From owner-freebsd-security Mon Jan 12 00:43:12 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA17847 for security-outgoing; Mon, 12 Jan 1998 00:43:12 -0800 (PST) (envelope-from owner-freebsd-security) Received: from ns2.wasantara.net.id ([202.159.65.171]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA17841 for ; Mon, 12 Jan 1998 00:43:05 -0800 (PST) (envelope-from teguh@yogya.wasantara.net.id) From: teguh@yogya.wasantara.net.id Received: from yogya.wasantara.net.id (yogya.wasantara.net.id [202.159.85.163]) by ns2.wasantara.net.id (8.8.5/8.8.5) with ESMTP id QAA14700 for ; Mon, 12 Jan 1998 16:46:01 +0700 (JAVT) Date: Mon, 12 Jan 1998 16:46:01 +0700 (JAVT) Received: from YOGYA/SpoolDir by yogya.wasantara.net.id (Mercury 1.21); 12 Jan 98 15:55:58 GMT+0700 Received: from SpoolDir by YOGYA (Mercury 1.21); 12 Jan 98 15:43:33 GMT+0700 Received: from ADmin by yogya.wasantara.net.id (Mercury 1.21); 12 Jan 98 15:43:27 GMT+0700 X-Sender: teguh@yogya.wasantara.net.id X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: security@freebsd.org Message-ID: <31F04FF3BB8@yogya.wasantara.net.id> Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk subscribe From owner-freebsd-security Mon Jan 12 08:43:18 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA25538 for security-outgoing; Mon, 12 Jan 1998 08:43:18 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gw2.leirianet.pt (gw2-e0.leirianet.pt [195.23.92.61]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA25114 for ; Mon, 12 Jan 1998 08:40:04 -0800 (PST) (envelope-from jm@pluriproj.pt) Received: from antares.pluriproj.pt (antares.pluriproj.pt [195.23.92.195]) by gw2.leirianet.pt (8.8.8/8.8.8) with SMTP id QAA04505 for ; Mon, 12 Jan 1998 16:36:30 GMT From: jm@pluriproj.pt (Jose' Monteiro) To: security@hub.freebsd.org Subject: /etc/services Date: Mon, 12 Jan 1998 16:36:24 GMT X-PGP-Key-Fingerprint: 2.6.3ia: 4289 7864 7C6F 06C6 BB1E 299E 8FFA DC61 - 5.0: B698 9856 F7DD C74B 657E 0122 9392 9164 F2EE A48B Organization: Leiri@net Reply-To: "Jose' Monteiro" Message-ID: <34c04663.24542305@mail.pluriproj.pt> X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id IAA25533 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk What does this /etc/services lines mean? #PROBLEMS!=============================================== doom 666/tcp #doom Id Software doom 666/udp #doom Id Software #PROBLEMS!=============================================== Jose From owner-freebsd-security Mon Jan 12 09:42:43 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA02333 for security-outgoing; Mon, 12 Jan 1998 09:42:43 -0800 (PST) (envelope-from owner-freebsd-security) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA02319 for ; Mon, 12 Jan 1998 09:42:33 -0800 (PST) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id JAA20876; Mon, 12 Jan 1998 09:41:47 -0800 (PST) Message-Id: <199801121741.JAA20876@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaacjaa; Mon Jan 12 09:41:41 1998 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: "Jose' Monteiro" cc: security@hub.freebsd.org Subject: Re: /etc/services In-reply-to: Your message of "Mon, 12 Jan 1998 16:36:24 GMT." <34c04663.24542305@mail.pluriproj.pt> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 12 Jan 1998 09:41:29 -0800 From: Cy Schubert - ITSD Open Systems Group Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > What does this /etc/services lines mean? > > #PROBLEMS!=============================================== > doom 666/tcp #doom Id Software > doom 666/udp #doom Id Software > #PROBLEMS!=============================================== Ports 666, UDP and TCP, have been assiged to doom. This is not a security issue. It's just a definition. > > > Jose Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca "Quit spooling around, JES do it." From owner-freebsd-security Mon Jan 12 11:01:30 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA12660 for security-outgoing; Mon, 12 Jan 1998 11:01:30 -0800 (PST) (envelope-from owner-freebsd-security) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA12654 for ; Mon, 12 Jan 1998 11:01:27 -0800 (PST) (envelope-from nash@Jupiter.Mcs.Net) Received: from Jupiter.Mcs.Net (nash@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id MAA06363; Mon, 12 Jan 1998 12:14:35 -0600 (CST) Received: from localhost (nash@localhost) by Jupiter.Mcs.Net (8.8.7/8.8.2) with SMTP id MAA17968; Mon, 12 Jan 1998 12:14:34 -0600 (CST) Date: Mon, 12 Jan 1998 12:14:34 -0600 (CST) From: Alex Nash To: "Jose' Monteiro" cc: security@hub.freebsd.org Subject: Re: /etc/services In-Reply-To: <34c04663.24542305@mail.pluriproj.pt> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 12 Jan 1998, Jose' Monteiro wrote: > What does this /etc/services lines mean? > > #PROBLEMS!=============================================== > doom 666/tcp #doom Id Software > doom 666/udp #doom Id Software > #PROBLEMS!=============================================== It means there are multiple services which contend for the same port number and protocol. In this case, both mdqs and doom share port 666 TCP and UDP. The upshot is that name to port number translation works great, but port number to name doesn't always produce the expected result (i.e. you're running doom and netstat refers to the port as mdqs). Alex From owner-freebsd-security Mon Jan 12 11:57:23 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA21269 for security-outgoing; Mon, 12 Jan 1998 11:57:23 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA21259 for ; Mon, 12 Jan 1998 11:57:18 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id UAA01973; Mon, 12 Jan 1998 20:54:32 +0100 (MET) From: Guido van Rooij Message-Id: <199801121954.UAA01973@gvr.gvr.org> Subject: Re: /etc/services In-Reply-To: <34c04663.24542305@mail.pluriproj.pt> from Jose' Monteiro at "Jan 12, 98 04:36:24 pm" To: jm@pluriproj.pt Date: Mon, 12 Jan 1998 20:54:31 +0100 (MET) Cc: security@hub.freebsd.org X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jose' Monteiro wrote: > What does this /etc/services lines mean? > > #PROBLEMS!=============================================== > doom 666/tcp #doom Id Software > doom 666/udp #doom Id Software > #PROBLEMS!=============================================== If you telnet to this port, it will trigger a secret backdoor that will erase all your filesystems and blow up your monitor. Don't tell anyone else please ;-) All kidding aside: this is used for Id Sofwtare's game called Doom. -Guido From owner-freebsd-security Mon Jan 12 12:34:10 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA25721 for security-outgoing; Mon, 12 Jan 1998 12:34:10 -0800 (PST) (envelope-from owner-freebsd-security) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA25025 for ; Mon, 12 Jan 1998 12:29:17 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id PAA15044; Mon, 12 Jan 1998 15:27:35 -0500 (EST) Date: Mon, 12 Jan 1998 15:27:39 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: Cy Schubert - ITSD Open Systems Group cc: "Jose' Monteiro" , security@hub.freebsd.org Subject: Re: /etc/services In-Reply-To: <199801121741.JAA20876@passer.osg.gov.bc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 12 Jan 1998, Cy Schubert - ITSD Open Systems Group wrote: > > What does this /etc/services lines mean? > > > > #PROBLEMS!=============================================== > > doom 666/tcp #doom Id Software > > doom 666/udp #doom Id Software > > #PROBLEMS!=============================================== > > Ports 666, UDP and TCP, have been assiged to doom. This is not a security > issue. It's just a definition. The reason for the #PROBLEMS! comment is that duplicate entries exist for those port numbers, so they (I assume) have been flagged as such for your reference. I have not checked the IANA page to see which is the legitimate one :). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ From owner-freebsd-security Mon Jan 12 13:14:18 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA01461 for security-outgoing; Mon, 12 Jan 1998 13:14:18 -0800 (PST) (envelope-from owner-freebsd-security) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA01455 for ; Mon, 12 Jan 1998 13:14:14 -0800 (PST) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id NAA06964; Mon, 12 Jan 1998 13:11:36 -0800 (PST) Message-Id: <199801122111.NAA06964@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaacDDa; Mon Jan 12 13:11:31 1998 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: Robert Watson cc: Cy Schubert - ITSD Open Systems Group , "Jose' Monteiro" , security@hub.freebsd.org Subject: Re: /etc/services In-reply-to: Your message of "Mon, 12 Jan 1998 15:27:39 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 12 Jan 1998 13:11:30 -0800 From: Cy Schubert - ITSD Open Systems Group Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > On Mon, 12 Jan 1998, Cy Schubert - ITSD Open Systems Group wrote: > > > > What does this /etc/services lines mean? > > > > > > #PROBLEMS!=============================================== > > > doom 666/tcp #doom Id Software > > > doom 666/udp #doom Id Software > > > #PROBLEMS!=============================================== > > > > Ports 666, UDP and TCP, have been assiged to doom. This is not a security > > issue. It's just a definition. > > The reason for the #PROBLEMS! comment is that duplicate entries exist for > those port numbers, so they (I assume) have been flagged as such for your > reference. I have not checked the IANA page to see which is the > legitimate one :). The same is true for many of the Oracle services. > > Robert N Watson > > Carnegie Mellon University http://www.cmu.edu/ > SafePort Network Services http://www.safeport.com/ > robert@fledge.watson.org http://www.watson.org/~robert/ > Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca "Quit spooling around, JES do it." From owner-freebsd-security Mon Jan 12 15:40:31 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA20600 for security-outgoing; Mon, 12 Jan 1998 15:40:31 -0800 (PST) (envelope-from owner-freebsd-security) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA20587 for ; Mon, 12 Jan 1998 15:40:24 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id SAA17409; Mon, 12 Jan 1998 18:40:06 -0500 (EST) Date: Mon, 12 Jan 1998 18:40:16 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: Tim Baur cc: security@freebsd.org Subject: Re: /etc/services In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 12 Jan 1998, Tim Baur wrote: > On Mon, 12 Jan 1998, Robert Watson wrote: > > > The reason for the #PROBLEMS! comment is that duplicate entries exist for > > those port numbers, so they (I assume) have been flagged as such for your > > reference. I have not checked the IANA page to see which is the > > legitimate one :). > > Uhm no. Both are needed as one is for tcp and the other for udp. I am aware that both are needed; I refer instead to the conflict between doom and mdqs. Here are the lines of interest from my services: % grep 666 /etc/services mdqs 666/tcp mdqs 666/udp doom 666/tcp #doom Id Software doom 666/udp #doom Id Software You will note that both mdqs and doom coexist on the same ports. One of these is presumably legitimate, allocated by IANA; the other is presumably not. I have not checked which is legitimate. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ From owner-freebsd-security Mon Jan 12 15:45:00 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA21120 for security-outgoing; Mon, 12 Jan 1998 15:45:00 -0800 (PST) (envelope-from owner-freebsd-security) Received: from oblivion.esgroup.net (root@oblivion.esgroup.net [209.52.174.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA21101 for ; Mon, 12 Jan 1998 15:44:42 -0800 (PST) (envelope-from tbaur@esgroup.net) Received: from oblivion.esgroup.net (tbaur@oblivion.esgroup.net [209.52.174.1]) by oblivion.esgroup.net (8.8.8/ESI) with SMTP id PAA15336; Mon, 12 Jan 1998 15:44:34 -0800 (PST) Date: Mon, 12 Jan 1998 15:44:34 -0800 (PST) From: Tim Baur To: Robert Watson cc: security@freebsd.org Subject: Re: /etc/services In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 12 Jan 1998, Robert Watson wrote: > > Uhm no. Both are needed as one is for tcp and the other for udp. > > I am aware that both are needed; I refer instead to the conflict between > doom and mdqs. Here are the lines of interest from my services: Ahh yes. Point taken. Would have been good to mention this in the first email. Wasnt exactally clear as to what you were refering to. But a very valid point at that. Tim Baur ESI Communications From owner-freebsd-security Thu Jan 15 07:12:42 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA29533 for security-outgoing; Thu, 15 Jan 1998 07:12:42 -0800 (PST) (envelope-from owner-freebsd-security) Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA29287 for ; Thu, 15 Jan 1998 07:10:44 -0800 (PST) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id RAA01104; Thu, 15 Jan 1998 17:53:06 +0100 Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id QAA01322; Thu, 15 Jan 1998 16:09:20 +0100 (CET) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id QAA03765; Thu, 15 Jan 1998 16:08:50 +0100 (CET) Message-ID: <19980115160850.23615@deepo.prosa.dk> Date: Thu, 15 Jan 1998 16:08:50 +0100 From: Philippe Regnauld To: Jess Kitchen Cc: BUGTRAQ@NETSPACE.ORG, freebsd-security@freebsd.org Subject: Re: FreeBSD ccdconfig bug References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: ; from Jess Kitchen on Thu, Jan 15, 1998 at 07:51:53AM +0000 X-Operating-System: FreeBSD 2.2.5-RELEASE i386 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jess Kitchen writes: > Hi, > > Following on from the initial ccdconfig bug post, I've found that if > you are persistent with chfn in the background while grepping the Regarding this bug: since ccdconfig is run as root, is there any need for the sgid kmem bit ? Apart from getting the conf dump (-g) as not-root, I don't see the use for it... -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- "Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?" - S. Kelly Bootle, about Cerberus ["MYTHOLOGY", in Marutukku distrib] - From owner-freebsd-security Wed Jan 21 15:38:53 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA11118 for security-outgoing; Wed, 21 Jan 1998 15:38:53 -0800 (PST) (envelope-from owner-freebsd-security) Received: from ve7tcp.ampr.org (ve7tcp.ampr.org [198.161.92.132]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA11111 for ; Wed, 21 Jan 1998 15:38:52 -0800 (PST) (envelope-from lyndon@ve7tcp.ampr.org) Received: from localhost.ampr.org (localhost.ampr.org [127.0.0.1]) by ve7tcp.ampr.org (8.8.8/8.8.4) with SMTP id QAA06239 for ; Wed, 21 Jan 1998 16:38:34 -0700 (MST) Message-Id: <199801212338.QAA06239@ve7tcp.ampr.org> X-Authentication-Warning: ve7tcp.ampr.org: localhost.ampr.org [127.0.0.1] didn't use HELO protocol X-Mailer: exmh version 2.0gamma 1/27/96 To: freebsd-security@freebsd.org Subject: Who else uses MD5 encrypted passwords? X-Attribution: VE7TCP X-URL: http://ve7tcp.ampr.org/ Organization: The Frobozz Magic Homing Pigeon Company Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 21 Jan 1998 16:38:34 -0700 From: Lyndon Nerenberg Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'm curious if there are any other OSes besides FreeBSD that are currently using MD5 hashed passwords. Pointers appreciated. Thanks, --lyndon