From owner-freebsd-security@FreeBSD.ORG Sat Sep 30 21:07:08 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92E2F16A403 for ; Sat, 30 Sep 2006 21:07:08 +0000 (UTC) (envelope-from pekkas@netcore.fi) Received: from netcore.fi (netcore.fi [193.94.160.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id E210F43D6B for ; Sat, 30 Sep 2006 21:07:07 +0000 (GMT) (envelope-from pekkas@netcore.fi) Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id k8UL72MK004633 for ; Sun, 1 Oct 2006 00:07:03 +0300 Date: Sun, 1 Oct 2006 00:07:02 +0300 (EEST) From: Pekka Savola To: freebsd-security@freebsd.org In-Reply-To: <200609302024.k8UKOjon073315@freefall.freebsd.org> Message-ID: References: <200609302024.k8UKOjon073315@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.4/1950/Thu Sep 28 17:11:54 2006 on otso.netcore.fi X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS autolearn=failed version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on otso.netcore.fi X-Mailman-Approved-At: Sun, 01 Oct 2006 01:12:59 +0000 Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2006 21:07:08 -0000 On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > III. Impact > > An attacker sending specially crafted packets to sshd(8) can cause a > Denial of Service by using 100% of CPU time until a connection timeout > occurs. Since this attack can be performed over multiple connections > simultaneously, it is possible to cause up to MaxStartups (10 by default) > sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] > > The OpenSSH project believe that the race condition can lead to a Denial > of Service or potentially remote code execution, but the FreeBSD Security > Team has been unable to verify the exact impact. [CVE-2006-5051] > > IV. Workaround > > The attack against the CRC compensation attack detector can be avoided > by disabling SSH Protocol version 1 support in sshd_config(5). > > There is no workaround for the second issue. Doesn't TCP wrappers restriction mitigate or work around this issue or is it done too late ? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From owner-freebsd-security@FreeBSD.ORG Sun Oct 1 07:30:26 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E4FE16A407 for ; Sun, 1 Oct 2006 07:30:26 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1266E43D4C for ; Sun, 1 Oct 2006 07:30:25 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe3.prod.shaw.ca [10.0.141.8]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6G00K1U4UOUEB0@l-daemon> for freebsd-security@freebsd.org; Sun, 01 Oct 2006 01:30:24 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd2mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6G00B944UOJLF0@pd2mr5so.prod.shaw.ca> for freebsd-security@freebsd.org; Sun, 01 Oct 2006 01:30:24 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J6G0030Y4UNLYA0@l-daemon> for freebsd-security@freebsd.org; Sun, 01 Oct 2006 01:30:24 -0600 (MDT) Received: (qmail 35673 invoked from network); Sun, 01 Oct 2006 07:30:22 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Sun, 01 Oct 2006 07:30:22 +0000 Date: Sun, 01 Oct 2006 00:30:22 -0700 From: FreeBSD Security Officer To: freebsd security Message-id: <451F6E8E.8020301@freebsd.org> Organization: FreeBSD Project MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 User-Agent: Thunderbird 1.5 (X11/20060416) Cc: FreeBSD Stable Subject: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 07:30:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Users of either of those FreeBSD releases are strongly encouraged to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date. In addition, the FreeBSD 6.0 End of Life is presently scheduled for November 30th. Depending upon the progress of the FreeBSD 6.2 release cycle, this may be delayed until December 31st in order to allow time for users of FreeBSD 6.0 to upgrade to FreeBSD 6.2. Users of FreeBSD 4.11 systems are also reminded that that FreeBSD 4.11 will reach its End of Life at the end of January 2007 and that they should be making plans to upgrade or replace such systems. The current supported branches and expected EoL dates are: +--------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+----------------+-----------------| |RELENG_4 |n/a |n/a |n/a |January 31, 2007 | |-----------+------------+--------+----------------+-----------------| |RELENG_4_11|4.11-RELEASE|Extended|January 25, 2005|January 31, 2007 | |-----------+------------+--------+----------------+-----------------| |RELENG_5 |n/a |n/a |n/a |May 31, 2008 | |-----------+------------+--------+----------------+-----------------| |RELENG_5_3 |5.3-RELEASE |Extended|November 6, 2004|October 31, 2006 | |-----------+------------+--------+----------------+-----------------| |RELENG_5_4 |5.4-RELEASE |Normal |May 9, 2005 |October 31, 2006 | |-----------+------------+--------+----------------+-----------------| |RELENG_5_5 |5.5-RELEASE |Extended|May 25, 2006 |May 31, 2008 | |-----------+------------+--------+----------------+-----------------| |RELENG_6 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+----------------+-----------------| |RELENG_6_0 |6.0-RELEASE |Normal |November 4, 2005|November 30, 2006| |-----------+------------+--------+----------------+-----------------| |RELENG_6_1 |6.1-RELEASE |Extended|May 9, 2006 |May 31, 2008 | +--------------------------------------------------------------------+ Once it is released, FreeBSD 6.2 will be supported until November 30, 2007. Colin Percival FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFH26OFdaIBMps37IRAhJCAJ974ed3hre2jaStlu+u+/N667JHBgCfaQuV DeeQJXfaKXQmo/pRzbClLv8= =29t4 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sun Oct 1 22:12:17 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92D3716A403 for ; Sun, 1 Oct 2006 22:12:17 +0000 (UTC) (envelope-from mp@FreeBSD.org) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 2798E43D4C for ; Sun, 1 Oct 2006 22:12:17 +0000 (GMT) (envelope-from mp@FreeBSD.org) Received: (qmail 79934 invoked by uid 0); 1 Oct 2006 22:12:15 -0000 Received: from unknown (HELO ?10.1.10.147?) (unknown) by unknown with SMTP; 1 Oct 2006 22:12:15 -0000 X-pair-Authenticated: 67.188.136.165 Message-ID: <45203CEA.90301@FreeBSD.org> Date: Sun, 01 Oct 2006 15:10:50 -0700 From: Mark Peek User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060918) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200609302024.k8UKOjon073315@freefall.freebsd.org> In-Reply-To: <200609302024.k8UKOjon073315@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 01 Oct 2006 23:23:55 +0000 Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2006 22:12:17 -0000 On 9/30/06 1:24 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-06:22.openssh Security Advisory > The FreeBSD Project > > Topic: Multiple vulnerabilities in OpenSSH > > Category: contrib > Module: openssh > Announced: 2006-09-30 > Credits: Tavis Ormandy, Mark Dowd > Affects: All FreeBSD releases. > Corrected: 2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE) > 2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10) > 2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15) > 2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE) > 2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8) > 2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22) > 2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37) > 2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE) > 2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25) > CVE Name: CVE-2006-4924, CVE-2006-5051 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > OpenSSH is an implementation of the SSH protocol suite, providing an > encrypted, authenticated transport for a variety of services, > including remote shell access. >snip< BTW, the patches for this advisory appear to also need a patch to add log.c into src/secure/usr.sbin/sshd/Makefile. Mark From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 10:38:56 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63E9B16A403; Mon, 2 Oct 2006 10:38:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C85E43D4C; Mon, 2 Oct 2006 10:38:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4611546CA0; Mon, 2 Oct 2006 06:38:55 -0400 (EDT) Date: Mon, 2 Oct 2006 11:38:55 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20061002113239.P1763@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@FreeBSD.org Subject: Audit handbook chapter review, call for general testing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 10:38:56 -0000 Dear All, Over the past week or so, I have spent some time updating Tom Rhodes' excellent FreeBSD Handbook chapter on Audit for some of the more recent audit changes, such as new features in more recent OpenBSM versions. Since FreeBSD 6.2-BETA2 contains what is likely the final drop of the audit code (modulo any bug fixes) for 6.2-RELEASE, now would be a great time for people interested in Audit to read the handbook chapter and give Audit a try. And then, of course, send feedback to the TrustedBSD audit mailing list with all the bugs and problems you find :-). This will give us time to shake out these bugs, further enhance the documentation, etc, before BETA3 in a week or so, and ideally chase out any remaining significant bugs over the next month before the release. You can find the handbook chapter here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html The man pages installed as part of recent RELENG_6 and 6.2-BETA2 are also pretty complete, and include more detailed reference information. The audit(4) man page has a good set of cross-references to various commands (audit(8), auditd(8), praudit(8), auditreduce(8)), as well as the audit configuration files (audit_control(5), audit_user(5), etc). Remember that audit support in 6.2-RELEASE will be considered experimental, and has a number of known limitations (such as not fully auditing all non-native FreeBSD system call interfaces, and not auditing all userland administrative events of interest), but it should be useful and usable enough to run on many production systems and contribute to system security. Thanks, Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 19:11:12 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75A9216A412 for ; Mon, 2 Oct 2006 19:11:12 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E46743D6D for ; Mon, 2 Oct 2006 19:11:07 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id CE8972FF457; Mon, 2 Oct 2006 19:11:06 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id A78CD11420; Mon, 2 Oct 2006 21:11:06 +0200 (CEST) Date: Mon, 2 Oct 2006 21:11:06 +0200 From: "Simon L. Nielsen" To: Pekka Savola Message-ID: <20061002191105.GB1034@zaphod.nitro.dk> References: <200609302024.k8UKOjon073315@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 19:11:12 -0000 On 2006.10.01 00:07:02 +0300, Pekka Savola wrote: > On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > >III. Impact > > > >An attacker sending specially crafted packets to sshd(8) can cause a > >Denial of Service by using 100% of CPU time until a connection timeout > >occurs. Since this attack can be performed over multiple connections > >simultaneously, it is possible to cause up to MaxStartups (10 by default) > >sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] > > > >The OpenSSH project believe that the race condition can lead to a Denial > >of Service or potentially remote code execution, but the FreeBSD Security > >Team has been unable to verify the exact impact. [CVE-2006-5051] > > > >IV. Workaround > > > >The attack against the CRC compensation attack detector can be avoided > >by disabling SSH Protocol version 1 support in sshd_config(5). > > > >There is no workaround for the second issue. > > Doesn't TCP wrappers restriction mitigate or work around this issue or > is it done too late ? I'm not sure since I have never really used TCP wrappers, but I would expect it to work. I generally use firewalls to restrict which IP addresses are allowed to access services when possible. -- Simon L. Nielsen From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 19:13:00 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A31416A403; Mon, 2 Oct 2006 19:13:00 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id D129543D6B; Mon, 2 Oct 2006 19:12:59 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id E64CF2D4A96; Mon, 2 Oct 2006 19:12:58 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id DF78611420; Mon, 2 Oct 2006 21:12:58 +0200 (CEST) Date: Mon, 2 Oct 2006 21:12:58 +0200 From: "Simon L. Nielsen" To: Mark Peek Message-ID: <20061002191258.GC1034@zaphod.nitro.dk> References: <200609302024.k8UKOjon073315@freefall.freebsd.org> <45203CEA.90301@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45203CEA.90301@FreeBSD.org> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 19:13:00 -0000 On 2006.10.01 15:10:50 -0700, Mark Peek wrote: > >Topic: Multiple vulnerabilities in OpenSSH > > BTW, the patches for this advisory appear to also need a patch to add log.c > into src/secure/usr.sbin/sshd/Makefile. Eh, why? log.c is built by libssh. -- Simon L. Nielsen From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 20:01:24 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEAE016A412 for ; Mon, 2 Oct 2006 20:01:24 +0000 (UTC) (envelope-from deraadt@cvs.openbsd.org) Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29F0443E6F for ; Mon, 2 Oct 2006 20:00:13 +0000 (GMT) (envelope-from deraadt@cvs.openbsd.org) Received: from cvs.openbsd.org (localhost [127.0.0.1]) by cvs.openbsd.org (8.13.6/8.12.1) with ESMTP id k92K0B5P009759 for ; Mon, 2 Oct 2006 14:00:11 -0600 (MDT) Message-Id: <200610022000.k92K0B5P009759@cvs.openbsd.org> To: freebsd-security@freebsd.org In-reply-to: Your message of "Sat, 30 Sep 2006 20:24:45 GMT." <200609302024.k8UKOjhj073306@freefall.freebsd.org> Date: Mon, 02 Oct 2006 14:00:11 -0600 From: Theo de Raadt X-Mailman-Approved-At: Mon, 02 Oct 2006 21:16:07 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 20:01:24 -0000 > The OpenSSH project believe that the race condition can lead to a Denial > of Service or potentially remote code execution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Bullshit. Where did anyone say this? Why don't you put people in charge who can READ CODE, and SEE THAT THIS IS ABSOLUTE BULLSHIT. From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 21:25:12 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 765F316A417 for ; Mon, 2 Oct 2006 21:25:12 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C195243D70 for ; Mon, 2 Oct 2006 21:25:07 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr7so.prod.shaw.ca (pd5mr7so-qfe3.prod.shaw.ca [10.0.141.183]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6J00MIM25V3L00@l-daemon> for freebsd-security@freebsd.org; Mon, 02 Oct 2006 15:25:07 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd5mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6J00G6N25VCF80@pd5mr7so.prod.shaw.ca> for freebsd-security@freebsd.org; Mon, 02 Oct 2006 15:25:07 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J6J00E5O25UZ5X0@l-daemon> for freebsd-security@freebsd.org; Mon, 02 Oct 2006 15:25:07 -0600 (MDT) Received: (qmail 99450 invoked from network); Mon, 02 Oct 2006 21:25:05 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Mon, 02 Oct 2006 21:25:05 +0000 Date: Mon, 02 Oct 2006 14:25:05 -0700 From: Colin Percival In-reply-to: <200610022000.k92K0B5P009759@cvs.openbsd.org> To: Theo de Raadt Message-id: <452183B1.7000306@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <200610022000.k92K0B5P009759@cvs.openbsd.org> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 21:25:12 -0000 Theo de Raadt wrote: >> The OpenSSH project believe that the race condition can lead to a Denial >> of Service or potentially remote code execution > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Bullshit. Where did anyone say this? The OpenSSH 4.4 release announcement says that, actually: * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pre-authentication remote code execution if GSSAPI authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ is enabled, but the likelihood of successful exploitation appears remote. Colin Percival From owner-freebsd-security@FreeBSD.ORG Mon Oct 2 21:40:30 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC96A16A403 for ; Mon, 2 Oct 2006 21:40:30 +0000 (UTC) (envelope-from mp@FreeBSD.org) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.FreeBSD.org (Postfix) with SMTP id B58EE43D66 for ; Mon, 2 Oct 2006 21:40:25 +0000 (GMT) (envelope-from mp@FreeBSD.org) Received: (qmail 13239 invoked by uid 0); 2 Oct 2006 21:40:24 -0000 Received: from unknown (HELO ?10.251.18.254?) (unknown) by unknown with SMTP; 2 Oct 2006 21:40:24 -0000 X-pair-Authenticated: 63.251.108.100 Message-ID: <452186F1.4030008@FreeBSD.org> Date: Mon, 02 Oct 2006 14:38:57 -0700 From: Mark Peek User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060918) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200609302024.k8UKOjon073315@freefall.freebsd.org> <45203CEA.90301@FreeBSD.org> <20061002191258.GC1034@zaphod.nitro.dk> In-Reply-To: <20061002191258.GC1034@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 03 Oct 2006 01:21:19 +0000 Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 21:40:30 -0000 On 10/2/06 12:12 PM, Simon L. Nielsen wrote: > On 2006.10.01 15:10:50 -0700, Mark Peek wrote: >>> Topic: Multiple vulnerabilities in OpenSSH >> BTW, the patches for this advisory appear to also need a patch to add log.c >> into src/secure/usr.sbin/sshd/Makefile. > > Eh, why? log.c is built by libssh. Mea culpa! You are right, it was a problem with the way I was rebuilding it. Sorry for the noise on the list, I was erring on pinging you first since I thought it was a real issue. Mark From owner-freebsd-security@FreeBSD.ORG Wed Oct 4 10:48:27 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFE9F16A403; Wed, 4 Oct 2006 10:48:27 +0000 (UTC) (envelope-from Philippe.Pegon@crc.u-strasbg.fr) Received: from mailhost.u-strasbg.fr (mailhost.u-strasbg.fr [130.79.200.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBC4C43D76; Wed, 4 Oct 2006 10:48:18 +0000 (GMT) (envelope-from Philippe.Pegon@crc.u-strasbg.fr) Received: from [IPv6:2001:660:2402:1001:20e:cff:fe60:e734] (apophis.u-strasbg.fr [IPv6:2001:660:2402:1001:20e:cff:fe60:e734]) by mailhost.u-strasbg.fr (8.13.6/jtpda-5.5pre1) with ESMTP id k94AmBIG092696 ; Wed, 4 Oct 2006 12:48:16 +0200 (CEST) Message-ID: <4523916C.1080905@crc.u-strasbg.fr> Date: Wed, 04 Oct 2006 12:48:12 +0200 From: Philippe Pegon User-Agent: Thunderbird 1.5.0.7 (X11/20060916) MIME-Version: 1.0 To: security-officer@freebsd.org References: <451F6E8E.8020301@freebsd.org> In-Reply-To: <451F6E8E.8020301@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mailhost.u-strasbg.fr [IPv6:2001:660:2402::158]); Wed, 04 Oct 2006 12:48:16 +0200 (CEST) X-Virus-Scanned: ClamAV 0.88.4/1994/Wed Oct 4 06:10:39 2006 on mr8.u-strasbg.fr X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on mr8.u-strasbg.fr X-Mailman-Approved-At: Wed, 04 Oct 2006 11:50:36 +0000 Cc: freebsd security , FreeBSD Stable Subject: Re: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 10:48:27 -0000 FreeBSD Security Officer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Everyone, Hi, > On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their > End of Life and will no longer be supported by the FreeBSD Security > Team. Users of either of those FreeBSD releases are strongly encouraged > to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date. > > In addition, the FreeBSD 6.0 End of Life is presently scheduled for > November 30th. Depending upon the progress of the FreeBSD 6.2 release > cycle, this may be delayed until December 31st in order to allow time > for users of FreeBSD 6.0 to upgrade to FreeBSD 6.2. I'm a bit worried about the EoL of FreeBSD 6.0. In June 2006, I opened a PR (kern/98622) about a regression on CARP with IPv6 addresses: CARP is not usable with IPv6. Since I tracked down the culprit commit (see appropriate info in the PR), I can affirm that this regression appeared before the 6.1-RELEASE. Some of our main servers provide redundant services (DNS, Webmail, LDAP) based on CARP, with equivalent functionnality over IPv4 or IPv6. Since we cannot degrade IPv6 service, our servers are stick to 6.0-RELEASE. This problem has been reported to re@, but the TODO list for 6.2 doesn't mention it (it is still empty, in fact). As a campus network operator, we are proud to offer bleeding edge service to our 50K users, and we advocate FreeBSD locally since it was the ideal OS to run IPv6 service. In order to continue to provide IPv6 service, do we have to run an obsolete system (with all security risks involved), or do we have to choose another system? Please, either support 6.0-RELEASE longer, or (better) help us correct this problem! Thanks in advance, Philippe Pegon From owner-freebsd-security@FreeBSD.ORG Wed Oct 4 12:55:58 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC90516A403; Wed, 4 Oct 2006 12:55:58 +0000 (UTC) (envelope-from mb@imp.ch) Received: from pop.imp.ch (mx2.imp.ch [157.161.9.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64CC643D6A; Wed, 4 Oct 2006 12:55:55 +0000 (GMT) (envelope-from mb@imp.ch) Received: from godot.imp.ch (godot.imp.ch [157.161.4.8]) by pop.imp.ch (8.13.8/8.13.8/Submit_imp) with ESMTP id k94Ctouq097512; Wed, 4 Oct 2006 14:55:51 +0200 (CEST) (envelope-from mb@imp.ch) Date: Wed, 4 Oct 2006 14:55:50 +0200 (CEST) From: Martin Blapp To: Philippe Pegon In-Reply-To: <4523916C.1080905@crc.u-strasbg.fr> Message-ID: <20061004145510.H53518@godot.imp.ch> References: <451F6E8E.8020301@freebsd.org> <4523916C.1080905@crc.u-strasbg.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Scanned-By: MIMEDefang 2.57 on 157.161.9.65 X-Mailman-Approved-At: Wed, 04 Oct 2006 13:47:40 +0000 Cc: freebsd security , security-officer@freebsd.org, FreeBSD Stable Subject: Re: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 12:55:58 -0000 Hi, > In June 2006, I opened a PR (kern/98622) about a regression on CARP > with IPv6 addresses: CARP is not usable with IPv6. Since I tracked > down the culprit commit (see appropriate info in the PR), I can > affirm that this regression appeared before the 6.1-RELEASE. Wouldn't it be better to fix this in RELENG_6 before 6.2 RELEASE ? Martin From owner-freebsd-security@FreeBSD.ORG Wed Oct 4 16:37:40 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1E9E16A4E1; Wed, 4 Oct 2006 16:37:40 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1F4F43DDF; Wed, 4 Oct 2006 16:37:01 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 9CAAB1A4D82; Wed, 4 Oct 2006 09:36:23 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0EEF551570; Wed, 4 Oct 2006 12:36:23 -0400 (EDT) Date: Wed, 4 Oct 2006 12:36:22 -0400 From: Kris Kennaway To: Philippe Pegon Message-ID: <20061004163622.GA35298@xor.obsecurity.org> References: <451F6E8E.8020301@freebsd.org> <4523916C.1080905@crc.u-strasbg.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: <4523916C.1080905@crc.u-strasbg.fr> User-Agent: Mutt/1.4.2.2i Cc: freebsd security , security-officer@freebsd.org, FreeBSD Stable Subject: Re: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 16:37:40 -0000 --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Oct 04, 2006 at 12:48:12PM +0200, Philippe Pegon wrote: > In June 2006, I opened a PR (kern/98622) about a regression on CARP > with IPv6 addresses: CARP is not usable with IPv6. Since I tracked > down the culprit commit (see appropriate info in the PR), I can > affirm that this regression appeared before the 6.1-RELEASE. When this kind of thing happens you just need to periodically make a bit of noise to make sure it doesn't get forgotten. In particular you should mention the problem to re@ so they can investigate and track it. Kris --9amGYk9869ThD9tj Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFI+MGWry0BWjoQKURArXZAJ4l7abzuQQ9p+1ke1GVg53GCoVk5wCg4JH2 GO8Fdq0PkF6+cDTTDNt6D6A= =wkA1 -----END PGP SIGNATURE----- --9amGYk9869ThD9tj-- From owner-freebsd-security@FreeBSD.ORG Fri Oct 6 00:03:05 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A235916A40F; Fri, 6 Oct 2006 00:03:05 +0000 (UTC) (envelope-from bmah@freebsd.org) Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53FAD43D45; Fri, 6 Oct 2006 00:03:05 +0000 (GMT) (envelope-from bmah@freebsd.org) Received: from [192.168.2.119] (hornet.kitchenlab.org [64.142.31.105]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id k9602x4p025029 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Oct 2006 17:03:03 -0700 Message-ID: <45259D27.8030002@freebsd.org> Date: Thu, 05 Oct 2006 17:02:47 -0700 From: "Bruce A. Mah" User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909) MIME-Version: 1.0 To: Philippe Pegon References: <451F6E8E.8020301@freebsd.org> <4523916C.1080905@crc.u-strasbg.fr> In-Reply-To: <4523916C.1080905@crc.u-strasbg.fr> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig566D7312F9375686AA1F559B" Cc: freebsd security , security-officer@freebsd.org, FreeBSD Stable Subject: Re: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 00:03:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig566D7312F9375686AA1F559B Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable If memory serves me right, Philippe Pegon wrote: > In June 2006, I opened a PR (kern/98622) about a regression on CARP > with IPv6 addresses: CARP is not usable with IPv6. Since I tracked > down the culprit commit (see appropriate info in the PR), I can > affirm that this regression appeared before the 6.1-RELEASE. bz@ has just recently (a couple of hours ago) updated kern/98622 with a possible fix. It'd be really useful if you (or anyone else experiencing this problem) could try this out and give him some feedback. (I know that you, Philippe, know all this already, but I wanted to get the information out to a wider audience.) Cheers, Bruce. --------------enig566D7312F9375686AA1F559B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJZ0z2MoxcVugUsMRAuImAKDwH4LindImF8SuN07wejMS8sUIDgCgrNFU b0eav2dToPx/l0UU09FwFgw= =4s7H -----END PGP SIGNATURE----- --------------enig566D7312F9375686AA1F559B-- From owner-freebsd-security@FreeBSD.ORG Fri Oct 6 06:58:21 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AF8616A403 for ; Fri, 6 Oct 2006 06:58:21 +0000 (UTC) (envelope-from h-k@mail.ru) Received: from f58.mail.ru (f58.mail.ru [194.67.57.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67D7C43D58 for ; Fri, 6 Oct 2006 06:58:20 +0000 (GMT) (envelope-from h-k@mail.ru) Received: from mail by f58.mail.ru with local id 1GVjf0-0000YH-00 for freebsd-security@freebsd.org; Fri, 06 Oct 2006 10:58:18 +0400 Received: from [212.5.80.7] by win.mail.ru with HTTP; Fri, 06 Oct 2006 10:58:18 +0400 From: dawnshade To: freebsd-security@freebsd.org Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: unknown via proxy [212.5.80.7] Date: Fri, 06 Oct 2006 10:58:18 +0400 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Message-Id: Subject: FreeBSD-SA-06:23.openssl and compatx X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dawnshade List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 06:58:21 -0000 Can anyone tell me does advisory 06:23.openssl affect on old libs in binary packages like misc/compat5x (for example)? As i see it not changed significant after this SA. From owner-freebsd-security@FreeBSD.ORG Fri Oct 6 15:07:55 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1125D16A403; Fri, 6 Oct 2006 15:07:55 +0000 (UTC) (envelope-from Philippe.Pegon@crc.u-strasbg.fr) Received: from mailhost.u-strasbg.fr (mailhost.u-strasbg.fr [130.79.200.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 620EB43D4C; Fri, 6 Oct 2006 15:07:54 +0000 (GMT) (envelope-from Philippe.Pegon@crc.u-strasbg.fr) Received: from [IPv6:2001:660:2402:1001:20e:cff:fe60:e734] (apophis.u-strasbg.fr [IPv6:2001:660:2402:1001:20e:cff:fe60:e734]) by mailhost.u-strasbg.fr (8.13.6/jtpda-5.5pre1) with ESMTP id k96F7qgL095198 ; Fri, 6 Oct 2006 17:07:53 +0200 (CEST) Message-ID: <4526714C.5090605@crc.u-strasbg.fr> Date: Fri, 06 Oct 2006 17:07:56 +0200 From: Philippe Pegon User-Agent: Thunderbird 1.5.0.7 (X11/20060916) MIME-Version: 1.0 To: "Bruce A. Mah" References: <451F6E8E.8020301@freebsd.org> <4523916C.1080905@crc.u-strasbg.fr> <45259D27.8030002@freebsd.org> In-Reply-To: <45259D27.8030002@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mailhost.u-strasbg.fr [IPv6:2001:660:2402::153]); Fri, 06 Oct 2006 17:07:53 +0200 (CEST) X-Virus-Scanned: ClamAV 0.88.4/2000/Fri Oct 6 14:12:15 2006 on mr3.u-strasbg.fr X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS autolearn=disabled version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on mr3.u-strasbg.fr X-Mailman-Approved-At: Fri, 06 Oct 2006 18:56:47 +0000 Cc: freebsd security , security-officer@freebsd.org, FreeBSD Stable Subject: Re: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Oct 2006 15:07:55 -0000 Hi, for information, I tested the latest patch from bz@ : http://sources.zabbadoz.net/freebsd/patchset/20061005-01-carp-v6-scope-ipfw.diff and carp with IPv6 is working fine again ! More information in the PR (kern/98622) thanks a lot -- Philippe Pegon Bruce A. Mah wrote: > If memory serves me right, Philippe Pegon wrote: > >> In June 2006, I opened a PR (kern/98622) about a regression on CARP >> with IPv6 addresses: CARP is not usable with IPv6. Since I tracked >> down the culprit commit (see appropriate info in the PR), I can >> affirm that this regression appeared before the 6.1-RELEASE. > > bz@ has just recently (a couple of hours ago) updated kern/98622 with a > possible fix. It'd be really useful if you (or anyone else experiencing > this problem) could try this out and give him some feedback. > > (I know that you, Philippe, know all this already, but I wanted to get > the information out to a wider audience.) > > Cheers, > > Bruce. From owner-freebsd-security@FreeBSD.ORG Sat Oct 7 07:32:50 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30D8E16A47B for ; Sat, 7 Oct 2006 07:32:50 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C15443D4C for ; Sat, 7 Oct 2006 07:32:49 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id EECF42FF41B; Sat, 7 Oct 2006 07:32:47 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id A1AD411420; Sat, 7 Oct 2006 09:32:47 +0200 (CEST) Date: Sat, 7 Oct 2006 09:32:47 +0200 From: "Simon L. Nielsen" To: dawnshade Message-ID: <20061007073246.GC982@zaphod.nitro.dk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-06:23.openssl and compatx X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 07:32:50 -0000 On 2006.10.06 10:58:18 +0400, dawnshade wrote: > > Can anyone tell me does advisory 06:23.openssl affect on old libs in > binary packages like misc/compat5x (for example)? It is, we missed that. I will have a look at it later today. Thanks for the poke :-). -- Simon L. Nielsen From owner-freebsd-security@FreeBSD.ORG Sat Oct 7 19:12:27 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE20516A407; Sat, 7 Oct 2006 19:12:27 +0000 (UTC) (envelope-from lists-freebsd@silverwraith.com) Received: from pear.silverwraith.com (pear.silverwraith.com [69.12.167.160]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7858D43D55; Sat, 7 Oct 2006 19:12:17 +0000 (GMT) (envelope-from lists-freebsd@silverwraith.com) Received: from avleen by pear.silverwraith.com with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1GWHaq-000Kzl-VN; Sat, 07 Oct 2006 12:12:16 -0700 Date: Sat, 7 Oct 2006 12:12:16 -0700 From: Avleen Vig To: Colin Percival Message-ID: <20061007191216.GX941@silverwraith.com> References: <200610022000.k92K0B5P009759@cvs.openbsd.org> <452183B1.7000306@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <452183B1.7000306@freebsd.org> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, Theo de Raadt Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 19:12:27 -0000 On Mon, Oct 02, 2006 at 02:25:05PM -0700, Colin Percival wrote: > Theo de Raadt wrote: > >> The OpenSSH project believe that the race condition can lead to a Denial > >> of Service or potentially remote code execution > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Bullshit. Where did anyone say this? > > The OpenSSH 4.4 release announcement says that, actually: > > * Fix an unsafe signal hander reported by Mark Dowd. The signal > handler was vulnerable to a race condition that could be exploited > to perform a pre-authentication denial of service. On portable > OpenSSH, this vulnerability could theoretically lead to > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > pre-authentication remote code execution if GSSAPI authentication > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > is enabled, but the likelihood of successful exploitation appears > remote. Theo: Maybe you should put people in charge who can read their own release announcements before flaming a mailing list.