From owner-freebsd-security Sun Mar 12 19: 9:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id A67F937B970; Sun, 12 Mar 2000 19:09:27 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by hub.freebsd.org (Postfix) with ESMTP id A4A3F2E8158
for <security@freebsd.org>; Sun, 12 Mar 2000 19:09:27 -0800 (PST)
(envelope-from kris@hub.freebsd.org)
Date: Sun, 12 Mar 2000 19:09:27 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: security@freebsd.org
Subject: KDE 1.1.1 vulnerability
Message-ID: <Pine.BSF.4.21.0003121905560.97941-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
It was pointed out to me that the previous version of KDE (v1.1.1)
contains a local root exploit - KDE 1.1.2 has been available in ports
since September 1999, but in case anyone is still running the old version
in a multi-user environment then you should take steps to upgrade
immediately.
In general, it is sensible to upgrade fairly aggressively with large ports
like KDE because with so much code involved, chances are there are lots of
bug fixes - and one or two security fixes - with each upgrade.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sun Mar 12 23:56:35 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11])
by hub.freebsd.org (Postfix) with ESMTP id 5BA9737B53F
for <freebsd-security@FreeBSD.ORG>; Sun, 12 Mar 2000 23:56:31 -0800 (PST)
(envelope-from avalon@cairo.anu.edu.au)
Received: (from avalon@localhost)
by cairo.anu.edu.au (8.9.3/8.9.3) id SAA07381;
Mon, 13 Mar 2000 18:57:01 +1100 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200003130757.SAA07381@cairo.anu.edu.au>
Subject: Re: More ipf fun..
To: bens_lists@mailandnews.com (Ben H)
Date: Mon, 13 Mar 2000 18:57:01 +1100 (Australia/NSW)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20000311144931.A1531@lust.poo.pants> from "Ben H" at Mar 11, 2000 02:49:31 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
In some mail from Ben H, sie said:
>
> Thanks to all those who helped me get ipfilter in the kernel, now all i
> gotta do is figure why it doesnt work (:
>
> im wondering could it be because the kernel is 3.4 and teh ipf binaries are
> 3.3? if so how would i upgrade them?
best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and
download 3.3.11 and upgrade the lot.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Mar 13 1:15:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from security.za.net (security.za.net [209.212.100.194])
by hub.freebsd.org (Postfix) with ESMTP id 3DC4937B9A1
for <freebsd-security@freebsd.org>; Mon, 13 Mar 2000 01:15:21 -0800 (PST)
(envelope-from jus@security.za.net)
Received: from localhost (jus@localhost)
by security.za.net (8.9.3/8.9.3) with ESMTP id LAA58948
for <freebsd-security@freebsd.org>; Mon, 13 Mar 2000 11:18:31 +0200 (SAST)
(envelope-from jus@security.za.net)
Date: Mon, 13 Mar 2000 11:18:31 +0200 (SAST)
From: Justin Stanford <jus@security.za.net>
To: freebsd-security@freebsd.org
Subject: IRCII-4.4
Message-ID: <Pine.BSF.4.10.10003131117250.58929-100000@security.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi, folks
Can anyone confirm the supposed vulnerability in ircII-4.4? Is it necesary
to upgrade to 4.4M, and have ports got this lined up?
Regards,
jus
--
Justin Stanford
082 7402741
jus@security.za.net
www.security.za.net
IT Security and Solutions
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Mar 13 2: 9:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id A50ED37B558; Mon, 13 Mar 2000 02:09:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by hub.freebsd.org (Postfix) with ESMTP
id A2A9E2E8159; Mon, 13 Mar 2000 02:09:21 -0800 (PST)
(envelope-from kris@hub.freebsd.org)
Date: Mon, 13 Mar 2000 02:09:21 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Justin Stanford <jus@security.za.net>
Cc: freebsd-security@freebsd.org
Subject: Re: IRCII-4.4
In-Reply-To: <Pine.BSF.4.10.10003131117250.58929-100000@security.za.net>
Message-ID: <Pine.BSF.4.21.0003130207390.81551-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Mon, 13 Mar 2000, Justin Stanford wrote:
> Hi, folks
>
> Can anyone confirm the supposed vulnerability in ircII-4.4? Is it necesary
> to upgrade to 4.4M, and have ports got this lined up?
>
I was a bit too late to get the fixed port in time for 4.0, but Satoshi
did mark it forbidden which is better than shipping an insecure port.
In the meantime, there's an upgrade at:
http:://www.freebsd.org/~kris/ircII.patch
which upgrades to 4.4M
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Mar 14 8:27:45 2000
Delivered-To: freebsd-security@freebsd.org
Received: from qabbani.tarjema.com (tarjema.com [209.221.173.34])
by hub.freebsd.org (Postfix) with ESMTP id 9078937B9D3
for <freebsd-security@freebsd.org>; Tue, 14 Mar 2000 08:27:40 -0800 (PST)
(envelope-from tgregory@tarjema.com)
Received: from tarjema.com (gatekeeper.semaphore.net [209.221.173.65])
by qabbani.tarjema.com (8.9.3/8.9.3) with ESMTP id IAA35944
for <freebsd-security@freebsd.org>; Tue, 14 Mar 2000 08:27:24 -0800 (PST)
(envelope-from tgregory@tarjema.com)
Message-ID: <38CE684F.39657A28@tarjema.com>
Date: Tue, 14 Mar 2000 08:26:55 -0800
From: "Timothy A. Gregory" <tgregory@tarjema.com>
Reply-To: tgregory@tarjema.com
Organization: Tarjema
X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 3.4-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: InterScan Virus Wall for Linux
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Has anyone had any luck getting InterScan VirusWall for Linux running on
FreeBSD?
I've gotten the package installed, the RedHat 6.1 packages but when I
try to run the 'scanning' daemons (their sendmail, ishttpd, isftpd etc)
I get seg faults...
Thanks for any help!
--
----------------------------------------------------------------
Timothy A. Gregory Systems Administrator
Semaphore Corporation http://www.semaphore.com
206.905.5000 tgregory@semaphore.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Mar 14 19:46:23 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
by hub.freebsd.org (Postfix) with ESMTP
id 2629137B803; Tue, 14 Mar 2000 19:46:22 -0800 (PST)
(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA60703;
Tue, 14 Mar 2000 19:46:21 -0800 (PST)
(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Tue, 14 Mar 2000 19:46:21 -0800 (PST)
From: Kris Kennaway <kris@FreeBSD.org>
To: Darren Reed <avalon@coombs.anu.edu.au>
Cc: Ben H <bens_lists@mailandnews.com>, freebsd-security@FreeBSD.ORG
Subject: Re: More ipf fun..
In-Reply-To: <200003130757.SAA07381@cairo.anu.edu.au>
Message-ID: <Pine.BSF.4.21.0003141945270.60282-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Mon, 13 Mar 2000, Darren Reed wrote:
> best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and
> download 3.3.11 and upgrade the lot.
Or you could import this into FreeBSD yourself..that is what your commit
bit is for, remember :-)
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Mar 14 20: 7:23 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11])
by hub.freebsd.org (Postfix) with ESMTP
id D2DEA37B5C7; Tue, 14 Mar 2000 20:07:08 -0800 (PST)
(envelope-from avalon@cairo.anu.edu.au)
Received: (from avalon@localhost)
by cairo.anu.edu.au (8.9.3/8.9.3) id PAA06437;
Wed, 15 Mar 2000 15:07:32 +1100 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200003150407.PAA06437@cairo.anu.edu.au>
Subject: ubje
To: kris@FreeBSD.ORG (Kris Kennaway)
Date: Wed, 15 Mar 2000 15:07:32 +1100 (Australia/NSW)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.21.0003141945270.60282-100000@freefall.freebsd.org> from "Kris Kennaway" at Mar 14, 2000 07:46:21 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
In some mail from Kris Kennaway, sie said:
>
> On Mon, 13 Mar 2000, Darren Reed wrote:
>
> > best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and
> > download 3.3.11 and upgrade the lot.
>
> Or you could import this into FreeBSD yourself..that is what your commit
> bit is for, remember :-)
Now that the freeze is lifted, yes...but I'll wait for 3.4
Darren
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 9:33:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id C8D9737BADE; Wed, 15 Mar 2000 09:33:08 -0800 (PST)
From: FreeBSD Security Officer <security-officer@freebsd.org>
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh
Reply-To: security-officer@freebsd.org
From: FreeBSD Security Officer <security-officer@freebsd.org>
Message-Id: <20000315173308.C8D9737BADE@hub.freebsd.org>
Date: Wed, 15 Mar 2000 09:33:08 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:07 Security Advisory
FreeBSD, Inc.
Topic: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports allow remote execution
of binary code
Category: ports
Module: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2
Announced: 2000-03-15
Affects: Ports collection before the correction date.
Corrected: [See below for a more complete description]
All versions fixed in 4.0-RELEASE.
mh: 2000-03-04
nmh: 2000-02-29
ja-mh: 2000-03-11
exmh: 2000-03-05
exmh2: 2000-03-05
ja-exmh2: 2000-03-11
FreeBSD only: NO
I. Background
MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are
TCL/TK-based front-ends to the MH system. There are also Japanese-language
versions of the MH and EXMH2 ports.
II. Problem Description
The mhshow command used for viewing MIME attachments contains a buffer
overflow which can be exploited by a specially-crafted email attachment,
which will allow the execution of arbitrary code as the local user when the
attachment is opened.
The *MH ports are not installed by default, nor are they "part of
FreeBSD" as such: they are part of the FreeBSD ports collection, which
contains over 3100 third-party applications in a ready-to-install
format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
this problem.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.
III. Impact
An attacker who can convince a user to open a hostile MIME attachment sent
as part of an email message can execute arbitrary binary code running with
the privileges of that user.
If you have not chosen to install any of the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2
ports/packages, then your system is not vulnerable.
IV. Workaround
1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will
prevent the viewing of MIME attachments from within *mh.
2) Remove the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports, if you you have
installed them.
V. Solution
The English language version of the MH software is no longer actively
developed, and no fix is currently available. It is unknown whether a fix
to the problem will be forthcoming - consider upgrading to use NMH instead,
which is the designated successor of the MH software. EXMH and EXMH2 can
both be compiled to use NMH instead (this is now the default behaviour). It
is not necessary to recompile EXMH/EXMH2 after reinstalling NMH.
The Japanese-language version of MH is being actively developed and has
been patched to fix the problem.
SOLUTION: Remove any old versions of the mail/mh, mail/nmh or japanese/mh
ports and perform one of the following:
1) Upgrade your entire ports collection and rebuild the mail/nmh port, or the
japanese/mh port.
2) Reinstall a new package obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/ja-mh-6.8.4.3.03
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/ja-mh-6.8.4.3.03
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/ja-mh-6.8.4.3.03
3) download a new port skeleton for the nmh/ja-mh port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOM/I9lUuHi5z0oilAQFCRgP/ZQNoWGqJN7M9M8cp4TD0F+8h1eUsROPs
nIQ0n1nG+Ii68M4b8ZZYNOgGZQU8RrUGqoq4uKd8qPj0ORX0B1t0yaMvNU8W/ci+
f8nyqHAf3pkuh1SLmM3Gwd7W+8fCX/+D3zV8ZY3uPL0edrpO7wBGFReY6QmjzGmo
m8pP6qMUUAA=
=7cV0
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 9:34:51 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id F231737BA56; Wed, 15 Mar 2000 09:34:43 -0800 (PST)
From: FreeBSD Security Officer <security-officer@freebsd.org>
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
Reply-To: security-officer@freebsd.org
From: FreeBSD Security Officer <security-officer@freebsd.org>
Message-Id: <20000315173443.F231737BA56@hub.freebsd.org>
Date: Wed, 15 Mar 2000 09:34:43 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:08 Security Advisory
FreeBSD, Inc.
Topic: Lynx ports contain numerous buffer overflows
Category: ports
Module: lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current
Announced: 2000-03-15
Affects: Ports collection before the correction date.
Corrected: See below.
FreeBSD only: NO
I. Background
Lynx is a popular text-mode WWW browser, available in several versions
including SSL support and Japanese language localization.
II. Problem Description
The lynx software is written in a very insecure style and contains numerous
potential and several proven security vulnerabilities (publicized on the
BugTraq mailing list) exploitable by a malicious server.
The lynx ports are not installed by default, nor are they "part of FreeBSD"
as such: they are part of the FreeBSD ports collection, which contains over
3100 third-party applications in a ready-to-install format.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.
III. Impact
A malicious server which is visited by a user with the lynx browser can
exploit the browser security holes in order to execute arbitrary code as
the local user.
If you have not chosen to install any of the
lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then
your system is not vulnerable.
IV. Workaround
Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you
you have installed them.
V. Solution
Unfortunately, there is no simple fix to the security problems with the
lynx code: it will require a full review by the lynx development team and
recoding of the affected sections with a more security-conscious attitude.
In the meantime, there are two other text-mode WWW browsers available in
FreeBSD ports: www/w3m (also available in www/w3m-ssl for an SSL-enabled
version, and japanese/w3m for Japanese-localization) and www/links.
Note that the FreeBSD Security Officer does not make any recommendation
about the security of these two browsers - in particular, they both appear
to contain potential security risks, and a full audit has not been
performed, but at present no proven security holes are known. User beware -
please watch for future security advisories which will publicize any such
vulnerabilities discovered in these ports.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOM/JklUuHi5z0oilAQEbzQP+K5HbTRk40fmb+pKOcUDD/r4ofcrkWtXn
Ya7PT/ALXvUnohm/jqKofNk9cXK1EspbgHb9N1OJZEzcYUAy378WpQgWh4uxKQa7
+541CwFPPIbWfJQJCOaUODN2qwnXdqXMj6noCKRMN0c3tBRG6R2zEfVaM1vMNS1+
+vcp5WAqDu4=
=dtMU
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 9:36:34 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 120F537C0AF; Wed, 15 Mar 2000 09:36:26 -0800 (PST)
From: FreeBSD Security Officer <security-officer@freebsd.org>
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:09.mtr
Reply-To: security-officer@freebsd.org
From: FreeBSD Security Officer <security-officer@freebsd.org>
Message-Id: <20000315173626.120F537C0AF@hub.freebsd.org>
Date: Wed, 15 Mar 2000 09:36:26 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:09 Security Advisory
FreeBSD, Inc.
Topic: mtr port contains a local root exploit.
Category: ports
Module: mtr
Announced: 2000-03-15
Affects: Ports collection before the correction date.
Corrected: 2000-03-07 (included in FreeBSD 4.0-RELEASE)
FreeBSD only: NO
I. Background
mtr ("Multi Traceroute") combines the functionality of the "traceroute" and
"ping" programs into a single network diagnostic tool.
II. Problem Description
The mtr program (versions 0.41 and below) fails to correctly drop setuid
root privileges during operation, allowing a local root compromise.
The mtr port is not installed by default, nor is it "part of FreeBSD" as
such: it is part of the FreeBSD ports collection, which contains over 3100
third-party applications in a ready-to-install format. The FreeBSD
4.0-RELEASE ports collection is not vulnerable to this problem.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit of
the most security-critical ports.
III. Impact
A local user can exploit the security hole to obtain root privileges.
If you have not chosen to install the mtr port/package, then your system is
not vulnerable.
IV. Workaround
1) Remove the mtr port if you have installed it.
2) Disable the setuid bit - run the following command as root:
chmod u-s /usr/local/sbin/mtr
This will mean non-root users cannot make use of the program, since it
requires root privileges to properly run.
V. Solution
1) Upgrade your entire ports collection and rebuild the mtr port.
2) Reinstall a new package obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz
Note: it may be several days before the updated packages are available.
3) download a new port skeleton for the mtr port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOM/J3FUuHi5z0oilAQFdjQP+MCxSn1WYvRehaxky8xnOLP8sAOiLvxLf
DG3emT6hgG7IFKTHNQ/KvHE5M9Y4/frk1tJGKVb/RKEbpbDDF3mmN0eq6S2B2Qda
TB4YjbaLVAnFKVhFcbZjVfc4YTtutNgl7xd/4bvXennki77oQiO5T3VRNnIXkjD1
NUk4XQDyTQ4=
=Rrxf
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 9:38: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 8949337BEBE; Wed, 15 Mar 2000 09:37:57 -0800 (PST)
From: FreeBSD Security Officer <security-officer@freebsd.org>
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:10.orville-write
Reply-To: security-officer@freebsd.org
From: FreeBSD Security Officer <security-officer@freebsd.org>
Message-Id: <20000315173757.8949337BEBE@hub.freebsd.org>
Date: Wed, 15 Mar 2000 09:37:57 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:10 Security Advisory
FreeBSD, Inc.
Topic: orville-write port contains local root compromise.
Category: ports
Module: orville-write
Announced: 2000-03-15
Affects: Ports collection before the correction date.
Corrected: 2000-03-09
FreeBSD only: Yes
I. Background
Orville-write is a replacement for the write(1) command, which
provides improved control over message delivery and other features.
II. Problem Description
One of the commands installed by the port is incorrectly installed
with setuid root permissions. The 'huh' command should not have any
special privileges since it is intended to be run by the local user to
view his saved messages.
The orville-write port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3100 third-party applications in a ready-to-install
format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
this problem.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit of
the most security-critical ports.
III. Impact
A local user can exploit a buffer overflow in the 'huh' utility to
obtain root privileges.
If you have not chosen to install the orville-write port/package, then
your system is not vulnerable.
IV. Workaround
Remove the orville-write port if you have installed it.
V. Solution
Remove the setuid bit from the huh utility, by executing the following
command as root:
chmod u-s /usr/local/bin/huh
It is not necessary to reinstall the orville-write port, although this
can be done in one of the following ways if desired:
1) Upgrade your entire ports collection and rebuild the orville-write port.
2) Reinstall a new package dated after the correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz
Note: it may be several days before the updated packages are available.
3) download a new port skeleton for the orville-write port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf
8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV
9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr
YTNtkrInpV0=
=c84W
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 11:30: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.fns.matrix.com.br (smtp.matrix.com.br [200.202.17.7])
by hub.freebsd.org (Postfix) with ESMTP id 1F44437C0D3
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 11:29:55 -0800 (PST)
(envelope-from camposr@MATRIX.COM.BR)
Received: from speed.matrix.com.br (speed.matrix.com.br [200.196.0.241])
by smtp.fns.matrix.com.br (Postfix) with ESMTP id 286B15A563
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 16:31:06 -0300 (EST)
Date: Wed, 15 Mar 2000 16:29:48 -0300 (EST)
From: Rodrigo Campos <camposr@MATRIX.COM.BR>
X-Sender: speed@speed.matrix.com.br
To: freebsd-security@FreeBSD.ORG
Subject: wrapping sshd
Message-ID: <Pine.BSF.4.21.0003151624020.11873-100000@speed.matrix.com.br>
Organization: Matrix Network
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
In the /etc/hosts.allow file there's a comment saying that "is not
normally a good idea" to wrapp sshd(8), I'm just asking myself why
wouldn't be a good idea to do it since it seems to me that openssh has
options to restrict access to it except compiling it with LIBWRAP support.
Any ideas ?
--
________________________
Rodrigo Albani de Campos
Matrix Internet - NOC
http://www.br-unix.org/users/campos/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 12:14:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175])
by hub.freebsd.org (Postfix) with ESMTP id 6153537BB16
for <freebsd-security@freebsd.org>; Wed, 15 Mar 2000 12:14:47 -0800 (PST)
(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
id 12VKBU-000FQu-00; Wed, 15 Mar 2000 22:14:24 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Rodrigo Campos <camposr@MATRIX.COM.BR>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
In-reply-to: Your message of "Wed, 15 Mar 2000 16:29:48 -0300."
<Pine.BSF.4.21.0003151624020.11873-100000@speed.matrix.com.br>
Date: Wed, 15 Mar 2000 22:14:24 +0200
Message-ID: <59327.953151264@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote:
> In the /etc/hosts.allow file there's a comment saying that "is not
> normally a good idea" to wrapp sshd(8)
The answer has nothing to do with secrurity, although you couldn't have
known that without reading the sshd(8) manual page. :-)
Look for the first occurance of the word inetd in the sshd(8) manual
page.
Ciao,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 12:36: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.fns.matrix.com.br (smtp.matrix.com.br [200.202.17.7])
by hub.freebsd.org (Postfix) with ESMTP id 45FD037BA4A
for <freebsd-security@freebsd.org>; Wed, 15 Mar 2000 12:35:40 -0800 (PST)
(envelope-from camposr@MATRIX.COM.BR)
Received: from speed.matrix.com.br (speed.matrix.com.br [200.196.0.241])
by smtp.fns.matrix.com.br (Postfix) with ESMTP
id 112495A572; Wed, 15 Mar 2000 17:36:51 -0300 (EST)
Date: Wed, 15 Mar 2000 17:35:33 -0300 (EST)
From: Rodrigo Campos <camposr@MATRIX.COM.BR>
X-Sender: speed@speed.matrix.com.br
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: freebsd-security@freebsd.org
Subject: Re: wrapping sshd
In-Reply-To: <59327.953151264@axl.ops.uunet.co.za>
Message-ID: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
Organization: Matrix Network
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Wed, 15 Mar 2000, Sheldon Hearn wrote:
>
>
> On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote:
>
> > In the /etc/hosts.allow file there's a comment saying that "is not
> > normally a good idea" to wrapp sshd(8)
>
> The answer has nothing to do with secrurity, although you couldn't have
> known that without reading the sshd(8) manual page. :-)
>
> Look for the first occurance of the word inetd in the sshd(8) manual
> page.
But my question has nothing to do with inetd, by "wrapping sshd" I mean
compiling it with support to libwrap, wich would make it read the
/etc/hosts.allow file in order to grant or deny access based on the
client hostname or ip address, even when it's running as a daemon.
--
________________________
Rodrigo Albani de Campos
Matrix Internet - NOC
http://www.br-unix.org/users/campos/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 12:40:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175])
by hub.freebsd.org (Postfix) with ESMTP id 6CA8737BAB5
for <freebsd-security@freebsd.org>; Wed, 15 Mar 2000 12:39:16 -0800 (PST)
(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
id 12VKZN-000FXY-00; Wed, 15 Mar 2000 22:39:05 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Rodrigo Campos <camposr@MATRIX.COM.BR>
Cc: freebsd-security@freebsd.org
Subject: Re: wrapping sshd
In-reply-to: Your message of "Wed, 15 Mar 2000 17:35:33 -0300."
<Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
Date: Wed, 15 Mar 2000 22:39:05 +0200
Message-ID: <59739.953152745@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Wed, 15 Mar 2000 17:35:33 -0300, Rodrigo Campos wrote:
> But my question has nothing to do with inetd, by "wrapping sshd" I mean
> compiling it with support to libwrap, wich would make it read the
> /etc/hosts.allow file in order to grant or deny access based on the
> client hostname or ip address, even when it's running as a daemon.
Well, I thought the inetd issue is exactly why that comment is there.
Chat to the guy who wrote the file (markm@FreeBSD.org) for confirmation
and let me know if I'm wrong. :-)
Ciao,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 14: 5:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66])
by hub.freebsd.org (Postfix) with ESMTP id 4E31837C269
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 14:04:49 -0800 (PST)
(envelope-from larry@interactivate.com)
Received: from interactivate.com ([24.15.133.36])
by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111)
with ESMTP
id <20000315220448.KYDS14303.mail.rdc1.sdca.home.com@interactivate.com>;
Wed, 15 Mar 2000 14:04:48 -0800
Message-ID: <38D00906.389A9A28@interactivate.com>
Date: Wed, 15 Mar 2000 14:04:54 -0800
From: Lawrence Sica <larry@interactivate.com>
Organization: Interactivate, Inc
X-Mailer: Mozilla 4.72 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Rodrigo Campos <camposr@MATRIX.COM.BR>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
References: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br>
Content-Type: multipart/mixed;
boundary="------------F37E95190F171FB493FFD703"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
This is a multi-part message in MIME format.
--------------F37E95190F171FB493FFD703
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Rodrigo Campos wrote:
> On Wed, 15 Mar 2000, Sheldon Hearn wrote:
>
> >
> >
> > On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote:
> >
> > > In the /etc/hosts.allow file there's a comment saying that "is not
> > > normally a good idea" to wrapp sshd(8)
> >
> > The answer has nothing to do with secrurity, although you couldn't have
> > known that without reading the sshd(8) manual page. :-)
> >
> > Look for the first occurance of the word inetd in the sshd(8) manual
> > page.
>
> But my question has nothing to do with inetd, by "wrapping sshd" I mean
> compiling it with support to libwrap, wich would make it read the
> /etc/hosts.allow file in order to grant or deny access based on the
> client hostname or ip address, even when it's running as a daemon.
>
sshd can do this within it's own config file already. The reasons for not
running it in inetd are pretty much the same for not wrapping it.
--Larry
>
> --
> ________________________
> Rodrigo Albani de Campos
> Matrix Internet - NOC
> http://www.br-unix.org/users/campos/
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--------------F37E95190F171FB493FFD703
Content-Type: text/x-vcard; charset=us-ascii;
name="larry.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Lawrence Sica
Content-Disposition: attachment;
filename="larry.vcf"
begin:vcard
n:Sica;Lawrence
tel;fax:858-793-4069
tel;work:858-793-4060
x-mozilla-html:FALSE
url:http://www.interactivate.com
org:Interactivate, Inc.
adr:;;2244b Carmel Valley Rd;Del Mar;CA;92014;USA
version:2.1
email;internet:larry@interactivate.com
title:Systems Adminstrator
fn:Lawrence Sica
end:vcard
--------------F37E95190F171FB493FFD703--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 14:15:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
by hub.freebsd.org (Postfix) with ESMTP id 44D6437C1CA
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 14:15:11 -0800 (PST)
(envelope-from Doug@gorean.org)
Received: from slave (doug@slave [10.0.0.1])
by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id OAA02191;
Wed, 15 Mar 2000 14:14:57 -0800 (PST)
(envelope-from Doug@gorean.org)
Date: Wed, 15 Mar 2000 14:14:57 -0800 (PST)
From: Doug Barton <Doug@gorean.org>
X-Sender: doug@dt051n0b.san.rr.com
To: Rodrigo Campos <camposr@MATRIX.COM.BR>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
In-Reply-To: <Pine.BSF.4.21.0003151624020.11873-100000@speed.matrix.com.br>
Message-ID: <Pine.BSF.4.21.0003151413580.1980-100000@dt051n0b.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Wed, 15 Mar 2000, Rodrigo Campos wrote:
> In the /etc/hosts.allow file there's a comment saying that "is not
> normally a good idea" to wrapp sshd(8), I'm just asking myself why
> wouldn't be a good idea to do it since it seems to me that openssh has
> options to restrict access to it except compiling it with LIBWRAP support.
This is really more of a -questions question, for future
reference. To answer, I have always wondered about that warning myself,
but I've never let it slow me down. :) I have never not wrapped sshd, and
it's always worked for me.
Doug
--
"While the future's there for anyone to change, still you know it seems,
it would be easier sometimes to change the past"
- Jackson Browne, "Fountain of Sorrow"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 22:14: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
by hub.freebsd.org (Postfix) with ESMTP id 766D537BA56
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 22:14:00 -0800 (PST)
(envelope-from Doug@gorean.org)
Received: from gorean.org (doug@master [10.0.0.2])
by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA07374;
Wed, 15 Mar 2000 22:13:45 -0800 (PST)
(envelope-from Doug@gorean.org)
Message-ID: <38D07B98.53CBA3E@gorean.org>
Date: Wed, 15 Mar 2000 22:13:44 -0800
From: Doug Barton <Doug@gorean.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0313 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Lawrence Sica <larry@interactivate.com>
Cc: Rodrigo Campos <camposr@MATRIX.COM.BR>,
freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
References: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br> <38D00906.389A9A28@interactivate.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Lawrence Sica wrote:
> sshd can do this within it's own config file already.
True, but I've always found it more convenient to have all of my system
access limits in the same file. (Well, two files, hosts.allow and
rc.firewall, so I really don't want a third...)
> The reasons for not
> running it in inetd are pretty much the same for not wrapping it.
No, not running it out of inetd is a whole different issue. The theory
is that sshd is more reliable than inetd, and you always want to be able
to get into your system. I have always thought that the sshd authors
were a bit grandiose on that topic.. :)
Doug
--
"While the future's there for anyone to change, still you know it
seems,
it would be easier sometimes to change the past"
- Jackson Browne, "Fountain of Sorrow"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 22:15:31 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66])
by hub.freebsd.org (Postfix) with ESMTP id 1639337BD8E
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 22:15:28 -0800 (PST)
(envelope-from larry@interactivate.com)
Received: from interactivate.com ([24.15.133.36])
by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111)
with ESMTP
id <20000316061527.XGDV14303.mail.rdc1.sdca.home.com@interactivate.com>;
Wed, 15 Mar 2000 22:15:27 -0800
Message-ID: <38D07C08.28FB5CF7@interactivate.com>
Date: Wed, 15 Mar 2000 22:15:36 -0800
From: Lawrence Sica <larry@interactivate.com>
Organization: Interactivate, Inc
X-Mailer: Mozilla 4.72 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Doug Barton <Doug@gorean.org>
Cc: Rodrigo Campos <camposr@MATRIX.COM.BR>,
freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
References: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br> <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Doug Barton wrote:
> Lawrence Sica wrote:
>
> > sshd can do this within it's own config file already.
>
> True, but I've always found it more convenient to have all of my system
> access limits in the same file. (Well, two files, hosts.allow and
> rc.firewall, so I really don't want a third...)
>
> > The reasons for not
> > running it in inetd are pretty much the same for not wrapping it.
>
> No, not running it out of inetd is a whole different issue. The theory
> is that sshd is more reliable than inetd, and you always want to be able
> to get into your system. I have always thought that the sshd authors
> were a bit grandiose on that topic.. :)
>
Ahh i was led to believe it was due to the fact it needs to generate a key and all
the fun stuff associated with it. Didn;t know that the big ego theory applied
there heh.
--Larry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Mar 15 23:40:54 2000
Delivered-To: freebsd-security@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
by hub.freebsd.org (Postfix) with ESMTP id 1E64637BA56
for <freebsd-security@FreeBSD.ORG>; Wed, 15 Mar 2000 23:40:51 -0800 (PST)
(envelope-from Doug@gorean.org)
Received: from gorean.org (doug@master [10.0.0.2])
by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id XAA07558;
Wed, 15 Mar 2000 23:40:41 -0800 (PST)
(envelope-from Doug@gorean.org)
Message-ID: <38D08FF9.D7247ACB@gorean.org>
Date: Wed, 15 Mar 2000 23:40:41 -0800
From: Doug Barton <Doug@gorean.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0313 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Lawrence Sica <larry@interactivate.com>
Cc: Rodrigo Campos <camposr@MATRIX.COM.BR>,
freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
References: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br> <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> <38D07C08.28FB5CF7@interactivate.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Lawrence Sica wrote:
>
> Doug Barton wrote:
>
> > Lawrence Sica wrote:
> >
> > > sshd can do this within it's own config file already.
> >
> > True, but I've always found it more convenient to have all of my system
> > access limits in the same file. (Well, two files, hosts.allow and
> > rc.firewall, so I really don't want a third...)
> >
> > > The reasons for not
> > > running it in inetd are pretty much the same for not wrapping it.
> >
> > No, not running it out of inetd is a whole different issue. The theory
> > is that sshd is more reliable than inetd, and you always want to be able
> > to get into your system. I have always thought that the sshd authors
> > were a bit grandiose on that topic.. :)
> >
>
> Ahh i was led to believe it was due to the fact it needs to generate a key and all
> the fun stuff associated with it. Didn;t know that the big ego theory applied
> there heh.
Well, it does take a bit longer to start the connection run out of
inetd. The difference is _very_ hard to notice on a modern (fast)
machine though. That warning applied mostly to the "old days" when
generating the key was a more substantial delay. I used to run sshd out
of inetd on a system that ran mostly unattended, needed every spare cpu
cycle, and had alternate means of access "just in case."
In all my years of running freebsd I've never seen inetd crash on any
system. In either case, if you absolutely positively have to have remote
access it's easy to write a little sh script to be run out of cron every
N minutes which checks to see if sshd/inetd is up and running, and
starts it if it's not. Even easier (though less elegant) is to just run
the command (sshd, inetd, whatever). The worst thing that could happen
is that your logs get full of "can't start <whatever> because that port
is already bound" messages.
HTH,
Doug
--
"While the future's there for anyone to change, still you know it
seems,
it would be easier sometimes to change the past"
- Jackson Browne, "Fountain of Sorrow"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 0:21:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58])
by hub.freebsd.org (Postfix) with ESMTP
id EBE4437BEE0; Thu, 16 Mar 2000 00:20:44 -0800 (PST)
(envelope-from mike@argos.org)
Received: from localhost (mike@localhost)
by jason.argos.org (8.9.1/8.9.1) with ESMTP id DAA05055;
Thu, 16 Mar 2000 03:20:44 -0500
Date: Thu, 16 Mar 2000 03:20:44 -0500 (EST)
From: Mike Nowlin <mike@argos.org>
To: freebsd-ports@freebsd.org
Cc: freebsd-security@freebsd.org
Subject: gated 3.5.11
Message-ID: <Pine.LNX.4.05.10003160258450.4925-100000@jason.argos.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Due to ports/net/gated being marked as "forbidden", my requirement for it,
and a quick search of the mailing lists, ....
hawk:/usr/ports/net/gated# make
===> gated-3.5.11 is forbidden: Security hole (buffer overflow possibly
yielding root).
hawk:/usr/ports/net/gated#
There was a message ~Dec 1 about a wheel-exploitable bug in gdc... Seems
to me that the only risk is for people that get wheel group access (or
so.... a wee bit too much brain-numbing beverage at this point in
time. :) )... If I'm willing to take this risk, is there some other
reason why this port is marked as forbidden? Or is there something else I
can't find pointing to a "possibly yielding root" bug (my understanding
being that "yielding root" means there's a bug in there allowing some
inside or outside joker to get root privs...) If you need a valid account
to start with, that's not a problem - telnetd & friends probably won't be
running on this machine to start with -- just a serial console...
thanks - mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 0:30:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rins.st.ryukoku.ac.jp (rins.st.ryukoku.ac.jp [133.83.4.1])
by hub.freebsd.org (Postfix) with ESMTP id 3E19C37BC4A
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 00:30:22 -0800 (PST)
(envelope-from kjm@ideon.st.ryukoku.ac.jp)
Received: from ideon.st.ryukoku.ac.jp (ideon.st.ryukoku.ac.jp [133.83.36.5])
by rins.st.ryukoku.ac.jp (8.9.3+3.2W/3.7W/RINS-1.9.6-NOSPAM) with ESMTP id RAA00482
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 17:30:20 +0900 (JST)
Received: from ideon.st.ryukoku.ac.jp (kjm@localhost [127.0.0.1])
by ideon.st.ryukoku.ac.jp (8.9.3/3.7W/kjm-19990628) with ESMTP id RAA92794
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 17:30:20 +0900 (JST)
From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
In-reply-to: Your message of "Wed, 15 Mar 2000 09:34:43 PST"
References: <20000315173443.F231737BA56@hub.freebsd.org>
Date: Thu, 16 Mar 2000 17:30:19 +0900
Message-ID: <92790.953195419@ideon.st.ryukoku.ac.jp>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
In <20000315173443.F231737BA56@hub.freebsd.org>,
FreeBSD Security Officer wrote:
| FreeBSD-SA-00:08 Security Advisory
...
| Topic: Lynx ports contain numerous buffer overflows
...
| II. Problem Description
|
| The lynx software is written in a very insecure style and contains numerous
| potential and several proven security vulnerabilities (publicized on the
| BugTraq mailing list) exploitable by a malicious server.
|
| The lynx ports are not installed by default, nor are they "part of FreeBSD"
| as such: they are part of the FreeBSD ports collection, which contains over
| 3100 third-party applications in a ready-to-install format.
But, /stand/sysinstall still use lynx as default text browser.
If you want to read HTML documents in sysinstall, /stand/sysinstall
will go to install lynx package automatically (and it will fail in
4.0-RELEASE).
---- from release/sysinstall/install.c revision 1.268:
variable_set2(VAR_BROWSER_PACKAGE, "lynx", 0);
variable_set2(VAR_BROWSER_BINARY, "/usr/local/bin/lynx", 0);
----
----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 1:45:59 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175])
by hub.freebsd.org (Postfix) with ESMTP id 5315D37C064
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 01:45:54 -0800 (PST)
(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1)
id 12VWqb-0000xq-00; Thu, 16 Mar 2000 11:45:41 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
In-reply-to: Your message of "Thu, 16 Mar 2000 17:30:19 +0900."
<92790.953195419@ideon.st.ryukoku.ac.jp>
Date: Thu, 16 Mar 2000 11:45:41 +0200
Message-ID: <3709.953199941@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote:
> But, /stand/sysinstall still use lynx as default text browser.
> If you want to read HTML documents in sysinstall, /stand/sysinstall
> will go to install lynx package automatically (and it will fail in
> 4.0-RELEASE).
I don't think this is a problem, since any host from which it is likely
to read documentation is quite unlikely to be malicious.
Ciao,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 1:58:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
by hub.freebsd.org (Postfix) with ESMTP id 1510137BF28
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 01:58:07 -0800 (PST)
(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)
by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id LAA62348;
Thu, 16 Mar 2000 11:57:45 +0200 (EET)
(envelope-from narvi@haldjas.folklore.ee)
Date: Thu, 16 Mar 2000 11:57:45 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>,
freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
In-Reply-To: <3709.953199941@axl.ops.uunet.co.za>
Message-ID: <Pine.BSF.3.96.1000316115654.13688g-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, 16 Mar 2000, Sheldon Hearn wrote:
>
>
> On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote:
>
> > But, /stand/sysinstall still use lynx as default text browser.
> > If you want to read HTML documents in sysinstall, /stand/sysinstall
> > will go to install lynx package automatically (and it will fail in
> > 4.0-RELEASE).
>
> I don't think this is a problem, since any host from which it is likely
> to read documentation is quite unlikely to be malicious.
>
A better way to put it is - if the host you install from is malicious,
lynx is the least of the problems.
> Ciao,
> Sheldon.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 3: 3:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
by hub.freebsd.org (Postfix) with ESMTP id 623B837B785
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 03:03:40 -0800 (PST)
(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
by flood.ping.uio.no (8.9.3/8.9.3) id MAA80160;
Thu, 16 Mar 2000 12:03:34 +0100 (CET)
(envelope-from des@flood.ping.uio.no)
To: Doug Barton <Doug@gorean.org>
Cc: Lawrence Sica <larry@interactivate.com>,
Rodrigo Campos <camposr@MATRIX.COM.BR>, freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
References: <Pine.BSF.4.21.0003151730240.11873-100000@speed.matrix.com.br> <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> <38D07C08.28FB5CF7@interactivate.com> <38D08FF9.D7247ACB@gorean.org>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 16 Mar 2000 12:03:33 +0100
In-Reply-To: Doug Barton's message of "Wed, 15 Mar 2000 23:40:41 -0800"
Message-ID: <xzp4sa7i3cq.fsf@flood.ping.uio.no>
Lines: 10
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Doug Barton <Doug@gorean.org> writes:
> In all my years of running freebsd I've never seen inetd crash on any
> system.
Weird, because inetd has historically been plagued with various
problems such as the infamous "junk pointer" bug.
DES
--
Dag-Erling Smorgrav - des@flood.ping.uio.no
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 4:37: 4 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14])
by hub.freebsd.org (Postfix) with ESMTP id 4BF9C37C0FF
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 04:37:00 -0800 (PST)
(envelope-from mike@sentex.net)
Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1])
by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id HAA71092;
Thu, 16 Mar 2000 07:36:54 -0500 (EST)
(envelope-from mike@sentex.net)
Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id HAA09497; Thu, 16 Mar 2000 07:36:48 -0500 (EST)
Message-Id: <4.2.2.20000316072948.03762588@mail.sentex.net>
X-Sender: mdtancsa@mail.sentex.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
Date: Thu, 16 Mar 2000 07:36:15 -0500
To: Mike Nowlin <mike@argos.org>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: gated 3.5.11
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.LNX.4.05.10003160258450.4925-100000@jason.argos.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
At 03:20 AM 3/16/2000 -0500, Mike Nowlin wrote:
>There was a message ~Dec 1 about a wheel-exploitable bug in gdc... Seems
>to me that the only risk is for people that get wheel group access (or
Have a search through the archives of this list and bugtraq. If I recall
correctly there were a couple of holes. ospf_mon was problematic as well
gdc. I not certain, but if you chmod 700 /usr/local/bin/ospf_monitor and
chmod 700 /usr/local/bin/gdc you should be OK. But search through the
archives for the original postings to be certain.
---Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 4:39:56 2000
Delivered-To: freebsd-security@freebsd.org
Received: from eltex.ru (eltex-gw2.nw.ru [195.19.203.86])
by hub.freebsd.org (Postfix) with ESMTP id 52AF437C0DA
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 04:39:45 -0800 (PST)
(envelope-from ark@eltex.ru)
Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2])
by eltex.ru (8.9.3/8.9.3) with SMTP id PAA18625;
Thu, 16 Mar 2000 15:39:35 +0300 (MSK)
Received: by yaksha.eltex.ru (ssmtp TIS-0.6alpha, 19 Jan 2000); Thu, 16 Mar 2000 15:37:53 +0300
Received: from undisclosed-intranet-sender id xma009671; Thu, 16 Mar 00 15:37:45 +0300
Date: Thu, 16 Mar 2000 15:38:14 +0300
Message-Id: <200003161238.PAA18026@paranoid.eltex.spb.ru>
In-Reply-To: <38D08FF9.D7247ACB@gorean.org> from "Doug Barton <Doug@gorean.org>"
From: ark@eltex.ru
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: wrapping sshd
To: Doug@gorean.org
Cc: larry@interactivate.com, <camposr@MATRIX.COM.BR>,
freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
Have you ever tried portscanning them agressively?
Doug Barton <Doug@gorean.org> said :
> In all my years of running freebsd I've never seen inetd crash on any
> system.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBONDVsqH/mIJW9LeBAQHivgP/fYSNw/bkB46NP9cQnE+WqQxq3wxVjgMZ
z4XV4MZc9xI/Xp0kK2WzLb9dqnlbx1Utyta3Eeqenl3cmfmfoEFCADF28YzfzeKz
rFqATNpN2+t3cHhOPvx2coOtEXSzEAdipUK6EyT6G9SDlDa1ABmFbEoEKfKoLPT7
2GlIq8NoErs=
=kLUo
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 4:47:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from wicket.ci.net.ua (noc-hole-gw.ci.net.ua [212.86.98.85])
by hub.freebsd.org (Postfix) with ESMTP id 8E1F937C096
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 04:47:13 -0800 (PST)
(envelope-from acid@cn.ua)
Received: from localhost (acid@localhost)
by wicket.ci.net.ua (8.9.3/8.9.3) with ESMTP id OAA02183;
Thu, 16 Mar 2000 14:46:23 +0200 (EET)
Date: Thu, 16 Mar 2000 14:46:23 +0200 (EET)
From: "Michael I. Vasilenko" <acid@cn.ua>
X-Sender: acid@wicket.ci.net.ua
To: ark@eltex.ru
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
In-Reply-To: <200003161238.PAA18026@paranoid.eltex.spb.ru>
Message-ID: <Pine.BSF.4.21.0003161443190.1991-100000@wicket.ci.net.ua>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, 16 Mar 2000 ark@eltex.ru wrote:
> Have you ever tried portscanning them agressively?
> Doug Barton <Doug@gorean.org> said :
>
>
> > In all my years of running freebsd I've never seen inetd crash on any
> > system.
Try to add TCP_RESTRICT_RST to your kernel config and
tcp_restrict_rst="YES" to rc.conf
--
Michael Vasilenko
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 7:29:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3])
by hub.freebsd.org (Postfix) with SMTP id 56AF637BFAD
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 07:29:09 -0800 (PST)
(envelope-from wwoods@cybcon.com)
Received: (qmail 74129 invoked by alias); 16 Mar 2000 15:28:07 -0000
Delivered-To: fixup-freebsd-security@freebsd.org@fixme
Received: (qmail 74119 invoked by uid 0); 16 Mar 2000 15:28:06 -0000
Received: from unknown (HELO laptop.cybcon.com) (63.163.56.141)
by pop.ptld.uswest.net with SMTP; 16 Mar 2000 15:28:06 -0000
Content-Length: 599
Message-ID: <XFMail.000316072603.wwoods@cybcon.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Thu, 16 Mar 2000 07:26:03 -0800 (PST)
Reply-To: bwoods2@uswest.net
From: William Woods <wwoods@cybcon.com>
To: freebsd-security@freebsd.org
Subject: IPFW Logging...
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I have a set of firewall rules I load and would like to be able to log attempts
from the blocked domains.....this is an example of one of the rules....
ipfw add 001 deny all from aol.com to any
How would I make that rule log to /var/log/messages?
----------------------------------
E-Mail: bwoods2@uswest.net
Date: 16-Mar-00
Time: 07:25:19l
----------------------------------
NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5,
Subchapter II, 227, and all unsolicited commercial e-mail sent to this
address is subject to a download and archival fee in the amount of $500 US
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 8:50:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from daemon.sofiaonline.com (daemon.sofiaonline.com [212.5.144.1])
by hub.freebsd.org (Postfix) with SMTP id 3A17A37BBF1
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 08:49:27 -0800 (PST)
(envelope-from zethix@sofiaonline.com)
Received: (qmail 67983 invoked from network); 16 Mar 2000 16:44:03 -0000
Received: from carnivoro.sofiaonline.com (212.5.144.5)
by daemon.sofiaonline.com with SMTP; 16 Mar 2000 16:44:03 -0000
Content-Length: 875
Message-ID: <XFMail.000316180919.zethix@sofiaonline.com>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <XFMail.000316072603.wwoods@cybcon.com>
Date: Thu, 16 Mar 2000 18:09:19 +0200 (EET)
From: Dungeonkeeper <zethix@sofiaonline.com>
To: William Woods <wwoods@cybcon.com>
Subject: RE: IPFW Logging...
Cc: freebsd-security@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On 16-Mar-00 William Woods wrote:
> I have a set of firewall rules I load and would like to be able to log
> attempts
> from the blocked domains.....this is an example of one of the rules....
>
> ipfw add 001 deny all from aol.com to any
>
> How would I make that rule log to /var/log/messages?
Just add the log option. Say:
ipfw add 001 deny log all from aol.com to any
>
> ----------------------------------
> E-Mail: bwoods2@uswest.net
> Date: 16-Mar-00
> Time: 07:25:19l
> ----------------------------------
>
> NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5,
> Subchapter II, 227, and all unsolicited commercial e-mail sent to this
> address is subject to a download and archival fee in the amount of $500 US
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 9:32:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14])
by hub.freebsd.org (Postfix) with ESMTP id 58FA437BF60
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 09:32:43 -0800 (PST)
(envelope-from mike@sentex.ca)
Received: from simoeon (simeon.sentex.ca [209.112.4.47])
by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id MAA36280;
Thu, 16 Mar 2000 12:32:40 -0500 (EST)
(envelope-from mike@sentex.ca)
Message-Id: <3.0.5.32.20000316123010.02483780@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Thu, 16 Mar 2000 12:30:10 -0500
To: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.ca>
Subject: Re: IPFW Logging...
In-Reply-To: <XFMail.000316072603.wwoods@cybcon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
At 07:26 AM 3/16/00 -0800, William Woods wrote:
>I have a set of firewall rules I load and would like to be able to log
attempts
>from the blocked domains.....this is an example of one of the rules....
>
>ipfw add 001 deny all from aol.com to any
>
>How would I make that rule log to /var/log/messages?
Depending on what version you are running, adjust your syslog.conf entry so
that it gets logged to your file of choice.
security.* /var/log/security
Also, add the log command. e.g. ipfw add 1000 deny log ip from
xxx.xxx.xxx.xxx to any
---Mike
------------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administrator, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 9:34:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7])
by hub.freebsd.org (Postfix) with ESMTP id 4E81D37BF60
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 09:34:18 -0800 (PST)
(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id MAA249970;
Thu, 16 Mar 2000 12:33:46 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <v0421010ab4f6cb1c9ee5@[128.113.24.47]>
In-Reply-To: <3709.953199941@axl.ops.uunet.co.za>
References: <3709.953199941@axl.ops.uunet.co.za>
Date: Thu, 16 Mar 2000 12:34:14 -0500
To: Sheldon Hearn <sheldonh@uunet.co.za>,
kjm@rins.ryukoku.ac.jp (KOJIMA Hajime)
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
Cc: freebsd-security@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
At 11:45 AM +0200 3/16/00, Sheldon Hearn wrote:
>On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote:
>
> > But, /stand/sysinstall still use lynx as default text browser.
> > If you want to read HTML documents in sysinstall, /stand/sysinstall
> > will go to install lynx package automatically (and it will fail in
> > 4.0-RELEASE).
>
>I don't think this is a problem, since any host from which it is likely
>to read documentation is quite unlikely to be malicious.
I would think it's a problem if sysinstall expects to use lynx,
it thus goes to install lynx, and that installation *FAILS*. If
I'm reading that right, you're then left with sysinstall trying
to use a package that does not exist.
(true?)
---
Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
Senior Systems Programmer or drosih@rpi.edu
Rensselaer Polytechnic Institute
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 9:50:55 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ab-bg.net (ab-bg.net [212.56.11.129])
by hub.freebsd.org (Postfix) with SMTP id 2149837C0BE
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 09:50:34 -0800 (PST)
(envelope-from v0rbiz@ab-bg.net)
Received: (qmail 27237 invoked by uid 1000); 16 Mar 2000 17:52:54 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
by localhost with SMTP; 16 Mar 2000 17:52:54 -0000
Date: Thu, 16 Mar 2000 19:52:54 +0200 (EET)
From: Victor Ivanov <v0rbiz@ab-bg.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: IPFW Logging...
In-Reply-To: <3.0.5.32.20000316123010.02483780@marble.sentex.ca>
Message-ID: <Pine.BSF.4.21.0003161951130.27234-100000@bissy.ab-bg.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
> At 07:26 AM 3/16/00 -0800, William Woods wrote:
> >I have a set of firewall rules I load and would like to be able to log
> attempts
> >from the blocked domains.....this is an example of one of the rules....
> >
> >ipfw add 001 deny all from aol.com to any
> >
> >How would I make that rule log to /var/log/messages?
>
>
> Depending on what version you are running, adjust your syslog.conf entry so
> that it gets logged to your file of choice.
> security.* /var/log/security
>
> Also, add the log command. e.g. ipfw add 1000 deny log ip from
> xxx.xxx.xxx.xxx to any
or:
!ipfw
*.* /var/log/ipfw-log
(rtfm)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 9:58:54 2000
Delivered-To: freebsd-security@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
by hub.freebsd.org (Postfix) with ESMTP id 56A8537BC44
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 09:58:51 -0800 (PST)
(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id JAA04198;
Thu, 16 Mar 2000 09:59:14 -0800 (PST)
(envelope-from jkh@zippy.cdrom.com)
To: Garance A Drosihn <drosih@rpi.edu>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
kjm@rins.ryukoku.ac.jp (KOJIMA Hajime), freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
In-reply-to: Your message of "Thu, 16 Mar 2000 12:34:14 EST."
<v0421010ab4f6cb1c9ee5@[128.113.24.47]>
Date: Thu, 16 Mar 2000 09:59:14 -0800
Message-ID: <4195.953229554@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
The installation does not fail if lynx is missing.
> At 11:45 AM +0200 3/16/00, Sheldon Hearn wrote:
> >On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote:
> >
> > > But, /stand/sysinstall still use lynx as default text browser.
> > > If you want to read HTML documents in sysinstall, /stand/sysinstall
> > > will go to install lynx package automatically (and it will fail in
> > > 4.0-RELEASE).
> >
> >I don't think this is a problem, since any host from which it is likely
> >to read documentation is quite unlikely to be malicious.
>
> I would think it's a problem if sysinstall expects to use lynx,
> it thus goes to install lynx, and that installation *FAILS*. If
> I'm reading that right, you're then left with sysinstall trying
> to use a package that does not exist.
>
> (true?)
>
>
> ---
> Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
> Senior Systems Programmer or drosih@rpi.edu
> Rensselaer Polytechnic Institute
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 11:15:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail-s01.websys.aol.com (mail-s01.websys.aol.com [205.188.148.242])
by hub.freebsd.org (Postfix) with ESMTP id 641D037C127
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 11:15:27 -0800 (PST)
(envelope-from mirab@icq-s11.websys.aol.com)
Received: from icq-s11.websys.aol.com (icq-s11.websys.aol.com [205.188.252.87])
by mail-s01.websys.aol.com (8.9.3/8.9.3) with ESMTP id OAA18980
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 14:15:22 -0500 (EST)
Received: (from mirab@localhost)
by icq-s11.websys.aol.com (8.9.3+Sun/8.9.1) id OAA15233
for freebsd-security@freebsd.org; Thu, 16 Mar 2000 14:15:22 -0500 (EST)
Date: Thu, 16 Mar 2000 14:15:22 -0500 (EST)
Message-Id: <200003161915.OAA15233@icq-s11.websys.aol.com>
From: Joanne Smith <joannesmith@hotmail.com>
To: freebsd-security@freebsd.org
Subject: An ICQ Greeting from Joanne Smith
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
You have a greeting from Joanne Smith waiting for you at:
http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=422106&id=1007
Be creative!
Create your own ICQ Greetings at http://www.icq.com/greetings/
If you don't have ICQ you can download it at http://www.icq.com
For more greetings visit here: http://www.icq.com/redirect/partner/ag/gallery/email.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 11:37:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3])
by hub.freebsd.org (Postfix) with SMTP id 3935437C0BE
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 11:37:21 -0800 (PST)
(envelope-from wwoods@cybcon.com)
Received: (qmail 31834 invoked by alias); 16 Mar 2000 19:36:19 -0000
Delivered-To: fixup-freebsd-security@freebsd.org@fixme
Received: (qmail 31814 invoked by uid 0); 16 Mar 2000 19:36:17 -0000
Received: from unknown (HELO laptop.cybcon.com) (63.163.56.87)
by pop.ptld.uswest.net with SMTP; 16 Mar 2000 19:36:17 -0000
Content-Length: 535
Message-ID: <XFMail.000316113414.wwoods@cybcon.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Thu, 16 Mar 2000 11:34:14 -0800 (PST)
Reply-To: bwoods2@uswest.net
From: William Woods <wwoods@cybcon.com>
To: freebsd-security@freebsd.org
Subject: IPFW...1 more question.....
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
This firewall rule,
ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com
am I correct in assuming that this will block ALL traffic from aol.com to
alpha.cybcon.com and log it?
----------------------------------
E-Mail: bwoods2@uswest.net
Date: 16-Mar-00
Time: 11:32:22l
----------------------------------
NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5,
Subchapter II, 227, and all unsolicited commercial e-mail sent to this
address is subject to a download and archival fee in the amount of $500 US
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 11:44:51 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14])
by hub.freebsd.org (Postfix) with ESMTP id 1EBC237C3E6
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 11:44:49 -0800 (PST)
(envelope-from mike@sentex.ca)
Received: from simoeon (simeon.sentex.ca [209.112.4.47])
by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id OAA76048;
Thu, 16 Mar 2000 14:44:46 -0500 (EST)
(envelope-from mike@sentex.ca)
Message-Id: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Thu, 16 Mar 2000 14:42:16 -0500
To: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.ca>
Subject: Re: IPFW...1 more question.....
In-Reply-To: <XFMail.000316113414.wwoods@cybcon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
At 11:34 AM 3/16/00 -0800, William Woods wrote:
>This firewall rule,
>
>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com
>
>am I correct in assuming that this will block ALL traffic from aol.com to
>alpha.cybcon.com and log it?
No. You need to specify IP ranges for ipfw to work. Putting in aol.com
will just block whatever A record comes up for the host aol.com. It sounds
like using libwrap (aka tcp_wrapper) might get what you want, or even
things like .htaccess if you want to block website access. However, this
will not always work either, as some of AOL's outsourced dialup might have
PTR records of the outsourcing company, and not aol.com.
---Mike
------------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administrator, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 12: 0:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
by hub.freebsd.org (Postfix) with ESMTP id 675A237BCBE
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 12:00:47 -0800 (PST)
(envelope-from Doug@gorean.org)
Received: from slave (doug@slave [10.0.0.1])
by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id MAA16673;
Thu, 16 Mar 2000 12:00:26 -0800 (PST)
(envelope-from Doug@gorean.org)
Date: Thu, 16 Mar 2000 12:00:26 -0800 (PST)
From: Doug Barton <Doug@gorean.org>
X-Sender: doug@dt051n0b.san.rr.com
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Lawrence Sica <larry@interactivate.com>,
Rodrigo Campos <camposr@MATRIX.COM.BR>, freebsd-security@FreeBSD.ORG
Subject: Re: wrapping sshd
In-Reply-To: <xzp4sa7i3cq.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0003161156540.16638-100000@dt051n0b.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On 16 Mar 2000, Dag-Erling Smorgrav wrote:
> Doug Barton <Doug@gorean.org> writes:
> > In all my years of running freebsd I've never seen inetd crash on any
> > system.
>
> Weird, because inetd has historically been plagued with various
> problems such as the infamous "junk pointer" bug.
In all likelihood I've been very lucky on that count since I don't
run much out of inetd, or run it at all if I can help it. The last two
years or so I have been running more stuff out of inetd on my home systems
(heavily firewalled, wrapped, etc.) more so to learn about utilities and
such than anything else. On production systems I tend to use ssh
exclusively.
Currently at work however I'm installing more and more freebsd
systems with inetd stuff open (once again, firewalled, wrapped,
etc.) because in a mixed-platform, mixed-other-factors-too environment it
has been deemed "necessary." I'm hoping I won't have to eat my words about
not having it crash on me.... :)
Doug
--
"While the future's there for anyone to change, still you know it seems,
it would be easier sometimes to change the past"
- Jackson Browne, "Fountain of Sorrow"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 12:15:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3])
by hub.freebsd.org (Postfix) with SMTP id 5B1A737BCDD
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 12:15:39 -0800 (PST)
(envelope-from wwoods@cybcon.com)
Received: (qmail 56090 invoked by alias); 16 Mar 2000 20:14:33 -0000
Delivered-To: fixup-freebsd-security@FreeBSD.ORG@fixme
Received: (qmail 56072 invoked by uid 0); 16 Mar 2000 20:14:32 -0000
Received: from unknown (HELO laptop.cybcon.com) (63.163.56.238)
by pop.ptld.uswest.net with SMTP; 16 Mar 2000 20:14:32 -0000
Content-Length: 1605
Message-ID: <XFMail.000316121228.wwoods@cybcon.com>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca>
Date: Thu, 16 Mar 2000 12:12:28 -0800 (PST)
Reply-To: bwoods2@uswest.net
From: William Woods <wwoods@cybcon.com>
To: Mike Tancsa <mike@sentex.ca>
Subject: Re: IPFW...1 more question.....
Cc: freebsd-security@FreeBSD.ORG, bwoods2@uswest.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hmmmm, well, I have a list of .com's that I want to block access totally, what
would be the most effective way then, .htaccess would just block web, and I
want a bit more totality than that.
On 16-Mar-00 Mike Tancsa wrote:
> At 11:34 AM 3/16/00 -0800, William Woods wrote:
>>This firewall rule,
>>
>>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com
>>
>>am I correct in assuming that this will block ALL traffic from aol.com to
>>alpha.cybcon.com and log it?
>
> No. You need to specify IP ranges for ipfw to work. Putting in aol.com
> will just block whatever A record comes up for the host aol.com. It sounds
> like using libwrap (aka tcp_wrapper) might get what you want, or even
> things like .htaccess if you want to block website access. However, this
> will not always work either, as some of AOL's outsourced dialup might have
> PTR records of the outsourcing company, and not aol.com.
>
> ---Mike
>
> ------------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Network Administrator, mike@sentex.net
> Sentex Communications www.sentex.net
> Cambridge, Ontario Canada
----------------------------------
E-Mail: bwoods2@uswest.net
Date: 16-Mar-00
Time: 12:10:41l
----------------------------------
NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5,
Subchapter II, 227, and all unsolicited commercial e-mail sent to this
address is subject to a download and archival fee in the amount of $500 US
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 12:20:23 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14])
by hub.freebsd.org (Postfix) with ESMTP id 2A0BC37C1B2
for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 12:20:14 -0800 (PST)
(envelope-from mike@sentex.ca)
Received: from simoeon (simeon.sentex.ca [209.112.4.47])
by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id PAA82567;
Thu, 16 Mar 2000 15:20:11 -0500 (EST)
(envelope-from mike@sentex.ca)
Message-Id: <3.0.5.32.20000316151740.0217d280@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Thu, 16 Mar 2000 15:17:40 -0500
To: bwoods2@uswest.net
From: Mike Tancsa <mike@sentex.ca>
Subject: Re: IPFW...1 more question.....
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <XFMail.000316121228.wwoods@cybcon.com>
References: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
At 12:12 PM 3/16/00 -0800, William Woods wrote:
>Hmmmm, well, I have a list of .com's that I want to block access totally,
what
>would be the most effective way then, .htaccess would just block web, and I
>want a bit more totality than that.
With .htaccess for apache, and all the services in /etc/hosts.allow that
can be wrapped, what is missing for you ?
---Mike
>
>On 16-Mar-00 Mike Tancsa wrote:
>> At 11:34 AM 3/16/00 -0800, William Woods wrote:
>>>This firewall rule,
>>>
>>>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com
>>>
>>>am I correct in assuming that this will block ALL traffic from aol.com to
>>>alpha.cybcon.com and log it?
>>
>> No. You need to specify IP ranges for ipfw to work. Putting in aol.com
>> will just block whatever A record comes up for the host aol.com. It sounds
>> like using libwrap (aka tcp_wrapper) might get what you want, or even
>> things like .htaccess if you want to block website access. However, this
>> will not always work either, as some of AOL's outsourced dialup might have
>> PTR records of the outsourcing company, and not aol.com.
>>
>> ---Mike
>>
>> ------------------------------------------------------------------------
>> Mike Tancsa, tel +1 519 651 3400
>> Network Administrator, mike@sentex.net
>> Sentex Communications www.sentex.net
>> Cambridge, Ontario Canada
>
>
>----------------------------------
>E-Mail: bwoods2@uswest.net
>Date: 16-Mar-00
>Time: 12:10:41l
>----------------------------------
>
>NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5,
>Subchapter II, 227, and all unsolicited commercial e-mail sent to this
>address is subject to a download and archival fee in the amount of $500 US
>
>
>
------------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administrator, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 14:28:21 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
by hub.freebsd.org (Postfix) with ESMTP
id 42D7637BC40; Thu, 16 Mar 2000 14:28:19 -0800 (PST)
(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA93428;
Thu, 16 Mar 2000 14:28:18 -0800 (PST)
(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Thu, 16 Mar 2000 14:28:17 -0800 (PST)
From: Kris Kennaway <kris@FreeBSD.org>
To: bwoods2@uswest.net
Cc: Mike Tancsa <mike@sentex.ca>, freebsd-security@FreeBSD.ORG
Subject: Re: IPFW...1 more question.....
In-Reply-To: <XFMail.000316121228.wwoods@cybcon.com>
Message-ID: <Pine.BSF.4.21.0003161424390.92566-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, 16 Mar 2000, William Woods wrote:
> Hmmmm, well, I have a list of .com's that I want to block access totally, what
> would be the most effective way then, .htaccess would just block web, and I
> want a bit more totality than that.
Blocking based on DNS source address is quite unreliable, since if e.g.
aol control their DNS servers they could just assign their machine another
reverse DNS name (e.g. happy.friendly.com), and pass your access
restrictions. Further, your ipfw example wouldn't even block based on the
DNS names, but would block based on whatever IP address aol.com happened
to resolve to at the time. DNS is also an insecure protocol. The bottom
line is that you should always do access control based on IP addresses,
not DNS addresses.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Mar 16 14:30:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from www.kpi.com.au (www.kpi.com.au [203.31.83.86])
by hub.freebsd.org (Postfix) with ESMTP id 64FC737BDF1
for <freebsd-security@freebsd.org>; Thu, 16 Mar 2000 14:30:15 -0800 (PST)
(envelope-from johnsa@kpi.com.au)
Received: from sleek (admin.hazellbros.com.au [203.39.132.98])
by www.kpi.com.au (8.9.3/8.9.3) with SMTP id JAA08003;
Fri, 17 Mar 2000 09:29:42 +1100 (EST)
(envelope-from johnsa@kpi.com.au)
Message-ID: <00eb01bf8f97$24e84a20$625aa8c0@hazellbros.com.au>
From: "Andrew Johns" <johnsa@kpi.com.au>
To: <tgregory@tarjema.com>
Cc: <freebsd-security@freebsd.org>
References: <38CE684F.39657A28@tarjema.com>
Subject: Re: InterScan Virus Wall for Linux
Date: Fri, 17 Mar 2000 09:29:11 +1100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
No, but you could try uvscan (Un*x VScan) from McAfee - they
*even* have a native FreeBSD version - check out their
website.
<credibility statement> We even have government deptartments
using it here </credibility statement>
Regards
--
Andrew Johns BSc.
KPI Logistics P/L
----- Original Message -----
From: "Timothy A. Gregory" <tgregory@tarjema.com>
To: <freebsd-security@FreeBSD.ORG>
Sent: Wednesday, March 15, 2000 3:26 AM
Subject: InterScan Virus Wall for Linux
> Has anyone had any luck getting InterScan VirusWall for
Linux running on
> FreeBSD?
>
> I've gotten the package installed, the RedHat 6.1 packages
but when I
> try to run the 'scanning' daemons (their sendmail, ishttpd,
isftpd etc)
> I get seg faults...
>
> Thanks for any help!
> --
> ------------------------------------------------------------
----
> Timothy A. Gregory Systems Administrator
> Semaphore Corporation http://www.semaphore.com
> 206.905.5000 tgregory@semaphore.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the
message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Mar 17 4:56:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from florence.pavilion.net (florence.pavilion.net [212.74.0.25])
by hub.freebsd.org (Postfix) with ESMTP id CF4E537BD43
for <freebsd-security@FreeBSD.ORG>; Fri, 17 Mar 2000 04:56:41 -0800 (PST)
(envelope-from support@m-p.co.uk)
Received: from voyager (dynamic-57.max4-du-ws.dialnetwork.pavilion.co.uk [212.74.9.185])
by florence.pavilion.net (8.9.3/8.8.8) with SMTP id MAA79748
for <freebsd-security@FreeBSD.ORG>; Fri, 17 Mar 2000 12:55:18 GMT
(envelope-from support@m-p.co.uk)
Message-ID: <000701bf9012$8da253a0$37000064@voyager>
From: "M + P International" <support@m-p.co.uk>
To: <freebsd-security@FreeBSD.ORG>
Subject: Send mail help
Date: Fri, 17 Mar 2000 13:13:11 -0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01BF9012.8BB3F120"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.1
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
This is a multi-part message in MIME format.
------=_NextPart_000_0004_01BF9012.8BB3F120
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I seem to be having trouble connecting from endoura on my win 95machine =
to my unix server, every time I attempt it I get the message conection =
refused. However I am able to connect to the server and send mail to it =
can you help me ? If you could I would be very greatfull
Alex
support@m-p.co.uk=20
------=_NextPart_000_0004_01BF9012.8BB3F120
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>I seem to be having trouble =
connecting from=20
endoura on my win 95machine to my unix server, every time I attempt it I =
get the=20
message conection refused. However I am able to connect to the server =
and send=20
mail to it can you help me ? If you could I would be very =
greatfull</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>Alex</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2><A=20
href=3D"mailto:support@m-p.co.uk ">support@m-p.co.uk=20
</A></FONT></DIV></BODY></HTML>
------=_NextPart_000_0004_01BF9012.8BB3F120--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Mar 17 13: 9:47 2000
Delivered-To: freebsd-security@freebsd.org
Received: from usc.edu (usc.edu [128.125.253.136])
by hub.freebsd.org (Postfix) with ESMTP id C6BB737BBB1
for <freebsd-security@FreeBSD.ORG>; Fri, 17 Mar 2000 13:09:43 -0800 (PST)
(envelope-from walker@usc.edu)
Received: from skat.usc.edu (walker@skat.usc.edu [128.125.253.131])
by usc.edu (8.9.3.1/8.9.3/usc) with ESMTP
id NAA08293; Fri, 17 Mar 2000 13:09:43 -0800 (PST)
Received: from localhost (walker@localhost)
by skat.usc.edu (8.9.3.1/8.9.3/usc) with ESMTP
id NAA29344; Fri, 17 Mar 2000 13:09:42 -0800 (PST)
Date: Fri, 17 Mar 2000 13:09:42 -0800 (PST)
From: Mike Walker <walker@usc.edu>
To: M + P International <support@m-p.co.uk>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Send mail help
In-Reply-To: <000701bf9012$8da253a0$37000064@voyager>
Message-ID: <Pine.GSO.4.10.10003171305510.11847-100000@skat.usc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Definitely does not belong in security.
Sending goes to sendmail. Eudora uses POP3 to read mail.
Check that POP3 is configured in /etc/inetd.conf
pop3 stream tcp nowait root /usr/local/libexec/popper popper
On Fri, 17 Mar 2000, M + P International wrote:
> I seem to be having trouble connecting from endoura on my win
> 95machine to my unix server, every time I attempt it I get the
> message conection refused. However I am able to connect to the
> server and send mail to it can you help me ? If you could I would be
> very greatfull
> Alex
> support@m-p.co.uk
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Mar 17 13:40:57 2000
Delivered-To: freebsd-security@freebsd.org
Received: from www.exitexchange.com (www.exitexchange.com [206.58.218.91])
by hub.freebsd.org (Postfix) with ESMTP
id 478C237B760; Fri, 17 Mar 2000 13:40:50 -0800 (PST)
(envelope-from reg@exitexchange.com)
Received: from exitexchange.com ([206.58.218.112])
by www.exitexchange.com (8.9.3/8.9.3) with SMTP id FAA20631;
Tue, 14 Mar 2000 05:51:16 -0800
Message-Id: <200003141351.FAA20631@www.exitexchange.com>
Received: from reg@exitexchange.com by (8.8.5/8.6.5) with SMTP id GAA07521 for <reg@exitexchange.com>; Tue, 14 Mar 2000 05:00:35 -0600 (EST)
Date: Tue, 14 Mar 00 05:00:35 EST
From: "Registration Information" <reg@exitexchange.com>
To: reg@exitexchange.com
Subject: Re: Registration of domain with ExitExchange.com
Reply-To: reg@exitexchange.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Here's how to register.
ExitExchange is the fastest way to grow your website. Every time someone leaves your website ExitExchange sends you new traffic. More effective than banners, ExitExchange actually brings real traffic right to your front door. Whether you're a large corporation or just a single homepage, there has never been an easier way to promote your website. Experience the explosive growth you've been dreaming of for your website. Put the power of the ExitExchange Orbit Network™ to work for you and start counting the hits immediately.
Ohhh... and did we mention it's absolutely FREE!
Sign up is simple and takes just a few minutes (literally). Come take our Quick Tour and see for yourself how easy it is to Get Big, Real Big, Really Fast with ExitExchange.com
http://www.exitexchange.com
Sincerely,
ExitExchange Registration Services
"Never Say Goodbye To Your Traffic Again"
///////////////////////////////////////////////////////////////
One time mailing, no need for removal.
//////////////////////////////////////////////////////////////
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Mar 18 21: 1: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from c017.sfo.cp.net (c017-h014.c017.sfo.cp.net [209.228.12.228])
by hub.freebsd.org (Postfix) with SMTP id E073137BC07
for <security@freebsd.org>; Sat, 18 Mar 2000 21:01:00 -0800 (PST)
(envelope-from billy@tweakers.com)
Received: (cpmta 23492 invoked from network); 18 Mar 2000 19:45:34 -0800
Received: from unknown (HELO tweakers.com) (63.88.237.8)
by smtp.tweakers.com with SMTP; 18 Mar 2000 19:45:34 -0800
X-Sent: 19 Mar 2000 03:45:34 GMT
From: billy@tweakers.com
Reply-To: billy@tweakers.com
To: billy@tweakers.com
Subject: worth a look?
Message-Id: <20000319050100.E073137BC07@hub.freebsd.org>
Date: Sat, 18 Mar 2000 21:01:00 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
http://www.radiofreecash.com/home.asp?ref=drpaul
This is a one time mailing
there is no need to remove yourself
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message