 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id B18AE43D1D for ; Tue, 2 Mar 2004 09:30:25 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22HUObF025899; Wed, 3 Mar 2004 04:30:24 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22HUN1J025897; Wed, 3 Mar 2004 04:30:23 +1100 (EST) From: Darren Reed Message-Id: <200403021730.i22HUN1J025897@caligula.anu.edu.au> To: silby@silby.com (Mike Silbersack) Date: Wed, 3 Mar 2004 04:30:23 +1100 (Australia/ACT) In-Reply-To: <20040302111509.E12133@odysseus.silby.com> from "Mike Silbersack" at Mar 02, 2004 11:18:01 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 17:30:26 -0000 In some mail from Mike Silbersack, sie said: > On Wed, 3 Mar 2004, Darren Reed wrote: > > > IPFilter v4 can prevent this attack with: > > > > pass in .. proto tcp ... keep state(strict) > > Nope, I just tested this. Well, I should say that it doesn't provide any > protection with "keep state"... what does (strict) mean? The ipf in > FreeBSD doesn't seem to support it. Uh, what did you test and what did you test with ? "strict" requires that the sequence number in packet n should match what that sequence number of the last byte in packet n-1 - i.e. no out of order delivery is permitted. Darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 09:40:29 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D637A16A4CE for ; Tue, 2 Mar 2004 09:40:29 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 665EC43D31 for ; Tue, 2 Mar 2004 09:40:29 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 34123 invoked from network); 2 Mar 2004 17:40:28 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Mar 2004 17:40:28 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 2 Mar 2004 11:40:27 -0600 (CST) From: Mike Silbersack To: Darren Reed In-Reply-To: <200403021730.i22HUN1J025897@caligula.anu.edu.au> Message-ID: <20040302113600.V12133@odysseus.silby.com> References: <200403021730.i22HUN1J025897@caligula.anu.edu.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 17:40:30 -0000 On Wed, 3 Mar 2004, Darren Reed wrote: > Uh, what did you test and what did you test with ? FreeBSD 4.9 with ipf. > "strict" requires that the sequence number in packet n should match > what that sequence number of the last byte in packet n-1 - i.e. no > out of order delivery is permitted. > > Darren strict isn't in the ipf manpage, and ipf complains when I try using it. I did some more google searching which implies that "strict" is available in ipfilter 4.x, not the 3.x series that ships with FreeBSD. Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 10:08:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8629D16A4CE for ; Tue, 2 Mar 2004 10:08:09 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEE1943D2D for ; Tue, 2 Mar 2004 10:08:08 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22I87bF007056; Wed, 3 Mar 2004 05:08:07 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22I87XN007054; Wed, 3 Mar 2004 05:08:07 +1100 (EST) From: Darren Reed Message-Id: <200403021808.i22I87XN007054@caligula.anu.edu.au> To: silby@silby.com (Mike Silbersack) Date: Wed, 3 Mar 2004 05:08:07 +1100 (Australia/ACT) In-Reply-To: <20040302113600.V12133@odysseus.silby.com> from "Mike Silbersack" at Mar 02, 2004 11:40:27 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 18:08:09 -0000 In some mail from Mike Silbersack, sie said: > On Wed, 3 Mar 2004, Darren Reed wrote: > > Uh, what did you test and what did you test with ? > > FreeBSD 4.9 with ipf. > > > "strict" requires that the sequence number in packet n should match > > what that sequence number of the last byte in packet n-1 - i.e. no > > out of order delivery is permitted. > > > > Darren > > strict isn't in the ipf manpage, and ipf complains when I try using it. > > I did some more google searching which implies that "strict" is available > in ipfilter 4.x, not the 3.x series that ships with FreeBSD. Right, so your comment about it "not working" applies to 3.x (which is what comes with freebsd, currently), which is what i was hoping :) My comment was to say that with ipf4, you can address this problem. darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 11:45:36 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 201A216A4CE for ; Tue, 2 Mar 2004 11:45:36 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id E408843D2D for ; Tue, 2 Mar 2004 11:45:35 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 63FA25485D; Tue, 2 Mar 2004 13:45:35 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 89887-04; Tue, 2 Mar 2004 13:45:24 -0600 (CST) Received: from lum.celabo.org (n00.bcrtfl01.us.wh.nameservers.net [208.55.254.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 6683A54885; Tue, 2 Mar 2004 13:45:18 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id 03FA710CDA2; Tue, 2 Mar 2004 13:45:07 -0600 (CST) Date: Tue, 2 Mar 2004 13:45:07 -0600 From: "Jacques A. Vidrine" To: Darren Reed Message-ID: <20040302194507.GD1543@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Darren Reed , Mike Silbersack , freebsd-security@freebsd.org References: <20040302113600.V12133@odysseus.silby.com> <200403021808.i22I87XN007054@caligula.anu.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200403021808.i22I87XN007054@caligula.anu.edu.au> User-Agent: Mutt/1.4.1i X-Url: http://www.celabo.org/ cc: freebsd-security@freebsd.org Subject: IPFilter and FreeBSD (was Re: mbuf vulnerability) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 19:45:36 -0000 On Wed, Mar 03, 2004 at 05:08:07AM +1100, Darren Reed wrote: > My comment was to say that with ipf4, you can address this problem. Do you plan to bring ipf4 into FreeBSD anytime soon? I think it would be best to have a major upgrade before FreeBSD 5.3. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 11:55:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 672C316A4CE; Tue, 2 Mar 2004 11:55:44 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6140843D3F; Tue, 2 Mar 2004 11:55:44 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) i22Jtibv024061; Tue, 2 Mar 2004 11:55:44 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i22Jtix2024059; Tue, 2 Mar 2004 11:55:44 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Tue, 2 Mar 2004 11:55:44 -0800 (PST) Message-Id: <200403021955.i22Jtix2024059@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 19:55:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel Announced: 2004-03-02 Credits: iDEFENSE Affects: All FreeBSD releases Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) CVE Name: CAN-2004-0171 FreeBSD only: NO I. Background The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. When network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled. II. Problem Description FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue. III. Impact A remote attacker may conduct a low-bandwidth denial-of-service attack against a machine providing services based on TCP (there are many such services, including HTTP, SMTP, and FTP). By sending many out-of-sequence TCP segments, the attacker can cause the target machine to consume all available memory buffers (``mbufs''), likely leading to a system crash. IV. Workaround It may be possible to mitigate some denial-of-service attacks by implementing timeouts at the application level. V. Solution Do one of the following: 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. OR 2) Patch your present system: The following patch has been verified to apply to FreeBSD 4.x and 5.x systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 5.2] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc [FreeBSD 4.8, 4.9] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/UPDATING 1.73.2.90 src/sys/conf/newvers.sh 1.44.2.33 src/sys/netinet/tcp_input.c 1.107.2.40 src/sys/netinet/tcp_subr.c 1.73.2.33 src/sys/netinet/tcp_var.h 1.56.2.15 RELENG_5_2 src/UPDATING 1.282.2.9 src/sys/conf/newvers.sh 1.56.2.8 src/sys/netinet/tcp_input.c 1.217.2.2 src/sys/netinet/tcp_subr.c 1.169.2.4 src/sys/netinet/tcp_var.h 1.93.2.2 RELENG_4_9 src/UPDATING 1.73.2.89.2.4 src/sys/conf/newvers.sh 1.44.2.32.2.4 src/sys/netinet/tcp_input.c 1.107.2.38.2.1 src/sys/netinet/tcp_subr.c 1.73.2.31.4.1 src/sys/netinet/tcp_var.h 1.56.2.13.4.1 RELENG_4_8 src/UPDATING 1.73.2.80.2.19 src/sys/conf/newvers.sh 1.44.2.29.2.17 src/sys/netinet/tcp_input.c 1.107.2.37.2.1 src/sys/netinet/tcp_subr.c 1.73.2.31.2.1 src/sys/netinet/tcp_var.h 1.56.2.13.2.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL UDTQ4rcO/SP2rFRZ0Mcj1iQ= =Gkct -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 11:55:59 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 589C416A50D; Tue, 2 Mar 2004 11:55:59 -0800 (PST) Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC8B43D1D; Tue, 2 Mar 2004 11:55:57 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by conn.mc.mpls.visi.com (Postfix) with ESMTP id 45F99839B; Tue, 2 Mar 2004 13:55:56 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id i22JttJ07680; Tue, 2 Mar 2004 13:55:55 -0600 (CST) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Tue, 2 Mar 2004 13:55:55 -0600 From: D J Hawkey Jr To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.org Message-ID: <20040302195555.GA7663@sheol.localdomain> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301190338.GB749@lum.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040301190338.GB749@lum.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 19:55:59 -0000 On Mar 01, at 01:03 PM, Jacques A. Vidrine wrote: > > On Sun, Feb 29, 2004 at 07:38:11PM -0500, Mike Tancsa wrote: > > In > > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > > has to have ports open ? > > There will be advisories and patches available tomorrow. Not to pester, but it's the day-after-tomorrow today %-/ Can we expect this Real Soon Now(tm)? Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 11:59:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E12FA16A4CE for ; Tue, 2 Mar 2004 11:59:41 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id B094E43D39 for ; Tue, 2 Mar 2004 11:59:41 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 3A69A5486E; Tue, 2 Mar 2004 13:59:41 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 90006-07; Tue, 2 Mar 2004 13:59:30 -0600 (CST) Received: from lum.celabo.org (n00.bcrtfl01.us.wh.nameservers.net [208.55.254.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 7BB4B5485D; Tue, 2 Mar 2004 13:59:30 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id 3A3A910CE31; Tue, 2 Mar 2004 13:59:20 -0600 (CST) Date: Tue, 2 Mar 2004 13:59:20 -0600 From: "Jacques A. Vidrine" To: D J Hawkey Jr Message-ID: <20040302195919.GF1543@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , D J Hawkey Jr , freebsd-security@FreeBSD.org References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301190338.GB749@lum.celabo.org> <20040302195555.GA7663@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040302195555.GA7663@sheol.localdomain> User-Agent: Mutt/1.4.1i X-Url: http://www.celabo.org/ cc: freebsd-security@FreeBSD.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 19:59:42 -0000 On Tue, Mar 02, 2004 at 01:55:55PM -0600, D J Hawkey Jr wrote: > On Mar 01, at 01:03 PM, Jacques A. Vidrine wrote: > > > > On Sun, Feb 29, 2004 at 07:38:11PM -0500, Mike Tancsa wrote: > > > In > > > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > > > > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > > > has to have ports open ? > > > > There will be advisories and patches available tomorrow. > > Not to pester, but it's the day-after-tomorrow today %-/ > Can we expect this Real Soon Now(tm)? I wrote that March 1st, today is March 2nd. The advisory and patches have been on the FTP server for almost 2 hours. I only just minutes ago pushed the button to email it everywhere. (Good thing too, 'cause I mistyped a URL in there originally.) Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:03:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF6B016A4CE for ; Tue, 2 Mar 2004 12:03:34 -0800 (PST) Received: from dreadful.org (dreadful.org [209.237.255.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id A368D43D39 for ; Tue, 2 Mar 2004 12:03:34 -0800 (PST) (envelope-from dan@dreadful.org) Received: from dreadful.org (localhost [127.0.0.1]) by dreadful.org (Postfix) with ESMTP id 0021711493 for ; Tue, 2 Mar 2004 12:06:14 -0800 (PST) Received: from localhost (dan@localhost) by dreadful.org (8.12.10/8.12.10/Submit) with ESMTP id i22K6ET0062988 for ; Tue, 2 Mar 2004 12:06:14 -0800 (PST) (envelope-from dan@dreadful.org) Date: Tue, 2 Mar 2004 12:06:14 -0800 (PST) From: Daniel Spielman To: freebsd-security@FreeBSD.org In-Reply-To: <200403021955.i22Jtix2024059@freefall.freebsd.org> Message-ID: <20040302120455.S38344@dreadful.org> References: <200403021955.i22Jtix2024059@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:03:34 -0000 is FreeBSD 5.2.1 affected by this exploit ? On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-04:04.tcp Security Advisory > The FreeBSD Project > > Topic: many out-of-sequence TCP packets denial-of-service > > Category: core > Module: kernel > Announced: 2004-03-02 > Credits: iDEFENSE > Affects: All FreeBSD releases > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) > 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) > 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) > 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) > CVE Name: CAN-2004-0171 > FreeBSD only: NO > > I. Background > > The Transmission Control Protocol (TCP) of the TCP/IP protocol suite > provides a connection-oriented, reliable, sequence-preserving data > stream service. When network packets making up a TCP stream (``TCP > segments'') are received out-of-sequence, they are maintained in a > reassembly queue by the destination system until they can be re-ordered > and re-assembled. > > II. Problem Description > > FreeBSD does not limit the number of TCP segments that may be held in a > reassembly queue. > > III. Impact > > A remote attacker may conduct a low-bandwidth denial-of-service attack > against a machine providing services based on TCP (there are many such > services, including HTTP, SMTP, and FTP). By sending many > out-of-sequence TCP segments, the attacker can cause the target machine > to consume all available memory buffers (``mbufs''), likely leading to > a system crash. > > IV. Workaround > > It may be possible to mitigate some denial-of-service attacks by > implementing timeouts at the application level. > > V. Solution > > Do one of the following: > > 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, > RELENG_4_9, or RELENG_4_8 security branch dated after the correction > date. > > OR > > 2) Patch your present system: > > The following patch has been verified to apply to FreeBSD 4.x and 5.x > systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 5.2] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc > > [FreeBSD 4.8, 4.9] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_4 > src/UPDATING 1.73.2.90 > src/sys/conf/newvers.sh 1.44.2.33 > src/sys/netinet/tcp_input.c 1.107.2.40 > src/sys/netinet/tcp_subr.c 1.73.2.33 > src/sys/netinet/tcp_var.h 1.56.2.15 > RELENG_5_2 > src/UPDATING 1.282.2.9 > src/sys/conf/newvers.sh 1.56.2.8 > src/sys/netinet/tcp_input.c 1.217.2.2 > src/sys/netinet/tcp_subr.c 1.169.2.4 > src/sys/netinet/tcp_var.h 1.93.2.2 > RELENG_4_9 > src/UPDATING 1.73.2.89.2.4 > src/sys/conf/newvers.sh 1.44.2.32.2.4 > src/sys/netinet/tcp_input.c 1.107.2.38.2.1 > src/sys/netinet/tcp_subr.c 1.73.2.31.4.1 > src/sys/netinet/tcp_var.h 1.56.2.13.4.1 > RELENG_4_8 > src/UPDATING 1.73.2.80.2.19 > src/sys/conf/newvers.sh 1.44.2.29.2.17 > src/sys/netinet/tcp_input.c 1.107.2.37.2.1 > src/sys/netinet/tcp_subr.c 1.73.2.31.2.1 > src/sys/netinet/tcp_var.h 1.56.2.13.2.1 > - ------------------------------------------------------------------------- > > VII. References > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 > > iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL > UDTQ4rcO/SP2rFRZ0Mcj1iQ= > =Gkct > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:05:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31B7B16A4CF for ; Tue, 2 Mar 2004 12:05:09 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id D841243D31 for ; Tue, 2 Mar 2004 12:05:06 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 822515309; Tue, 2 Mar 2004 21:05:05 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 854F05308; Tue, 2 Mar 2004 21:04:57 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 1339633C6C; Tue, 2 Mar 2004 21:04:57 +0100 (CET) To: Chris Neustrup References: <4044294F.308@idiom.com> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Tue, 02 Mar 2004 21:04:56 +0100 In-Reply-To: <4044294F.308@idiom.com> (Chris Neustrup's message of "Mon, 01 Mar 2004 22:27:27 -0800") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.6 required=5.0 tests=AWL,MAILTO_TO_SPAM_ADDR autolearn=no version=2.63 cc: security@freebsd.org Subject: Re: openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:05:09 -0000 Chris Neustrup writes: > I have done a cvsup of the openssh port. It builds correctly, but refuses > to install with the following: > > =3D=3D=3D> Installing for openssh-3.6.1_5 > > =3D=3D=3D> openssh-3.6.1_5 conflicts with installed package(s): > ssh2-3.2.9.1_1 > They install files into the same place. > Please remove them first with pkg_delete(1). > *** Error code 1 What I can't understand is why you think you need both OpenSSH and DataFellows SSH from ports in addition to the base system version of OpenSSH... DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:08:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B44716A4CE for ; Tue, 2 Mar 2004 12:08:13 -0800 (PST) Received: from mail.evilcoder.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7110D43D2D for ; Tue, 2 Mar 2004 12:08:10 -0800 (PST) (envelope-from remko@elvandar.org) From: "Remko Lodder" To: "Daniel Spielman" , Date: Tue, 2 Mar 2004 21:08:03 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) In-Reply-To: <20040302200713.8381924@mail.elvandar.org> Importance: Normal X-Virus-Scanned: for evilcoder.org Message-Id: <20040302200809.0E98F2B4DA4@mail.evilcoder.org> Subject: RE: [Freebsd-security] Re: FreeBSD Security AdvisoryFreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:08:13 -0000 yes unless you use the version as of :> 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) check it out with uname -a if it does not say -p1 it affects you. My guess, you are affected :) cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: freebsd-security-bounces@lists.elvandar.org [mailto:freebsd-security-bounces@lists.elvandar.org]Namens Daniel Spielman Verzonden: dinsdag 2 maart 2004 21:06 Aan: freebsd-security@FreeBSD.org Onderwerp: [Freebsd-security] Re: FreeBSD Security AdvisoryFreeBSD-SA-04:04.tcp is FreeBSD 5.2.1 affected by this exploit ? On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================ = > FreeBSD-SA-04:04.tcp Security Advisory > The FreeBSD Project > > Topic: many out-of-sequence TCP packets denial-of-service > > Category: core > Module: kernel > Announced: 2004-03-02 > Credits: iDEFENSE > Affects: All FreeBSD releases > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) > 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) > 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) > 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) > CVE Name: CAN-2004-0171 > FreeBSD only: NO > > I. Background > > The Transmission Control Protocol (TCP) of the TCP/IP protocol suite > provides a connection-oriented, reliable, sequence-preserving data > stream service. When network packets making up a TCP stream (``TCP > segments'') are received out-of-sequence, they are maintained in a > reassembly queue by the destination system until they can be re-ordered > and re-assembled. > > II. Problem Description > > FreeBSD does not limit the number of TCP segments that may be held in a > reassembly queue. > > III. Impact > > A remote attacker may conduct a low-bandwidth denial-of-service attack > against a machine providing services based on TCP (there are many such > services, including HTTP, SMTP, and FTP). By sending many > out-of-sequence TCP segments, the attacker can cause the target machine > to consume all available memory buffers (``mbufs''), likely leading to > a system crash. > > IV. Workaround > > It may be possible to mitigate some denial-of-service attacks by > implementing timeouts at the application level. > > V. Solution > > Do one of the following: > > 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, > RELENG_4_9, or RELENG_4_8 security branch dated after the correction > date. > > OR > > 2) Patch your present system: > > The following patch has been verified to apply to FreeBSD 4.x and 5.x > systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 5.2] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc > > [FreeBSD 4.8, 4.9] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Branch Revision > Path > - ------------------------------------------------------------------------ - > RELENG_4 > src/UPDATING 1.73.2.90 > src/sys/conf/newvers.sh 1.44.2.33 > src/sys/netinet/tcp_input.c 1.107.2.40 > src/sys/netinet/tcp_subr.c 1.73.2.33 > src/sys/netinet/tcp_var.h 1.56.2.15 > RELENG_5_2 > src/UPDATING 1.282.2.9 > src/sys/conf/newvers.sh 1.56.2.8 > src/sys/netinet/tcp_input.c 1.217.2.2 > src/sys/netinet/tcp_subr.c 1.169.2.4 > src/sys/netinet/tcp_var.h 1.93.2.2 > RELENG_4_9 > src/UPDATING 1.73.2.89.2.4 > src/sys/conf/newvers.sh 1.44.2.32.2.4 > src/sys/netinet/tcp_input.c 1.107.2.38.2.1 > src/sys/netinet/tcp_subr.c 1.73.2.31.4.1 > src/sys/netinet/tcp_var.h 1.56.2.13.4.1 > RELENG_4_8 > src/UPDATING 1.73.2.80.2.19 > src/sys/conf/newvers.sh 1.44.2.29.2.17 > src/sys/netinet/tcp_input.c 1.107.2.37.2.1 > src/sys/netinet/tcp_subr.c 1.73.2.31.2.1 > src/sys/netinet/tcp_var.h 1.56.2.13.2.1 > - ------------------------------------------------------------------------ - > > VII. References > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 > > iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL > UDTQ4rcO/SP2rFRZ0Mcj1iQ= > =Gkct > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ Freebsd-security mailing list Freebsd-security@lists.elvandar.org http://lists.elvandar.org/mailman/listinfo/freebsd-security From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:09:02 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8810B16A4CE; Tue, 2 Mar 2004 12:09:02 -0800 (PST) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5565943D2D; Tue, 2 Mar 2004 12:09:02 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id 7ED26818A; Tue, 2 Mar 2004 14:09:01 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id i22K91P07778; Tue, 2 Mar 2004 14:09:01 -0600 (CST) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Tue, 2 Mar 2004 14:09:01 -0600 From: D J Hawkey Jr To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.org Message-ID: <20040302200900.GB7699@sheol.localdomain> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040301190338.GB749@lum.celabo.org> <20040302195555.GA7663@sheol.localdomain> <20040302195919.GF1543@lum.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040302195919.GF1543@lum.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:09:02 -0000 On Mar 02, at 01:59 PM, Jacques A. Vidrine wrote: > > On Tue, Mar 02, 2004 at 01:55:55PM -0600, D J Hawkey Jr wrote: > > On Mar 01, at 01:03 PM, Jacques A. Vidrine wrote: > > > > > > There will be advisories and patches available tomorrow. > > > > Not to pester, but it's the day-after-tomorrow today %-/ > > Can we expect this Real Soon Now(tm)? > > I wrote that March 1st, today is March 2nd. Oop. My bad. I mistakenly looked at Mike's attribution line. You're correct. Sorry. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:11:08 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B637516A4CE for ; Tue, 2 Mar 2004 12:11:08 -0800 (PST) Received: from osiris.icrt.cu (osiris.icrt.cu [200.55.140.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id A31FC43D1F for ; Tue, 2 Mar 2004 12:11:05 -0800 (PST) (envelope-from texel@trinity.icrt.cu) Received: from icrt.cu (neuromancer.icrt.cu [192.168.250.20]) by osiris.icrt.cu (8.12.9/8.12.9) with ESMTP id i22KAndr012492 for ; Tue, 2 Mar 2004 15:10:52 -0500 (CST) Received: from trinity.icrt.cu ([10.20.0.100]) by icrt.cu (icrt.cu [127.0.0.1]) (MDaemon.PRO.v6.8.4.R) with ESMTP id 45-md50000000437.tmp for ; Tue, 02 Mar 2004 15:13:24 -0500 Received: by trinity.icrt.cu (Postfix, from userid 1000) id C72695AEA50; Tue, 2 Mar 2004 15:10:44 -0500 (CST) From: "Carlos A. Carnero Delgado" Organization: Instituto Cubano de Radio y Television To: freebsd-security@freebsd.org Date: Tue, 2 Mar 2004 15:10:43 -0500 User-Agent: KMail/1.6 References: <200403021955.i22Jtix2024059@freefall.freebsd.org> <20040302120455.S38344@dreadful.org> In-Reply-To: <20040302120455.S38344@dreadful.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403021510.44315.texel@trinity.icrt.cu> X-Spam-Processed: icrt.cu, Tue, 02 Mar 2004 15:13:24 -0500 (not processed: message from trusted or authenticated source) X-MDRemoteIP: 10.20.0.100 X-Return-Path: texel@trinity.icrt.cu X-MDaemon-Deliver-To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: texel@trinity.icrt.cu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:11:08 -0000 Hi, On Tuesday 02 March 2004 03:06, Daniel Spielman wrote: > is FreeBSD 5.2.1 affected by this exploit ? > > On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote: > ... > > Category: core > > Module: kernel > > Announced: 2004-03-02 > > Credits: iDEFENSE > > Affects: All FreeBSD releases > > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) > > 2004-03-02 17:24:46 UTC (RELENG_5_2, > > 5.2.1-RELEASE-p1) 2004-03-02 17:26:33 UTC (RELENG_4_9, > > 4.9-RELEASE-p3) 2004-03-02 17:27:47 UTC (RELENG_4_8, > > 4.8-RELEASE-p16) CVE Name: CAN-2004-0171 > > FreeBSD only: NO it seems so. Look above at it says it was corrected on 2004-03-02 in 5.2.1-RELEASE-p1. From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:12:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A77116A4CE for ; Tue, 2 Mar 2004 12:12:41 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16B7B43D2F for ; Tue, 2 Mar 2004 12:12:41 -0800 (PST) (envelope-from mike@sentex.net) Received: from avscan1.sentex.ca (avscan1.sentex.ca [199.212.134.11]) by smtp3.sentex.ca (8.12.10/8.12.10) with ESMTP id i22KCXOp001928; Tue, 2 Mar 2004 15:12:33 -0500 (EST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan1.sentex.ca (8.12.10/8.12.10) with ESMTP id i22KCaxa069333; Tue, 2 Mar 2004 15:12:36 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net ([192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id i22KCZZa034307; Tue, 2 Mar 2004 15:12:35 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.3.0.0.20040302151149.061fa9f8@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Tue, 02 Mar 2004 15:13:26 -0500 To: Daniel Spielman , freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <20040302120455.S38344@dreadful.org> References: <200403021955.i22Jtix2024059@freefall.freebsd.org> <20040302120455.S38344@dreadful.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:12:41 -0000 At 03:06 PM 02/03/2004, Daniel Spielman wrote: >is FreeBSD 5.2.1 affected by this exploit ? It would appear so based on http://docs.freebsd.org/cgi/mid.cgi?200403021724.i22HOk8W071644 ---Mike >On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > ============================================================================= > > FreeBSD-SA-04:04.tcp Security Advisory > > The FreeBSD > Project > > > > Topic: many out-of-sequence TCP packets denial-of-service > > > > Category: core > > Module: kernel > > Announced: 2004-03-02 > > Credits: iDEFENSE > > Affects: All FreeBSD releases > > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) > > 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) > > 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) > > 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) > > CVE Name: CAN-2004-0171 > > FreeBSD only: NO > > > > I. Background > > > > The Transmission Control Protocol (TCP) of the TCP/IP protocol suite > > provides a connection-oriented, reliable, sequence-preserving data > > stream service. When network packets making up a TCP stream (``TCP > > segments'') are received out-of-sequence, they are maintained in a > > reassembly queue by the destination system until they can be re-ordered > > and re-assembled. > > > > II. Problem Description > > > > FreeBSD does not limit the number of TCP segments that may be held in a > > reassembly queue. > > > > III. Impact > > > > A remote attacker may conduct a low-bandwidth denial-of-service attack > > against a machine providing services based on TCP (there are many such > > services, including HTTP, SMTP, and FTP). By sending many > > out-of-sequence TCP segments, the attacker can cause the target machine > > to consume all available memory buffers (``mbufs''), likely leading to > > a system crash. > > > > IV. Workaround > > > > It may be possible to mitigate some denial-of-service attacks by > > implementing timeouts at the application level. > > > > V. Solution > > > > Do one of the following: > > > > 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, > > RELENG_4_9, or RELENG_4_8 security branch dated after the correction > > date. > > > > OR > > > > 2) Patch your present system: > > > > The following patch has been verified to apply to FreeBSD 4.x and 5.x > > systems. > > > > a) Download the relevant patch from the location below, and verify the > > detached PGP signature using your PGP utility. > > > > [FreeBSD 5.2] > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch > > # fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc > > > > [FreeBSD 4.8, 4.9] > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch > > # fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc > > > > b) Apply the patch. > > > > # cd /usr/src > > # patch < /path/to/patch > > > > c) Recompile your kernel as described in > > and reboot the > > system. > > > > VI. Correction details > > > > The following list contains the revision numbers of each file that was > > corrected in FreeBSD. > > > > Branch Revision > > Path > > - ------------------------------------------------------------------------- > > RELENG_4 > > src/UPDATING 1.73.2.90 > > src/sys/conf/newvers.sh 1.44.2.33 > > src/sys/netinet/tcp_input.c 1.107.2.40 > > src/sys/netinet/tcp_subr.c 1.73.2.33 > > src/sys/netinet/tcp_var.h 1.56.2.15 > > RELENG_5_2 > > src/UPDATING 1.282.2.9 > > src/sys/conf/newvers.sh 1.56.2.8 > > src/sys/netinet/tcp_input.c 1.217.2.2 > > src/sys/netinet/tcp_subr.c 1.169.2.4 > > src/sys/netinet/tcp_var.h 1.93.2.2 > > RELENG_4_9 > > src/UPDATING 1.73.2.89.2.4 > > src/sys/conf/newvers.sh 1.44.2.32.2.4 > > src/sys/netinet/tcp_input.c 1.107.2.38.2.1 > > src/sys/netinet/tcp_subr.c 1.73.2.31.4.1 > > src/sys/netinet/tcp_var.h 1.56.2.13.4.1 > > RELENG_4_8 > > src/UPDATING 1.73.2.80.2.19 > > src/sys/conf/newvers.sh 1.44.2.29.2.17 > > src/sys/netinet/tcp_input.c 1.107.2.37.2.1 > > src/sys/netinet/tcp_subr.c 1.73.2.31.2.1 > > src/sys/netinet/tcp_var.h 1.56.2.13.2.1 > > - ------------------------------------------------------------------------- > > > > VII. References > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.4 > > > > iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL > > UDTQ4rcO/SP2rFRZ0Mcj1iQ= > > =Gkct > > -----END PGP SIGNATURE----- > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:53:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7430116A4CE; Tue, 2 Mar 2004 12:53:55 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD0F243D1D; Tue, 2 Mar 2004 12:53:54 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22KrrbF021632; Wed, 3 Mar 2004 07:53:53 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22KrqqM021628; Wed, 3 Mar 2004 07:53:52 +1100 (EST) From: Darren Reed Message-Id: <200403022053.i22KrqqM021628@caligula.anu.edu.au> To: nectar@FreeBSD.org (Jacques A. Vidrine) Date: Wed, 3 Mar 2004 07:53:52 +1100 (Australia/ACT) In-Reply-To: <20040302194507.GD1543@lum.celabo.org> from "Jacques A. Vidrine" at Mar 02, 2004 01:45:07 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@FreeBSD.org cc: Darren Reed Subject: Re: IPFilter and FreeBSD (was Re: mbuf vulnerability) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:53:55 -0000 In some mail from Jacques A. Vidrine, sie said: > > On Wed, Mar 03, 2004 at 05:08:07AM +1100, Darren Reed wrote: > > My comment was to say that with ipf4, you can address this problem. > > Do you plan to bring ipf4 into FreeBSD anytime soon? I think it would > be best to have a major upgrade before FreeBSD 5.3. Yes - version 4.1.1. Darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 12:59:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57D1416A4CE for ; Tue, 2 Mar 2004 12:59:34 -0800 (PST) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id B15C243D1F for ; Tue, 2 Mar 2004 12:59:33 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 71070 invoked from network); 2 Mar 2004 20:59:32 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 2 Mar 2004 20:59:32 -0000 X-pair-Authenticated: 209.68.2.70 Date: Tue, 2 Mar 2004 14:59:25 -0600 (CST) From: Mike Silbersack To: Darren Reed In-Reply-To: <200403021808.i22I87XN007054@caligula.anu.edu.au> Message-ID: <20040302145808.R715@odysseus.silby.com> References: <200403021808.i22I87XN007054@caligula.anu.edu.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 20:59:34 -0000 On Wed, 3 Mar 2004, Darren Reed wrote: > > > "strict" requires that the sequence number in packet n should match > > > what that sequence number of the last byte in packet n-1 - i.e. no > > > out of order delivery is permitted. > > > > > > Darren > Right, so your comment about it "not working" applies to 3.x (which > is what comes with freebsd, currently), which is what i was hoping :) > > My comment was to say that with ipf4, you can address this problem. > > darren Ok, that sounds correct. However, it would have an adverse performance impact in the normal case. Have you considered having an "almost strict" option that would allow maybe 3 or 4 out of order segments through? That would be a great feature. :) Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 13:10:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC50316A4CE for ; Tue, 2 Mar 2004 13:10:34 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id F302543D31 for ; Tue, 2 Mar 2004 13:10:33 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 8E0FF651F4 for ; Tue, 2 Mar 2004 21:10:32 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29531-01-6 for ; Tue, 2 Mar 2004 21:10:31 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 67EB0651EE for ; Tue, 2 Mar 2004 21:10:31 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 545FB18; Tue, 2 Mar 2004 21:10:30 +0000 (GMT) Date: Tue, 2 Mar 2004 21:10:30 +0000 From: Bruce M Simpson To: freebsd-security@FreeBSD.org Message-ID: <20040302211030.GJ7115@saboteur.dek.spc.org> Mail-Followup-To: freebsd-security@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="osDK9TLjxFScVI/L" Content-Disposition: inline Subject: [PATCH] Force mountd(8) to a specified port. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 21:10:35 -0000 --osDK9TLjxFScVI/L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, I have a requirement to run NFS read-only in an Internet-facing colocation environment. I am not happy with packet filters alone around rpcbind, call me paranoid, so I just spent the last few minutes cutting this patch. As you are aware, RPC applications can be forced to listen on a known port through the sin/sa argument to bindresvport[_sa](). Why several Linux distributions have this feature yet none of the BSDs do is beyond me... Please let me know your thoughts. If there are no valid objections I plan to commit it. Regards, BMS --osDK9TLjxFScVI/L Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="mountd-force-port.diff" Index: mountd.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/mountd/mountd.8,v retrieving revision 1.24 diff -u -r1.24 mountd.8 --- mountd.8 12 Dec 2002 17:26:02 -0000 1.24 +++ mountd.8 2 Mar 2004 20:55:37 -0000 @@ -43,6 +43,7 @@ .Sh SYNOPSIS .Nm .Op Fl 2dlnr +.Op Fl p Ar port .Op Ar exportsfile .Sh DESCRIPTION The @@ -77,6 +78,18 @@ that require it. It will automatically clear the vfs.nfsrv.nfs_privport sysctl flag, which controls if the kernel will accept NFS requests from reserved ports only. +.It Fl p Ar port +Force +.Nm +to bind to the specified port, for both +.Vt AF_INET +and +.Vt AF_INET6 +address families. +If +.Nm +cannot bind to this port, an appropriate error will be recorded in +the system log, and the daemon will then exit. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, Index: mountd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/mountd/mountd.c,v retrieving revision 1.74 diff -u -r1.74 mountd.c --- mountd.c 30 Oct 2003 22:57:43 -0000 1.74 +++ mountd.c 2 Mar 2004 21:08:17 -0000 @@ -272,11 +272,15 @@ fd_set readfds; SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp; struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; int udpsock, tcpsock, udp6sock, tcp6sock; + char *endptr; + in_port_t svcport = 0; int xcreated = 0, s; int maxrec = RPC_MAXDATASIZE; int one = 1; - int c; + int c, r; udp6conf = tcp6conf = NULL; udp6sock = tcp6sock = NULL; @@ -298,7 +302,7 @@ errx(1, "NFS server is not available or loadable"); } - while ((c = getopt(argc, argv, "2dlnr")) != -1) + while ((c = getopt(argc, argv, "2dlnp:r")) != -1) switch (c) { case '2': force_v2 = 1; @@ -315,6 +319,14 @@ case 'l': dolog = 1; break; + case 'p': + endptr = NULL; + svcport = (in_port_t)strtoul(optarg, &endptr, 10); + if (endptr == NULL || *endptr != '\0' || + svcport < IPPORT_RESERVEDSTART || + svcport >= IPPORT_MAX) + usage(); + break; default: usage(); }; @@ -390,8 +402,26 @@ exit(1); } } + if (svcport != 0) { + bzero(&sin, sizeof(struct sockaddr_in)); + sin.sin_len = sizeof(struct sockaddr_in); + sin.sin_family = AF_INET; + sin.sin_port = htons(svcport); + + bzero(&sin6, sizeof(struct sockaddr_in6)); + sin6.sin6_len = sizeof(struct sockaddr_in6); + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(svcport); + } if (udpsock != -1 && udpconf != NULL) { - bindresvport(udpsock, NULL); + if (svcport != 0) { + r = bindresvport(udpsock, &sin); + if (r != 0) { + syslog(LOG_ERR, "bindresvport: %m"); + exit(1); + } + } else + (void)bindresvport(udpsock, NULL); udptransp = svc_dg_create(udpsock, 0, 0); if (udptransp != NULL) { if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER1, @@ -411,7 +441,14 @@ } if (tcpsock != -1 && tcpconf != NULL) { - bindresvport(tcpsock, NULL); + if (svcport != 0) { + r = bindresvport(tcpsock, &sin); + if (r != 0) { + syslog(LOG_ERR, "bindresvport: %m"); + exit(1); + } + } else + (void)bindresvport(tcpsock, NULL); listen(tcpsock, SOMAXCONN); tcptransp = svc_vc_create(tcpsock, RPC_MAXDATASIZE, RPC_MAXDATASIZE); if (tcptransp != NULL) { @@ -432,7 +469,15 @@ } if (have_v6 && udp6sock != -1 && udp6conf != NULL) { - bindresvport(udp6sock, NULL); + if (svcport != 0) { + r = bindresvport_sa(udp6sock, + (struct sockaddr *)&sin6); + if (r != 0) { + syslog(LOG_ERR, "bindresvport_sa: %m"); + exit(1); + } + } else + (void)bindresvport_sa(udp6sock, NULL); udp6transp = svc_dg_create(udp6sock, 0, 0); if (udp6transp != NULL) { if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER1, @@ -452,7 +497,15 @@ } if (have_v6 && tcp6sock != -1 && tcp6conf != NULL) { - bindresvport(tcp6sock, NULL); + if (svcport != 0) { + r = bindresvport_sa(tcp6sock, + (struct sockaddr *)&sin6); + if (r != 0) { + syslog(LOG_ERR, "bindresvport_sa: %m"); + exit(1); + } + } else + (void)bindresvport_sa(tcp6sock, NULL); listen(tcp6sock, SOMAXCONN); tcp6transp = svc_vc_create(tcp6sock, RPC_MAXDATASIZE, RPC_MAXDATASIZE); if (tcp6transp != NULL) { @@ -502,7 +555,8 @@ usage() { fprintf(stderr, - "usage: mountd [-2] [-d] [-l] [-n] [-r] [export_file]\n"); + "usage: mountd [-2] [-d] [-l] [-n] [-p ] [-r] " + "[export_file]\n"); exit(1); } --osDK9TLjxFScVI/L-- From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 13:58:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C716816A4CE for ; Tue, 2 Mar 2004 13:58:14 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5423143D1F for ; Tue, 2 Mar 2004 13:58:14 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 348A065414 for ; Tue, 2 Mar 2004 21:58:13 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29922-03-3 for ; Tue, 2 Mar 2004 21:58:12 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id F2D1765468 for ; Tue, 2 Mar 2004 21:58:11 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 158B518; Tue, 2 Mar 2004 21:58:11 +0000 (GMT) Date: Tue, 2 Mar 2004 21:58:10 +0000 From: Bruce M Simpson To: freebsd-security@FreeBSD.org Message-ID: <20040302215810.GK7115@saboteur.dek.spc.org> Mail-Followup-To: freebsd-security@FreeBSD.org References: <20040302211030.GJ7115@saboteur.dek.spc.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="X3gaHHMYHkYqP6yf" Content-Disposition: inline In-Reply-To: <20040302211030.GJ7115@saboteur.dek.spc.org> Subject: [RELENG_4] Re: [PATCH] Force mountd(8) to a specified port. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 21:58:14 -0000 --X3gaHHMYHkYqP6yf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 02, 2004 at 09:10:30PM +0000, Bruce M Simpson wrote: > As you are aware, RPC applications can be forced to listen on a known port > through the sin/sa argument to bindresvport[_sa](). Why several Linux > distributions have this feature yet none of the BSDs do is beyond me... Here's a similar patch for RELENG_4. Please give me feedback. Regards, BMS --X3gaHHMYHkYqP6yf Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="mountd-port-stable.diff" ? .mountd.c.rej.swp Index: mountd.8 =================================================================== RCS file: /home/ncvs/src/sbin/mountd/Attic/mountd.8,v retrieving revision 1.16.2.2 diff -u -r1.16.2.2 mountd.8 --- mountd.8 8 Dec 2000 14:04:02 -0000 1.16.2.2 +++ mountd.8 2 Mar 2004 21:56:11 -0000 @@ -43,6 +43,7 @@ .Sh SYNOPSIS .Nm .Op Fl 2dlnr +.Op Fl p Ar port .Op Ar exportsfile .Sh DESCRIPTION .Nm Mountd @@ -76,6 +77,18 @@ that require it. It will automatically clear the vfs.nfs.nfs_privport sysctl flag, which controls if the kernel will accept NFS requests from reserved ports only. +.It Fl p Ar port +Force +.Nm +to bind to the specified port, for both +.Vt AF_INET +and +.Vt AF_INET6 +address families. +If +.Nm +cannot bind to this port, an appropriate error will be recorded in +the system log, and the daemon will then exit. .It Fl r Allow mount RPCs requests for regular files to be served. Although this seems to violate the mount protocol specification, Index: mountd.c =================================================================== RCS file: /home/ncvs/src/sbin/mountd/Attic/mountd.c,v retrieving revision 1.39.2.5 diff -u -r1.39.2.5 mountd.c --- mountd.c 13 Sep 2002 15:57:43 -0000 1.39.2.5 +++ mountd.c 2 Mar 2004 21:56:11 -0000 @@ -238,8 +238,12 @@ int argc; char **argv; { + struct sockaddr_in sin; SVCXPRT *udptransp, *tcptransp; + char *endptr; int c, error, mib[3]; + int tcpsock, udpsock; + in_port_t svcport; struct vfsconf vfc; error = getvfsbyname("nfs", &vfc); @@ -252,7 +256,7 @@ if (error) errx(1, "NFS support is not available in the running kernel"); - while ((c = getopt(argc, argv, "2dlnr")) != -1) + while ((c = getopt(argc, argv, "2dlnp:r")) != -1) switch (c) { case '2': force_v2 = 1; @@ -269,6 +273,14 @@ case 'l': log = 1; break; + case 'p': + endptr = NULL; + svcport = (in_port_t)strtoul(optarg, &endptr, 10); + if (endptr == NULL || *endptr != '\0' || + svcport < IPPORT_RESERVEDSTART || + svcport >= 65535) + usage(); + break; default: usage(); }; @@ -313,8 +325,24 @@ exit(1); } } - if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || - (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { + if ((udpsock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1 || + (tcpsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { + syslog(LOG_ERR, "can't create socket"); + exit(1); + } + if (svcport != 0) { + bzero(&sin, sizeof(struct sockaddr_in)); + sin.sin_len = sizeof(struct sockaddr_in); + sin.sin_family = AF_INET; + sin.sin_port = htons(svcport); + if (bind(udpsock, (struct sockaddr *)&sin, sizeof(sin)) == -1 || + bind(tcpsock, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + syslog(LOG_ERR, "can't bind socket"); + exit(1); + } + } + if ((udptransp = svcudp_create(udpsock)) == NULL || + (tcptransp = svctcp_create(tcpsock, 0, 0)) == NULL) { syslog(LOG_ERR, "can't create socket"); exit(1); } @@ -340,7 +368,8 @@ usage() { fprintf(stderr, - "usage: mountd [-2] [-d] [-l] [-n] [-r] [export_file]\n"); + "usage: mountd [-2] [-d] [-l] [-n] [-p ] [-r] " + "[export_file]\n"); exit(1); } --X3gaHHMYHkYqP6yf-- From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 15:15:24 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44DFB16A4CE for ; Tue, 2 Mar 2004 15:15:24 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id A39C143D1D for ; Tue, 2 Mar 2004 15:15:23 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22NFMbF012067 for ; Wed, 3 Mar 2004 10:15:22 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22NFMh8012065 for security@freebsd.org; Wed, 3 Mar 2004 10:15:22 +1100 (EST) From: Darren Reed Message-Id: <200403022315.i22NFMh8012065@caligula.anu.edu.au> To: security@freebsd.org Date: Wed, 3 Mar 2004 10:15:22 +1100 (Australia/ACT) X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: someone please unsubscribe this person from freebsd-security? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 23:15:24 -0000 Forwarded message: > From R.v.Gogh@kappe-int.com Wed Mar 3 07:54:28 2004 > Message-ID: <0FDD52D38220D611B7CC0004763B37441B2572@HNTS-04> > From: "Gogh, Ruben van" > To: Darren Reed > Subject: RE: IPFilter and FreeBSD (was Re: mbuf vulnerability) > Date: Tue, 2 Mar 2004 21:54:23 +0100 > MIME-Version: 1.0 > X-Mailer: Internet Mail Service (5.5.2657.72) > Content-Type: text/plain > Content-Length: 1103 > > Bedankt voor uw e-mail. Ik ben helaas niet in de gelegenheid om u te > antwoorden. Ik ben op vakantie van 1 t/m 8 maart. > Voor spoedeisende zaken kunt u zich wenden tot de Helpdesk (0 20 40 58 598 > of helpdesk@kappe-int.com ). > ----- > > Thank you for your e-mail. Unfortenately I cant answer your e-mail right > now. I'm on holliday from the 1th to the 9th of March. > For urgent matters contact the Helpdesk ( +31 (0) 20 40 58 598 or > helpdesk@kappe-int.com ). > > Ruben van Gogh > > > > > > ******************************************** > The information in this e-mail is personal and may contain > confidential and/or priveliged material. The contents may > not be disclosed or used by anyone other than the addressee. > If you are not the intended recipient, any use, disclosure, > copying, distribution or action taken on it is prohibited. If > you have received this communication in error please notify > us by e-mail and then delete the e-mail and all attachments. > ******************************************** > From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 15:24:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36CA916A4CE for ; Tue, 2 Mar 2004 15:24:28 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F2F443D1F for ; Tue, 2 Mar 2004 15:24:27 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22NOQbF015448; Wed, 3 Mar 2004 10:24:26 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22NOQ7B015446; Wed, 3 Mar 2004 10:24:26 +1100 (EST) From: Darren Reed Message-Id: <200403022324.i22NOQ7B015446@caligula.anu.edu.au> To: bms@spc.org (Bruce M Simpson) Date: Wed, 3 Mar 2004 10:24:25 +1100 (Australia/ACT) In-Reply-To: <20040302211030.GJ7115@saboteur.dek.spc.org> from "Bruce M Simpson" at Mar 02, 2004 09:10:30 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: [PATCH] Force mountd(8) to a specified port. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 23:24:28 -0000 In some mail from Bruce M Simpson, sie said: > Hi all, > > I have a requirement to run NFS read-only in an Internet-facing colocation > environment. I am not happy with packet filters alone around rpcbind, call > me paranoid, so I just spent the last few minutes cutting this patch. > > As you are aware, RPC applications can be forced to listen on a known port > through the sin/sa argument to bindresvport[_sa](). Why several Linux > distributions have this feature yet none of the BSDs do is beyond me... > > Please let me know your thoughts. If there are no valid objections I plan > to commit it. I'm confused by your first paragraph...the primary purpose of a patch like this would be, I imagine, to support being able to write filter rules for your firewall with a specific port defined rather than have to determine it after rpcbind & mountd have started. Darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 15:33:07 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34B5916A4CE for ; Tue, 2 Mar 2004 15:33:07 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB71743D39 for ; Tue, 2 Mar 2004 15:33:06 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: from caligula.anu.edu.au (localhost [127.0.0.1]) by caligula.anu.edu.au (8.12.9/8.12.9) with ESMTP id i22NX5bF019072; Wed, 3 Mar 2004 10:33:05 +1100 (EST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.12.9/8.12.8/Submit) id i22NX4qb019047; Wed, 3 Mar 2004 10:33:04 +1100 (EST) From: Darren Reed Message-Id: <200403022333.i22NX4qb019047@caligula.anu.edu.au> To: silby@silby.com (Mike Silbersack) Date: Wed, 3 Mar 2004 10:33:04 +1100 (Australia/ACT) In-Reply-To: <20040302145808.R715@odysseus.silby.com> from "Mike Silbersack" at Mar 02, 2004 02:59:25 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 23:33:07 -0000 In some mail from Mike Silbersack, sie said: > On Wed, 3 Mar 2004, Darren Reed wrote: > > > > "strict" requires that the sequence number in packet n should match > > > > what that sequence number of the last byte in packet n-1 - i.e. no > > > > out of order delivery is permitted. > > > > > > > > Darren > > Right, so your comment about it "not working" applies to 3.x (which > > is what comes with freebsd, currently), which is what i was hoping :) > > > > My comment was to say that with ipf4, you can address this problem. > > > > darren > > Ok, that sounds correct. However, it would have an adverse performance > impact in the normal case. Have you considered having an "almost strict" > option that would allow maybe 3 or 4 out of order segments through? That > would be a great feature. :) Indeed, there is the potential for adverse impact on TCP and hence so it is an option. But if I adopted your suggestion, it would be like saying it was "almost secure". It is primarily intended for things like, as an example, FTP command channels or telnet or (maybe) SMTP. Darren From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 15:45:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE2C16A4CE for ; Tue, 2 Mar 2004 15:45:55 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id C76C543D1D for ; Tue, 2 Mar 2004 15:45:54 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 111396530A; Tue, 2 Mar 2004 23:45:54 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31169-04-3; Tue, 2 Mar 2004 23:45:53 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 8F31A6520E; Tue, 2 Mar 2004 23:45:53 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id BB64918; Tue, 2 Mar 2004 23:45:52 +0000 (GMT) Date: Tue, 2 Mar 2004 23:45:52 +0000 From: Bruce M Simpson To: Darren Reed Message-ID: <20040302234552.GC8716@saboteur.dek.spc.org> Mail-Followup-To: Darren Reed , freebsd-security@freebsd.org References: <20040302211030.GJ7115@saboteur.dek.spc.org> <200403022324.i22NOQ7B015446@caligula.anu.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200403022324.i22NOQ7B015446@caligula.anu.edu.au> cc: freebsd-security@freebsd.org Subject: Re: [PATCH] Force mountd(8) to a specified port. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 23:45:55 -0000 On Wed, Mar 03, 2004 at 10:24:25AM +1100, Darren Reed wrote: > I'm confused by your first paragraph...the primary purpose of a patch > like this would be, I imagine, to support being able to write filter > rules for your firewall with a specific port defined rather than have > to determine it after rpcbind & mountd have started. Exactamundo! BMS From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 17:06:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FDD816A4CE for ; Tue, 2 Mar 2004 17:06:28 -0800 (PST) Received: from dreadful.org (dreadful.org [209.237.255.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B6BF43D31 for ; Tue, 2 Mar 2004 17:06:28 -0800 (PST) (envelope-from dan@dreadful.org) Received: from dreadful.org (localhost [127.0.0.1]) by dreadful.org (Postfix) with ESMTP id B3D431146B; Tue, 2 Mar 2004 17:07:45 -0800 (PST) Received: from localhost (dan@localhost) by dreadful.org (8.12.10/8.12.10/Submit) with ESMTP id i2317j5l001114; Tue, 2 Mar 2004 17:07:45 -0800 (PST) (envelope-from dan@dreadful.org) Date: Tue, 2 Mar 2004 17:07:44 -0800 (PST) From: Daniel Spielman To: Darren Reed In-Reply-To: <200403022315.i22NFMh8012065@caligula.anu.edu.au> Message-ID: <20040302170710.N1113@dreadful.org> References: <200403022315.i22NFMh8012065@caligula.anu.edu.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: security@freebsd.org Subject: Re: someone please unsubscribe this person from freebsd-security? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 01:06:28 -0000 I got that auto-responder as well from. On Wed, 3 Mar 2004, Darren Reed wrote: > Forwarded message: > > From R.v.Gogh@kappe-int.com Wed Mar 3 07:54:28 2004 > > Message-ID: <0FDD52D38220D611B7CC0004763B37441B2572@HNTS-04> > > From: "Gogh, Ruben van" > > To: Darren Reed > > Subject: RE: IPFilter and FreeBSD (was Re: mbuf vulnerability) > > Date: Tue, 2 Mar 2004 21:54:23 +0100 > > MIME-Version: 1.0 > > X-Mailer: Internet Mail Service (5.5.2657.72) > > Content-Type: text/plain > > Content-Length: 1103 > > > > Bedankt voor uw e-mail. Ik ben helaas niet in de gelegenheid om u te > > antwoorden. Ik ben op vakantie van 1 t/m 8 maart. > > Voor spoedeisende zaken kunt u zich wenden tot de Helpdesk (0 20 40 58 598 > > of helpdesk@kappe-int.com ). > > ----- > > > > Thank you for your e-mail. Unfortenately I cant answer your e-mail right > > now. I'm on holliday from the 1th to the 9th of March. > > For urgent matters contact the Helpdesk ( +31 (0) 20 40 58 598 or > > helpdesk@kappe-int.com ). > > > > Ruben van Gogh > > > > > > > > > > > > ******************************************** > > The information in this e-mail is personal and may contain > > confidential and/or priveliged material. The contents may > > not be disclosed or used by anyone other than the addressee. > > If you are not the intended recipient, any use, disclosure, > > copying, distribution or action taken on it is prohibited. If > > you have received this communication in error please notify > > us by e-mail and then delete the e-mail and all attachments. > > ******************************************** > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Mar 2 22:07:19 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B14DE16A4CE for ; Tue, 2 Mar 2004 22:07:19 -0800 (PST) Received: from web1.hostrack.com (unknown [63.105.72.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 602D743D1F for ; Tue, 2 Mar 2004 22:07:19 -0800 (PST) (envelope-from stevei@black-star.net) Received: (qmail 21487 invoked from network); 3 Mar 2004 06:07:18 -0000 Received: from adslbt49.cofs.net (HELO altair) (66.77.169.49) by web1.hostrack.com with SMTP; 3 Mar 2004 06:07:18 -0000 Message-ID: <006d01c400e5$ccc463f0$1a01a8c0@blackstar.net> From: "Steve Ireland" To: References: <20040302113600.V12133@odysseus.silby.com><200403021808.i22I87XN007054@caligula.anu.edu.au> <20040302194507.GD1543@lum.celabo.org> Date: Wed, 3 Mar 2004 01:07:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Subject: Re: IPFilter and FreeBSD (was Re: mbuf vulnerability) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 06:07:19 -0000 Hello, I'm glad this came up. I happened to be on IPFilter's home site last night and saw that they say 4.1 has been tested successfully against both 4.9 and 5.1. The url is http://coombs.anu.edu.au/~avalon/ipfilter-status.html. I hope this means it will be available as a port and/or package for 4.x. On a similar note I saw a mention the other day in one of the lists that OpenBSD's pf was either about to be or already was in the process of ported over. Is that being ported to 4.x, as well? Thnx, Steve ----- Original Message ----- From: "Jacques A. Vidrine" To: "Darren Reed" Cc: Sent: Tuesday, March 02, 2004 14:45 Subject: IPFilter and FreeBSD (was Re: mbuf vulnerability) > On Wed, Mar 03, 2004 at 05:08:07AM +1100, Darren Reed wrote: > > My comment was to say that with ipf4, you can address this problem. > > Do you plan to bring ipf4 into FreeBSD anytime soon? I think it would > be best to have a major upgrade before FreeBSD 5.3. > > Cheers, > -- > Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 01:59:02 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DE9B16A4CF for ; Wed, 3 Mar 2004 01:59:02 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 817D743D31 for ; Wed, 3 Mar 2004 01:59:00 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 59525 invoked by uid 0); 3 Mar 2004 10:01:37 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.01112 secs); 03 Mar 2004 10:01:37 -0000 Received: from unknown (HELO webmail.vkt.lt) (127.0.0.1) by localhost.4you.lt with SMTP; 3 Mar 2004 10:01:37 -0000 Received: from 213.190.43.52 (SquirrelMail authenticated user hugle@vkt.lt) by webmail.vkt.lt with HTTP; Wed, 3 Mar 2004 12:01:37 +0200 (EET) Message-ID: <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> In-Reply-To: <20040302200809.0E98F2B4DA4@mail.evilcoder.org> References: <20040302200713.8381924@mail.elvandar.org> <20040302200809.0E98F2B4DA4@mail.evilcoder.org> Date: Wed, 3 Mar 2004 12:01:37 +0200 (EET) From: hugle@vkt.lt To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: RE: [Freebsd-security] Re: FreeBSD SecurityAdvisoryFreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 09:59:02 -0000 > yes unless you use the version as of :> 2004-03-02 > 17:24:46 > UTC (RELENG_5_2, 5.2.1-RELEASE-p1) > > check it out with uname -a > > if it does not say -p1 > it affects you. > > My guess, you are affected :) > > cheers > Hello all. I have a litttle question here, regarting all those patches and kernel upgrades.. For exampleif I have a router here doing NAT, i cant reboot it frequently, and I don't wont to reboot it at all. But as it is said, that you need to patch or cvsup the kernel source, rebuild kernel, and reboot. Is there any way to do such thing without rebooting? Thanks From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 02:10:48 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E590A16A4CE for ; Wed, 3 Mar 2004 02:10:48 -0800 (PST) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35AD243D2D for ; Wed, 3 Mar 2004 02:10:48 -0800 (PST) (envelope-from patpro@patpro.net) Received: from [192.168.0.1] (cassandre [192.168.0.1]) by boleskine.patpro.net (Postfix) with ESMTP id EE9541A2; Wed, 3 Mar 2004 11:10:49 +0100 (CET) In-Reply-To: <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> References: <20040302200713.8381924@mail.elvandar.org> <20040302200809.0E98F2B4DA4@mail.evilcoder.org> <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net> Content-Transfer-Encoding: 7bit From: Patrick Proniewski Date: Wed, 3 Mar 2004 11:10:45 +0100 To: hugle@vkt.lt X-Mailer: Apple Mail (2.612) cc: Liste FreeBSD-security Subject: Re: [Freebsd-security] Re: FreeBSD SecurityAdvisoryFreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 10:10:49 -0000 On 03 mars 2004, at 11:01, hugle@vkt.lt wrote: > But as it is said, that you need to patch or cvsup the kernel source, > rebuild kernel, and reboot. > Is there any way to do such thing without rebooting? you might be able to unload a module and load a patched module, but when it comes to the kernel, you have no other choice than to reboot By the way, the process is really fast and painless. I've cvsuped my sources and made buildkernel / installkernel last night on my internet gateway, and finally rebooted. The reboot was so fast that my computer behind this gateway didn't even lose it's IRC session. patpro -- je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 02:15:06 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC2C216A4CE for ; Wed, 3 Mar 2004 02:15:06 -0800 (PST) Received: from supermarine.crossflight.co.uk (supermarine.crossflight.co.uk [195.172.72.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id B29B743D1D for ; Wed, 3 Mar 2004 02:15:02 -0800 (PST) (envelope-from guy@crossflight.co.uk) Received: from mailscan1.crossflight.co.uk (mailscan1.crossflight.co.uk [195.172.72.202])i23AEwOL082153 for ; Wed, 3 Mar 2004 10:15:00 GMT (envelope-from guy@crossflight.co.uk) Received: from crossflight.co.uk (unverified) by mailscan1.crossflight.co.uk (Content Technologies SMTPRS 4.3.1) with ESMTP id ; Wed, 3 Mar 2004 10:14:58 +0000 Message-ID: <4045B019.3070104@crossflight.co.uk> Date: Wed, 03 Mar 2004 10:14:49 +0000 From: Guy Dawson Organization: Crossflight Limited User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: hugle@vkt.lt References: <20040302200713.8381924@mail.elvandar.org> <20040302200809.0E98F2B4DA4@mail.evilcoder.org> <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> In-Reply-To: <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00 autolearn=no version=2.63-sm2_global_rules_20040129a X-Spam-Checker-Version: SpamAssassin 2.63-sm2_global_rules_20040129a (2004-01-11) on supermarine.crossflight.co.uk cc: freebsd-security@freebsd.org Subject: Re: [Freebsd-security] Re: FreeBSD SecurityAdvisoryFreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 10:15:06 -0000 hugle@vkt.lt wrote: > Hello all. > I have a litttle question here, regarting all those patches and kernel > upgrades.. > > For exampleif I have a router here doing NAT, i cant reboot it frequently, > and I don't wont to reboot it at all. > > But as it is said, that you need to patch or cvsup the kernel source, > rebuild kernel, and reboot. > Is there any way to do such thing without rebooting? No. Only a reboot can cause the system to run the new kernel. If you had an updated HTTPD daemon you could stop and restart the HTTPD daemon processes to load the new daemon. It's much the same with the kernel - you need to stop and restart it. That's done with a reboot. Guy -- -------------------------------------------------------------------- Guy Dawson I.T. Manager Crossflight Ltd guy@crossflight.co.uk 07973 797819 01753 776104 ********************************************************************** This email contains the views and opinions of a Crossflight Limited employee and at this stage are in no way a direct representation of Crossflight Limited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. To ensure the integrity and appropriate use of its email system, Crossflight Limited reserves the right to examine any email held on its email system or sent to or from it. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. We strongly recommend that you check this email with your own virus software as Crossflight Limited will not be held responsible for any damage caused by viruses as a result of opening this email. ********************************************************************** From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 03:04:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 300CB16A4CE for ; Wed, 3 Mar 2004 03:04:09 -0800 (PST) Received: from dd1318.kasserver.com (dd1318.kasserver.com [81.209.148.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2069A43D1D for ; Wed, 3 Mar 2004 03:04:08 -0800 (PST) (envelope-from gbergling@0xfce3.net) Received: from nemesis.md.0xfce3.net (port-ip-213-211-224-164.reverse.mdcc-fun.de [213.211.224.164]) by dd1318.kasserver.com (Postfix) with ESMTP id 09FDD66A93 for ; Wed, 3 Mar 2004 12:03:50 +0100 (CET) Received: from nemesis.md.0xfce3.net (localhost [127.0.0.1]) i23B45td002190 for ; Wed, 3 Mar 2004 12:04:05 +0100 (CET) (envelope-from gbergling@0xfce3.net) Received: (from gordon@localhost) by nemesis.md.0xfce3.net (8.12.10/8.12.10/Submit) id i23B45dr002189 for freebsd-security@freebsd.org; Wed, 3 Mar 2004 12:04:05 +0100 (CET) (envelope-from gbergling@0xfce3.net) X-Authentication-Warning: nemesis.ipv6.0xfce3.net: gordon set sender to gbergling@0xfce3.net using -f Date: Wed, 3 Mar 2004 12:04:05 +0100 From: Gordon Bergling To: FreeBSD Security Message-ID: <20040303110405.GA2155@nemesis.md.0xfce3.net> References: <200403021955.i22Jtix2024059@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH" Content-Disposition: inline In-Reply-To: <200403021955.i22Jtix2024059@freefall.freebsd.org> User-Agent: Mutt/1.4.2.1i X-Url: X-Operating-System: FreeBSD 5.2.1-RELEASE-p1 i386 X-Host-Uptime: 12:02PM up 1:53, 3 users, load averages: 0.55, 0.31, 0.19 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Gordon Bergling List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 11:04:09 -0000 --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Tue Mar 02, 2004 at 11:55AM -0800, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-04:04.tcp Security Adviso= ry > The FreeBSD Pro= ject >=20 > Topic: many out-of-sequence TCP packets denial-of-service >=20 > Category: core > Module: kernel > Announced: 2004-03-02 > Credits: iDEFENSE > Affects: All FreeBSD releases > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) > 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) > 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) > 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) > CVE Name: CAN-2004-0171 > FreeBSD only: NO Is there any chance to get this fixed in RELENG_5_1? best regards, Gordon --=20 Gordon Bergling http://www.0xFCE3.net/ PGP Fingerprint: 7732 9BB1 5013 AE8B E42C 28E0 93B9 D32B C76F 02A0 RIPE-HDL: MDTP-RIPE "There is no place like 127.0.0.0/8" --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFARbulk7nTK8dvAqARAnMIAJ9ICJCZiQBVL8OR7gFAzg1lRLu97ACgloDV vBNVMQmYU9hA0mZ5izVrWfE= =owHu -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 05:53:58 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C459916A4D9 for ; Wed, 3 Mar 2004 05:53:58 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B88E43D45 for ; Wed, 3 Mar 2004 05:53:58 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 0ADE054861; Wed, 3 Mar 2004 07:53:58 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 98169-05; Wed, 3 Mar 2004 07:53:47 -0600 (CST) Received: from lum.celabo.org (n00.bcrtfl01.us.wh.nameservers.net [208.55.254.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 7124A5482B; Wed, 3 Mar 2004 07:53:47 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id CAE0D10D2D3; Wed, 3 Mar 2004 07:53:36 -0600 (CST) Date: Wed, 3 Mar 2004 07:53:36 -0600 From: "Jacques A. Vidrine" To: Gordon Bergling Message-ID: <20040303135336.GA2217@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Gordon Bergling , FreeBSD Security References: <200403021955.i22Jtix2024059@freefall.freebsd.org> <20040303110405.GA2155@nemesis.md.0xfce3.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040303110405.GA2155@nemesis.md.0xfce3.net> User-Agent: Mutt/1.4.1i X-Url: http://www.celabo.org/ cc: FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 13:53:59 -0000 On Wed, Mar 03, 2004 at 12:04:05PM +0100, Gordon Bergling wrote: > Is there any chance to get this fixed in RELENG_5_1? I intend to do so as time allows. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 06:14:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50D4716A4CE for ; Wed, 3 Mar 2004 06:14:41 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25E2343D1F for ; Wed, 3 Mar 2004 06:14:41 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 992BD54840; Wed, 3 Mar 2004 08:14:40 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 98315-08; Wed, 3 Mar 2004 08:14:30 -0600 (CST) Received: from lum.celabo.org (n00.bcrtfl01.us.wh.nameservers.net [208.55.254.110]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id C1FA354846; Wed, 3 Mar 2004 08:14:29 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id 8227710D3B4; Wed, 3 Mar 2004 08:14:19 -0600 (CST) Date: Wed, 3 Mar 2004 08:14:19 -0600 From: "Jacques A. Vidrine" To: Daniel Spielman Message-ID: <20040303141418.GE2217@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Daniel Spielman , freebsd-security@FreeBSD.org References: <200403021955.i22Jtix2024059@freefall.freebsd.org> <20040302120455.S38344@dreadful.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040302120455.S38344@dreadful.org> User-Agent: Mutt/1.4.1i X-Url: http://www.celabo.org/ cc: freebsd-security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 14:14:41 -0000 On Tue, Mar 02, 2004 at 12:06:14PM -0800, Daniel Spielman wrote: > is FreeBSD 5.2.1 affected by this exploit ? Yes. -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 06:44:53 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAEAD16A4CE for ; Wed, 3 Mar 2004 06:44:53 -0800 (PST) Received: from mail1.acecape.com (mail1.acecape.com [66.114.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1373943D2D for ; Wed, 3 Mar 2004 06:44:53 -0800 (PST) (envelope-from lists@natserv.com) Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147]) by mail1.acecape.com (8.12.11/8.12.11) with ESMTP id i23Eiqkp013439 for ; Wed, 3 Mar 2004 09:44:52 -0500 Date: Wed, 3 Mar 2004 09:51:15 +0000 (GMT) From: Francisco Reyes X-X-Sender: fran@zoraida.natserv.net To: FreeBSD Security List Message-ID: <20040303094647.J93367@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 14:44:54 -0000 My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. What are my options on monitoring activity on my external card? This morning I noticed my DSL modem activity light is blinking non-stop. Looking at /var/log/ don't see anything suspicious. I feel tempted to add "log" to all my ipfw pass rules, but wonder if there isn't a better way. I am mostly concerned there is either some kind of attack going on or somehow the machine was hacked and it's running something it's not supposed to. From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 06:55:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51A0716A4CE for ; Wed, 3 Mar 2004 06:55:16 -0800 (PST) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1D7043D46 for ; Wed, 3 Mar 2004 06:55:15 -0800 (PST) (envelope-from patpro@patpro.net) Received: from [192.168.0.1] (cassandre [192.168.0.1]) by boleskine.patpro.net (Postfix) with ESMTP id 02B1C2A9; Wed, 3 Mar 2004 15:55:14 +0100 (CET) In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> References: <20040303094647.J93367@zoraida.natserv.net> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Patrick Proniewski Date: Wed, 3 Mar 2004 15:55:13 +0100 To: Francisco Reyes X-Mailer: Apple Mail (2.612) cc: Liste FreeBSD-security Subject: Re: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 14:55:16 -0000 On 03 mars 2004, at 10:51, Francisco Reyes wrote: > My setup 4.9 stable with IPFW. Machine acts as gateway for two > machines. > > What are my options on monitoring activity on my external card? > > This morning I noticed my DSL modem activity light is blinking > non-stop. > Looking at /var/log/ don't see anything suspicious. > > I feel tempted to add "log" to all my ipfw pass rules, but wonder if > there > isn't a better way. > > I am mostly concerned there is either some kind of attack going on or > somehow the machine was hacked and it's running something it's not > supposed to. If you really want some real-time control, you might want to try tcpdump, But you'll soon be flooded by the data. Best practice it probabely to put some log rules to your IPFW and then use a log parser to get some stats from your that. You can also add an IDS of some sort, and checkrootkit on a crontab. patpro -- je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 06:55:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95FF516A4D1 for ; Wed, 3 Mar 2004 06:55:32 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A63E43D2D for ; Wed, 3 Mar 2004 06:55:32 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id i23EtVE8055323; Wed, 3 Mar 2004 08:55:31 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <4045F1BC.5040006@centtech.com> Date: Wed, 03 Mar 2004 08:54:52 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040205 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Francisco Reyes References: <20040303094647.J93367@zoraida.natserv.net> In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD Security List Subject: Re: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 14:55:32 -0000 Francisco Reyes wrote: > My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. > > What are my options on monitoring activity on my external card? > > This morning I noticed my DSL modem activity light is blinking non-stop. > Looking at /var/log/ don't see anything suspicious. > > I feel tempted to add "log" to all my ipfw pass rules, but wonder if there > isn't a better way. > > I am mostly concerned there is either some kind of attack going on or > somehow the machine was hacked and it's running something it's not > supposed to. I like trafshow for watching it "live". Eric -- ------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Today is the tomorrow you worried about yesterday. ------------------------------------------------------------------ From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 07:03:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C2C016A4CE for ; Wed, 3 Mar 2004 07:03:15 -0800 (PST) Received: from 15pc221.sshunet.nl (15pc221.sshunet.nl [131.211.221.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3B0F43D41 for ; Wed, 3 Mar 2004 07:03:13 -0800 (PST) (envelope-from g.p.de.boer@st.hanze.nl) Received: from thedarkside.nl ([172.16.0.4]) by 15pc221.sshunet.nl (8.12.8p2/8.12.8) with ESMTP id i23F3Bde022014 for ; Wed, 3 Mar 2004 16:03:11 +0100 (CET) (envelope-from g.p.de.boer@st.hanze.nl) Received: from [10.0.0.3] (edinburgh [10.0.0.3]) by thedarkside.nl (8.12.8p2/8.12.8) with ESMTP id i23F3AXv015568 for ; Wed, 3 Mar 2004 16:03:10 +0100 (CET) (envelope-from g.p.de.boer@st.hanze.nl) From: "G.P. de Boer" To: freebsd-security@freebsd.org In-Reply-To: <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net> References: <20040302200713.8381924@mail.elvandar.org> <20040302200809.0E98F2B4DA4@mail.evilcoder.org> <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net> Content-Type: text/plain Message-Id: <1078326248.627.13.camel@edinburgh.thedarkside.tix> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 03 Mar 2004 16:04:08 +0100 Content-Transfer-Encoding: 7bit Subject: Re: [Freebsd-security] Re: FreeBSD SecurityAdvisoryFreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 15:03:15 -0000 On Wed, 2004-03-03 at 11:10, Patrick Proniewski wrote: > > But as it is said, that you need to patch or cvsup the kernel source, > > rebuild kernel, and reboot. > > Is there any way to do such thing without rebooting? > you might be able to unload a module and load a patched module, but > when it comes to the kernel, you have no other choice than to reboot > > By the way, the process is really fast and painless. I've cvsuped my > sources and made buildkernel / installkernel last night on my internet > gateway, and finally rebooted. The reboot was so fast that my computer > behind this gateway didn't even lose it's IRC session. You -can- patch a run-time kernel by loading a KLD which, with a bit of magic voodoo, replaces whatever function you want with your own. That said, the TCP reassembly patch is quite complex compared to other bugfixes and may well not be as easy to patch this way. If there are new structures being used, things get quite nasty fast. I agree with Patrick that a reboot is the safest and really-not-that-sucky way to resolve this. -- G.P. de Boer From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 07:21:07 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E266216A4CF for ; Wed, 3 Mar 2004 07:21:07 -0800 (PST) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7638E43D1D for ; Wed, 3 Mar 2004 07:21:07 -0800 (PST) (envelope-from resident@b-o.ru) Received: from [192.168.92.185] (helo=192.168.92.185) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1AyYLd-000I8c-Em for freebsd-security@freebsd.org; Wed, 03 Mar 2004 18:31:49 +0300 Date: Wed, 3 Mar 2004 18:23:01 +0300 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <17922425976.20040303182301@b-o.ru> To: FreeBSD Security List In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> References: <20040303094647.J93367@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit Subject: Re: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 15:21:08 -0000 Ïðèâåò Francisco, Wednesday, March 3, 2004, 12:51:15 PM, you wrote: FR> My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. FR> What are my options on monitoring activity on my external card? FR> This morning I noticed my DSL modem activity light is blinking non-stop. FR> Looking at /var/log/ don't see anything suspicious. FR> I feel tempted to add "log" to all my ipfw pass rules, but wonder if there FR> isn't a better way. FR> I am mostly concerned there is either some kind of attack going on or FR> somehow the machine was hacked and it's running something it's not FR> supposed to. You also may try sniffit - shows current tcp/udp streams in curses windows. Easy to undestend from where to start searching. -- Ñ íàèëó÷øèìè ïîæåëàíèÿìè, Andrew mailto:resident@b-o.ru From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 07:30:47 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E55216A4CE for ; Wed, 3 Mar 2004 07:30:47 -0800 (PST) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6461143D31 for ; Wed, 3 Mar 2004 07:30:47 -0800 (PST) (envelope-from nkinkade@fastmail.fm) X-Sasl-enc: btIDazmjlek35bR8Chds0g 1078327700 Received: from [206.26.199.146] (unknown [206.27.244.214]) by www.fastmail.fm (Postfix) with ESMTP id AD5D16B066A; Wed, 3 Mar 2004 10:28:19 -0500 (EST) Received: from nkinkade by [206.26.199.146] with local (Exim 4.12) id 1AyYHu-0006kR-00; Wed, 03 Mar 2004 09:27:58 -0600 Date: Wed, 3 Mar 2004 09:27:58 -0600 From: Nathan Kinkade To: Francisco Reyes Message-ID: <20040303152758.GW13775@nkinkade.bmp.ub> Mail-Followup-To: Francisco Reyes , FreeBSD Security List References: <20040303094647.J93367@zoraida.natserv.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="1Wg5Vd7si6EhrIHA" Content-Disposition: inline In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> User-Agent: Mutt/1.4.1i Sender: Nathan Kinkade cc: FreeBSD Security List Subject: Re: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nathan Kinkade List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 15:30:47 -0000 --1Wg5Vd7si6EhrIHA Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 03, 2004 at 09:51:15AM +0000, Francisco Reyes wrote: > My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. >=20 > What are my options on monitoring activity on my external card? >=20 > This morning I noticed my DSL modem activity light is blinking non-stop. > Looking at /var/log/ don't see anything suspicious. >=20 > I feel tempted to add "log" to all my ipfw pass rules, but wonder if there > isn't a better way. >=20 > I am mostly concerned there is either some kind of attack going on or > somehow the machine was hacked and it's running something it's not > supposed to. There are a lot of utilities in the ports collection that will allow you to monitor your network activity. One small and useful one is at net/trafshow. It's not fancy, but it is curses based and will give you a quick idea of what is going on. Other considerations might be ntop or ethereal. Nathan --=20 gpg --keyserver pgp.mit.edu --recv-keys D8527E49 --1Wg5Vd7si6EhrIHA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQFARfl+O0ZIEthSfkkRAkhAAJ41P443kVhBrq/TtndJSc1c2b/h5ACfcLh4 SnzrTYeHOUNcWGdP/SgLV6o= =oEe8 -----END PGP SIGNATURE----- --1Wg5Vd7si6EhrIHA-- From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 10:57:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C924016A4CE for ; Wed, 3 Mar 2004 10:57:23 -0800 (PST) Received: from orion.genient.com (unknown [194.74.225.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A4D943D2D for ; Wed, 3 Mar 2004 10:57:23 -0800 (PST) (envelope-from Simon.Taylor@corizon.com) X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Wed, 3 Mar 2004 19:00:14 -0000 Message-ID: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD ipsec and NAT Thread-Index: AcQBULB7VYWj8mnJTHWINogbxegJ8g== From: "Simon Taylor" To: Subject: FreeBSD ipsec and NAT X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 18:57:23 -0000 Hi All, I currently have setup a site to site vpn using racoon on my freebsd firewall. All is well there and I can connect through the vpn when I am on the firewall and get the connection fine. Now I want to be able to connect from other machines through the firewall - this is where I come unstuck, the ipsec policy allows for my external address range to connect through the vpn, but then I would like my internal addresses to first get translated and then routed through the tunnel. But instead when I connect with my internal addresses they get translated, but then try and use the conventional gateway on the machine instead of picking up the ipsec policy. If that makes sense... I am using FreeBSD, ipf, ipnat and racoon. Any help appreciated=20 Simon From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 11:05:05 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F53116A4CE for ; Wed, 3 Mar 2004 11:05:05 -0800 (PST) Received: from gi.sourcefire.com (gi.sourcefire.com [12.110.105.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BBF043D31 for ; Wed, 3 Mar 2004 11:05:05 -0800 (PST) (envelope-from nigel@sourcefire.com) Received: from localhost ([10.4.10.172]) (AUTH: PLAIN nhoughton, TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA) by gi.sourcefire.com with esmtp; Wed, 03 Mar 2004 14:05:03 -0500 Date: Wed, 3 Mar 2004 14:01:45 -0500 From: Nigel Houghton To: Simon Taylor Message-ID: <20040303190145.GA662@enterprise.sfeng.sourcefire.com> References: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> User-Agent: Mutt/1.4.2i cc: freebsd-security@freebsd.org Subject: Re: FreeBSD ipsec and NAT X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 19:05:05 -0000 This appears to be off-topic for this list, but here are some resources you might wish to look at... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html http://www.freebsddiary.org/ipsec-tunnel.php http://www.daemonnews.org/200101/ipsec-howto.html I'm sure there will be more available via Google. On 0, Simon Taylor allegedly wrote: > Hi All, > I currently have setup a site to site vpn using racoon on my freebsd > firewall. All is well there and I can connect through the vpn when I am > on the firewall and get the connection fine. > Now I want to be able to connect from other machines through the > firewall - this is where I come unstuck, the ipsec policy allows for my > external address range to connect through the vpn, but then I would like > my internal addresses to first get translated and then routed through > the tunnel. But instead when I connect with my internal addresses they > get translated, but then try and use the conventional gateway on the > machine instead of picking up the ipsec policy. > If that makes sense... I am using FreeBSD, ipf, ipnat and racoon. > Any help appreciated > Simon > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > ------------------------------------------------------------- Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team In an emergency situation involving two or more officers of equal rank, seniority will be granted to whichever officer can program a vcr. From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 20:27:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B69EE16A4CE for ; Wed, 3 Mar 2004 20:27:32 -0800 (PST) Received: from p4.ecoms.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8135B43D1F for ; Wed, 3 Mar 2004 20:27:32 -0800 (PST) (envelope-from michael@roq.com) Received: from roq.com (CPE-203-51-130-228.vic.bigpond.net.au [203.51.130.228]) by p4.ecoms.com (Postfix) with ESMTP id A1C462681A3 for ; Thu, 4 Mar 2004 00:57:59 -0600 (CST) Message-ID: <4046B025.5010603@roq.com> Date: Thu, 04 Mar 2004 15:27:17 +1100 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040213 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: FreeBSD source auto patcher script X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 04:27:32 -0000 Hi all I thought I would let you people know of a script that I coded that facilitates security patch updating on FreeBSD. When I wrote it I decided to called it Quickpatch for some reason even though because its source based its not necessarily the least bit quick at all :) I had kept it for my self for a while but I was recently provoked to release it as it could do greater good being out there on the net, because its in Perl its quite hackable for custom needs. http://www.roq.com/projects/quickpatch/ It has the ability to do a range of different update tasks. These features include the ability to easily verify (using PGP) any and all advisories, easy setup and use of CVSUP for source and ports tree updates. Ability to extract all the useful data out of the official FreeBSD security advisories, such as necessary patch commands, security advisory topic, exact hours since the patch was made/released, then can create ready to run patch files or display/email a full report of that information. Also, it can optionally apply the patch files with no attendance. Because its highly cronable you can schedule in a 'patch mode' kernel recompile and reboot at early morning hours to minimize down time inconvenience to others. From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 23:46:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AD6516A4CE for ; Wed, 3 Mar 2004 23:46:15 -0800 (PST) Received: from smtp1.eunet.yu (smtp1.eunet.yu [194.247.192.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFE4343D39 for ; Wed, 3 Mar 2004 23:46:13 -0800 (PST) (envelope-from kolicz@eunet.yu) Received: from smtp1.EUnet.yu (root@localhost) by smtp1.eunet.yu (8.12.10/8.12.10) with SMTP id i247kB7H022524 for ; Thu, 4 Mar 2004 08:46:12 +0100 Received: from kolic.net (P-2.37.EUnet.yu [213.240.2.37]) by smtp1.eunet.yu (8.12.10/8.12.10) with ESMTP id i247kBmM022316 for ; Thu, 4 Mar 2004 08:46:11 +0100 Received: by kolic.net (Postfix, from userid 1001) id C787941AE; Thu, 4 Mar 2004 08:44:42 +0100 (CET) Date: Thu, 4 Mar 2004 08:44:42 +0100 From: Zoran Kolic To: freebsd-security@freebsd.org Message-ID: <20040304074442.GA571@kolic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: tripwire port broken? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 07:46:15 -0000 Dear list! I've tried to compile tripwire-2.3.1-2 port on my 5.2 release. Two diffe- rent tarballs have failed with message, that port was broken, all in one sentence. No any details. Well! Makefile has so- mething like: .if ${OSVERSION} >= 500000 BROKEN= "Fails to build inder 5.X" .endif One more: USE_GMAKE= yes Has someone compiled it successfully? Is it for a good reason to be like that on 5.x? Almost forgot. If I use "make install TRIPWIRE_ _FLOPPY=YES", where should I find binary and db? Floppy, both floppy and hdd? Best regards ZK From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 00:30:56 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FB9816A4CE for ; Thu, 4 Mar 2004 00:30:56 -0800 (PST) Received: from amsfep14-int.chello.nl (amsfep14-int.chello.nl [213.46.243.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id EEE3343D2F for ; Thu, 4 Mar 2004 00:30:54 -0800 (PST) (envelope-from horcy@textonly.demon.nl) Received: from josbox ([80.57.192.91]) by amsfep14-int.chello.nl (InterMail vM.6.00.05.02 201-2115-109-103-20031105) with SMTP id <20040304083051.WJUW28932.amsfep14-int.chello.nl@josbox> for ; Thu, 4 Mar 2004 09:30:51 +0100 Message-ID: <001001c401c3$00b774d0$0400a8c0@josbox> From: "horcy" To: References: <4046B025.5010603@roq.com> Date: Thu, 4 Mar 2004 09:30:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: FreeBSD source auto patcher script X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 08:30:56 -0000 SGkgTWljaGFlbCwNCg0KVGhhdCBTb3VuZHMgbGlrZSBzb21lIHN1cGVyIGNvb2wgc3R1ZmYuDQpH b2luZyB0byBjaGVjayBpdCBvdXQuDQoNClRoeCENCg0KaG9yY3kNCg0KDQotLS0tLSBPcmlnaW5h bCBNZXNzYWdlIC0tLS0tIA0KRnJvbTogIk1pY2hhZWwgVmluY2UiIDxtaWNoYWVsQHJvcS5jb20+ DQpUbzogPGZyZWVic2Qtc2VjdXJpdHlAZnJlZWJzZC5vcmc+DQpTZW50OiBUaHVyc2RheSwgTWFy Y2ggMDQsIDIwMDQgNToyNyBBTQ0KU3ViamVjdDogRnJlZUJTRCBzb3VyY2UgYXV0byBwYXRjaGVy IHNjcmlwdA0KDQoNCj4gSGkgYWxsDQo+IEkgdGhvdWdodCBJIHdvdWxkIGxldCB5b3UgcGVvcGxl IGtub3cgb2YgYSBzY3JpcHQgdGhhdCBJIGNvZGVkIHRoYXQgDQo+IGZhY2lsaXRhdGVzIHNlY3Vy aXR5IHBhdGNoIHVwZGF0aW5nIG9uIEZyZWVCU0QuIFdoZW4gSSB3cm90ZSBpdCBJIA0KPiBkZWNp ZGVkIHRvIGNhbGxlZCBpdCBRdWlja3BhdGNoIGZvciBzb21lIHJlYXNvbiBldmVuIHRob3VnaCBi ZWNhdXNlIGl0cyANCj4gc291cmNlIGJhc2VkIGl0cyBub3QgbmVjZXNzYXJpbHkgdGhlIGxlYXN0 IGJpdCBxdWljayBhdCBhbGwgOikgSSBoYWQgDQo+IGtlcHQgaXQgZm9yIG15IHNlbGYgZm9yIGEg d2hpbGUgYnV0IEkgd2FzIHJlY2VudGx5IHByb3Zva2VkIHRvIHJlbGVhc2UgDQo+IGl0IGFzIGl0 IGNvdWxkIGRvIGdyZWF0ZXIgZ29vZCBiZWluZyBvdXQgdGhlcmUgb24gdGhlIG5ldCwgYmVjYXVz ZSBpdHMgDQo+IGluIFBlcmwgaXRzIHF1aXRlIGhhY2thYmxlIGZvciBjdXN0b20gbmVlZHMuDQo+ IA0KPiBodHRwOi8vd3d3LnJvcS5jb20vcHJvamVjdHMvcXVpY2twYXRjaC8NCj4gDQo+IEl0IGhh cyB0aGUgYWJpbGl0eSB0byBkbyBhIHJhbmdlIG9mIGRpZmZlcmVudCB1cGRhdGUgdGFza3MuIFRo ZXNlIA0KPiBmZWF0dXJlcyBpbmNsdWRlIHRoZSBhYmlsaXR5IHRvIGVhc2lseSB2ZXJpZnkgKHVz aW5nIFBHUCkgYW55IGFuZCBhbGwgDQo+IGFkdmlzb3JpZXMsIGVhc3kgc2V0dXAgYW5kIHVzZSBv ZiBDVlNVUCBmb3Igc291cmNlIGFuZCBwb3J0cyB0cmVlIA0KPiB1cGRhdGVzLiBBYmlsaXR5IHRv IGV4dHJhY3QgYWxsIHRoZSB1c2VmdWwgZGF0YSBvdXQgb2YgdGhlIG9mZmljaWFsIA0KPiBGcmVl QlNEIHNlY3VyaXR5IGFkdmlzb3JpZXMsIHN1Y2ggYXMgbmVjZXNzYXJ5IHBhdGNoIGNvbW1hbmRz LCBzZWN1cml0eSANCj4gYWR2aXNvcnkgdG9waWMsIGV4YWN0IGhvdXJzIHNpbmNlIHRoZSBwYXRj aCB3YXMgbWFkZS9yZWxlYXNlZCwgdGhlbiBjYW4gDQo+IGNyZWF0ZSByZWFkeSB0byBydW4gcGF0 Y2ggZmlsZXMgb3IgZGlzcGxheS9lbWFpbCBhIGZ1bGwgcmVwb3J0IG9mIHRoYXQgDQo+IGluZm9y bWF0aW9uLiBBbHNvLCBpdCBjYW4gb3B0aW9uYWxseSBhcHBseSB0aGUgcGF0Y2ggZmlsZXMgd2l0 aCBubyANCj4gYXR0ZW5kYW5jZS4gQmVjYXVzZSBpdHMgaGlnaGx5IGNyb25hYmxlIHlvdSBjYW4g c2NoZWR1bGUgaW4gYSAncGF0Y2ggDQo+IG1vZGUnIGtlcm5lbCByZWNvbXBpbGUgYW5kIHJlYm9v dCBhdCBlYXJseSBtb3JuaW5nIGhvdXJzIHRvIG1pbmltaXplIA0KPiBkb3duIHRpbWUgaW5jb252 ZW5pZW5jZSB0byBvdGhlcnMuDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KPiBmcmVlYnNkLXNlY3VyaXR5QGZyZWVic2Qub3JnIG1haWxpbmcg bGlzdA0KPiBodHRwOi8vbGlzdHMuZnJlZWJzZC5vcmcvbWFpbG1hbi9saXN0aW5mby9mcmVlYnNk LXNlY3VyaXR5DQo+IFRvIHVuc3Vic2NyaWJlLCBzZW5kIGFueSBtYWlsIHRvICJmcmVlYnNkLXNl Y3VyaXR5LXVuc3Vic2NyaWJlQGZyZWVic2Qub3JnIg0KPiA= From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 00:39:40 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A2A316A4CE for ; Thu, 4 Mar 2004 00:39:40 -0800 (PST) Received: from dreadful.org (dreadful.org [209.237.255.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E3C543D2F for ; Thu, 4 Mar 2004 00:39:40 -0800 (PST) (envelope-from dan@dreadful.org) Received: from dreadful.org (localhost [127.0.0.1]) by dreadful.org (Postfix) with ESMTP id A16441146B; Thu, 4 Mar 2004 00:41:21 -0800 (PST) Received: from localhost (dan@localhost) by dreadful.org (8.12.10/8.12.10/Submit) with ESMTP id i248fK2V006478; Thu, 4 Mar 2004 00:41:21 -0800 (PST) (envelope-from dan@dreadful.org) Date: Thu, 4 Mar 2004 00:41:20 -0800 (PST) From: Daniel Spielman To: Michael Vince In-Reply-To: <4046B025.5010603@roq.com> Message-ID: <20040304004042.I1954@dreadful.org> References: <4046B025.5010603@roq.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: FreeBSD source auto patcher script X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 08:39:40 -0000 Sounds like my job, will it monitor 24/7 /var/log/messages too ? :) On Thu, 4 Mar 2004, Michael Vince wrote: > Hi all > I thought I would let you people know of a script that I coded that > facilitates security patch updating on FreeBSD. When I wrote it I > decided to called it Quickpatch for some reason even though because its > source based its not necessarily the least bit quick at all :) I had > kept it for my self for a while but I was recently provoked to release > it as it could do greater good being out there on the net, because its > in Perl its quite hackable for custom needs. > > http://www.roq.com/projects/quickpatch/ > > It has the ability to do a range of different update tasks. These > features include the ability to easily verify (using PGP) any and all > advisories, easy setup and use of CVSUP for source and ports tree > updates. Ability to extract all the useful data out of the official > FreeBSD security advisories, such as necessary patch commands, security > advisory topic, exact hours since the patch was made/released, then can > create ready to run patch files or display/email a full report of that > information. Also, it can optionally apply the patch files with no > attendance. Because its highly cronable you can schedule in a 'patch > mode' kernel recompile and reboot at early morning hours to minimize > down time inconvenience to others. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 03:41:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 668B016A4CE for ; Thu, 4 Mar 2004 03:41:23 -0800 (PST) Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58B9743D5F for ; Thu, 4 Mar 2004 03:41:23 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (7244810ee7787bb60b7cc14fc9db2ad4@adsl-67-119-53-203.dsl.lsan03.pacbell.net [67.119.53.203])i24BfJ1l011336; Thu, 4 Mar 2004 03:41:20 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id DEDC1533D2; Thu, 4 Mar 2004 03:41:18 -0800 (PST) Date: Thu, 4 Mar 2004 03:41:18 -0800 From: Kris Kennaway To: Zoran Kolic Message-ID: <20040304114118.GA49636@xor.obsecurity.org> References: <20040304074442.GA571@kolic.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <20040304074442.GA571@kolic.net> User-Agent: Mutt/1.4.2.1i cc: freebsd-security@freebsd.org Subject: Re: tripwire port broken? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 11:41:23 -0000 --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 04, 2004 at 08:44:42AM +0100, Zoran Kolic wrote: > Dear list! > I've tried to compile > tripwire-2.3.1-2 port on > my 5.2 release. Two diffe- > rent tarballs have failed > with message, that port > was broken, all in one > sentence. No any details. > Well! Makefile has so- > mething like: >=20 > .if ${OSVERSION} >=3D 500000 > BROKEN=3D "Fails to build inder 5.X" > .endif >=20 > One more: >=20 > USE_GMAKE=3D yes >=20 > Has someone compiled > it successfully? Is it > for a good reason to be > like that on 5.x? The makefile says the port is broken and fails to build under 5.x because, predictably, the port is broken and fails to build under 5.x ;-) It requires changes in order to compile, which no-one has provided yet. Kris --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD4DBQFARxXeWry0BWjoQKURAtWmAKCnfDdmfuGDTxJeYU4fG6Mq2AVj4wCXWIYT N8FBFDbrhdoQAtbtzLM5Iw== =gzmt -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 04:29:35 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBE9D16A4CE for ; Thu, 4 Mar 2004 04:29:35 -0800 (PST) Received: from mail.komquats.com (h24-108-145-252.gv.shawcable.net [24.108.145.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9742F43D1D for ; Thu, 4 Mar 2004 04:29:35 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by mail.komquats.com (Postfix) with ESMTP id 793CD5A82D for ; Thu, 4 Mar 2004 04:29:34 -0800 (PST) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.10/8.12.8) with ESMTP id i24CTY0f007751 for ; Thu, 4 Mar 2004 04:29:34 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Message-Id: <200403041229.i24CTY0f007751@cwsys.cwsent.com> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: freebsd-security@freebsd.org In-Reply-To: Your message of "Thu, 04 Mar 2004 03:41:18 PST." <20040304114118.GA49636@xor.obsecurity.org> Date: Thu, 04 Mar 2004 04:29:34 -0800 Sender: Cy.Schubert@komquats.com Subject: Re: tripwire port broken? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Cy Schubert List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 12:29:35 -0000 In message <20040304114118.GA49636@xor.obsecurity.org>, Kris Kennaway writes: > On Thu, Mar 04, 2004 at 08:44:42AM +0100, Zoran Kolic wrote: > > Dear list! > > I've tried to compile > > tripwire-2.3.1-2 port on > > my 5.2 release. Two diffe- > > rent tarballs have failed > > with message, that port > > was broken, all in one > > sentence. No any details. > > Well! Makefile has so- > > mething like: > >=20 > > .if ${OSVERSION} >=3D 500000 > > BROKEN=3D "Fails to build inder 5.X" > > .endif > >=20 > > One more: > >=20 > > USE_GMAKE=3D yes > >=20 > > Has someone compiled > > it successfully? Is it > > for a good reason to be > > like that on 5.x? > > The makefile says the port is broken and fails to build under 5.x > because, predictably, the port is broken and fails to build under 5.x > ;-) > > It requires changes in order to compile, which no-one has provided > yet. The problem is due to STLport incompatibilities. The tripwire folks state in their doc that STLport at the time was a moving target, so they included a copy frozen in time in their software. Unfortunately it fails to build under -CURRENT. Using STLport in ports doesn't work either because of the issues they mention in their README. Quite short sighted on their part, however as I've been a software developer for commercial software in a previous life, I can understand management's reasons for doing what they do (the old 80/20 rule to get product out the door quickly to generate revenue). I'm working on a patch. Cheers, -- Cy Schubert http://www.komquats.com/ BC Government . FreeBSD UNIX Cy.Schubert@osg.gov.bc.ca . cy@FreeBSD.org http://www.gov.bc.ca/ . http://www.FreeBSD.org/ From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 09:00:39 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEB7B16A4D4 for ; Thu, 4 Mar 2004 09:00:39 -0800 (PST) Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id B528A43D2D for ; Thu, 4 Mar 2004 09:00:39 -0800 (PST) (envelope-from borjamar@sarenet.es) Received: from [172.16.1.38] (izaro.sarenet.es [192.148.167.11]) by orhi.sarenet.es (Postfix) with ESMTP id 386D57A3B5F for ; Thu, 4 Mar 2004 18:00:38 +0100 (MET) Mime-Version: 1.0 (Apple Message framework v612) In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> References: <20040303094647.J93367@zoraida.natserv.net> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <75E52170-6DFD-11D8-B790-000393C94468@sarenet.es> Content-Transfer-Encoding: 7bit From: Borja Marcos Date: Thu, 4 Mar 2004 18:00:37 +0100 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.612) Subject: Re: How to monitoring activity on a card? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2004 17:00:40 -0000 > What are my options on monitoring activity on my external card? Eric Anderson has recommended you "trafshow". It is excellent to have a quick look to your traffic. If you want to store historic data, and you need to have a look at the flows avoiding the packet-level detail, the best is Argus, available in the ports collection. Have a look at the Argus homepage: http://www.qosient.com/argus Regards, Borja. From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 18:23:39 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 701CB16A4CE for ; Thu, 4 Mar 2004 18:23:39 -0800 (PST) Received: from host2u.net (host2u.net [161.58.237.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FCE843D31 for ; Thu, 4 Mar 2004 18:23:39 -0800 (PST) (envelope-from david@deassociates.com) Received: from winxp1700 (host-209-214-99-221.sav.bellsouth.net [209.214.99.221]) by host2u.net (8.12.11/8.12.6) with SMTP id i252NaoM030973 for ; Thu, 4 Mar 2004 21:23:37 -0500 (EST) Message-ID: <001801c40259$04be1ed0$6400a8c0@winxp1700> From: "David Edwards" To: References: <20040304074442.GA571@kolic.net> Date: Thu, 4 Mar 2004 21:24:40 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: David Edwards List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 02:23:39 -0000 Hello folks.. I have a quick question ipfw in a 4.8 server.. In /etc/rc.conf, if you set this - firewall_type="OPEN", is it also necessary for this options IPFIREWALL_DEFAULT_TO_ACCEPT in the kernel config file? I would think that using the first would be better because it can be removed, thus allowing no one access, including yourself if you aren't careful. Whereas the second method above, in the kernel config leaves it open if no rules exist or if all rules are flushed. So the the big question is, do I use both, one or the other? I know I can just do options IPFIREWALL, but I want to ensure no way of locking myself out at initial reboot, since this is a remote server. I am also aware of the risks of doing it remotely. But I need to do this. Thanks for your help. David Edwards --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004 From owner-freebsd-security@FreeBSD.ORG Thu Mar 4 22:57:03 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD35116A4CE for ; Thu, 4 Mar 2004 22:57:03 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 3D2AD43D39 for ; Thu, 4 Mar 2004 22:57:02 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 7912 invoked from network); 5 Mar 2004 06:54:20 -0000 Received: from office.sbnd.net (HELO straylight.m.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 5 Mar 2004 06:54:20 -0000 Received: (qmail 15874 invoked by uid 1000); 5 Mar 2004 06:57:30 -0000 Date: Fri, 5 Mar 2004 08:57:30 +0200 From: Peter Pentchev To: David Edwards Message-ID: <20040305065729.GB747@straylight.m.ringlet.net> Mail-Followup-To: David Edwards , freebsd-security@freebsd.org References: <20040304074442.GA571@kolic.net> <001801c40259$04be1ed0$6400a8c0@winxp1700> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8" Content-Disposition: inline In-Reply-To: <001801c40259$04be1ed0$6400a8c0@winxp1700> User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 06:57:03 -0000 --z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 04, 2004 at 09:24:40PM -0500, David Edwards wrote: > Hello folks.. I have a quick question ipfw in a 4.8 server.. >=20 > In /etc/rc.conf, if you set this - firewall_type=3D"OPEN", is it also > necessary for this options IPFIREWALL_DEFAULT_TO_ACCEPT in the kernel con= fig > file? No, firewall_type=3D"open" will work even without the default-to-accept kernel config option. The presence or absence of the kernel configuration option determines what rule 65535 will be at startup: at the initialization of the ipfw framework, it places a rule numbered 65535, which is either 'allow' if the option is present, or 'deny' if it is not. The firewall_type=3D"open" rc.conf knob determines the behavior of the /etc/rc.firewall script (which can be overridden by setting firewall_script=3D"something else" in /etc/rc.conf) - and rc.firewall's 'open' mode creates a rule numbered 65000. Since ipfw terminates the rule search on the first match, rule 65000 will be processed before rule 65535, and the kernel's default will never be considered - firewall_type=3D"open" trumps the presence or absence of the IPFIREWALL_DEFAULT_TO_ACCEPT option. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. --z6Eq5LdranGa6ru8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFASCTZ7Ri2jRYZRVMRAv+mAJ9EiC8Ndzc5xyfsQjGM0fV1rew02wCgqesp pZfSre7p947ISNi2jF9EnwU= =ithv -----END PGP SIGNATURE----- --z6Eq5LdranGa6ru8-- From owner-freebsd-security@FreeBSD.ORG Fri Mar 5 01:30:35 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DAE616A4CE for ; Fri, 5 Mar 2004 01:30:35 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D29643D58 for ; Fri, 5 Mar 2004 01:30:35 -0800 (PST) (envelope-from cperciva@FreeBSD.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.10/8.12.10) with ESMTP id i259UZbv048061 for ; Fri, 5 Mar 2004 01:30:35 -0800 (PST) (envelope-from cperciva@freefall.freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i259UZeF048060 for security@freebsd.org; Fri, 5 Mar 2004 01:30:35 -0800 (PST) (envelope-from cperciva) Date: Fri, 5 Mar 2004 01:30:35 -0800 From: Colin Percival To: security@freebsd.org Message-ID: <20040305093035.GA47865@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Mailman-Approved-At: Fri, 05 Mar 2004 02:54:28 -0800 Subject: Security Officer-supported branches update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 09:30:35 -0000 The FreeBSD Security Officer would normally be sending out this email, but he's a bit busy right now and it is clear from reactions to FreeBSD Security Advisory FreeBSD-SA-04:04.tcp that many people are unaware of the current status of the RELENG_5_1 branch, so I'm going to send out this reminder myself. The branches supported by the FreeBSD Security Officer have been updated to reflect the recent EoL (end-of-life) of FreeBSD 5.1. The new list is below and at . If you are running FreeBSD 4.7 or older, or FreeBSD 5.0 or 5.1, and you wish to be certain to get critical bug fixes, it is recommended that you upgrade to one of the newer security branches. [Excerpt from http://www.freebsd.org/security/] FreeBSD Security Advisories The FreeBSD Security Officer provides security advisories for several branches of FreeBSD development. These are the -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.) * There is usually only a single -STABLE branch, although during the transition from one major development line to another (such as from FreeBSD 4.x to 5.x), there is a time span in which there are two -STABLE branches. The -STABLE branch tags have names like RELENG_4. The corresponding builds have names like FreeBSD 4.6-STABLE. * Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like RELENG_4_6. The corresponding builds have names like FreeBSD 4.6-RELEASE-p7. Each branch is supported by the Security Officer for a limited time only, typically through 12 months after the release. The estimated lifetimes of the currently supported branches are given below. The Estimated EoL (end-of-life) column gives the earliest date on which that branch is likely to be dropped. Please note that these dates may be extended into the future, but only extenuating circumstances would lead to a branch's support being dropped earlier than the date listed. +------------------------------------------+ | Branch | Release | Estimated EoL | |----------+-------------+-----------------| |RELENG_4 |n/a |October 31, 2004 | |----------+-------------+-----------------| |RELENG_4_8|4.8-RELEASE |March 31, 2004 | |----------+-------------+-----------------| |RELENG_4_9|4.9-RELEASE |October 31, 2004 | |----------+-------------+-----------------| |RELENG_5_2|5.2.1-RELEASE|July 31, 2004 | +------------------------------------------+ Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above. Colin Percival (wearing member-of-secteam hat) From owner-freebsd-security@FreeBSD.ORG Fri Mar 5 03:12:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C51B316A4CE; Fri, 5 Mar 2004 03:12:14 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E4B943D1D; Fri, 5 Mar 2004 03:12:14 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 6FC70530E; Fri, 5 Mar 2004 12:12:13 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 7A743530A; Fri, 5 Mar 2004 12:12:08 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id 0816C33CA3; Fri, 5 Mar 2004 12:12:08 +0100 (CET) To: Colin Percival References: <20040305093035.GA47865@freefall.freebsd.org> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Fri, 05 Mar 2004 12:12:07 +0100 In-Reply-To: <20040305093035.GA47865@freefall.freebsd.org> (Colin Percival's message of "Fri, 5 Mar 2004 01:30:35 -0800") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63 cc: security@freebsd.org Subject: Re: Security Officer-supported branches update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 11:12:14 -0000 Colin Percival writes: > +------------------------------------------+ > | Branch | Release | Estimated EoL | > |----------+-------------+-----------------| > |RELENG_4 |n/a |October 31, 2004 | > +------------------------------------------+ The actual EoL for RELENG_4 will be much later than that: at least one year, possibly a year and a half, after the release of 4.10, which is due this spring / early summer. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Fri Mar 5 03:19:49 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B18E16A4CF for ; Fri, 5 Mar 2004 03:19:49 -0800 (PST) Received: from tx1.oucs.ox.ac.uk (tx1.oucs.ox.ac.uk [129.67.1.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id DABBD43D2F for ; Fri, 5 Mar 2004 03:19:48 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan1.oucs.ox.ac.uk ([129.67.1.166] helo=localhost) by tx1.oucs.ox.ac.uk with esmtp (Exim 4.24) id 1AzDMq-0008FL-GI for security@freebsd.org; Fri, 05 Mar 2004 11:19:48 +0000 Received: from rx1.oucs.ox.ac.uk ([129.67.1.165]) by localhost (scan1.oucs.ox.ac.uk [129.67.1.166]) (amavisd-new, port 25) with ESMTP id 31471-07 for ; Fri, 5 Mar 2004 11:19:47 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx1.oucs.ox.ac.uk with smtp (Exim 4.24) id 1AzDMp-0008FH-67 for security@freebsd.org; Fri, 05 Mar 2004 11:19:47 +0000 Received: (qmail 19978 invoked by uid 0); 5 Mar 2004 11:19:47 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 3.234132 secs); 05 Mar 2004 11:19:47 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 3.234132 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 5 Mar 2004 11:19:44 -0000 Message-Id: <6.0.1.1.1.20040305111733.03cac258@imap.sfu.ca> X-Sender: cperciva@imap.sfu.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Fri, 05 Mar 2004 11:19:41 +0000 To: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= ) From: Colin Percival In-Reply-To: References: <20040305093035.GA47865@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable cc: security@freebsd.org Subject: Re: Security Officer-supported branches update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 11:19:49 -0000 At 11:12 05/03/2004, Dag-Erling Sm=F8rgrav wrote: >Colin Percival writes: > > +------------------------------------------+ > > | Branch | Release | Estimated EoL | > > |----------+-------------+-----------------| > > |RELENG_4 |n/a |October 31, 2004 | > > +------------------------------------------+ > >The actual EoL for RELENG_4 will be much later than that: at least one >year, possibly a year and a half, after the release of 4.10, which is >due this spring / early summer. Of course: As the page says, "Please note that these dates may be extended into the future". ;-) Colin Percival From owner-freebsd-security@FreeBSD.ORG Fri Mar 5 07:52:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B59B316A4CE for ; Fri, 5 Mar 2004 07:52:41 -0800 (PST) Received: from gi.sourcefire.com (gi.sourcefire.com [12.110.105.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7698843D41 for ; Fri, 5 Mar 2004 07:52:40 -0800 (PST) (envelope-from nigel@sourcefire.com) Received: from localhost ([10.4.10.172]) (AUTH: PLAIN nhoughton, TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA) by gi.sourcefire.com with esmtp; Fri, 05 Mar 2004 10:52:38 -0500 Date: Fri, 5 Mar 2004 10:49:15 -0500 From: Nigel Houghton To: David Edwards Message-ID: <20040305154915.GA551@enterprise.sfeng.sourcefire.com> References: <20040304074442.GA571@kolic.net> <001801c40259$04be1ed0$6400a8c0@winxp1700> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <001801c40259$04be1ed0$6400a8c0@winxp1700> User-Agent: Mutt/1.4.2i cc: freebsd-security@freebsd.org Subject: Re: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2004 15:52:41 -0000 On 0, David Edwards allegedly wrote: > Hello folks.. I have a quick question ipfw in a 4.8 server.. > > In /etc/rc.conf, if you set this - firewall_type="OPEN", is it also > necessary for this options IPFIREWALL_DEFAULT_TO_ACCEPT in the kernel config > file? No it is not necessary. firewall_type="open" means just that, it is open and everything is allowed. > > I would think that using the first would be better because it can be > removed, thus allowing no one access, including yourself if you aren't > careful. Whereas the second method above, in the kernel config leaves it > open if no rules exist or if all rules are flushed. So the the big question > is, do I use both, one or the other? I know I can just do options > IPFIREWALL, but I want to ensure no way of locking myself out at initial > reboot, since this is a remote server. I am also aware of the risks of doing > it remotely. But I need to do this. You are headed in the right direction, start with the "open" option and work from there, just be careful when you start adding rules and reloading rulesets. Allow what you need, and let the default deny take care of everything else. > > Thanks for your help. > > David Edwards > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004 > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > ------------------------------------------------------------- Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team In an emergency situation involving two or more officers of equal rank, seniority will be granted to whichever officer can program a vcr. From owner-freebsd-security@FreeBSD.ORG Fri Mar 5 16:42:51 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CCF816A4CE for ; Fri, 5 Mar 2004 16:42:51 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAB6543D31 for ; Fri, 5 Mar 2004 16:42:50 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 8A1015485D; Fri, 5 Mar 2004 18:42:50 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 1C4BF6D465; Fri, 5 Mar 2004 18:42:50 -0600 (CST) Date: Fri, 5 Mar 2004 18:42:50 -0600 From: "Jacques A. Vidrine" To: Michael Vince Message-ID: <20040306004250.GC80556@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Michael Vince , freebsd-security@freebsd.org References: <4046B025.5010603@roq.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4046B025.5010603@roq.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: FreeBSD source auto patcher script X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 00:42:51 -0000 On Thu, Mar 04, 2004 at 03:27:17PM +1100, Michael Vince wrote: > Hi all > I thought I would let you people know of a script that I coded that > facilitates security patch updating on FreeBSD. When I wrote it I > decided to called it Quickpatch for some reason even though because its > source based its not necessarily the least bit quick at all :) I had > kept it for my self for a while but I was recently provoked to release > it as it could do greater good being out there on the net, because its > in Perl its quite hackable for custom needs. > > http://www.roq.com/projects/quickpatch/ > > It has the ability to do a range of different update tasks. These > features include the ability to easily verify (using PGP) any and all > advisories, easy setup and use of CVSUP for source and ports tree > updates. Ability to extract all the useful data out of the official > FreeBSD security advisories, such as necessary patch commands, security > advisory topic, exact hours since the patch was made/released, then can > create ready to run patch files or display/email a full report of that > information. Also, it can optionally apply the patch files with no > attendance. Because its highly cronable you can schedule in a 'patch > mode' kernel recompile and reboot at early morning hours to minimize > down time inconvenience to others. Michael, that's terrific! We've contemplated switching to a machine-readable format for advisories time and again. Now that there is a tool that could make use of that, I'm going to investigate switching again. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Sat Mar 6 14:50:45 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BA7516A4CE; Sat, 6 Mar 2004 14:50:45 -0800 (PST) Received: from monkeytest.eng.utah.edu (mailhub.eng.utah.edu [155.99.222.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3724E43D1F; Sat, 6 Mar 2004 14:50:45 -0800 (PST) (envelope-from ogden@yem.eng.utah.edu) Received: from yem.eng.utah.edu (yem.eng.utah.edu [155.99.222.96]) i26MofI3007393; Sat, 6 Mar 2004 15:50:41 -0700 (MST) Received: from yem.eng.utah.edu (localhost.localdomain [127.0.0.1]) by yem.eng.utah.edu (8.12.8/8.12.8) with ESMTP id i26MofvD029344; Sat, 6 Mar 2004 15:50:41 -0700 Received: (from ogden@localhost) by yem.eng.utah.edu (8.12.8/8.12.8/Submit) id i26MofIZ029342; Sat, 6 Mar 2004 15:50:41 -0700 Date: Sat, 6 Mar 2004 15:50:41 -0700 From: Mark Ogden To: "Jacques A. Vidrine" Message-ID: <20040306225041.GA29333@yem.eng.utah.edu> References: <200403021955.i22Jtix2024059@freefall.freebsd.org> <20040303110405.GA2155@nemesis.md.0xfce3.net> <20040303135336.GA2217@lum.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040303135336.GA2217@lum.celabo.org> User-Agent: Mutt/1.4.1i cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 22:50:45 -0000 Jacques A. Vidrine on Wed, Mar 03, 2004 at 07:53:36AM -0600 wrote: > On Wed, Mar 03, 2004 at 12:04:05PM +0100, Gordon Bergling wrote: > > Is there any chance to get this fixed in RELENG_5_1? > > I intend to do so as time allows. Any word on when the fix of 5.1 will be ready? > Cheers, > -- > Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"