From owner-freebsd-security-notifications Thu Mar 12 11:28:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA07938 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 11:28:22 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA07673; Thu, 12 Mar 1998 11:27:36 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id UAA17298; Thu, 12 Mar 1998 20:27:25 +0100 (MET) Message-Id: <199803121927.UAA17298@gvr.gvr.org> From: FreeBSD Security Officer To: freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-98:01.land Date: Thu, 12 Mar 1998 20:27:00 +0100 (MET) Reply-To: security-officer@FreeBSD.ORG From: FreeBSD Security Officer Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:01 Security Advisory FreeBSD, Inc. Topic: LAND attack can cause harm to running FreeBSD systems Category: core Module: kern Announced: 1997-12-01 Affects: FreeBSD 2.1.*, FreeBSD 2.2.0R, 2.2.1R, 2.2.5R FreeBSD-stable and FreeBSD-current Doesn't Affect: FreeBSD 2.2.2R Corrected: FreeBSD 2.2.6R, FreeBSD-current as of Jan 21, 1998 FreeBSD-stable as of Jan 30, 1998 FreeBSD only: no Patches: ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:01/ ============================================================================= IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT ============================================================================= I. Background In most TCP stacks state is kept based on the source and destination address of a packet received. II. Problem Description A problem exists in most FreeBSD derived stacks that allows a malicious user to send a packet that causes the sytsem to lock up, thus producing a denial of service attack. III. Impact Any person on the Internet who can send a FreeBSD machine a packet can cause it to lock up and be taken out of service. IV. Workaround A firewall can be used to filter packets from the Internet that appear to be from your local network. This will not eliminate the threat, but will eliminate external attacks. V. Solution Apply the enclosed patch. There are two patches, one for FreeBSD -current, and another for FreeBSD 2.2-stable. patch for -current prior to Jan 21, 1998. Found in land-current. Index: tcp_input.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- tcp_input.c 1997/12/19 23:46:15 1.67 +++ tcp_input.c 1998/01/21 02:05:59 1.68 @@ -626,6 +613,7 @@ * If the state is LISTEN then ignore segment if it contains an RST. * If the segment contains an ACK then it is bad and send a RST. * If it does not contain a SYN then it is not interesting; drop it. + * If it is from this socket, drop it, it must be forged. * Don't bother responding if the destination was a broadcast. * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial * tp->iss, and send a segment: @@ -644,6 +632,9 @@ goto dropwithreset; if ((tiflags & TH_SYN) == 0) goto drop; + if ((ti->ti_dport == ti->ti_sport) && + (ti->ti_dst.s_addr == ti->ti_src.s_addr)) + goto drop; /* * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN * in_broadcast() should never return true on a received @@ -762,6 +753,23 @@ } /* + * If the state is SYN_RECEIVED: + * if seg contains SYN/ACK, send a RST. + * if seg contains an ACK, but not for our SYN/ACK, send a RST. + */ + case TCPS_SYN_RECEIVED: + if (tiflags & TH_ACK) { + if (tiflags & TH_SYN) { + tcpstat.tcps_badsyn++; + goto dropwithreset; + } + if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + SEQ_GT(ti->ti_ack, tp->snd_max)) + goto dropwithreset; + } + break; + + /* * If the state is SYN_SENT: * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. @@ -1176,14 +1184,11 @@ switch (tp->t_state) { /* - * In SYN_RECEIVED state if the ack ACKs our SYN then enter - * ESTABLISHED state and continue processing, otherwise - * send an RST. + * In SYN_RECEIVED state, the ack ACKs our SYN, so enter + * ESTABLISHED state and continue processing. + * The ACK was checked above. */ case TCPS_SYN_RECEIVED: - if (SEQ_GT(tp->snd_una, ti->ti_ack) || - SEQ_GT(ti->ti_ack, tp->snd_max)) - goto dropwithreset; tcpstat.tcps_connects++; soisconnected(so); patch for 2.2.5 and 2.2.5-stable before Jan 30, 1998 found in land-22 Index: tcp_input.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v retrieving revision 1.54.2.6 retrieving revision 1.54.2.7 diff -u -r1.54.2.6 -r1.54.2.7 --- tcp_input.c 1997/11/20 21:45:34 1.54.2.6 +++ tcp_input.c 1998/01/30 19:13:55 1.54.2.7 @@ -627,6 +614,7 @@ * If the state is LISTEN then ignore segment if it contains an RST. * If the segment contains an ACK then it is bad and send a RST. * If it does not contain a SYN then it is not interesting; drop it. + * If it is from this socket, drop it, it must be forged. * Don't bother responding if the destination was a broadcast. * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial * tp->iss, and send a segment: @@ -646,6 +634,9 @@ goto dropwithreset; if ((tiflags & TH_SYN) == 0) goto drop; + if ((ti->ti_dport == ti->ti_sport) && + (ti->ti_dst.s_addr == ti->ti_src.s_addr)) + goto drop; /* * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN * in_broadcast() should never return true on a received @@ -765,6 +756,23 @@ } /* + * If the state is SYN_RECEIVED: + * if seg contains SYN/ACK, send a RST. + * if seg contains an ACK, but not for our SYN/ACK, send a RST. + */ + case TCPS_SYN_RECEIVED: + if (tiflags & TH_ACK) { + if (tiflags & TH_SYN) { + tcpstat.tcps_badsyn++; + goto dropwithreset; + } + if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + SEQ_GT(ti->ti_ack, tp->snd_max)) + goto dropwithreset; + } + break; + + /* * If the state is SYN_SENT: * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. @@ -1179,14 +1187,11 @@ switch (tp->t_state) { /* - * In SYN_RECEIVED state if the ack ACKs our SYN then enter - * ESTABLISHED state and continue processing, otherwise - * send an RST. + * In SYN_RECEIVED state, the ack ACKs our SYN, so enter + * ESTABLISHED state and continue processing. + * The ACK was checked above. */ case TCPS_SYN_RECEIVED: - if (SEQ_GT(tp->snd_una, ti->ti_ack) || - SEQ_GT(ti->ti_ack, tp->snd_max)) - goto dropwithreset; tcpstat.tcps_connects++; soisconnected(so); ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/CERT/public_key.asc Security notifications: security-notifications@freebsd.org Security public discussion: security@freebsd.org Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNQg21FUuHi5z0oilAQFsYAP/TSdBmRb90H9/JqCvM/7pn1FOngoJgLPV GzEBEKe1cbeY5tOY/rCLPVX3g+JjRjPFkMICaTYk0JdFEO29CLhw5qoX/OAm4M+M erMJvXUJ3SPaEAEgK7zh5c73t9I4573Rbp1IxU3uZiqVSc3myJxCtFa4ZW2O6zkm G57fsHlGRKo= =4fC3 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 11:48:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA12916 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 11:48:00 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA12738; Thu, 12 Mar 1998 11:47:10 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id UAA17528; Thu, 12 Mar 1998 20:47:03 +0100 (MET) Message-Id: <199803121947.UAA17528@gvr.gvr.org> From: FreeBSD Security Officer To: freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Date: Thu, 12 Mar 1998 20:47:00 +0100 (MET) Reply-To: security-officer@FreeBSD.ORG From: FreeBSD Security Officer Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:02 Security Advisory FreeBSD, Inc. Topic: security compromise via mmap Category: core Module: kernel Announced: 1998-03-12 Affects: FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current before 1998/03/11 suffer from this problem. Corrected: FreeBSD-current as of 1998/03/11 FreeBSD-stable as of 1998/03/11 FreeBSD only: no (also other 4.4BSD based systems may be affected) Patches: ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/ ============================================================================= IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT ============================================================================= I. Background The 4.4BSD VM system allows files to be "memory mapped", which causes the specified contents of a file to be made available to a process via its address space. Manipulations of that file can then be performed simply by manipulating memory, rather than using filesystem I/O calls. This technique is used to simplify code, speed up access to files, and provide interprocess communication. II. Problem Description Due to a 4.4BSD VM system problem, it is possible to memory-map a read-only descriptor to a character device in read-write mode. III. Impact The hole can be used by members of group kmem to gain superuser privileges. It also allows the superuser to lower the system securelevel. IV. Workaround No workaround is known. V. Solution Apply one of the following patches, rebuild your kernel, install it and reboot your system. The patches below can be found on ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/ Patch for 3.0-current systems: Index: vm_mmap.c =================================================================== RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v retrieving revision 1.74 diff -u -r1.74 vm_mmap.c --- vm_mmap.c 1998/03/07 21:37:01 1.74 +++ vm_mmap.c 1998/03/10 21:51:30 @@ -162,6 +162,7 @@ vm_prot_t prot, maxprot; void *handle; int flags, error; + int disablexworkaround; off_t pos; addr = (vm_offset_t) uap->addr; @@ -252,6 +253,26 @@ pos = 0; } else { /* + * cdevs does not provide private mappings of any kind. + */ + /* + * However, for XIG X server to continue to work, + * we should allow the superuser to do it anyway. + * We only allow it at securelevel < 1. + * (Because the XIG X server writes directly to video + * memory via /dev/mem, it should never work at any + * other securelevel. + * XXX this will have to go + */ + if (securelevel >= 1) + disablexworkaround = 1; + else + disablexworkaround = suser(p->p_ucred, + &p->p_acflag); + if (vp->v_type == VCHR && disablexworkaround && + (flags & (MAP_PRIVATE|MAP_COPY))) + return (EINVAL); + /* * Ensure that file and memory protections are * compatible. Note that we only worry about * writability if mapping is shared; in this case, @@ -265,12 +286,20 @@ maxprot |= VM_PROT_READ; else if (prot & PROT_READ) return (EACCES); - if (flags & MAP_SHARED) { - if (fp->f_flag & FWRITE) - maxprot |= VM_PROT_WRITE; - else if (prot & PROT_WRITE) - return (EACCES); - } else + /* + * If we are sharing potential changes (either via + * MAP_SHARED or via the implicit sharing of character + * device mappings), and we are trying to get write + * permission although we opened it without asking + * for it, bail out. Check for superuser, only if + * we're at securelevel < 1, to allow the XIG X server + * to continue to work. + */ + if (((flags & MAP_SHARED) != 0 || + (vp->v_type == VCHR && disablexworkaround)) && + (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + return (EACCES); + else maxprot |= VM_PROT_WRITE; handle = (void *)vp; } Patch for 2.2 systems: Index: vm_mmap.c =================================================================== RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v retrieving revision 1.53.2.2 diff -u -r1.53.2.2 vm_mmap.c --- vm_mmap.c 1997/03/25 04:54:29 1.53.2.2 +++ vm_mmap.c 1998/03/10 21:50:46 @@ -157,6 +157,9 @@ vm_prot_t prot, maxprot; caddr_t handle; int flags, error; + int disablexworkaround; + + addr = (vm_offset_t) uap->addr; prot = uap->prot & VM_PROT_ALL; flags = uap->flags; @@ -230,6 +233,26 @@ flags |= MAP_ANON; } else { /* + * cdevs does not provide private mappings of any kind. + */ + /* + * However, for XIG X server to continue to work, + * we should allow the superuser to do it anyway. + * We only allow it at securelevel < 1. + * (Because the XIG X server writes directly to video + * memory via /dev/mem, it should never work at any + * other securelevel. + * XXX this will have to go + */ + if (securelevel >= 1) + disablexworkaround = 1; + else + disablexworkaround = suser(p->p_ucred, + &p->p_acflag); + if (vp->v_type == VCHR && disablexworkaround && + (flags & (MAP_PRIVATE|MAP_COPY))) + return (EINVAL); + /* * Ensure that file and memory protections are * compatible. Note that we only worry about * writability if mapping is shared; in this case, @@ -243,12 +266,20 @@ maxprot |= VM_PROT_READ; else if (prot & PROT_READ) return (EACCES); - if (flags & MAP_SHARED) { - if (fp->f_flag & FWRITE) - maxprot |= VM_PROT_WRITE; - else if (prot & PROT_WRITE) - return (EACCES); - } else + /* + * If we are sharing potential changes (either via + * MAP_SHARED or via the implicit sharing of character + * device mappings), and we are trying to get write + * permission although we opened it without asking + * for it, bail out. Check for superuser, only if + * we're at securelevel < 1, to allow the XIG X server + * to continue to work. + */ + if (((flags & MAP_SHARED) != 0 || + (vp->v_type == VCHR && disablexworkaround)) && + (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + return (EACCES); + else maxprot |= VM_PROT_WRITE; handle = (caddr_t) vp; } VI. Thanks This advisory is based on the OpenBSD Security Advisory, dated February 20 2, 1998. Thanks to "Thomas H. Ptacek" for allowing this. Thanks to "Cy Schubert" for porting the OpenBSD patch to FreeBSD. ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/CERT/public_key.asc Security notifications: security-notifications@freebsd.org Security public discussion: security@freebsd.org Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNQg5QlUuHi5z0oilAQGxJQP/YRbQ4Ox0R7zELYIfiYY4ZTec53DlkNTm +NWLqqMJWFAQQ2BfTLmcxJdcaUlPkZmKU21ZUFVxKFuCjjp1MSiFApLJRcXuX6u6 ZYgwvrrLB5ppU2L/uWG+mlJKrf/j6R28B/NQ7b/OB9hcRlNdOFyu7K44M+yKxaPb SRJ4LR1rQKk= =qDrb -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 15:53:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA29972 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 15:53:03 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from newton.physics.uiowa.edu (newton.physics.uiowa.edu [128.255.34.132]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA29810; Thu, 12 Mar 1998 15:52:06 -0800 (PST) (envelope-from shauser@newton.physics.uiowa.edu) Received: from localhost by newton.physics.uiowa.edu (SMI-8.6/SMI-SVR4) id RAA14083; Thu, 12 Mar 1998 17:51:59 -0600 Date: Thu, 12 Mar 1998 17:51:58 -0600 (CST) From: Steven Hauser X-Sender: shauser@newton To: security-officer@FreeBSD.ORG cc: freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap In-Reply-To: <199803121947.UAA17528@gvr.gvr.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How did I get unsubscribed? I thought I sent an "unsubscribe" message to the majordomo but I guess it didn't work and I've deleted the instructions on how to bail out of this. Thanks, Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 17:56:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA21937 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 17:56:24 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from mail.actrix.gen.nz (root@mail.actrix.gen.nz [203.96.16.37]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA21588; Thu, 12 Mar 1998 17:54:27 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from [192.168.1.1] (a.mcn.actrix.gen.nz [203.96.56.128]) by mail.actrix.gen.nz (8.8.8/8.8.5) with SMTP id OAA06350; Fri, 13 Mar 1998 14:54:12 +1300 (NZDT) X-Sender: squiz1@pop.actrix.gen.nz Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 13 Mar 1998 14:55:57 +1300 To: security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org From: andrew@squiz.co.nz (Andrew McNaughton) Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:01.land Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 8:27 AM 13/3/98, FreeBSD Security Officer wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >============================================================================= >FreeBSD-SA-98:01 Security Advisory > FreeBSD, Inc. > >Topic: LAND attack can cause harm to running FreeBSD systems > >Category: core >Module: kern >Announced: 1997-12-01 >Affects: FreeBSD 2.1.*, FreeBSD 2.2.0R, 2.2.1R, 2.2.5R > FreeBSD-stable and FreeBSD-current >Doesn't Affect: FreeBSD 2.2.2R >Corrected: FreeBSD 2.2.6R, FreeBSD-current as of Jan 21, 1998 > FreeBSD-stable as of Jan 30, 1998 >FreeBSD only: no > >Patches: ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:01/ > >============================================================================= >IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from >ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT >============================================================================= The stated location of The FreeBSD advisory archive is incorrect. These files can be found at ftp://freebsd.org/pub/FreeBSD/CERT Andrew McNaughton The effort to understand the universe is Andrew McNaughton one of the very few things that lifts ++64 4 389 6891 human life above the level of farce, andrew@squiz.co.nz and gives it some of the grace http://www.squiz.co.nz of tragedy - Steven Weinberg http://www.newsroom.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 18:46:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA00379 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 18:46:25 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA00235; Thu, 12 Mar 1998 18:45:42 -0800 (PST) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.8/8.6.9) with ESMTP id SAA08892; Thu, 12 Mar 1998 18:43:25 -0800 (PST) To: andrew@squiz.co.nz (Andrew McNaughton) cc: security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:01.land In-reply-to: Your message of "Fri, 13 Mar 1998 14:55:57 +1300." Date: Thu, 12 Mar 1998 18:43:25 -0800 Message-ID: <8889.889757005@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The stated location of The FreeBSD advisory archive is incorrect. These > files can be found at ftp://freebsd.org/pub/FreeBSD/CERT Nope, service at this FTP site has been discontinued for several months now. Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 19:19:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA06300 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 19:19:57 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from mail.actrix.gen.nz (mail.actrix.gen.nz [203.96.16.37]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA05412; Thu, 12 Mar 1998 19:17:21 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from [192.168.1.1] (a.mcn.actrix.gen.nz [203.96.56.128]) by mail.actrix.gen.nz (8.8.8/8.8.5) with SMTP id QAA14830; Fri, 13 Mar 1998 16:16:42 +1300 (NZDT) X-Sender: squiz1@pop.actrix.gen.nz Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 13 Mar 1998 16:18:27 +1300 To: "Jordan K. Hubbard" From: andrew@squiz.co.nz (Andrew McNaughton) Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:01.land Cc: security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 3:43 PM 13/3/98, Jordan K. Hubbard wrote: >> The stated location of The FreeBSD advisory archive is incorrect. These >> files can be found at ftp://freebsd.org/pub/FreeBSD/CERT > >Nope, service at this FTP site has been discontinued for several >months now. Oops. Right directory, wrong server. All of the URL's listed to date are incorrect. ie these don't work: ftp://freebsd.org/pubCERT/ ftp://ftp.freebsd.org/pub/CERT/ ftp://freebsd.org/pub/FreeBSD/CERT/ This one does work: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/ DISCLAIMER: The Entire Physical Universe, Including Andrew McNaughton This Message, May One Day Collapse Back into an ++64 4 389 6891 Infinitesimally Small Space. Should Another Universe andrew@squiz.co.nz Subsequently Re-emerge, the Validity of Statements http://www.squiz.co.nz in This Message Cannot Be Guaranteed. http://www.newsroom.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 20:49:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA20433 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 20:49:09 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from clarknet.clark.net (Ucore@clarknet.clark.net [207.97.14.162]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA20414 for ; Thu, 12 Mar 1998 20:48:52 -0800 (PST) (envelope-from jce@zot.com) From: jce@zot.com Received: (Ucore@localhost) by clarknet.clark.net (8.8.7/8.6.5) id XAA01908 for security-notifications@freebsd.org; Thu, 12 Mar 1998 23:48:48 -0500 (EST) X-Authentication-Warning: clarknet.clark.net: Ucore set sender to jce@zot.com using -f >Received: from titmouse. (titmouse.zot.com [204.245.156.17]) by core.zot.com (8.8.7/8.8.5) with SMTP id AAA19226 for ; Fri, 13 Mar 1998 00:48:49 -0500 Received: from titmouse. (titmouse.zot.com [204.245.156.17]) by core.zot.com (8.8.7/8.8.5) with SMTP id AAA19226 for ; Fri, 13 Mar 1998 00:48:49 -0500 Received: by titmouse. (SMI-8.6/SMI-SVR4) id XAA00493; Thu, 12 Mar 1998 23:52:33 -0500 Date: Thu, 12 Mar 1998 23:52:33 -0500 Message-Id: <199803130452.XAA00493@titmouse.> To: security-notifications@FreeBSD.ORG Subject: help X-Sun-Charset: US-ASCII Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Thu Mar 12 21:21:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA23895 for freebsd-security-notifications-outgoing; Thu, 12 Mar 1998 21:21:06 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from chickasaw.gate.net (root@chickasaw.gate.net [198.206.134.26]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA23836; Thu, 12 Mar 1998 21:20:38 -0800 (PST) (envelope-from kwaddell@gate.net) Received: from kronos1.tvci.com (miafl3-14.gate.net [199.227.35.141]) by chickasaw.gate.net (8.8.6/8.6.12) with SMTP id AAA101476; Fri, 13 Mar 1998 00:20:23 -0500 Message-ID: <3508C50C.63DECDAD@gate.net> Date: Fri, 13 Mar 1998 00:33:00 -0500 From: Karl Waddell X-Mailer: Mozilla 3.04 (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: "Jordan K. Hubbard" CC: Andrew McNaughton , security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:01.land References: <8889.889757005@time.cdrom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordon: Yes, your are right; however, the correct URL is: ftp://ftp.freebsd.org/pub/FreeeBSD/CERT I downloaded the patches just now. Just thought I would let others know as well. Karl Jordan K. Hubbard wrote: > > > The stated location of The FreeBSD advisory archive is incorrect. These > > files can be found at ftp://freebsd.org/pub/FreeBSD/CERT > > Nope, service at this FTP site has been discontinued for several > months now. > > Jordan > > This is the moderated mailing list freebsd-announce. > The list contains announcements of new FreeBSD capabilities, > important events and project milestones. > See also the FreeBSD Web pages at http://www.freebsd.org > > To unsubscribe from freebsd-announce, send a mail to > majordomo@freebsd.org with the body > > unsubscribe freebsd-announce > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Fri Mar 13 14:04:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA25357 for freebsd-security-notifications-outgoing; Fri, 13 Mar 1998 14:04:50 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from darkridge.twinlights.org (nocarrier@cable009053.cable.sm.ptd.net [204.186.9.53]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA25327 for ; Fri, 13 Mar 1998 14:04:44 -0800 (PST) (envelope-from jpr5@twinlights.org) Received: from localhost (jpr5@localhost) by darkridge.twinlights.org (8.8.5/8.8.5) with SMTP id QAA21096 for ; Fri, 13 Mar 1998 16:58:09 -0500 Date: Fri, 13 Mar 1998 16:58:09 -0500 (EST) From: Jordan Ritter Reply-To: Jordan Ritter To: security-notifications@FreeBSD.ORG Subject: PGP Key. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following PGP Key reference in your tagline: FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/CERT/public_key.asc Security notifications: security-notifications@freebsd.org Security public discussion: security@freebsd.org Is invalid. I could not find it there or on freebsd.org. -- Jordan Ritter Systems Administrator Analytical Design Solutions, Inc. Harrisburg, PA, USA Office: (610) 393-3441 (http://www.adsi-cni.com/, http://www.twinlights.org/~jpr5/) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Mon Mar 16 11:21:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA24374 for freebsd-security-notifications-outgoing; Mon, 16 Mar 1998 11:21:15 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA24308; Mon, 16 Mar 1998 11:21:01 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id UAA04937; Mon, 16 Mar 1998 20:20:45 +0100 (MET) Message-Id: <199803161920.UAA04937@gvr.gvr.org> From: FreeBSD Security Officer To: freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Date: Mon, 16 Mar 1998 20:22:00 +0100 (MET) Reply-To: security-officer@FreeBSD.ORG From: FreeBSD Security Officer Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Recently, the FreeBSD CERT archive has been moved. The move has been announced in the latest 2 advisories, SA-98:01 and SA-98:02. Unfortunately, an error was made in both advisories, so the wrong location was published. The correct location of the FreeBSD advisory archive is now: ftp://ftp.freebsd.org/pub/FreeBSD/CERT ============================================================================= The FreeBSD Project, Inc. Web Site: http://www.freebsd.com/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNQ17cFUuHi5z0oilAQGszgP/Qci+Ti40fIPtkphfQRPTyBBpDP8rmr8j uk4gcAO9wLGqMJ25imPPuDVSJ3H6RDIFoQmTbi7QkHYCjD+kn7+haOm6M28Y78iF 9Yy0josdgUpPdEXc1kpnAgt3cvwlz0ZJnCbx8CjFLpjrM2plWdlksfd7mX5tt3c+ f1ARitF5IuU= =X76C -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Tue Mar 17 07:08:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA25947 for freebsd-security-notifications-outgoing; Tue, 17 Mar 1998 07:08:05 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from butch.transport.com (butch.transport.com [204.119.17.85]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA25924; Tue, 17 Mar 1998 07:08:03 -0800 (PST) (envelope-from mgweiss@transport.com) Received: from GATSBY (pdx2-92.transport.com [209.51.88.219]) by butch.transport.com (8.8.5/8.8.5) with SMTP id HAA28321; Tue, 17 Mar 1998 07:09:07 -0800 Date: Tue, 17 Mar 1998 07:09:07 -0800 Message-Id: <199803171509.HAA28321@butch.transport.com> From: Mathew Weiss MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: MathewX_Weiss@ccm.hf.intel.com Cc: freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap In-Reply-To: <199803161920.UAA04937@gvr.gvr.org> References: <199803161920.UAA04937@gvr.gvr.org> X-Mailer: VM 6.34 under Emacs 19.34.6 Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FreeBSD Security Officer , FreeBSD Security Officer writes: > -----BEGIN PGP SIGNED MESSAGE----- > > Recently, the FreeBSD CERT archive has been moved. The move has been > announced in the latest 2 advisories, SA-98:01 and SA-98:02. > > Unfortunately, an error was made in both advisories, so the wrong > location was published. > > The correct location of the FreeBSD advisory archive is now: > ftp://ftp.freebsd.org/pub/FreeBSD/CERT > > ============================================================================= > The FreeBSD Project, Inc. > > Web Site: http://www.freebsd.com/ > Confidential contacts: security-officer@freebsd.org > Security notifications: security-notifications@freebsd.org > Security public discussion: freebsd-security@freebsd.org > PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc > > ============================================================================= > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBNQ17cFUuHi5z0oilAQGszgP/Qci+Ti40fIPtkphfQRPTyBBpDP8rmr8j > uk4gcAO9wLGqMJ25imPPuDVSJ3H6RDIFoQmTbi7QkHYCjD+kn7+haOm6M28Y78iF > 9Yy0josdgUpPdEXc1kpnAgt3cvwlz0ZJnCbx8CjFLpjrM2plWdlksfd7mX5tt3c+ > f1ARitF5IuU= > =X76C > -----END PGP SIGNATURE----- > > This is the moderated mailing list freebsd-announce. > The list contains announcements of new FreeBSD capabilities, > important events and project milestones. > See also the FreeBSD Web pages at http://www.freebsd.org > > To unsubscribe from freebsd-announce, send a mail to > majordomo@freebsd.org with the body > > unsubscribe freebsd-announce > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Mar 18 05:37:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA06524 for freebsd-security-notifications-outgoing; Wed, 18 Mar 1998 05:37:01 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from vs1.virtualisys.com ([207.137.172.173]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA06399; Wed, 18 Mar 1998 05:36:12 -0800 (PST) (envelope-from randyk@ccsales.com) Received: from ntrkcasa (pool30.hiper.net [207.137.172.30] (may be forged)) by vs1.virtualisys.com (8.8.8/8.8.8) with SMTP id FAA04103; Wed, 18 Mar 1998 05:36:21 -0800 (PST) Message-Id: <3.0.5.32.19980318053555.02e196f0@ccsales.com> X-Sender: randyk@ccsales.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 18 Mar 1998 05:35:55 -0800 To: security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org From: "Randy A. Katz" Subject: FreeBSD Security Advisory In-Reply-To: <199803161920.UAA04937@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, How do I: 1. Update my machines source to the Released product. 2. Apply the security patches. Example: The current released product is now 2.2.5. Do I change the tag=RELENG_2_2_5_RELEASE in my cvsupfile and bring it all it, recompile, etc... Then how do I get up to date, automatically, with the security advisories? Is there a syntax to use with cvsup? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Mar 18 06:38:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA19824 for freebsd-security-notifications-outgoing; Wed, 18 Mar 1998 06:38:06 -0800 (PST) (envelope-from owner-freebsd-security-notifications@FreeBSD.ORG) Received: from vs1.virtualisys.com ([207.137.172.173]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA19535; Wed, 18 Mar 1998 06:36:28 -0800 (PST) (envelope-from randyk@ccsales.com) Received: from ntrkcasa (pool30.hiper.net [207.137.172.30] (may be forged)) by vs1.virtualisys.com (8.8.8/8.8.8) with SMTP id GAA08926; Wed, 18 Mar 1998 06:36:34 -0800 (PST) Message-Id: <3.0.5.32.19980318063607.02e5daf0@ccsales.com> X-Sender: randyk@ccsales.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 18 Mar 1998 06:36:07 -0800 To: security-officer@FreeBSD.ORG, freebsd-security-notifications@FreeBSD.ORG, freebsd-announce@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, first-teams@first.org From: "Randy A. Katz" Subject: Re: FreeBSD Security Advisory In-Reply-To: <3.0.5.32.19980318053555.02e196f0@ccsales.com> References: <199803161920.UAA04937@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry for the cross-post, I pushed reply-all, accident. >How do I: > >1. Update my machines source to the Released product. >2. Apply the security patches. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message