From owner-freebsd-security Tue Jan 1 9:39:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2A9EC37B41D for ; Tue, 1 Jan 2002 09:39:48 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id g01HawD14673; Tue, 1 Jan 2002 12:36:58 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Tue, 1 Jan 2002 12:36:58 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: John Hay Cc: cjclark@alum.mit.edu, Randy Bush , freebsd-security@FreeBSD.ORG Subject: Re: openssh version In-Reply-To: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 1 Jan 2002, John Hay wrote: > > On Mon, Dec 31, 2001 at 01:12:50PM -0800, Randy Bush wrote: > > > i did a cvsup of -stable (4.5-prerelease) yesterday. it seems to have > > > OpenSSH_2.9 as opposed to 3.0.x. for a number of reasons, this is a bit > > > unsettling. > > > > What would those reasons be? > > I can think of two: > > If you check the version number that ours report and then go to the > OpenSSH security page, http://www.openssh.org/security.html, it makes > you wonder. I know at least some of those things were fixed in our tree, > but it is confusing. My understanding is that we are not vulnerable to any of these problems; I've asked that we list the "localizations" somewhere obvious so it can be clear that is the case, but I'm not sure that has happened. The confusion concern is an important one. > ============================================================================== > OpenSSH version 2.9 has a bug which can cause lost EOF errors when used as > a BitKeeper transport, especially over slow links. We've confirmed that > the problem has been fixed as of version 2.9.9; get an update at > http://www.openssh.com/portable.html > ============================================================================== > > My solution is to use the ports version. Maybe we should remove the > in-tree version and just get sysinstall to install the ports version by > default? Or otherwise maybe get the guy that maintain the ports version > to also do the in-tree version? He seems quite quick in updating the > ports version. I've run into a related problem with SSH forwarding that occurs when a forwarded TCP connection takes a while to connect. The problem is that apparently the OpenSSH sshd we ship discards data sent over a forwarded connection before all parts are completed. If you're using forwarding connecting to a server with high latency, and on a client-driven protocol, you may lose some content on the connection. Many relevant protocols are server-driven (i.e., server banner before client data transmission) and therefore work fine, and most connections are sufficiently timely from the remote host that it is not a problem, but it can be a very irritating bug. It is apparently fixed in more recent versions. Eivind Eklund was looking at merging our various localizations forward (including PAM), and I'd really like to look at an upgrade in the post-4.5 scenario. Getting it in before the release is (at this point) out of the question, however. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 1 13: 6:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 3F15537B423; Tue, 1 Jan 2002 13:06:40 -0800 (PST) Received: from user-2ivfo98.dialup.mindspring.com ([165.247.225.40] helo=gohan.cjclark.org) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16LW77-00074B-00; Tue, 01 Jan 2002 13:06:27 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id g01L63800673; Tue, 1 Jan 2002 13:06:03 -0800 (PST) (envelope-from cjc) Date: Tue, 1 Jan 2002 13:06:01 -0800 From: "Crist J. Clark" To: Robert Watson Cc: John Hay , Randy Bush , freebsd-security@FreeBSD.ORG Subject: Re: openssh version Message-ID: <20020101130601.A153@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rwatson@FreeBSD.ORG on Tue, Jan 01, 2002 at 12:36:58PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jan 01, 2002 at 12:36:58PM -0500, Robert Watson wrote: [snip] > Eivind Eklund was looking at merging our various localizations forward > (including PAM), and I'd really like to look at an upgrade in the post-4.5 > scenario. Getting it in before the release is (at this point) out of the > question, however. And this is the crux of the issue. Merging a new vendor version of OpenSSH is non-trivial. In addition, there are frequently back compatiblility issues (e.g. with configuration files) with new versions of OpenSSH. For each person who asks, "Why isn't FreeBSD using the bleeding-edge OpenSSH?" there will be several on -stable, "I just did an installworld on a remote machine, and I can't access it via SSH any more." Creating the potential for problems like this in STABLE is bad. For these reasons and others, it is often more practical to patch security fixes in the FreeBSD tree than to import fixes (and other changes that come with it) from the vendor. -- "It's always funny until someone gets hurt. Then it's hilarious." Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 1 13:13:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id ACC4137B41B for ; Tue, 1 Jan 2002 13:13:19 -0800 (PST) Received: (qmail 16416 invoked by uid 0); 1 Jan 2002 21:13:17 -0000 Received: from p3ee21640.dip.t-dialin.net (HELO mail.gsinet.sittig.org) (62.226.22.64) by mail.gmx.net (mp003-rz3) with SMTP; 1 Jan 2002 21:13:17 -0000 Received: (qmail 70352 invoked from network); 1 Jan 2002 20:46:11 -0000 Received: from shell.gsinet.sittig.org (192.168.11.153) by mail.gsinet.sittig.org with SMTP; 1 Jan 2002 20:46:11 -0000 Received: (from sittig@localhost) by shell.gsinet.sittig.org (8.11.3/8.11.3) id g01Kk4A70339 for freebsd-security@FreeBSD.ORG; Tue, 1 Jan 2002 21:46:04 +0100 (CET) (envelope-from sittig) Date: Tue, 1 Jan 2002 21:46:02 +0100 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: openssh version Message-ID: <20020101214601.A1494@shell.gsinet.sittig.org> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rwatson@FreeBSD.ORG on Tue, Jan 01, 2002 at 12:36:58PM -0500 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jan 01, 2002 at 12:36 -0500, Robert Watson wrote: > > [ forwarding "issues" with BitKeeper and OpenSSH < 2.9.9 ] > > I've run into a related problem with SSH forwarding that occurs when a > forwarded TCP connection takes a while to connect. The problem is that > apparently the OpenSSH sshd we ship discards data sent over a forwarded > connection before all parts are completed. If you're using forwarding > connecting to a server with high latency, and on a client-driven protocol, > you may lose some content on the connection. Could this be the reason for what I'm experiencing here? Under load or should the initial handshake not go quick enough (busy ISP in the evening hours), my POP3 over SSL connection stalls and times out without (successfully) transferring any data. $ uname -sr FreeBSD 4.3-STABLE $ openssl version OpenSSL 0.9.6 24 Sep 2000 $ pkg_info | grep fetchmail fetchmail-5.6.1 Batch mail retrieval/forwarding utility for pop2, pop3, apo This would point to the lower layer (OpenSSL). I understand that OpenSSH makes use of its functionality. $ ssh -V SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 1 14:17:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id 210ED37B423; Tue, 1 Jan 2002 14:17:22 -0800 (PST) Received: from there (nic-118-c60-194.mn.mediaone.net [24.118.60.194]) by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with SMTP id g01MGstg025061; Tue, 1 Jan 2002 16:16:54 -0600 (CST)?g (envelope-from rob@cyberpunkz.org)œ Posted-Date: Tue, 1 Jan 2002 16:16:54 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Content-Type: text/plain; charset="iso-8859-1" From: Rob Andrews Reply-To: rob@cyberpunkz.org Organization: Cyberpunk Alliance Message-Id: <200201011538.44206@cyberpunkz.org> To: cjclark@alum.mit.edu, "Crist J. Clark" , Robert Watson Subject: Re: openssh version Date: Tue, 1 Jan 2002 16:16:46 -0600 X-Mailer: KMail [version 1.3.2] Cc: John Hay , Randy Bush , freebsd-security@FreeBSD.ORG References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> <20020101130601.A153@gohan.cjclark.org> In-Reply-To: <20020101130601.A153@gohan.cjclark.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 01 January 2002 15:06, Crist J. Clark wrote: [- snip -] While I have no arguement with these issues there is one thing that I do however have issue with in regard to the current way openssh is handled between the base system and the port. Since the base system version does not install in the local file system, nor does the port version by default install in the base file system, there should be a clear way to force the port version to be able to install over the current base system or to have the base system version be deinstalled when you install the port so as to not have conflicting versions on the system. Its impractical to have the version in the base system be started up from the system rc yet the port version installs with a startup script unless you delete the shell script and change the location in the rc.conf of the new version to run. Which still leaves the old version on the system which in some cases might be flawed or not be desirable to an admin to have it on their system. Saying this brings up the point that the version in the base system of 4.4-stable was in fact a flawed version of openssh and unless people were reminded or on the ball enough to realize that the port version doesn't install over the base system version, they might very well have the old version of sshd startup on the system upon rebooting the machine. I think the point really is that the way its currently handled, its just very messy and should be thought out more clearly on how a peice of software that is part of the security of a system should be managed as to insure that the software is effective in its task. Brutally put, this is a poor system currently and needs to be more clearly laid out for people who are attempting to grasp how freebsd can be benificial over other systems. Ease of managing the software upgrades is probably one of the bigger sell points to myself and several others I know that use freebsd religiously. Just my two cents.. Happy New Year.. Rob Andrews Cyberpunk Alliance http://cyberpunkz.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 1 22: 0: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id 9AABC37B427; Tue, 1 Jan 2002 22:00:00 -0800 (PST) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g025xaX94943; Wed, 2 Jan 2002 07:59:36 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200201020559.g025xaX94943@zibbi.icomtek.csir.co.za> Subject: Re: openssh version In-Reply-To: <20020101130601.A153@gohan.cjclark.org> from "Crist J. Clark" at "Jan 1, 2002 01:06:01 pm" To: cjclark@alum.mit.edu Date: Wed, 2 Jan 2002 07:59:35 +0200 (SAT) Cc: rwatson@FreeBSD.ORG (Robert Watson), jhay@icomtek.csir.co.za (John Hay), randy@psg.com (Randy Bush), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > > Eivind Eklund was looking at merging our various localizations forward > > (including PAM), and I'd really like to look at an upgrade in the post-4.5 > > scenario. Getting it in before the release is (at this point) out of the > > question, however. > > And this is the crux of the issue. Merging a new vendor version of > OpenSSH is non-trivial. In addition, there are frequently back > compatiblility issues (e.g. with configuration files) with new versions > of OpenSSH. For each person who asks, "Why isn't FreeBSD using the > bleeding-edge OpenSSH?" there will be several on -stable, "I just did > an installworld on a remote machine, and I can't access it via SSH any > more." Creating the potential for problems like this in STABLE is > bad. For these reasons and others, it is often more practical to patch > security fixes in the FreeBSD tree than to import fixes (and other > changes that come with it) from the vendor. Well I can accept your argument for -stable, although bigger changes has gone in -stable in the past, but what about -current? My -current boxes also still claim: "sshd version OpenSSH_2.9 FreeBSD localisations 20011202" And this is the problem, if we don't have -current upgraded we have little chance in getting wrinkles out and very little chance of it going in -stable. Also maybe we should think again about all our local changes and if all of them are really necesary. If we can ditch some, that will also make it a lot easier to upgrade. John -- John Hay -- John.Hay@icomtek.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 2 10:15: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B38E37B41E; Wed, 2 Jan 2002 10:14:56 -0800 (PST) Received: from there (nic-118-c60-194.mn.mediaone.net [24.118.60.194]) by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with SMTP id g02IErtg084352; Wed, 2 Jan 2002 12:14:54 -0600 (CST)?g (envelope-from rob@cyberpunkz.org)œ Posted-Date: Wed, 2 Jan 2002 12:14:53 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Content-Type: text/plain; charset="iso-8859-1" From: Rob Andrews Reply-To: rob@cyberpunkz.org Organization: Cyberpunk Alliance Message-Id: <200201021122.27596@cyberpunkz.org> To: freebsd-security@freebsd.org Subject: libsafe? Date: Wed, 2 Jan 2002 12:14:44 -0600 X-Mailer: KMail [version 1.3.2] Cc: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://www.avayalabs.com/project/libsafe/index.html I won't go into details of what this lib does or is since the url above has all the information on it. I however was wondering since someone else had asked, if there was any type of a lib or such in freebsd which attempts to perform some of the functions that this seems to be attempting to do. I don't recall seeing anything like this in freebsd's base system or in the ports collection but figured it might be covered by something similar or possibly considered to be looked into for addition to freebsd. Just an innocent inquiry :) Rob Andrews Cyberpunk Alliance http://cyberpunkz.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 2 11:26:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id A451C37B41D; Wed, 2 Jan 2002 11:26:29 -0800 (PST) Received: from there (nic-118-c60-194.mn.mediaone.net [24.118.60.194]) by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with SMTP id g02JQRtg085591; Wed, 2 Jan 2002 13:26:28 -0600 (CST)?g (envelope-from rob@cyberpunkz.org)œ Posted-Date: Wed, 2 Jan 2002 13:26:27 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Content-Type: text/plain; charset="iso-8859-1" From: Rob Andrews Reply-To: rob@cyberpunkz.org Organization: Cyberpunk Alliance Message-Id: <200201021319.35424@cyberpunkz.org> To: freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Date: Wed, 2 Jan 2002 13:26:25 -0600 X-Mailer: KMail [version 1.3.2] Cc: freebsd-ports@FreeBSD.ORG References: <200201021122.27596@cyberpunkz.org> In-Reply-To: <200201021122.27596@cyberpunkz.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 02 January 2002 12:14, Rob Andrews wrote: [-snip-] and yes I realize libparanoid is in the ports. Note the differences between libsafe and libparanoid.. (sorry I've gotten a few replies and yes I know about it. but its not similar in _how_ it handles doing the same thing that libsafe is doing) Rob Andrews Cyberpunk Alliance http://cyberpunkz.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 1: 9:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from griffin.Pikapp.net (pkf60.eastnet.gatech.edu [128.61.105.124]) by hub.freebsd.org (Postfix) with ESMTP id C1F3A37B41D; Thu, 3 Jan 2002 01:06:28 -0800 (PST) Received: from mx1.eudoramail.com ([67.203.104.212]) by griffin.Pikapp.net with Microsoft SMTPSVC(5.0.2195.3779); Thu, 3 Jan 2002 04:05:47 -0500 Message-ID: <000008cb56a4$00000516$00000050@mx1.eudoramail.com> To: From: SHCCpress@eudoramail.com Subject: SHCC: Tonight's Investment Special BKK Date: Thu, 03 Jan 2002 03:06:19 -1800 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Reply-To: SHCCnews6@eudoramail.com X-OriginalArrivalTime: 03 Jan 2002 09:05:48.0077 (UTC) FILETIME=[D597FDD0:01C19435] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org = Investors
 <= /caption>
=

Investm= ent Special
Toni= ght's Feature Company

ShareCom, Inc.
(OTC= BB: SHCC)

Current Price: $0.0154

52 Week High: $2.49
52 Week Low: $0.009

      Why SHCC?
  • SHCC has established bus= iness relationships with FEMA, the American Red Cross, AAA, NOAA, and more=

  • SHCC is cu= rrently booking revenues of $45,000 per month and projects revenues = of $13 million for 2002.
  • Partnerships and= market advantage fuel exponential growth for SHCC.
  • The Time is NOW a= t Sharecom

    The Federal Emergency Management Agency (FEMA)= , the National Weather Service (NWS), the Red Cross and = AAA are a but a few of the agencies and organizations with whom = ShareCom Inc. has forged alliances to ensure clear competitive a= dvantage for its product lines. The past 10 years have seen a dram= atic increase in severe weather conditions=FFFFFF85and with continued glob= al warming these patterns will exacerbate. Prompted by FEMA and NWS aggres= sive programs, demand for the Company=FFFFFF92s NOAA Weather Radio will= soar. Today 7% of American homes possess a NOAA radio=FFFFFF85 = the national goal is 100%. 

    ShareCom=FFFFFF92s ww= w.WeatherRadios.com is the site for consumers to purchase the Company=FF= FFFF92s superior product at a significant discount. SHCC's revenue flow ra= te is at $45,000/month and rapidly growing. The Company will realiz= e a profit this year and plans to triple it next.. SHCC's market dominance= in this growing "bread and butter", niche business makes it an = interesting acquisition candidate and a compelling investment.

    This Just Out: SHCC NEWS

    =
     

    ShareCom, Inc. Ships the First NOAA = Weather Radio Featuring Instant Localized Setup

    PALATINE, Ill.--(BUSINESS WIRE)--Dec. 11, 2001--ShareCom, In= c.(TM), the market leader in designing and manufacturing NOAA (National Oceanographic and Atmospheric Administration) Weather Radi= o and Disaster Readiness electronics products, today announced availabilit= y of its WRP-500 Broadcaster(TM) NOAA Weather Radio, with an SRP of= $149.99, available for purchase via its ecommerce web site and through se= lect retailers around the country. Like all ShareCom products, the WRP-500= features a streamlined and fashionable design, coupled with strong price = performance.

    ShareCom manufactures products which are expressly d= esigned to support the in-place NOAA Weather Network - an always on (24/7)= broadcast network that covers 95% of the US. This ``early warning'= ' network provides general-purpose weather information and alerts for haza= rdous weather or disaster warnings for people throughout the US.

    = The Federal Government, The Americ= an Red Cross and numerous state and local government agencies a= re now emphasizing the need for the NOAA Weather Radio network, especially= since the September 11th tragedy. A NOAA Weather Radio is now consi= dered as important as having a smoke detector in a home, school or busines= s.

    ``Our market research in= dicated a strong need in the marketplace for a NOAA Weather Radio that loo= ks good in someone's home or office, but that has real ease of use built i= nto the overall design,'' said Brad Nordling the CEO of ShareCom, Inc. ``O= ne of the most requested feature enhancements from our consumers has been = to provide functionality that enables them to setup a radio right out of t= he box, with no cumbersome interface to deal with. The WRP-500 Broadcaster= addresses this need by incorporating our Graphical Alert Technology(TM) s= pecialty software - our customers now have the ability to easily config= ure their radios in a matter of seconds using a functional scroll down men= u.''

    Stay tun= ed for more announcements to come

More Reasons to Consider Buyin= g SHCC

1.= WeatherRadios.com has been awar= ded a National Partnership with the Federal Emergency Management Agency (F= EMA) to increase the use of Weather Radios country wide through a = program called Project Impact. There are 2,600 Project Impact communities = in the U.S. The FEMA web site lists WeatherRadios.com as a national partne= r providing a banner and link to the WeatherRadios.com site. The FEMA site= receives over 100,000 visitors per day. 

2. The Nat= ional Oceanic and Aerospace Administration (NOAA) has WeatherRadio= s.com listed first on their web site, telling people were to purchase a NO= AA Weather Radio. 

3. The National Weather Serv= ice (NWS) has offered to promote corporate sponsorships to the Wea= therRadios.com site through recognition and media support.  &nbs= p;

4. Local American Red Cross Chapters will promo= te NOAA Weather Radios through WeatherRadios.com in an exchange fo= r a $5.00 donation per radio sold. 

5. The Chicago= Area AAA will feature SHCC's 2WayTalk.com on its web site offering exclusive discounts on Weather Radios,= and FRS Family Radios. 2WayTalk.com will also be listed in the AAA magazi= ne called "Home and Away". 

6. The Federation of Manufactured Home Owners of Florid= a (FMO) has entered into a one year agreement that will increase t= he sale of Weather Radios from the WeatherRadios.com site. Mailings and we= b site links will offer a group discount to members and also pay a rebate = to the organization for every radio sold. 

7. The Owner - Operat= or Independent Drivers Association (OOIDA)
has begun to promote th= e discount that is offered through the WeatherRadios.com site. Magazine ar= ticles, mailings, and web site links will offer a group discount to member= s and also pay a rebate to the organization for every radio sold. This agr= eement will run for one year. 

     NOAA Weather Radios automatically alert people of impending severe weather conditions &= quot;24/7". This is especially critical for families while sleeping. = These devices are fast becoming recognized as essential and pote= ntially life saving for use in homes, businesses, and critical care fa= cilities.

The National Weather Service (NWS)<= /font> has stated that t= here has been an increase in severe weather in the last 10 years and this = trend is expected to continue. NWS has a published goal for NOAA Weathe= r Radios to be in every home within the next 10 years. Currentl= y, approximately just 7% of homes have this device. This being said= , we can expect a tremendous increase in the presence and sale of weath= er radios over the coming years. The NWS, NOAA, the Federal Emergency = Management Agency (FEMA) and other government agencies have an aggressive = education and funding effort to reach the 100% goal.

New technology called Specific Area Mess= age Encoding (SAME) was introduced in the mid 90s. It allows users to set = an alarm only for their specific geographic area. This feature is expected= to make this tool commonplace in homes alerting families of weathe= r conditions that pose an immediate danger.

Additionally, 2Wa= yTalk.com will continue to focus on Internet users who are outdoor enthusi= asts. The market continues to be strong and growing. FRS Family Radios are= now becoming a popular family item on vacations, ski trips, camping, and = biking events. They are used for a wide variety of purposes, from staying = in touch with children playing in the neighborhood, to coordinating soccer= tournaments and antique auctions. 

A Final Word About SHCC

SHCC is currently= booking $45,000/ month and is conservatively projecting earnings next yea= r of $1.3 million on revenues of $13 million. Unlike most e-commerc= e ventures, ShareCom's marketing "burn rate" is very modest. The= Company forecasts revenues of $32.5 million the following year, in= creasing profitability to earn $4.6 million. Given its impressive relation= ships and the rapidly growing market for its product, SHCC's share pric= e of just 1.6 cents makes it a compelling play for the astute investor. 
DISCLAIMER: 
Inform= ation within this email contains "forward looking statements" wi= thin the meaning of Section 27A of the Securities Act of 1933 and Section = 21B of the Securities Exchange Act of 1934. Any statements that express or= involve discussions with respect to predictions, expectations, beliefs, p= lans, projections, objectives, goals, assumptions or future events or perf= ormance are not statements of historical fact and may be "forward loo= king statements."

Forward looking statements are based on ex= pectations, estimates and projections at the time the statements are made = that involve a number of risks and uncertainties which could cause ac= tual results or events to differ materially from those presently anticipat= ed. Forward looking statements in this action may be identified through th= e use of words such as "projects", "foresee", =FFFFFF9= 3expects=FFFFFF92=FFFFFF94, =FFFFFF93will,=FFFFFF94  =FFFFFF93anticip= ates,=FFFFFF94 =FFFFFF93estimates,=FFFFFF94 =FFFFFF93believes,=FFFFFF94 &q= uot;understands" or that by statements indicating certain actions =FF= FFFF93may,=FFFFFF94 =FFFFFF93could,=FFFFFF94 or =FFFFFF93might=FFFFFF94 oc= cur.  All information provided within this email pertaining to invest= ing, stocks, securities must be understood as information provided and not= investment advice. Investment News Alert advises all readers and subscrib= ers to seek advice from a registered professional securities represen= tative before deciding to trade in stocks featured within this email. = ; None of the material within this report shall be construed as any kind o= f investment advice.

In compliance with the Securities Act of 193= 3, Section17(b), Investment Special discloses the receipt of $30,000 cash = from a third party for the publication of this report and additional  services related to SHCC. Be awa= re of an inherent conflict of interest resulting from such compensation.&n= bsp; All factual information in this report was gathered from public = sources, including but not limited to SEC filings, Company Press Releases,= and Market Guide.  Investme= nt Special  believes this information to be reliable but can make no = guarantee as to its accuracy or completeness. Use of the material within t= his email constitutes your acceptance of these terms.

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 10:47:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (freebsddiary.org.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id D27F037B41A; Thu, 3 Jan 2002 10:47:27 -0800 (PST) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.11.6/8.11.4) id g03InFV43534; Thu, 3 Jan 2002 20:49:15 +0200 (EET) (envelope-from never) Date: Thu, 3 Jan 2002 20:49:14 +0200 From: Nevermind To: Rob Andrews Cc: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020103204914.A43401@nevermind.kiev.ua> References: <200201021122.27596@cyberpunkz.org> <200201021319.35424@cyberpunkz.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200201021319.35424@cyberpunkz.org>; from rob@cyberpunkz.org on Wed, Jan 02, 2002 at 01:26:25PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Rob Andrews! On Wed, Jan 02, 2002 at 01:26:25PM -0600, you wrote: > and yes I realize libparanoid is in the ports. Note the differences between > libsafe and libparanoid.. (sorry I've gotten a few replies and yes I know > about it. but its not similar in _how_ it handles doing the same thing that > libsafe is doing) I've talked to Snar(@paranoia.ru) few days ago here, and he explained me why his approach is better then trying to handle "correctly" such things. I suppose when your app is being attacked with some of buffer overflow or anything else similar to it, it is better to shutdown to prevent any further attempts and report failure to administrator rather then not knowing that app is vulnerable to buf.overflow. Also, you cannot be absolutely sure of any way of "correct" handling such situation. P.S. 2 snar: please, correct me if I wrong. -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 11: 4:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 03A9237B419; Thu, 3 Jan 2002 11:04:07 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA27138; Thu, 3 Jan 2002 12:03:53 -0700 (MST) Message-Id: <4.3.2.7.2.20020103120003.0297d820@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 03 Jan 2002 12:03:37 -0700 To: Robert Watson , John Hay From: Brett Glass Subject: Re: openssh version Cc: cjclark@alum.mit.edu, Randy Bush , freebsd-security@FreeBSD.ORG In-Reply-To: References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:36 AM 1/1/2002, Robert Watson wrote: >I've run into a related problem with SSH forwarding that occurs when a >forwarded TCP connection takes a while to connect. The problem is that >apparently the OpenSSH sshd we ship discards data sent over a forwarded >connection before all parts are completed. If you're using forwarding >connecting to a server with high latency, and on a client-driven protocol, >you may lose some content on the connection. You may also lose the connection. With older versions of OpenSSH, I frequently see the client complain of a "truncated packet" (SSH has its own internal packetized protocol) and drop the session. Sometimes this is just a minor inconvenience -- for example, if I'm doing POP over the forwarded port I sometimes find that the mail client becomes confused and/or does not filter incoming messages properly. It's a bigger concern if I'm doing administration and am cut off in midstream. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 12:59:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from clever.eusc.inter.net (clever.eusc.inter.net [213.73.101.4]) by hub.freebsd.org (Postfix) with ESMTP id B4BE037B417; Thu, 3 Jan 2002 12:59:42 -0800 (PST) Received: from tc11-n67-101.de.inter.net ([213.73.67.101] helo=there) by clever.eusc.inter.net with smtp (Exim 3.22 #3) id 16MExc-0003MK-00; Thu, 03 Jan 2002 21:59:36 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Matthias Schuendehuette Reply-To: msch@snafu.de Organization: Micro$oft-free Zone To: freebsd-security@freebsd.org Subject: TCP Sequence-Prediction (4.5-PRE) Date: Thu, 3 Jan 2002 21:59:35 +0100 X-Mailer: KMail [version 1.3.1] Cc: freebsd-stable@freebsd.org, Peter.Sauerland@siemens.com, iss@cert.siemens.de MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it complained about TCP Sequence Prediction: 'The TCP sequence was found to be predictable.' I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later :-) as listed in FreBSD-SA-00:52. I looked at the published Patch in FreBSD-SA-00:52 but couldn't find the Sourcecode Sequence to be patched any more (I wasn't wondering). But so, what shall I do, who's to blame? Is the ISS lying? Is there any advice from the FreeBSD Security Officer or the developers how to proceed further? TIA - Matthias -- *************************************************************************** * Matthias Schuendehuette msch@snafu.de * * Solmsstrasse 44 * * D-10961 Berlin Engineering Systems Support and Operation * * Germany (Powered by FreeBSD 4.5-PRERELEASE) * *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 13: 7:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id BD3B037B41C for ; Thu, 3 Jan 2002 13:07:44 -0800 (PST) Received: (qmail 66000 invoked by uid 3193); 3 Jan 2002 21:07:43 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Jan 2002 21:07:43 -0000 Date: Thu, 3 Jan 2002 16:07:43 -0500 (EST) From: Mike Silbersack X-Sender: To: Matthias Schuendehuette Cc: , , , Subject: Re: TCP Sequence-Prediction (4.5-PRE) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 3 Jan 2002, Matthias Schuendehuette wrote: > Hello, > > my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it > complained about TCP Sequence Prediction: > > 'The TCP sequence was found to be predictable.' Run tcpdump while a scan is happening so that you can see what is going on with the sequence numbers. 4.5's TCP initial sequence numbers should not be predictable. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 13: 8: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from creme-brulee.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46]) by hub.freebsd.org (Postfix) with ESMTP id 2109137B41F; Thu, 3 Jan 2002 13:07:58 -0800 (PST) Received: from shumai.marcuscom.com (marcus@shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.11.6/8.11.6) with ESMTP id g03L7Iv27504; Thu, 3 Jan 2002 16:07:18 -0500 (EST) (envelope-from marcus@marcuscom.com) Subject: Re: TCP Sequence-Prediction (4.5-PRE) From: Joe Clarke To: msch@snafu.de Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, Peter.Sauerland@siemens.com, iss@cert.siemens.de In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 03 Jan 2002 16:07:55 -0500 Message-Id: <1010092075.86152.20.camel@shumai.marcuscom.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette wrote: > Hello, > > my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it > complained about TCP Sequence Prediction: > > 'The TCP sequence was found to be predictable.' > > I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later > :-) as listed in FreBSD-SA-00:52. > > I looked at the published Patch in FreBSD-SA-00:52 but couldn't find > the Sourcecode Sequence to be patched any more (I wasn't wondering). > > But so, what shall I do, who's to blame? Is the ISS lying? Is there any > advice from the FreeBSD Security Officer or the developers how to > proceed further? Is this what you're looking for: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.patch Joe > > TIA - Matthias > > -- > *************************************************************************** > * Matthias Schuendehuette msch@snafu.de * > * Solmsstrasse 44 * > * D-10961 Berlin Engineering Systems Support and Operation * > * Germany (Powered by FreeBSD 4.5-PRERELEASE) * > *************************************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 17: 3:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 8105337B417 for ; Thu, 3 Jan 2002 17:03:16 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id BAA05578; Fri, 4 Jan 2002 01:03:08 GMT Date: Fri, 4 Jan 2002 01:03:08 +0000 From: Rik To: Darren Reed Cc: FreeBSD Security Subject: Please commit FreeBSD PR kern/27615 patch Message-ID: <20020104010307.A5176@spoon.pkl.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Darren, FreeBSD PR kern/27615 has been open since 4.3. I've just been bitten by it on 4.5-PRERELEASE. Could you commit the patch that's there before 4.5-RELEASE please? For reference, the problem is to do with ipfiter disallowing rule changes in securelevel 2, rather than 3. Thanks in advance, rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 17:15:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 5798837B41A; Thu, 3 Jan 2002 17:15:36 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.11.6/8.9.1) id g041FXW84421; Thu, 3 Jan 2002 17:15:33 -0800 (PST) (envelope-from dillon) Date: Thu, 3 Jan 2002 17:15:33 -0800 (PST) From: Matthew Dillon Message-Id: <200201040115.g041FXW84421@apollo.backplane.com> To: Rik Cc: Darren Reed , FreeBSD Security , re@FreeBSD.ORG Subject: Re: Please commit FreeBSD PR kern/27615 patch References: <20020104010307.A5176@spoon.pkl.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmm. It's been open for a long time. It seems reasonable to me. If the release engineers don't have a problem with this I would like to make the change in -current and MFC it to -stable. I will also document it in the 'ipf' manual page (it is already documented in the 'ipfw' manual page). -Matt Matthew Dillon :Hi Darren, : :FreeBSD PR kern/27615 has been open since 4.3. I've just been bitten by :it on 4.5-PRERELEASE. Could you commit the patch that's there before :4.5-RELEASE please? : :For reference, the problem is to do with ipfiter disallowing rule :changes in securelevel 2, rather than 3. : :Thanks in advance, : :rik :-- :PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org :Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F :Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 20:19: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx3.port.ru (mx3.port.ru [194.67.57.13]) by hub.freebsd.org (Postfix) with ESMTP id 4D00437B417 for ; Thu, 3 Jan 2002 20:18:57 -0800 (PST) Received: from f8.int ([10.0.0.76] helo=f8.mail.ru) by mx3.port.ru with smtp (Exim 3.14 #1) id 16MLol-000GPA-00 for freebsd-security@freebsd.org; Fri, 04 Jan 2002 07:18:55 +0300 Received: from mail by f8.mail.ru with local (Exim 3.14 #1) id 16MLol-000FEJ-00 for freebsd-security@FreeBSD.ORG; Fri, 04 Jan 2002 07:18:55 +0300 Received: from [212.57.145.74] by win.mail.ru with HTTP; Fri, 04 Jan 2002 07:18:55 +0300 From: "äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ×" To: freebsd-security@FreeBSD.ORG Cc: Subject: nologin hole? Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [212.57.145.74] Date: Fri, 04 Jan 2002 07:18:55 +0300 Reply-To: "äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ×" Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Maybe this result my paranoya. ;-) And maybe not. Very posible You can extract use from this. In Free BSD I'am found, that user with disabled terminal entering has login shell named 'nologin'. This is sh script: ==================================================== #!/bin/sh -p # ... # ... echo 'This account is currently not available.' exit 1 ==================================================== My mind about this: 1. In case of breaking this script user has root access to system. (See man sh, key -p ) 2. Password maybe 'viewed' any network analyser in time of users pop3 session with server.(As rule password crypting not use in POP3) 3. Also password maybe hacked bruteforce attack on POP3 daemon. For sucsessful attack on this manner You can append some code to You telnet/ssh for manage connection speed on fly.Or try use tcpwrapper for this. Setup connection speed = 1 boud. Begin telnet/ssh session .Specify user name and password,break nologin. After succsess setup connection speed as You whishes and work under root permission. Solution for protect from this attack:install this programm. For install just make install. You may use this in silence mode. Then compile with -DSILENCE_MODE key. Program distributed on GPL as is. Without any guarantees. At URL: http://org.zaural.ru You can find some usefull programs. My best wishes. Dmitry Podkorytov. E-mail:podkorytov@mail.ru PS:on FreeBSD v.4.1 ps -x not viewed programms, thats running code function Exit(), called from atexit(Exit). It Bug ? I used top command for view PID NoLogin. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 3 21:25:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from squeaky.robbins.dropbear.id.au (048.a.009.mel.iprimus.net.au [210.50.112.48]) by hub.freebsd.org (Postfix) with ESMTP id 5646837B417 for ; Thu, 3 Jan 2002 21:25:49 -0800 (PST) Received: (from tim@localhost) by squeaky.robbins.dropbear.id.au (8.11.6/8.11.6) id g045pNn14746 for freebsd-security@FreeBSD.ORG; Fri, 4 Jan 2002 16:51:23 +1100 (EST) (envelope-from tim) Date: Fri, 4 Jan 2002 16:51:19 +1100 From: "Tim J. Robbins" To: freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104165117.A14133@squeaky.robbins.dropbear.id.au> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from podkorytov@mail.ru on Fri, Jan 04, 2002 at 07:18:55AM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jan 04, 2002 at 07:18:55AM +0300, ??????? ?????????? wrote: > 1. In case of breaking this script user has root access to system. (See man > sh, key -p ) The -p option doesn't magically grant root privileges. It simply tells the shell not to use environment variables and ~/.profile. > PS:on FreeBSD v.4.1 ps -x not viewed programms, thats > running code function Exit(), called from atexit(Exit). > It Bug ? I used top command for view PID NoLogin. I can't reproduce this on -CURRENT. What I can't figure out is why /sbin/nologin is a shell script at all, and not something like this: #include #include int main (void) { #define MSG "This account is currently not available.\n" write (STDERR_FILENO, MSG, sizeof(MSG) - 1); exit (EX_UNAVAILABLE); } It seems wasteful and possibly dangerous to start a shell. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 1:27:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2]) by hub.freebsd.org (Postfix) with ESMTP id 27EFA37B416 for ; Fri, 4 Jan 2002 01:27:51 -0800 (PST) Received: from localhost (localhost [[UNIX: localhost]]) by phalse.2600.com (8.9.3/8.9.3) with ESMTP id EAA20447; Fri, 4 Jan 2002 04:27:43 -0500 (EST) Date: Fri, 4 Jan 2002 04:27:38 -0500 (EST) From: Dominick LaTrappe To: freebsd-security@freebsd.org Cc: rob@cyberpunkz.org Subject: Re: libsafe? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > http://www.avayalabs.com/project/libsafe/index.html > I won't go into details of what this lib does or is since the url above has > all the information on it. I however was wondering since someone else had > asked, if there was any type of a lib or such in freebsd which attempts to > perform some of the functions that this seems to be attempting to do. No lib I know of, but there is SSP, the "Stack Smashing Protector," which is a cross-platform patch to GCC. http://www.trl.ibm.co.jp/projects/security/ssp/ The author in May 2001 completed a FreeBSD-specific patch that lets you "make world" and even build the kernel with the protection, though I've only tested the former. Despite this, the FreeBSD camp has seemed none-too-interested in SSP. All of my FreeBSD boxes are full-SSP in userland. The patch applies cleanly to 4.4-STABLE. Everything runs smoothly (in-production coming on 8 months), the performance hit is minimal even with heavy database crunching, and buffer overflow exploits all seem to fail. ||| Dominick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 2:53: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id DF48C37B41B for ; Fri, 4 Jan 2002 02:53:00 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g04As8B31292; Fri, 4 Jan 2002 02:54:08 -0800 (PST) (envelope-from fasty) Date: Fri, 4 Jan 2002 02:54:08 -0800 From: faSty To: Dominick LaTrappe Cc: freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020104025408.A31131@i-sphere.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from seraf@2600.COM on Fri, Jan 04, 2002 at 04:27:38AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can the SSP patch work with FreeBSD 4.5-PRERELEASE? -trev On Fri, Jan 04, 2002 at 04:27:38AM -0500, Dominick LaTrappe wrote: > > http://www.avayalabs.com/project/libsafe/index.html > > I won't go into details of what this lib does or is since the url above has > > all the information on it. I however was wondering since someone else had > > asked, if there was any type of a lib or such in freebsd which attempts to > > perform some of the functions that this seems to be attempting to do. > > No lib I know of, but there is SSP, the "Stack Smashing Protector," which > is a cross-platform patch to GCC. > > http://www.trl.ibm.co.jp/projects/security/ssp/ > > The author in May 2001 completed a FreeBSD-specific patch that lets you > "make world" and even build the kernel with the protection, though I've > only tested the former. Despite this, the FreeBSD camp has seemed > none-too-interested in SSP. > > All of my FreeBSD boxes are full-SSP in userland. The patch applies > cleanly to 4.4-STABLE. Everything runs smoothly (in-production coming on > 8 months), the performance hit is minimal even with heavy database > crunching, and buffer overflow exploits all seem to fail. > > ||| Dominick > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Double Bucky (Sung to the tune of "Rubber Duckie") Double bucky, you're the one! You make my keyboard lots of fun Double bucky, an additional bit or two: (Vo-vo-de-o!) Control and Meta side by side, Augmented ASCII, nine bits wide! Double bucky, a half a thousand glyphs, plus a few! Double bucky, left and right OR'd together, outta sight! Double bucky, I'd like a whole word of Double bucky, I'm happy I heard of Double bucky, I'd like a whole word of you! -- (C) 1978 by Guy L. Steele, Jr. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 4:33:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id 8729137B41B for ; Fri, 4 Jan 2002 04:33:12 -0800 (PST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id XAA00811; Fri, 4 Jan 2002 23:33:05 +1100 (EST) From: Darren Reed Message-Id: <200201041233.XAA00811@caligula.anu.edu.au> Subject: Re: Please commit FreeBSD PR kern/27615 patch In-Reply-To: <20020104010307.A5176@spoon.pkl.net> from Rik at "Jan 4, 2 01:03:08 am" To: freebsd-security@rikrose.net (Rik) Date: Fri, 4 Jan 2002 23:33:05 +1100 (EST) Cc: avalon@cairo.anu.edu.au, freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -current is patched. In some mail from Rik, sie said: > Hi Darren, > > FreeBSD PR kern/27615 has been open since 4.3. I've just been bitten by > it on 4.5-PRERELEASE. Could you commit the patch that's there before > 4.5-RELEASE please? > > For reference, the problem is to do with ipfiter disallowing rule > changes in securelevel 2, rather than 3. > > Thanks in advance, > > rik > -- > PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org > Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F > Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 4:44: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 4CEF737B419 for ; Fri, 4 Jan 2002 04:44:03 -0800 (PST) Received: (from mwlucas@localhost) by blackhelicopters.org (8.11.6/8.11.6) id g04Chno05097; Fri, 4 Jan 2002 07:43:49 -0500 (EST) (envelope-from mwlucas) Date: Fri, 4 Jan 2002 07:43:49 -0500 From: Michael Lucas To: =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= Cc: freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104074349.A5042@blackhelicopters.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from podkorytov@mail.ru on Fri, Jan 04, 2002 at 07:18:55AM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I would recommend not using nologin as the users' shell. Instead, take a look at /etc/login.access. This makes the shell irrelevant; the user cannot log in, in any shell. Generally, my sysadmins are in a "sysadmin" group. The "sysadmin" group is allowed to log in from anywhere. All other users are denied login. There's an article on this in my column archives, if you want a point-by-point walkthrough. Good luck! ==ml On Fri, Jan 04, 2002 at 07:18:55AM +0300, äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ× wrote: > Maybe this result my paranoya. ;-) > And maybe not. Very posible You can extract use from this. > In Free BSD I'am found, that user with disabled terminal entering has login > shell named 'nologin'. > This is sh script: > ==================================================== > #!/bin/sh -p > # ... > # ... > echo 'This account is currently not available.' > exit 1 > ==================================================== > My mind about this: > 1. In case of breaking this script user has root access to system. (See man > sh, key -p ) 2. Password maybe 'viewed' any network analyser in time of users > pop3 session with server.(As rule password crypting not use in POP3) 3. Also > password maybe hacked bruteforce attack on POP3 daemon. For sucsessful attack > on this manner You can append some code to You telnet/ssh for > manage connection speed on fly.Or try use tcpwrapper for this. Setup connection > speed = 1 boud. Begin telnet/ssh session .Specify user name and password,break > nologin. After succsess setup connection speed as You whishes and work under > root permission. Solution for protect from this attack:install this programm. > For install > just make install. You may use this in silence mode. Then compile with > -DSILENCE_MODE key. Program distributed on GPL as is. Without any guarantees. > At URL: http://org.zaural.ru You can find some usefull programs. My best > wishes. Dmitry Podkorytov. > E-mail:podkorytov@mail.ru PS:on FreeBSD v.4.1 ps -x not viewed programms, thats > running code function Exit(), called from atexit(Exit). > It Bug ? I used top command for view PID NoLogin. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 5: 2: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 2938737B405 for ; Fri, 4 Jan 2002 05:01:51 -0800 (PST) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id QAA33709; Fri, 4 Jan 2002 16:00:24 +0300 (MSK) Date: Fri, 4 Jan 2002 16:00:04 +0300 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <48581238076.20020104160004@internethelp.ru> To: Michael Lucas Cc: =?ISO-8859-1?B?5M3J1NLJyiDwz8TLz9LZ1M/X?= , freebsd-security@FreeBSD.ORG Subject: Re[2]: nologin hole? In-reply-To: <20020104074349.A5042@blackhelicopters.org> References: <20020104074349.A5042@blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Michael, Friday, January 04, 2002, 3:43:49 PM, you wrote: ML> Hello, ML> I would recommend not using nologin as the users' shell. Instead, ML> take a look at /etc/login.access. ML> This makes the shell irrelevant; the user cannot log in, in any shell. ML> Generally, my sysadmins are in a "sysadmin" group. The "sysadmin" ML> group is allowed to log in from anywhere. All other users are denied ML> login. ML> There's an article on this in my column archives, if you want a ML> point-by-point walkthrough. ML> Good luck! ML> ==ml the problem is that some versions of SSH do not pay any attention to /etc/login.access file, so you still may have a need in /sbin/nologin. ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 5: 4:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 6A03137B41E for ; Fri, 4 Jan 2002 05:04:49 -0800 (PST) Received: (from mwlucas@localhost) by blackhelicopters.org (8.11.6/8.11.6) id g04D41n05266; Fri, 4 Jan 2002 08:04:01 -0500 (EST) (envelope-from mwlucas) Date: Fri, 4 Jan 2002 08:04:01 -0500 From: Michael Lucas To: "Nickolay A.Kritsky" Cc: =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= , freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104080401.A5244@blackhelicopters.org> References: <20020104074349.A5042@blackhelicopters.org> <48581238076.20020104160004@internethelp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <48581238076.20020104160004@internethelp.ru>; from nkritsky@internethelp.ru on Fri, Jan 04, 2002 at 04:00:04PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jan 04, 2002 at 04:00:04PM +0300, Nickolay A.Kritsky wrote: > the problem is that some versions of SSH do not pay any attention to > /etc/login.access file, so you still may have a need in /sbin/nologin. Well, you learn something new every day. So much for that bright idea, then. :) -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 6:52: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 41FD637B41C for ; Fri, 4 Jan 2002 06:51:59 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id OAA15905; Fri, 4 Jan 2002 14:51:54 GMT Date: Fri, 4 Jan 2002 14:51:54 +0000 From: Rik To: =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= Cc: freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104145154.A15764@spoon.pkl.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from podkorytov@mail.ru on Fri, Jan 04, 2002 at 07:18:55AM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jan 04, 2002 at 07:18:55AM +0300, äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ× wrote: > Maybe this result my paranoya. ;-) > And maybe not. Very posible You can extract use from this. > In Free BSD I'am found, that user with disabled terminal entering has login > shell named 'nologin'. So use /bin/false instead then. Or /bin/date, etc. Or write your own, as was suggested. -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 7:30:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 50A0037B41B for ; Fri, 4 Jan 2002 07:30:53 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA03864; Fri, 4 Jan 2002 07:30:11 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda03857; Fri Jan 4 07:30:01 2002 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id g04FTux23599; Fri, 4 Jan 2002 07:29:56 -0800 (PST) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdu23597; Fri Jan 4 07:29:10 2002 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id g04FTAG34628; Fri, 4 Jan 2002 07:29:10 -0800 (PST) Message-Id: <200201041529.g04FTAG34628@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdO34622; Fri Jan 4 07:28:45 2002 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Rik Cc: =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= , freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? In-reply-to: Your message of "Fri, 04 Jan 2002 14:51:54 GMT." <20020104145154.A15764@spoon.pkl.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Fri, 04 Jan 2002 07:28:45 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20020104145154.A15764@spoon.pkl.net>, Rik writes: > On Fri, Jan 04, 2002 at 07:18:55AM +0300, =E4=CD=C9=D4=D2=C9=CA =F0=CF=C4= =CB=CF=D2=D9=D4=CF=D7 wrote: > > Maybe this result my paranoya. ;-) > > And maybe not. Very posible You can extract use from this. > > In Free BSD I'am found, that user with disabled terminal entering has= login > > shell named 'nologin'. > = > So use /bin/false instead then. Or /bin/date, etc. Or write your own, a= s > was suggested. Or, take a look at the no-login port in the ports collection. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 7:41:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by hub.freebsd.org (Postfix) with ESMTP id 4C8EF37B41C for ; Fri, 4 Jan 2002 07:41:26 -0800 (PST) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id HAA20953 for ; Fri, 4 Jan 2002 07:41:19 -0800 (PST) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id g04FfHW79473 for ; Fri, 4 Jan 2002 07:41:18 -0800 (PST) (envelope-from greg@thistle.bogs.org) Message-Id: <200201041541.g04FfHW79473@thistle.bogs.org> To: security@FreeBSD.ORG X-To: Rik X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? In-reply-to: Your message of "Fri, 04 Jan 2002 14:51:54 GMT." <20020104145154.A15764@spoon.pkl.net> Reply-To: gkshenaut@ucdavis.edu Date: Fri, 04 Jan 2002 07:41:17 -0800 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20020104145154.A15764@spoon.pkl.net>, Rik cleopede: >On Fri, Jan 04, 2002 at 07:18:55AM +0300, äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ× wrote: >> Maybe this result my paranoya. ;-) >> And maybe not. Very posible You can extract use from this. >> In Free BSD I'am found, that user with disabled terminal entering has login >> shell named 'nologin'. > >So use /bin/false instead then. Or /bin/date, etc. Or write your own, as >was suggested. What is the downside either of using a completely nonexistent shell, such as "/bin/sh/nologin", or of using just the string "nologin", but treating it as a special case so that no shell is started at all? Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 8:16:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from clever.eusc.inter.net (clever.eusc.inter.net [213.73.101.4]) by hub.freebsd.org (Postfix) with ESMTP id 2B1DB37B41E; Fri, 4 Jan 2002 08:16:19 -0800 (PST) Received: from tc06-n66-026.de.inter.net ([213.73.66.26] helo=there) by clever.eusc.inter.net with smtp (Exim 3.22 #3) id 16MX0z-0004sQ-00; Fri, 04 Jan 2002 17:16:17 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Matthias Schuendehuette Reply-To: msch@snafu.de Organization: Micro$oft-free Zone To: Joe Clarke Subject: Re: TCP Sequence-Prediction (4.5-PRE) Date: Fri, 4 Jan 2002 17:16:13 +0100 X-Mailer: KMail [version 1.3.1] References: <1010092075.86152.20.camel@shumai.marcuscom.com> In-Reply-To: <1010092075.86152.20.camel@shumai.marcuscom.com> Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Joe, Am Donnerstag, 3. Januar 2002 22:07 schrieben Sie: > On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette wrote: > > I looked at the published Patch in FreBSD-SA-00:52 but couldn't > > find the Sourcecode Sequence to be patched any more (I wasn't > > wondering). > > Is this what you're looking for: > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.pat >ch as I've mentioned above, I *found* that patch but if you look at the source files to patch you'll recognize that they're completely different now and that the patch doesn't succeed anymore (which isn't surprising for noone IMHO). I think, the point is what ISS states as 'predictable'... I'll wait what our iss-service declares - I can't imagine that 4.5-PRERELEASE is worse than 4.1.1-STABLE concerning 'tcp prediction'. Ciao/BSD - Matthias -- *************************************************************************** * Matthias Schuendehuette msch@snafu.de * * Solmsstrasse 44 * * D-10961 Berlin Engineering Systems Support and Operation * * Germany (Powered by FreeBSD 4.5-PRERELEASE) * *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 8:59:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 3C0EF37B41C for ; Fri, 4 Jan 2002 08:59:17 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id QAA17797; Fri, 4 Jan 2002 16:58:40 GMT Date: Fri, 4 Jan 2002 16:58:40 +0000 From: Rik To: Cy Schubert - ITSD Open Systems Group Cc: Rik , =?iso-8859-1?Q?=E4=CD=C9=D4=D2=C9=CA_=F0=CF=C4=CB=CF=D2=D9=D4=CF=D7?= , freebsd-security@FreeBSD.ORG Subject: Re: nologin hole? Message-ID: <20020104165839.A17264@spoon.pkl.net> References: <20020104145154.A15764@spoon.pkl.net> <200201041529.g04FTAG34628@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="NzB8fVQJ5HfG6fxh" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200201041529.g04FTAG34628@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Jan 04, 2002 at 07:28:45AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 04, 2002 at 07:28:45AM -0800, Cy Schubert - ITSD Open Systems Group wrote: > Or, take a look at the no-login port in the ports collection. Without further ado, I humbly offer my replacement for /sbin/nologin. It is backwards compatible, but will send custom messages if: 1) It is called with a specific name 2) There is a special message for that user If anything fails, it default to print the same default message nologin does. The source is attached. Well, it was when I sent it, if it gets stripped off, it can also be found at http://rikrose.net/nologinmsg.c There is no pan page, because I don't know how to write them. There is, however, a plain text descriptio at the top of the code, which is good enough for a manual. I'll make it a port, if people want, and someone cares to contribute a man page. rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net --NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="nologinmsg.c" /* * nologinmsg.c - A slightly improved nologin that will return a configurable * message, depending on how it is called. * * This code is published under the BSD Licence, whicih can be found on * www.freebsd.org, and many many other places on ther internet. * * Manual * ----- * nologinmsg - a replacement for the standard nologin * * Under normal circumstances, this program will print "The account is * currently not available". However, if there exists a file named * /etc/nologinmsgs/$USER, then the contents of that file are printed * instead. * * If nologinmsg is called by a different name, for example, by being * symlinked to, then /etc/nologinmsgs is checked for a file of that name, * and if possible, that file's contents are printed as the message. This * form takes precedence over the other forms. * * Every time nologinmsgs is run, it logs the tty and username to syslog, * at LOG_WARNING level. Note, there is a possible proble with lines being * over 80 characters long, but you won't create usernames *that* long, * will you? * * rik */ #include #include #include #include #include #include #include #include #include #include #define NOLOGINMSG_NAME "nologinmsg" #define NOLOGINMSG_MSG "This account is currently not available.\n" #define NOLOGINMSG_PATH "/etc/nologinmsgs/" /* * main - Program entry point. * Check how we are called. If it is not the way we expect, then search * the hard coded path for a file named with the name we are called with, * or, if that fails, the name of the user we are being run as, and print * that. After printing a message, quit. */ int main (void) { char messagePath[PATH_MAX]; char msgbuf[1024]; /* Arbitrary constant */ char *user, *device; int fd, nbytes; struct stat buf; user = getlogin(); if (user == NULL) user = "UNKNOWN"; device = ttyname(0); if (device == NULL) device = "UNKNOWN"; openlog( "nologinmsg", LOG_CONS, LOG_AUTH ); syslog( LOG_WARNING, "%s on %s", user, device); closelog(); if (strcmp( getprogname(), NOLOGINMSG_NAME ) == 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } /* * We have been invoked by a different name. Check for there * being a specifc username message, otherwise print the default * message */ strncpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) ); strncat( messagePath, getprogname(), sizeof( messagePath ) - strlen( getprogname() ) ); if (stat( messagePath, &buf ) != 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } fd = open( messagePath, O_RDONLY ); if (fd == -1){ /* Check username named file */ strncpy( messagePath, NOLOGINMSG_PATH, sizeof( messagePath ) ); strncat( messagePath, getlogin(), sizeof( messagePath ) - strlen( getlogin() ) ); if (stat( messagePath, &buf ) != 0){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } fd = open( messagePath, O_RDONLY ); if (fd == -1){ write( STDERR_FILENO, NOLOGINMSG_MSG, sizeof( NOLOGINMSG_MSG ) - 1 ); exit( EX_UNAVAILABLE ); } } for (;;){ nbytes = read( fd, msgbuf, sizeof( msgbuf ) ); write( STDERR_FILENO, msgbuf, nbytes ); if (nbytes < sizeof( msgbuf )) exit( EX_UNAVAILABLE ); } } --NzB8fVQJ5HfG6fxh-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 9:13:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.toplink-plannet.de (mx1.toplink-plannet.de [212.126.200.57]) by hub.freebsd.org (Postfix) with ESMTP id 1EB3037B416 for ; Fri, 4 Jan 2002 09:13:39 -0800 (PST) Received: from janet.int.plannet.de ([192.168.42.11] ident=mail) by mx1.toplink-plannet.de with esmtp (Exim 3.31 #4) id 16MXuP-0006zs-00 for freebsd-security@freebsd.org; Fri, 04 Jan 2002 18:13:33 +0100 Received: from haber by janet.int.plannet.de with local (Exim 3.31 #4 (Debian)) id 16MXuO-0007qq-00 for ; Fri, 04 Jan 2002 18:13:32 +0100 Date: Fri, 4 Jan 2002 18:13:32 +0100 From: mf@toplink.net To: freebsd-security@freebsd.org Subject: unsubscribe Message-ID: <20020104181332.R13276@paola.planNET.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe end To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 9:32:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from creme-brulee.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46]) by hub.freebsd.org (Postfix) with ESMTP id 46AF237B419; Fri, 4 Jan 2002 09:32:18 -0800 (PST) Received: from shumai.marcuscom.com (marcus@shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.11.6/8.11.6) with ESMTP id g04HVhv34493; Fri, 4 Jan 2002 12:31:43 -0500 (EST) (envelope-from marcus@marcuscom.com) Subject: Re: TCP Sequence-Prediction (4.5-PRE) From: Joe Clarke To: msch@snafu.de Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG In-Reply-To: References: <1010092075.86152.20.camel@shumai.marcuscom.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 04 Jan 2002 12:32:29 -0500 Message-Id: <1010165550.16995.2.camel@shumai.marcuscom.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 2002-01-04 at 11:16, Matthias Schuendehuette wrote: > Hi Joe, > > Am Donnerstag, 3. Januar 2002 22:07 schrieben Sie: > > On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette wrote: > > > I looked at the published Patch in FreBSD-SA-00:52 but couldn't > > > find the Sourcecode Sequence to be patched any more (I wasn't > > > wondering). > > > > Is this what you're looking for: > > > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.pat > >ch > > as I've mentioned above, I *found* that patch but if you look at the > source files to patch you'll recognize that they're completely > different now and that the patch doesn't succeed anymore (which isn't > surprising for noone IMHO). > > I think, the point is what ISS states as 'predictable'... I'll wait > what our iss-service declares - I can't imagine that 4.5-PRERELEASE is > worse than 4.1.1-STABLE concerning 'tcp prediction'. Later FreeBSD 4.x's use arc4random for ISS. It get all 9's from nmap, and is completely unguessable. Upgrading to 4.4-RELEASE or 4.5-PRE will set you up. Joe > > Ciao/BSD - Matthias > > -- > *************************************************************************** > * Matthias Schuendehuette msch@snafu.de * > * Solmsstrasse 44 * > * D-10961 Berlin Engineering Systems Support and Operation * > * Germany (Powered by FreeBSD 4.5-PRERELEASE) * > *************************************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 9:58:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 6376E37B41D for ; Fri, 4 Jan 2002 09:57:47 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA20792; Fri, 4 Jan 2002 10:57:06 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g04Hv1b82253; Fri, 4 Jan 2002 10:57:01 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15413.60653.239507.483256@caddis.yogotech.com> Date: Fri, 4 Jan 2002 10:57:01 -0700 To: Joe Clarke Cc: msch@snafu.de, freebsd-security@FreeBSD.ORG Subject: Re: TCP Sequence-Prediction (4.5-PRE) In-Reply-To: <1010165550.16995.2.camel@shumai.marcuscom.com> References: <1010092075.86152.20.camel@shumai.marcuscom.com> <1010165550.16995.2.camel@shumai.marcuscom.com> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ TCP 4.5-PRE uses predictable sequences # according to ISS ] > > I think, the point is what ISS states as 'predictable'... I'll wait > > what our iss-service declares - I can't imagine that 4.5-PRERELEASE is > > worse than 4.1.1-STABLE concerning 'tcp prediction'. > > Later FreeBSD 4.x's use arc4random for ISS. It get all 9's from nmap, > and is completely unguessable. Upgrading to 4.4-RELEASE or 4.5-PRE will > set you up. See the subject line. He is using 4.5-PRE. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 16:36:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-4.dsl.lsan03.pacbell.net [64.169.107.4]) by hub.freebsd.org (Postfix) with ESMTP id 2AFE537B405; Fri, 4 Jan 2002 16:36:12 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6541066CB7; Fri, 4 Jan 2002 16:36:11 -0800 (PST) Date: Fri, 4 Jan 2002 16:36:11 -0800 From: Kris Kennaway To: Matthias Schuendehuette Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org, Peter.Sauerland@siemens.com, iss@cert.siemens.de Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <20020104163610.A40314@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from msch@snafu.de on Thu, Jan 03, 2002 at 09:59:35PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 03, 2002 at 09:59:35PM +0100, Matthias Schuendehuette wrote: > Hello, >=20 > my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it= =20 > complained about TCP Sequence Prediction: >=20 > 'The TCP sequence was found to be predictable.' The ISS Scanner is wrong if it says this. Kris --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD4DBQE8Nkp6Wry0BWjoQKURAkqfAKCZAQUasAHAwYeIv6ND4UYxmjhNogCXTGiW j+u6rTOrif7lrb+zu2GB1w== =LGTF -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 16:38:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-4.dsl.lsan03.pacbell.net [64.169.107.4]) by hub.freebsd.org (Postfix) with ESMTP id 7A87037B41A for ; Fri, 4 Jan 2002 16:38:20 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id F231666C7A; Fri, 4 Jan 2002 16:38:19 -0800 (PST) Date: Fri, 4 Jan 2002 16:38:19 -0800 From: Kris Kennaway To: faSty Cc: Dominick LaTrappe , freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020104163819.B40314@xor.obsecurity.org> References: <20020104025408.A31131@i-sphere.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ftEhullJWpWg/VHq" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020104025408.A31131@i-sphere.com>; from fasty@i-sphere.com on Fri, Jan 04, 2002 at 02:54:08AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ftEhullJWpWg/VHq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 04, 2002 at 02:54:08AM -0800, faSty wrote: > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? Yes; let me know if it fails to apply and I'll send you mine, which might have been slightly changed by CVS over time. Kris --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8Nkr7Wry0BWjoQKURAh5cAKCbnz6q5ytOR4rubnXefD0ZwoQA7QCdG7Gj j+I+qK8tgYyyZ64pKWztqiY= =TTxf -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 16:50:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 3CB6037B41A for ; Fri, 4 Jan 2002 16:50:07 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g050pKB44501; Fri, 4 Jan 2002 16:51:20 -0800 (PST) (envelope-from fasty) Date: Fri, 4 Jan 2002 16:51:20 -0800 From: faSty To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020104165120.B44218@i-sphere.com> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020104163819.B40314@xor.obsecurity.org>; from kris@obsecurity.org on Fri, Jan 04, 2002 at 04:38:19PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org the patch i tried on 4.5-PRERELEASE. It was failed. fetch http://www.trl.ibm.com/projects/security/ssp/freebsd43/protector4.3-2.patch cd /usr patch < protector4.3-2.patch --[snip]-- Hmm... Looks like a new-style context diff to me... The text leading up to this was: -------------------------- |? contrib/gcc/protector.h |? contrib/gcc/protector.c |? sys/libkern/stack_smash_handler.c |Index: contrib/gcc/Makefile.in |=================================================================== |RCS file: /home/ncvs/src/contrib/gcc/Makefile.in,v |retrieving revision 1.4.2.1 |diff -c -3 -p -r1.4.2.1 Makefile.in |*** contrib/gcc/Makefile.in 2001/04/10 19:22:57 1.4.2.1 |--- contrib/gcc/Makefile.in 2001/06/28 11:34:25 -------------------------- File to patch: --end-- On Fri, Jan 04, 2002 at 04:38:19PM -0800, Kris Kennaway wrote: > On Fri, Jan 04, 2002 at 02:54:08AM -0800, faSty wrote: > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > > Yes; let me know if it fails to apply and I'll send you mine, which > might have been slightly changed by CVS over time. > > Kris -- A bureaucracy is like a septic tank -- all the really big shits float to the top. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 3: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by hub.freebsd.org (Postfix) with ESMTP id DBE4137B41B for ; Fri, 4 Jan 2002 17:02:59 -0800 (PST) Received: from admin0 (admin0.westbend.net [216.47.253.17]) by mail.westbend.net (8.11.6/8.11.6) with ESMTP id g0512na74695; Fri, 4 Jan 2002 19:02:49 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <007a01c19583$16259260$11fd2fd8@westbend.net> From: "Scot W. Hetzel" To: "faSty" Cc: References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020104165120.B44218@i-sphere.com> Subject: Re: libsafe? Date: Fri, 4 Jan 2002 18:45:51 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: "faSty" > the patch i tried on 4.5-PRERELEASE. It was failed. > > > fetch http://www.trl.ibm.com/projects/security/ssp/freebsd43/protector4.3-2.patch > cd /usr > patch < protector4.3-2.patch > : > |=================================================================== > |RCS file: /home/ncvs/src/contrib/gcc/Makefile.in,v > |retrieving revision 1.4.2.1 > |diff -c -3 -p -r1.4.2.1 Makefile.in > |*** contrib/gcc/Makefile.in 2001/04/10 19:22:57 1.4.2.1 > |--- contrib/gcc/Makefile.in 2001/06/28 11:34:25 > -------------------------- > File to patch: > Try patching from /usr/src instead of /usr. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 4:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A367037B41E; Fri, 4 Jan 2002 17:04:13 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0514Ds92963; Fri, 4 Jan 2002 17:04:13 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 4 Jan 2002 17:04:13 -0800 (PST) Message-Id: <200201050104.g0514Ds92963@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:01.pkg_add Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:01 Security Advisory FreeBSD, Inc. Topic: Directory permission vulnerability in pkg_add Category: core Module: pkg_install Announced: 2002-01-04 Credits: The Anarcat Affects: All versions of FreeBSD prior to the correction date. Corrected: 2001/11/22 17:40:36 UTC (4.4-STABLE aka RELENG_4) 2001/12/07 20:58:46 UTC (4.4-RELEASEp1 aka RELENG_4_4) 2001/12/07 20:57:19 UTC (4.3-RELEASEp21 aka RELENG_4_3) FreeBSD only: NO I. Background pkg_add is a utility program used to install software package distributions on FreeBSD systems. II. Problem Description pkg_add extracts the contents of the package to a temporary directory, then moves files from the temporary directory to their ultimate destination on the system. The temporary directory used in the extraction was created with world-writable permissions, allowing arbitrary users to examine the contents of the package as it was being extracted. This might allow users to attack world-writable parts of the package during installation. III. Impact A local attacker may be able to modify the package contents and potentially elevate privileges or otherwise compromise the system. There are no known exploits as of the date of this advisory. IV. Workaround 1) Remove or discontinue use of the pkg_add binary until it has been upgraded. 2) When running pkg_add, create a secure temporary directory (such as /var/tmp/inst) and secure the directory permissions (chmod 700 /var/tmp/inst). Set the TMPDIR environment variable to this directory before running pkg_add. V. Solution 1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the RELENG_4_4 or RELENG_4_3 security branches dated after the respective correction dates. 2) FreeBSD 4.x systems prior to the correction date: The following patch has been verified to apply to FreeBSD 4.3-RELEASE, 4.4-RELEASE, and 4-STABLE dated prior to the correction date. This patch may or may not apply to older, unsupported releases of FreeBSD. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch.asc Execute the following commands as root: # cd /usr/src # patch -p < /path/to/patch # cd /usr/src/usr.sbin/pkg_install # make depend && make all install VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source Path Revision Branch - ------------------------------------------------------------------------- src/usr.sbin/pkg_install/lib/pen.c HEAD 1.37 RELENG_4 1.31.2.6 RELENG_4_4 1.31.2.2.2.1 RELENG_4_3 1.31.2.1.2.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPDZOBlUuHi5z0oilAQEPwwP/ZKTT+30/iNKFVEpxjIr1IgW/YkMI3ViG G3C12reQQ/QcfGhdxjJesMqeHDhEf2onmZ7ftYRu2Wpg7BC5KAH5rbQ5vDgdVEI0 ym5zPNOR9BgXVuZ9WZ1M6SizHZwngfn/JHjMltd1xcdCwJ93iVq+/NQg1bB5u7op MPFLhNSwNks= =cT/W -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 4:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4EFDC37B41F; Fri, 4 Jan 2002 17:04:21 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0514Lc93004; Fri, 4 Jan 2002 17:04:21 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 4 Jan 2002 17:04:21 -0800 (PST) Message-Id: <200201050104.g0514Lc93004@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:02.pw Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:02 Security Advisory FreeBSD, Inc. Topic: pw(8) race condition may allow disclosure of master.passwd Category: core Module: pw Announced: 2002-01-04 Credits: ryan beasley Affects: All releases prior to 4.5-RELEASE, 4.4-STABLE prior to the correction date Corrected: 2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4) 2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4) 2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3) FreeBSD only: YES I. Background The pw(8) utility is used to create, remove, modify, and display system users and groups. II. Problem Description When creating, removing, or modifying system users, the pw utility modifies the system password file `/etc/master.passwd'. This file contains the users' encrypted passwords and is normally only readable by root. During the modification, a temporary copy of the file is created. However, this temporary file is mistakenly created with permissions that allow it to be read by any user. III. Impact A local attacker can read the temporary file created by pw(8) and use the encrypted passwords to conduct an off-line dictionary attack. A successful attack would result in the recovery of one or more passwords. Because the temporary file is short-lived (it is removed almost immediately after creation), this can be difficult to exploit: an attacker must `race' to read the file before it is removed. IV. Workaround 1) Do not use pw(8) to create, remove, or modify system users. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the 4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE security-fix branch (RELENG_4_3), dated after the correction date. 2) FreeBSD 4.x systems prior to the correction date: The following patch has been verified to apply to FreeBSD 4.3-RELEASE, 4.4-RELEASE, and 4-STABLE dated prior to the correction date. This patch may or may not apply to older, unsupported releases of FreeBSD. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/pw # make depend && make all install VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source Path Revision Branch - ------------------------------------------------------------------------- src/usr.sbin/pw/pwupd.c HEAD (CURRENT) 1.18 RELENG_4 (4-STABLE) 1.12.2.4 RELENG_4_4 (4.4-RELEASE security branch) 1.12.2.3.4.1 RELENG_4_3 (4.3-RELEASE security branch) 1.12.2.3.2.1 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6 j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl qNU0wX2XJU0= =g2Uh -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 7:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 50FC337B429; Fri, 4 Jan 2002 17:04:33 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0514Xr93057; Fri, 4 Jan 2002 17:04:33 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 4 Jan 2002 17:04:33 -0800 (PST) Message-Id: <200201050104.g0514Xr93057@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:03.mod_auth_pgsql Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:03 Security Advisory FreeBSD, Inc. Topic: mod_auth_pgsql port authentication bypass Category: ports Module: mod_auth_pgsql Announced: 2002-01-04 Credits: RUS CERT Affects: Ports collection prior to the correction date Corrected: 2001-10-02 11:33:49 UTC FreeBSD only: NO I. Background mod_auth_pgsql is an Apache module which allows the Apache web server to use a PostgreSQL database for user and/or group authentication. II. Problem Description The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9, contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be execute. mod_auth_pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information. The username given by the remote user is inserted into the SQL statement without any quoting or other safety checks. The mod_auth_pgsql port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 6000 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.4 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A remote user may insert arbitrary SQL code into the username during authentication, leading to several exploit opportunities. In particular, the attacker may cause mod_auth_pgsql to use a known fixed password hash for user verification, allowing him to authenticate as any user and obtain unauthorized access to web server data. IV. Workaround 1) Deinstall the mod_auth_pgsql port/package if you have it installed. V. Solution 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_auth_pgsql-0.9.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_auth_pgsql-0.9.9.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) Download a new port skeleton for the mod_auth_pgsql port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source Path Revision - ------------------------------------------------------------------------- ports/www/mod_auth_pgsql/Makefile 1.3 ports/www/mod_auth_pgsql/distinfo 1.2 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPDZOBVUuHi5z0oilAQHfNgQAgp9FKI4P0XfSzBdbcdOnqPCBJji4TPLS gENpCcvT55dWcGjYr0XsJrsk1NhF3Qq0TR8CnN2OmWaxx1ugoqwdc6o0vqzYIQ5H DAwBK4tbYOBYmram7A+0VBbTxPlHTnTop56i3/w2xaxafMHdlrzB2zCO7pimU83i 2MAKa0dLwS4= =l5iu -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 7:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D96A737B431; Fri, 4 Jan 2002 17:04:43 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0514h793151; Fri, 4 Jan 2002 17:04:43 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 4 Jan 2002 17:04:43 -0800 (PST) Message-Id: <200201050104.g0514h793151@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:04.mutt Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. Topic: mutt ports contain remotely exploitable buffer overflow Category: ports Module: mutt Announced: 2002-01-04 Credits: Joost Pol Affects: Ports collection prior to the correction date Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) FreeBSD only: NO I. Background Mutt is a small but very powerful text-based mail client for Unix operating systems. II. Problem Description The mutt ports, versions prior to mutt-1.2.25_1 and mutt-devel-1.3.24_2, contain a buffer overflow in the handling of email addresses in headers. The mutt and mutt-devel ports are not installed by default, nor are they "part of FreeBSD" as such: they are parts of the FreeBSD ports collection, which contains over 6000 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.4 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact An attacker may send an email message with a specially crafted email address in any of several message headers to the victim. When the victim reads the message using mutt and encounters that email address, the buffer overflow is triggered and may result in arbitrary code being executed with the privileges of the victim. IV. Workaround 1) Deinstall the mutt and mutt-devel ports/packages if you have them installed. V. Solution 1) Upgrade your entire ports collection and rebuild the ports. 2) Deinstall the old packages and install news package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-devel-1.3.24_2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-devel-1.3.24_2.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. NOTE: It may be several days before updated packages are available. 3) Download a new port skeleton for the mutt or mutt-devel port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source Path Revision - ------------------------------------------------------------------------- ports/mail/mutt/Makefile 1.110 ports/mail/mutt/files/patch-rfc822.c 1.1 ports/mail/mutt-devel/Makefile 1.141 ports/mail/mutt-devel/files/patch-rfc822-security 1.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPDZOB1UuHi5z0oilAQHlkQP/abGNj546AB2YE62V1r3URAXE42c5HCEf wVRH0draXRFkHBGNlJkV2dSr+wYNFt8XXUw7yfGyyPsbLY6F7z2AmwMbya4kSjP5 8ROGuKHkNdyYp09Kdk93++dDYTKHoR1SfwV9oh9KeJcMho9z64ASPuDlNf4uaLk0 JLEmsVGdCoE= =hpjv -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17: 8: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8083637B434; Fri, 4 Jan 2002 17:04:50 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0514oq93202; Fri, 4 Jan 2002 17:04:50 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Fri, 4 Jan 2002 17:04:50 -0800 (PST) Message-Id: <200201050104.g0514oq93202@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:05.pine Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:05 Security Advisory FreeBSD, Inc. Topic: pine port insecure URL handling Category: ports Module: pine Announced: 2002-01-04 Credits: zen-parse Affects: Ports collection prior to the correction date Corrected: 2001-10-05 08:41:39 UTC FreeBSD only: NO I. Background PINE is an application for reading mail and news. II. Problem Description The pine port, versions previous to pine-4.40, handles URLs in messages insecurely. PINE allows users to launch a web browser to visit a URL embedded in a message. Due to a programming error, PINE does not properly escape meta-characters in the URL before passing it to the command shell as an argument to the web browser. The pine port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 6000 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.4 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact An attacker can supply commands enclosed in single quotes ('') in a URL embedded in a message sent to the victim. If the user then decides to view the URL, PINE will launch a command shell which will then execute the attacker's commands with the victim's privileges. It is possible to obfuscate the URL so that it will not necessarily seem dangerous to the victim. IV. Workaround 1) Deinstall the pine port/package if you have it installed. V. Solution 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.43.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.43.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) Download a new port skeleton for the pine port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source Path Revision - ------------------------------------------------------------------------- ports/mail/pine4/Makefile 1.58 ports/mail/pine4/distinfo 1.18 ports/mail/pine4/files/patch-aa 1.4 ports/mail/pine4/files/patch-ac 1.11 ports/mail/pine4/files/patch-af 1.12 ports/mail/pine4/files/patch-ai 1.11 ports/mail/pine4/files/patch-aj 1.5 ports/mail/pine4/files/patch-ak 1.6 ports/mail/pine4/files/patch-al 1.10 ports/mail/pine4/files/patch-am 1.6 ports/mail/pine4/files/patch-an 1.5 ports/mail/pine4/files/patch-ap 1.3 ports/mail/pine4/files/patch-at 1.6 ports/mail/pine4/files/patch-au 1.4 ports/mail/pine4/files/patch-ax 1.4 ports/mail/pine4/files/patch-az 1.3 ports/mail/pine4/files/patch-be 1.1 ports/mail/pine4/files/patch-bf 1.1 ports/mail/pine4/files/patch-bg 1.1 ports/mail/pine4/files/patch-reply.c 1.2 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPDZOCFUuHi5z0oilAQG65gQAjdGuLydxrCswe9trnfOXIKqTkYll/iP7 7atJipzI+RvYjCzNu/nVItCM+jjGSDvSzF1/OUStAUNM2OZY7hqneSPHed8wTyX8 BU7ZNVlLEDsoZc1nWkUpqBkacPLPq6F7k1YbzMO1xVqIzewmXTpaQzmoKNW/ndIO T108lLHqDVE= =Ry2Q -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 17:36:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 370E437BA7E for ; Fri, 4 Jan 2002 17:18:50 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g051Jtq52226; Fri, 4 Jan 2002 17:19:55 -0800 (PST) (envelope-from fasty) Date: Fri, 4 Jan 2002 17:19:55 -0800 From: faSty To: "Scot W. Hetzel" Cc: freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020104171955.C44218@i-sphere.com> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020104165120.B44218@i-sphere.com> <007a01c19583$16259260$11fd2fd8@westbend.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007a01c19583$16259260$11fd2fd8@westbend.net>; from hetzels@westbend.net on Fri, Jan 04, 2002 at 06:45:51PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Oh thanks, it works with 4.5-PRERELEASE. I tested recompile the fbsd with ssp and installed. It works very well. -trev On Fri, Jan 04, 2002 at 06:45:51PM -0600, Scot W. Hetzel wrote: > From: "faSty" > > the patch i tried on 4.5-PRERELEASE. It was failed. > > > > > > fetch > http://www.trl.ibm.com/projects/security/ssp/freebsd43/protector4.3-2.patch > > cd /usr > > patch < protector4.3-2.patch > > > : > > |=================================================================== > > |RCS file: /home/ncvs/src/contrib/gcc/Makefile.in,v > > |retrieving revision 1.4.2.1 > > |diff -c -3 -p -r1.4.2.1 Makefile.in > > |*** contrib/gcc/Makefile.in 2001/04/10 19:22:57 1.4.2.1 > > |--- contrib/gcc/Makefile.in 2001/06/28 11:34:25 > > -------------------------- > > File to patch: > > > Try patching from /usr/src instead of /usr. > > Scot -- Suddenly, Professor Liebowitz realizes he has come to the seminar without his duck ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 18:49:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.microbsd.net (mail.microbsd.net [4.23.122.30]) by hub.freebsd.org (Postfix) with ESMTP id 3ABAA37C196 for ; Fri, 4 Jan 2002 18:40:15 -0800 (PST) Received: from 127.0.0.1 (localhost.microbsd.net [127.0.0.1]) by mail.microbsd.net (Postfix) with SMTP id 417EA1F11; Fri, 4 Jan 2002 21:37:01 -0500 (EST) Received: from compaq.microbsd.net (compaq.microbsd.net [4.23.122.88]) by mail.microbsd.net (Postfix) with ESMTP id 70DEF1F05; Fri, 4 Jan 2002 21:36:54 -0500 (EST) Subject: Re: libsafe? From: Kerberus To: faSty Cc: Kris Kennaway , freebsd-security@FreeBSD.ORG In-Reply-To: <20020104165120.B44218@i-sphere.com> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020104165120.B44218@i-sphere.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 04 Jan 2002 21:38:26 -0500 Message-Id: <1010198306.244.0.camel@compaq.microbsd.net> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ummm you need to be in /usr/src for the protector patch to apply correctly, it does apply cleanly i did it today myself, actually the machine im using is protected with it as of a cvsup from today On Fri, 2002-01-04 at 19:51, faSty wrote: > the patch i tried on 4.5-PRERELEASE. It was failed. > > > fetch http://www.trl.ibm.com/projects/security/ssp/freebsd43/protector4.3-2.patch > cd /usr > patch < protector4.3-2.patch > > --[snip]-- > Hmm... Looks like a new-style context diff to me... > The text leading up to this was: > -------------------------- > |? contrib/gcc/protector.h > |? contrib/gcc/protector.c > |? sys/libkern/stack_smash_handler.c > |Index: contrib/gcc/Makefile.in > |=================================================================== > |RCS file: /home/ncvs/src/contrib/gcc/Makefile.in,v > |retrieving revision 1.4.2.1 > |diff -c -3 -p -r1.4.2.1 Makefile.in > |*** contrib/gcc/Makefile.in 2001/04/10 19:22:57 1.4.2.1 > |--- contrib/gcc/Makefile.in 2001/06/28 11:34:25 > -------------------------- > File to patch: > > --end-- > > On Fri, Jan 04, 2002 at 04:38:19PM -0800, Kris Kennaway wrote: > > On Fri, Jan 04, 2002 at 02:54:08AM -0800, faSty wrote: > > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > > > > Yes; let me know if it fails to apply and I'll send you mine, which > > might have been slightly changed by CVS over time. > > > > Kris > > > > -- > A bureaucracy is like a septic tank -- all the really big shits float > to the top. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 18:49:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id 5B9E637C01C for ; Fri, 4 Jan 2002 18:40:00 -0800 (PST) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Fri, 4 Jan 2002 18:39:59 -0800 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: security@FreeBSD.ORG Date: Fri, 4 Jan 2002 18:40:00 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Security advisory SA-02:04 typo? Reply-To: pjklist@ekahuna.com Message-ID: <3C35F700.20238.29BF6BB@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I got this today: >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. > > Topic: mutt ports contain remotely exploitable buffer overflow > > Category: ports > Module: mutt > Announced: 2002-01-04 > Credits: Joost Pol > Affects: Ports collection prior to the correction date > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > FreeBSD only: NO > > I. Background > > Mutt is a small but very powerful text-based mail client for Unix > operating systems. > > II. Problem Description > > The mutt ports, versions prior to mutt-1.2.25_1 and > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > email addresses in headers. Shall I assume the "1.2.25_1" string above is a typo? Is it really the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to be pretty old at this point. Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 19: 7:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by hub.freebsd.org (Postfix) with ESMTP id 21FFE37B416 for ; Fri, 4 Jan 2002 19:07:32 -0800 (PST) Received: from localhost (tez@localhost) by nova.fnal.gov (8.10.2+Sun/8.10.2) with ESMTP id g0537Ud05880; Fri, 4 Jan 2002 21:07:30 -0600 (CST) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Fri, 4 Jan 2002 21:07:30 -0600 (CST) From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov To: "Philip J. Koenig" Cc: security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? In-Reply-To: <3C35F700.20238.29BF6BB@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 4 Jan 2002, Philip J. Koenig wrote: > >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. > > > > Topic: mutt ports contain remotely exploitable buffer overflow > > > > Category: ports > > Module: mutt > > Announced: 2002-01-04 > > Credits: Joost Pol > > Affects: Ports collection prior to the correction date > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > FreeBSD only: NO > > > > I. Background > > > > Mutt is a small but very powerful text-based mail client for Unix > > operating systems. > > > > II. Problem Description > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > email addresses in headers. > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > be pretty old at this point. This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating that the 1.2.25 port has been updated once (to repair the security issue). This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 source tarball. The latest stable version of mutt available from www.mutt.org is 1.2.25.1, and it also has the security fix. - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 19: 9:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from marvin.nildram.co.uk (marvin.nildram.co.uk [195.112.4.71]) by hub.freebsd.org (Postfix) with SMTP id E2A7437B41C for ; Fri, 4 Jan 2002 19:09:11 -0800 (PST) Received: (qmail 22975 invoked from network); 5 Jan 2002 03:09:10 -0000 Received: from muttley.gotadsl.co.uk (HELO VicNBob) (213.208.123.26) by marvin.nildram.co.uk with SMTP; 5 Jan 2002 03:09:10 -0000 From: Matthew Whelan To: freebsd-security@FreeBSD.ORG, msch@snafu.de Cc: freebsd-stable@FreeBSD.ORG, Peter.Sauerland@siemens.com, iss@cert.siemens.de Date: Sat, 05 Jan 2002 03:09:10 -0000 X-Priority: 3 (Normal) In-Reply-To: Message-Id: Subject: Re: TCP Sequence-Prediction (4.5-PRE) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Opera 6.0 build 1010 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 03/01/2002 20:59:35, Matthias Schuendehuette wrote: >Hello, > >my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it >complained about TCP Sequence Prediction: > >'The TCP sequence was found to be predictable.' > >I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later >:-) as listed in FreBSD-SA-00:52. > >I looked at the published Patch in FreBSD-SA-00:52 but couldn't find >the Sourcecode Sequence to be patched any more (I wasn't wondering). > >But so, what shall I do, who's to blame? Is the ISS lying? Is there any >advice from the FreeBSD Security Officer or the developers how to >proceed further? If you've CVSup'd within the last 3 weeks (I suspect you must have done to have 4.5-PRE ;p), you should have: * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 jlemon Exp $ which appears now to have all the code for ISN generation (start looking at line 1112 - does playing with the two sysctl's mentioned make any difference to what ISS says? Looks like the isn_reseed_interval is only used if strict_rfc1948 is not set) Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 19:16:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135]) by hub.freebsd.org (Postfix) with SMTP id 47EEA37B417 for ; Fri, 4 Jan 2002 19:16:40 -0800 (PST) Received: (qmail 35244 invoked by uid 1000); 5 Jan 2002 03:16:38 -0000 Date: Fri, 4 Jan 2002 22:16:38 -0500 From: Chris Johnson To: Tim Zingelman Cc: "Philip J. Koenig" , security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020104221638.A35194@palomine.net> References: <3C35F700.20238.29BF6BB@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from zingelman@fnal.gov on Fri, Jan 04, 2002 at 09:07:30PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 04, 2002 at 09:07:30PM -0600, Tim Zingelman wrote: > On Fri, 4 Jan 2002, Philip J. Koenig wrote: > > > > > > Category: ports > > > Module: mutt > > > Announced: 2002-01-04 > > > Credits: Joost Pol > > > Affects: Ports collection prior to the correction date > > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > > FreeBSD only: NO > > > > > > I. Background > > > > > > Mutt is a small but very powerful text-based mail client for Unix > > > operating systems. > > > > > > II. Problem Description > > > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > > email addresses in headers. > > > > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > > be pretty old at this point. >=20 > This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating > that the 1.2.25 port has been updated once (to repair the security issue). > This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 > source tarball. Note: 1.2.25 !=3D 1.2.5. It *is* a typo. Chris Johnson --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8NnAVyeUEMvtGLWERAtKXAJ0dcl7cqM12EIAz6D4fu/N7eX5OoACffIbR FdAELJkWWclmlTRZO1qARYg= =vLLM -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 19:18:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 3EF2937B41B for ; Fri, 4 Jan 2002 19:18:05 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g053I1A04884; Fri, 4 Jan 2002 19:18:01 -0800 (PST) (envelope-from fasty) Date: Fri, 4 Jan 2002 19:18:01 -0800 From: faSty To: Kerberus Cc: freebsd-security@freebsd.org Subject: Re: libsafe? Message-ID: <20020104191801.A4854@i-sphere.com> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020104165120.B44218@i-sphere.com> <1010198306.244.0.camel@compaq.microbsd.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1010198306.244.0.camel@compaq.microbsd.net>; from kerberus@microbsd.net on Fri, Jan 04, 2002 at 09:38:26PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, It worked like charms. thanks. -trev On Fri, Jan 04, 2002 at 09:38:26PM -0500, Kerberus wrote: > Ummm you need to be in /usr/src for the protector patch to apply > correctly, it does apply cleanly i did it today myself, actually the > machine im using is protected with it as of a cvsup from today > > On Fri, 2002-01-04 at 19:51, faSty wrote: > > the patch i tried on 4.5-PRERELEASE. It was failed. > > > > > > fetch http://www.trl.ibm.com/projects/security/ssp/freebsd43/protector4.3-2.patch > > cd /usr > > patch < protector4.3-2.patch > > > > --[snip]-- > > Hmm... Looks like a new-style context diff to me... > > The text leading up to this was: > > -------------------------- > > |? contrib/gcc/protector.h > > |? contrib/gcc/protector.c > > |? sys/libkern/stack_smash_handler.c > > |Index: contrib/gcc/Makefile.in > > |=================================================================== > > |RCS file: /home/ncvs/src/contrib/gcc/Makefile.in,v > > |retrieving revision 1.4.2.1 > > |diff -c -3 -p -r1.4.2.1 Makefile.in > > |*** contrib/gcc/Makefile.in 2001/04/10 19:22:57 1.4.2.1 > > |--- contrib/gcc/Makefile.in 2001/06/28 11:34:25 > > -------------------------- > > File to patch: > > > > --end-- > > > > On Fri, Jan 04, 2002 at 04:38:19PM -0800, Kris Kennaway wrote: > > > On Fri, Jan 04, 2002 at 02:54:08AM -0800, faSty wrote: > > > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > > > > > > Yes; let me know if it fails to apply and I'll send you mine, which > > > might have been slightly changed by CVS over time. > > > > > > Kris > > > > > > > > -- > > A bureaucracy is like a septic tank -- all the really big shits float > > to the top. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- You have the body of a 19 year old. Please return it before it gets wrinkled. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 19:27:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id 5A54237B41D for ; Fri, 4 Jan 2002 19:27:28 -0800 (PST) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Fri, 4 Jan 2002 19:27:27 -0800 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: Tim Zingelman Date: Fri, 4 Jan 2002 19:27:28 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Security advisory SA-02:04 typo? Reply-To: pjklist@ekahuna.com Cc: security@FreeBSD.ORG Message-ID: <3C360220.17452.2C76D79@localhost> References: <3C35F700.20238.29BF6BB@localhost> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 4 Jan 2002, at 21:07, Tim Zingelman boldly uttered: > On Fri, 4 Jan 2002, Philip J. Koenig wrote: > > > >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. > > > > > > Topic: mutt ports contain remotely exploitable buffer overflow > > > > > > Category: ports > > > Module: mutt > > > Announced: 2002-01-04 > > > Credits: Joost Pol > > > Affects: Ports collection prior to the correction date > > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > > FreeBSD only: NO > > > > > > I. Background > > > > > > Mutt is a small but very powerful text-based mail client for Unix > > > operating systems. > > > > > > II. Problem Description > > > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > > email addresses in headers. > > > > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > > be pretty old at this point. > > This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating > that the 1.2.25 port has been updated once (to repair the security issue). > This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 > source tarball. > > The latest stable version of mutt available from www.mutt.org is 1.2.25.1, > and it also has the security fix. > > - Tim OK, maybe I'm misunderstanding the version numbers here. The version of mutt on my Linux box is 1.2.5i. The version on one of my FreeBSD 4 Stable boxes is 1.2.4i, on another just installed from the mutt port on the 4.4-RELEASE CD, 1.2.5i, and the mutt port just cvsup'd 4 days ago is 1.2.5i. So I assumed 1.2.5 was relatively current. I have gotten used to version numbers that increment on a column-by- column basis, not on a (I don't know the terminology here) integer- between-the-dots basis. (I realize it often does this in the *nix/open-source world.. I just forget sometimes) So if 1.2.25 is actually 11 iterations newer than 1.2.4, then I can see where I was confusing things. Looks like the FreeBSD port version of mutt just took a (borrowing a term from China) "great leap forward" then. Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 21: 6:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id 0912F37B405 for ; Fri, 4 Jan 2002 21:06:47 -0800 (PST) Received: (qmail 69848 invoked by uid 3193); 5 Jan 2002 05:06:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 5 Jan 2002 05:06:45 -0000 Date: Sat, 5 Jan 2002 00:06:45 -0500 (EST) From: Mike Silbersack X-Sender: To: Matthew Whelan Cc: , , , , Subject: Re: TCP Sequence-Prediction (4.5-PRE) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 5 Jan 2002, Matthew Whelan wrote: > If you've CVSup'd within the last 3 weeks (I suspect you must have done to > have 4.5-PRE ;p), you should have: > > * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.23 2001/12/14 20:21:12 > jlemon Exp $ > > which appears now to have all the code for ISN generation (start looking at > line 1112 - does playing with the two sysctl's mentioned make any difference > to what ISS says? Looks like the isn_reseed_interval is only used if > strict_rfc1948 is not set) > > Matthew Guys, ISN generation has been secure since 4.3-release, though it has gone through a few revisions since then. If ISS disagrees, it is what should be inspected, not our ISN generation code. Changing the various sysctls is not going to change the output in any fashion that is noticeable to most people. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 4 21:56:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from scrabble.freeuk.net (scrabble.freeuk.net [212.126.144.6]) by hub.freebsd.org (Postfix) with ESMTP id 4B79F37B41B for ; Fri, 4 Jan 2002 21:56:45 -0800 (PST) Received: from adsl-solo-39-36.claranet.co.uk ([213.253.39.36] helo=myname.my.domain) by scrabble.freeuk.net with esmtp (Exim 3.33 #1) id 16Mjos-0000EZ-00 for security@FreeBSD.ORG; Sat, 05 Jan 2002 05:56:38 +0000 Received: (from alex@localhost) by myname.my.domain (8.11.6/8.11.3) id g0564QE09349 for security@FreeBSD.ORG; Sat, 5 Jan 2002 06:04:26 GMT (envelope-from alex) Date: Sat, 5 Jan 2002 06:04:26 +0000 From: "Aleksandar Simic'" To: security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020105060426.A9217@frustum.clara.co.uk> References: <3C35F700.20238.29BF6BB@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C35F700.20238.29BF6BB@localhost>; from pjklist@ekahuna.com on Fri, Jan 04, 2002 at 06:40:00PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jan 04, 2002 at 06:40:00PM -0800, Philip J. Koenig wrote: [...] > > The mutt ports, versions prior to mutt-1.2.25_1 and > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > email addresses in headers. > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > be pretty old at this point. Good point, and what about the actual package names ? In the advisory the following URLs are listed as fixed packages: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-devel-1.3.24_2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-devel-1.3.24_2.tgz from ftp.freebsd.org -------------------- ftp> pwd 257 "/pub/FreeBSD/ports/i386/packages-4-stable/mail" ftp> ls mutt* mutt-1.2.5.tgz -> ../All/mutt-1.2.5.tgz mutt-devel-1.3.24_1.tgz -> ../All/mutt-devel-1.3.24_1.tgz ftp> pwd 257 "/pub/FreeBSD/ports/i386/packages-5-current/mail" ftp> ls mutt* mutt-1.2.5.tgz -> ../All/mutt-1.2.5.tgz mutt-devel-1.3.24_1.tgz -> ../All/mutt-devel-1.3.24_1.tgz not mutt-1.2.5_1.tgz but mutt-1.2.5.tgz is found. ^^ ^ The same is with mutt-devel-1.3.24_2.tgz, as only ^^ mutt-devel-1.3.24_1.tgz is listed. ^^ So is mutt-1.2.5_1.tgz the same as mutt-1.2.5.tgz ? And is mutt-devel-1.3.24_2.tgz the same as mutt-devel-1.3.24_1.tgz ? Thanks, --Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 0:25:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from smart.eusc.inter.net (smart.eusc.inter.net [213.73.101.5]) by hub.freebsd.org (Postfix) with ESMTP id DF21237B416; Sat, 5 Jan 2002 00:25:32 -0800 (PST) Received: from tc01-n71-228.de.inter.net ([213.73.71.228] helo=there) by smart.eusc.inter.net with smtp (Exim 3.22 #3) id 16Mm8s-0001Ai-00; Sat, 05 Jan 2002 09:25:26 +0100 Content-Type: text/plain; charset="iso-8859-1" From: Matthias Schuendehuette Reply-To: msch@snafu.de Organization: Micro$oft-free Zone To: Mike Silbersack Subject: Re: TCP Sequence-Prediction (4.5-PRE) Date: Sat, 5 Jan 2002 09:25:25 +0100 X-Mailer: KMail [version 1.3.1] References: In-Reply-To: Cc: freebsd-stable@freebsd.org, Peter.Sauerland@siemens.com, iss@cert.siemens.de, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am Samstag, 5. Januar 2002 06:06 schrieben Sie: > Guys, ISN generation has been secure since 4.3-release, though it has > gone through a few revisions since then. If ISS disagrees, it is > what should be inspected, not our ISN generation code. Changing the > various sysctls is not going to change the output in any fashion that > is noticeable to most people. Basically I agree and I hope, that the ISS people do some investigations concerning that issue. But OTOH it's at least a parameter to play with (the rfc1948-sysctl). Even if you're right (what I expect), I want to have it checked out. The scan lasts for about 15 minutes and I think it's no big deal to do some more and see if there are any reactions by ISS. If my colleague agrees, I'll know more on monday... However, many thanks for your interest and participation so far! Ciao/BSD - Matthias -- *************************************************************************** * Matthias Schuendehuette msch@snafu.de * * Solmsstrasse 44 * * D-10961 Berlin Engineering Systems Support and Operation * * Germany (Powered by FreeBSD 4.5-PRERELEASE) * *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 0:28:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.prokk.net (smtp.prokk.net [194.42.198.25]) by hub.freebsd.org (Postfix) with ESMTP id A6F8E37B41D for ; Sat, 5 Jan 2002 00:28:39 -0800 (PST) Received: from base (base.prokk.net [194.42.198.7]) by smtp.prokk.net (8.11.1/8.11.1) with SMTP id g058SbV25769 for ; Sat, 5 Jan 2002 10:28:37 +0200 (EET) Message-ID: <00cd01c195c3$3e88d240$31c62ac2@base> From: "Serge V. Makovets" To: Subject: unsubscribe freebsd-security Date: Sat, 5 Jan 2002 10:30:34 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org auth 36912c16 unsubscribe freebsd-security mcovets@prokk.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 5:34:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from speedracer.compriscorp.com (remedy.compriscorp.com [207.243.232.34]) by hub.freebsd.org (Postfix) with ESMTP id BD46D37B419 for ; Sat, 5 Jan 2002 05:34:45 -0800 (PST) Received: from siiks.a1.bosch.de ([212.24.73.138]) by speedracer.compriscorp.com with Microsoft SMTPSVC(5.0.2195.3779); Sat, 5 Jan 2002 05:26:30 -0500 Message-ID: <000045136220$000051fb$00005806@k4cl01.a1.bosch.de> To: From: "Your Movies" Subject: Why Pay For A copy 25871 Date: Sat, 05 Jan 2002 02:23:14 -2000 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Reply-To: whvtl@sendmail.ru X-OriginalArrivalTime: 05 Jan 2002 10:26:30.0364 (UTC) FILETIME=[70A5D9C0:01C195D3] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org

COPY ANY DVD MOVIE!
With our revolut= ionary software you can copy virtually
any DVD Movie using your existing equipment! 
Conventional DVD copying equipment can cost tho= usands of $$
Our DVD Wizard cost less than the price of 2 DVD Movies! =

O= rder NOW and get our PlayStation Wizard For FREE!

CLICK HERE To Learn About DVD Wizard!

= CONVERT VHS INTO DVD!
Why pay for a co= py of a movie on DVD that you already
own of VHS???
  Not all movies o= n VHS are available on DVD.
So MAKE Them into a DVD yourself!!  DVD Wizard Will teach you. Our Revolutionary DVD Wizard will help you create DVD's!


Copy DVD Movies An= d Create Your Own Personal Collection!
Convert VHS and Camcorder Movies into DVD Movies! 

Ord= er NOW and get our PlayStation Wizard For FREE!
.
CLICK HERE To Learn About VHS Wizard!

3D"VHS.gif

FREE BONUS!!

= COPY PLAYSTATION=FFFFFFAE GAMES

With our= revolutionary software you can copy virtually any  PlayStation=FFFFFFAE Game using your existing CD Burner!


Conventional Game Coping copying equipment can cost thousands of  dollars. 

The Play= Station =FFFFFFAE Wizard costs less than the price of ONE GAME!


Rent any game for less than $4 and copy it for FREE!


Save HUNDREDS of dollars copying games! For the price of just one game= you can 
own this software and have UNLIMITED GAMES! 

This me= ans the software pays for 
itself the first time you use it!!!

Ord= er NOW and get our PlayStation Wizard For FREE!

CLICK HERE To Learn About PlayStation Wizard!

 

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 6:43:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 170C637B419; Sat, 5 Jan 2002 06:43:24 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 5231A43; Sat, 5 Jan 2002 08:43:23 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g05EhKr18887; Sat, 5 Jan 2002 08:43:20 -0600 (CST) (envelope-from nectar) Date: Sat, 5 Jan 2002 08:43:20 -0600 From: "Jacques A. Vidrine" To: freebsd-security@FreeBSD.ORG Cc: "Philip J. Koenig" , "Aleksandar Simic'" , Tim Zingelman Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020105144320.GA18767@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG, "Philip J. Koenig" , Aleksandar Simic' , Tim Zingelman References: <3C35F700.20238.29BF6BB@localhost> <20020105060426.A9217@frustum.clara.co.uk> <3C35F700.20238.29BF6BB@localhost> <3C360220.17452.2C76D79@localhost> <3C35F700.20238.29BF6BB@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020105060426.A9217@frustum.clara.co.uk> <3C360220.17452.2C76D79@localhost> <3C35F700.20238.29BF6BB@localhost> User-Agent: Mutt/1.3.25i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jan 04, 2002 at 06:40:00PM -0800, Philip J. Koenig wrote: > > The mutt ports, versions prior to mutt-1.2.25_1 and > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > email addresses in headers. > Shall I assume the "1.2.25_1" string above is a typo? Is it really > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > be pretty old at this point. Yes, it is a typo. It should have been ``1.2.5_1''. A revised advisory will be released later today. The package URLs contained the correct mutt versions. On Fri, Jan 04, 2002 at 07:27:28PM -0800, Philip J. Koenig wrote: > OK, maybe I'm misunderstanding the version numbers here. > > The version of mutt on my Linux box is 1.2.5i. It's vulnerable. > The version on one of > my FreeBSD 4 Stable boxes is 1.2.4i, on another just installed from > the mutt port on the 4.4-RELEASE CD, 1.2.5i, and the mutt port just > cvsup'd 4 days ago is 1.2.5i. These are all vulnerable. > So I assumed 1.2.5 was relatively > current. It is ``relatively current''. However, 1.2.5i is vulnerable. The FreeBSD port is 1.2.5_1 at the moment, which is just 1.2.5i + a security fix. Note the underscore... that is a FreeBSD ports-specific indicator, and represents the PORTREVISION. This is discussed a bit at . Maybe someone will post a better pointer. > I have gotten used to version numbers that increment on a column-by- > column basis, not on a (I don't know the terminology here) integer- > between-the-dots basis. (I realize it often does this in the > *nix/open-source world.. I just forget sometimes) I think your preconception of version numbers is not correct in most cases. Versions are sorted numerically, not lexigraphically. > So if 1.2.25 is actually 11 iterations newer than 1.2.4, It would be, if it existed :-) > then I can > see where I was confusing things. Looks like the FreeBSD port > version of mutt just took a (borrowing a term from China) "great leap > forward" then. On Sat, Jan 05, 2002 at 06:04:26AM +0000, Aleksandar Simic' wrote: > In the advisory the following URLs are listed as fixed packages: [snip ... ftp.freebsd.org now has mutt-1.2.5.tgz and mutt-devel-1.3.24_1.tgz as the latest packages] This is unfortunate. The updated packages were available yesterday on ftp.FreeBSD.org. I don't know what might have happened to them. Normally we insert this text in an advisory if the packages aren't yet available: ``NOTE: It may be several days before updated packages are available. Be sure to check the file creation date on the package, because the version number of the software has not changed.'' The revised advisory will contain this text if the packages have not reappeared. Actually, mutt-devel-1.3.24_2 will likely never now reappear, because that port has been updated since this advisory was published. > So is mutt-1.2.5_1.tgz the same as mutt-1.2.5.tgz ? > > And is mutt-devel-1.3.24_2.tgz the same as mutt-devel-1.3.24_1.tgz ? Emphatically --- NO and NO. Clearly they are not. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 6:58:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 113A937B416 for ; Sat, 5 Jan 2002 06:58:27 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 894B843; Sat, 5 Jan 2002 08:58:26 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g05EwQk18993; Sat, 5 Jan 2002 08:58:26 -0600 (CST) (envelope-from nectar) Date: Sat, 5 Jan 2002 08:58:26 -0600 From: "Jacques A. Vidrine" To: freebsd-security@FreeBSD.ORG, "Philip J. Koenig" , "Aleksandar Simic'" , Tim Zingelman Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020105145826.GA18797@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG, "Philip J. Koenig" , Aleksandar Simic' , Tim Zingelman References: <3C35F700.20238.29BF6BB@localhost> <20020105060426.A9217@frustum.clara.co.uk> <3C35F700.20238.29BF6BB@localhost> <3C360220.17452.2C76D79@localhost> <3C35F700.20238.29BF6BB@localhost> <20020105144320.GA18767@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020105144320.GA18767@madman.nectar.cc> User-Agent: Mutt/1.3.25i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jan 05, 2002 at 08:43:20AM -0600, Jacques A. Vidrine wrote: > Normally we insert this text in an advisory if the packages aren't yet > available: > > ``NOTE: It may be several days before updated packages are available. Be > sure to check the file creation date on the package, because the > version number of the software has not changed.'' Well, we did do that, with the exception of the 2nd sentence which is not applicable in this case. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 6:59:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail001.ifxwh.com.br (mail001.ifxwh.com.br [200.201.133.10]) by hub.freebsd.org (Postfix) with SMTP id 9F4B837B417 for ; Sat, 5 Jan 2002 06:58:56 -0800 (PST) Received: (qmail 1164 invoked from network); 5 Jan 2002 14:56:00 -0000 Received: from unknown (HELO andre) (200.227.216.241) by 0 with SMTP; 5 Jan 2002 14:56:00 -0000 Message-ID: <00c601c195f9$597c53c0$09c8a8c0@treinar.com.br> From: =?iso-8859-1?Q?Andr=E9_Videira?= To: Subject: to mount the HD with EXT2FS Date: Sat, 5 Jan 2002 12:57:51 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, Iam having problems with one HD Maxtor of 40 GB. Iam using Free BSD 4.2REL trying to mount the HD with EXT2FS. I recompiled the kernel with the option EXT2FS. I download from ports the fsck_ext2fs but I still having problems....is doing a error message ...core dumped. I try to mount the HD (mount -t ext2fs /dev/ad1s1 /data) and pop up a error message: ...: wrong magic number 0 (expected 0xef53) Return e-mail to andre@institutotreinar.com.br c/c franzoni@hostbr.com.br Please if you can help me I will be delighted. Tks Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 7: 3:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail001.ifxwh.com.br (mail001.ifxwh.com.br [200.201.133.10]) by hub.freebsd.org (Postfix) with SMTP id E930137B405 for ; Sat, 5 Jan 2002 07:03:33 -0800 (PST) Received: (qmail 5198 invoked from network); 5 Jan 2002 15:00:37 -0000 Received: from unknown (HELO andre) (200.227.216.241) by 0 with SMTP; 5 Jan 2002 15:00:37 -0000 Message-ID: <00d901c195f9$fed8c920$09c8a8c0@treinar.com.br> From: =?iso-8859-1?Q?Andr=E9_Videira?= To: Subject: to mount the HD with EXT2FS Date: Sat, 5 Jan 2002 13:02:28 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, Iam having problems with one HD Maxtor of 40 GB. Iam using Free BSD 4.2REL trying to mount the HD with EXT2FS. I recompiled the kernel with the option EXT2FS. I download from ports the fsck_ext2fs but I still having problems....is doing a error message ...core dumped. I try to mount the HD (mount -t ext2fs /dev/ad1s1 /data) and pop up a error message: ...: wrong magic number 0 (expected 0xef53) Return e-mail to andre@institutotreinar.com.br c/c franzoni@hostbr.com.br Please if you can help me I will be delighted. Tks Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 7:14:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by hub.freebsd.org (Postfix) with ESMTP id 7409637B416 for ; Sat, 5 Jan 2002 07:14:56 -0800 (PST) Received: from localhost (tez@localhost) by nova.fnal.gov (8.10.2+Sun/8.10.2) with ESMTP id g05FEte07653 for ; Sat, 5 Jan 2002 09:14:55 -0600 (CST) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Sat, 5 Jan 2002 09:14:55 -0600 (CST) From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov To: security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Note: 1.2.25 != 1.2.5. It *is* a typo. I totally missed this and thought the confusion was about the underscore vs. dot in the version names. Sorry for adding to the noise. - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 9:43:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (freebsddiary.org.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id D319B37B405 for ; Sat, 5 Jan 2002 09:43:33 -0800 (PST) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.11.6/8.11.4) id g05HjQ705943; Sat, 5 Jan 2002 19:45:26 +0200 (EET) (envelope-from never) Date: Sat, 5 Jan 2002 19:45:26 +0200 From: Nevermind To: Kris Kennaway Cc: faSty , Dominick LaTrappe , freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020105174526.GA5788@nevermind.kiev.ua> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20020104163819.B40314@xor.obsecurity.org> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Kris Kennaway! On Fri, Jan 04, 2002 at 04:38:19PM -0800, you wrote: > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > > Yes; let me know if it fails to apply and I'll send you mine, which > might have been slightly changed by CVS over time. Is there any reasons of not including this into main tree? -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 9:55: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (freebsddiary.org.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id 53BF737B41B; Sat, 5 Jan 2002 09:54:32 -0800 (PST) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.11.6/8.11.4) id g05HvIi06033; Sat, 5 Jan 2002 19:57:18 +0200 (EET) (envelope-from never) Date: Sat, 5 Jan 2002 19:57:18 +0200 From: Nevermind To: freebsd-questions@FreeBSD.org Cc: freebsd-security@FreeBSD.org Subject: Re: to mount the HD with EXT2FS Message-ID: <20020105175718.GB5788@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There is nothing to do with -security ----- Forwarded message from Andr? Videira ----- From: Andr? Videira To: Subject: to mount the HD with EXT2FS Date: Sat, 5 Jan 2002 13:02:28 -0200 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Hi guys, Iam having problems with one HD Maxtor of 40 GB. Iam using Free BSD 4.2REL trying to mount the HD with EXT2FS. I recompiled the kernel with the option EXT2FS. I download from ports the fsck_ext2fs but I still having problems....is doing a error message ...core dumped. I try to mount the HD (mount -t ext2fs /dev/ad1s1 /data) and pop up a error message: ...: wrong magic number 0 (expected 0xef53) Return e-mail to andre@institutotreinar.com.br c/c franzoni@hostbr.com.br Please if you can help me I will be delighted. Tks Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message ----- End forwarded message ----- -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 10: 3:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 6F45F37B416 for ; Sat, 5 Jan 2002 10:03:37 -0800 (PST) Received: (qmail 7394 invoked by uid 1000); 5 Jan 2002 18:01:49 -0000 Date: Sat, 5 Jan 2002 20:01:49 +0200 From: Peter Pentchev To: Nevermind Cc: Kris Kennaway , faSty , Dominick LaTrappe , freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020105200149.B6672@straylight.oblivion.bg> Mail-Followup-To: Nevermind , Kris Kennaway , faSty , Dominick LaTrappe , freebsd-security@FreeBSD.ORG References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020105174526.GA5788@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020105174526.GA5788@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Sat, Jan 05, 2002 at 07:45:26PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jan 05, 2002 at 07:45:26PM +0200, Nevermind wrote: > Hello, Kris Kennaway! > > On Fri, Jan 04, 2002 at 04:38:19PM -0800, you wrote: > > > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > > > > Yes; let me know if it fails to apply and I'll send you mine, which > > might have been slightly changed by CVS over time. > Is there any reasons of not including this into main tree? As far as I remember, the last time this was brought up David O'Brien objected - in his role of binutils/gcc maintainer, he said that he did not really see a need for additional FreeBSD-specific modifications of the binutils and gcc code, which he would have to deal with as he imported each new version. G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 10:47:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from carbon.btinternet.com (carbon.btinternet.com [194.73.73.92]) by hub.freebsd.org (Postfix) with ESMTP id F173E37B41A; Sat, 5 Jan 2002 10:45:31 -0800 (PST) Received: from host213-123-134-22.in-addr.btopenworld.com ([213.123.134.22] helo=dvsgroup) by carbon.btinternet.com with esmtp (Exim 3.22 #8) id 16MvnT-0003k1-00; Sat, 05 Jan 2002 18:43:59 +0000 Received: from Spooler by dvsgroup (Mercury/32 v3.01a) ID MO005490; 5 Jan 02 18:42:38 -0000 Received: from spooler by dvsgroup (Mercury/32 v3.01a); 5 Jan 02 18:42:10 -0000 Received: from user (4.48.5.139) by dvsgroup (Mercury/32 v3.01a) ID MG005487; 5 Jan 02 18:41:08 -0000 From: smr1tks@oa.sharp.co.jp To: Subject: Five Dollar Reports Date: Sat, 05 Jan 2002 12:00:49 -0600 X-Priority: 3 X-MSMail-Priority: Normal Message-ID: <11BC4AF14ECC@dvsgroup> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Friend: AS SEEN ON NATIONAL TV: ''Making over half million dollars every 4 to 5 months from your home for an investment of only $25 U.S. Dollars expense one time'' THANKS TO THE COMPUTER AGE AND THE INTERNET! Before you say ''Bull'', please read the following. This is the letter you have been hearing about on the news lately. Due to the popularity of this letter on the Internet, a national weekly news program recently devoted an entire show to the investigation of this program described below, to see if it really can make people money. The show also investigated whether or not the program was legal. Their findings proved once and for all that there are ''absolutely NO Laws prohibiting the participation in the program and if people can follow the simple instructions, they are bound to make some mega bucks with only $25 out of pocket cost''. DUE TO THE RECENT INCREASE OF POPULARITY & RESPECT THIS PROGRAM HAS ATTAINED, IT IS CURRENTLY WORKING BETTER THAN EVER. This is what one had to say: ''Thanks to this profitable opportunity. I was approached many times before but each time I passed on it. I am so glad I finally joined just to see what one could expect in return for the minimal effort and money required. To my astonishment, I received total $ 610,470.00 in21 weeks, with money still coming in''. Pam Hedland, Fort Lee, New Jersey. ------------------------------------------------------------------------- Here is another testimonial: 'This program has been around for a long time but I never believed in it, but one day when I received this again in the mail I decided to gamble my $25 on it. I followed the simple instructions and walaa ..... 3 weeks later the money started to come in. First month I only made $240.00 but the next 2 months after that I made a total of $290,000.00. So far, in the past 8 months by re-entering the program, I have made over $710,000.00 and I am playing it again. The key to success in this program is to follow the simple steps and NOTchange anything.'' More testimonials later but first, *** PRINT THIS NOW FOR YOUR FUTURE REFERENCE *** $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ If you would like to make at least $500,000 every 4 to 5 months easily and comfortably, please read the following...THEN READ IT AGAIN and AGAIN!!! $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ FOLLOW THE SIMPLE INSTRUCTION BELOW AND YOUR FINANCIAL DREAMS WILL COME TRUE, GUARANTEED! INSTRUCTIONS: **** Order all 5 reports shown on the list below. **** For each report, send $5CASH, THE NAME & NUMBER OF THE REPORT YOU ARE ORDERING and YOUR E-MAIL ADDRESS to the person whose name appears ON THAT LIST next to the report. MAKE SURE YOUR RETURN ADDRESS IS ON YOUR ENVELOPE TOP LEFT CORNER in case of any mail problems. **** When you place your order, make sure you order each of the 5 reports. You will need all 5 reports so that you can save them on your computer and resell them. YOUR TOTAL COST $5X 5 = $25.00. **** Within a few days you will receive, vie e-mail, each of the 5 reports from these 5 different individuals. Save them on your computer so they will be accessible for you to send to the 1,000's of people who will order them from you. Also make a floppy of these reports and keep it on your desk in case something happen to your computer. ****. IMPORTANT -DO NOT alter the names of the people who are listed next to each report, or their sequence on the list, in any way other than what is instructed below in step '' 1 through 6 '' or you will loose out on majority of your profits. Once you understand the way this works, you will also see how it does not work if you change it. Remember, this method has been tested, and if you alter, it will NOT work!!! People have tried to put their friends/relatives names on all five thinking they could get all the money. But it does not work this way. Believe us, we all have tried to be greedy and then nothing happened. So Do Not try to change anything other than what is instructed. Because if you do, it will not work for you. Remember, honesty reaps the reward!!! 1.. After you have ordered all 5 reports, take this advertisement and REMOVE the name & address of the person in REPORT # 5. This person has made it through the cycle and is no doubt counting their fortune. 2.... Move the name & address in REPORT #4down TO REPORT #5. 3.... Move the name & address in REPORT #3 down TO REPORT #4. 4.... Move the name & address in REPORT #2 down TO REPORT #3. 5.... Move the name & address in REPORT #1 down TO REPORT #2 6.... Insert YOUR name & address in the REPORT #1 Position. PLEASE MAKE SURE you copy every name & address ACCURATELY! ================================================= Take this entire letter, with the modified list of names, and save it on your computer. DO NOT MAKE ANY OTHER CHANGES. Save this on a disk as well just in case if you loose any data. To assist you with marketing your business on the Internet, the 5 reports you purchase will provide you with invaluable marketing information which includes how to send bulk e-mails legally, where to find thousands of free classified ads and much more. There are 2 Primary methods to get this venture going: METHOD # 1 : BY SENDING BULK E-MAIL LEGALLY ============================================ let's say that you decide to start small, just to see how it goes, and we will assume You and those involved send out only 5,000 e-mails each. Let's also assume that the mailing receive only a 0.2% response (the response could be much better but lets just say it is only 0.2% . Also many people will send out hundreds of thousands e-mails instead of only 5,000 each). Continuing with this example, you send out only 5,000 e-mails. With a 0.2%response, that is only 10 orders for report #1. Those 10people responded by sending out 5,000 e-mail each for a total of 50,000. Out of those 50,000 e-mails only 0.2% responded with orders. That's = 100 people responded and ordered Report #2. Those 100 people mail out 5,000 e-mails each for a total of 500,000 e-mails. The 0.2% response to that is 1000 orders for Report #3. Those 1000 people send out 5,000 e-mails each for a total of 5 million e-mails sent out. The 0.2% response to that is 10,000 orders for Report #4. Those 10,000 people send out 5,000 e-mails each for a total of 50,000,000 (50 million)e-mails. The 0.2% response to that is 100,000 orders for Report # 5. THAT'S 100,000 ORDERS TIMES $5 EACH = $500,000.00 (half million). Your total income in this example is: 1..... $50+ 2..... $500+ 3..... $5,000+ 4..... $50,000+ 5..... $500,000.........Grand Total = $555,550.00 NUMBERS DO NOT LIE. GET A PENCIL & PAPER AND FIGURE OUT THE WORST POSSIBLE RESPONSES AND NO MATTER HOW YOU CALCULATE IT, YOU WILL STILL MAKE A LOT OF MONEY! ------------------------------------------------------------------------ REMEMBER FRIEND, THIS IS ASSUMING ONLY 10 PEOPLE ORDERING OUT OF 5,000 YOU MAILED TO. Dare to think for a moment what would happen if everyone, or half or even one 4thof those people mailed 100,000 e-mails each or more? There are over 150 million people on the Internet worldwide and counting. Believe me, many people will do just that, and more! METHOD #2 : BY PLACING FREE ADS ON THE INTERNET =================================================== Advertising on the net is very very inexpensive and there are hundreds of FREE places to advertise. Placing a lot of free ads on the Internet will easily get a larger response. We strongly suggest you start with Method # 1 and add METHOD #2 as you go along. for every $5 you receive, all you must do is e-mail them the Report they ordered. That's it. Always provide same day service on all orders. This will guarantee that the e-mail they send out, with your name and address on it, will be prompt because they can not advertise until they receive the report. AVAILABLE REPORTS ORDER EACH REPORT BY ITS NUMBER & NAME ONLY. Notes: Always send $5 cash (U.S. CURRENCY) for each Report. Checks NOT accepted. Make sure the cash is concealed by wrapping it in at least 2 sheets of paper. On one of those sheets of paper, Write the NUMBER & the NAME of the Report you are ordering, YOUR E-MAIL ADDRESS and your name and postal address. PLACE YOUR ORDER FOR THESE REPORTS NOW: ============================================== Report #1:"The Insider's Guide to Advertising for Free on the Net" Order Report #1 from: G Rennox Suite 284 150 Clark Blvd Brampton, Ontario Canada, L6T 4Y8 CANADA ============================================== REPORT # 2: The Insider's Guide to Sending Bulk e-mail on the Net Order Report #2 from: MS Marketing 2714 West 5th North Platte, NE 69101 USA ============================================== REPORT #3: Secret to Multilevel marketing on the net Order Report #3 from: Clairemont Richards PO Box 611437 Rosemary Beach, FL 32461 USA ============================================== REPORT #4: "How to Become a Millionaire Utilizing MLM & the Net" Order Report # 4 from: Bartolomeli Vilela Po Box 1330 Marietta, GA 30061-1330 USA ============================================== REPORT #5: "How to Send Out 0ne Million e-mails for Free" Order Report # 5 from: Marketing Resources 1812 South Hwy 77 #115-179 Lynn Haven, FL 32444 USA $$$$$$$$$ YOUR SUCCESS GUIDELINES $$$$$$$$$$$ Follow these guidelines to guarantee your success: If you do not receive at least 10 orders for Report #1 within 2 weeks, continue sending e-mails until you do. After you have received 10 orders, 2 to 3 weeks after that you should receive 100 orders or more for REPORT #2. If you did not, continue advertising or sending e-mails until you do. Once you have received 100 or more orders for Report #2, YOU CAN RELAX, because the system is already working for you , and the cash will continue to roll in! THIS IS IMPORTANT TO REMEMBER: Every time your name is moved down on the list, you are placed in front of a different report. You can KEEP Track of your PROGRESS by watching which report people are ordering from you. IF YOU WANT TO GENERATE MORE INCOME SEND ANOTHER BATCH OF E-MAIL SAND START THE WHOLE PROCESS AGAIN. There is NO LIMIT to the income you can generate from this business!!! ____________________________________________________ FOLLOWING IS A NOTE FROM THE ORIGINATOR OF THIS PROGRAM: "You have just received information that can give you financial freedom for the rest of your life, with NO RISK and JUST A LITTLE BIT OF EFFORT. You can make more money in the next few weeks and months than you have ever imagined. Follow the program EXACTLY AS INSTRUCTED. Do Not change it in any way. It works exceedingly well as it is now. Remember to e-mail a copy of this exciting report after you have put your name and address in Report #1 and moved others to #2...........#5 as instructed above. One of the people you send this to may send out 100,000 or more e-mails and your name will be on everyone of them. Remember though, the more you send out the more potential customers you will reach. So my friend, I have given you the ideas, information, materials and opportunity to become financially independent. IT IS UP TO YOU NOW! ************** MORETESTIMONIALS**************** ' My name is Mitchell. My wife, Jody and I live in Chicago. I am an accountant with a major U.S. Corporation and I make pretty good money. When I received this program I grumbled to Jody about receiving ''junk mail''. I made fun of the whole thing, spouting my knowledge of the population and percentages involved. I ''knew'' it wouldn't work. Jody totally ignored my supposed intelligence and few days later she jumped in with both feet. I made merciless fun of her, and was ready to lay the old ''I told you so'' on her when the thing didn't work. Well, the laugh was on me! Within 3 weeks she had received 50 responses. Within the next 45 days she had received a total of $ 147,200.00 all cash!I was shocked. I have joined Jody in her ''hobby''. Mitchell Wolf, M.D. , Chicago, Illinois ------------------------------------------------------------------------- Not being the gambling type, it took me several weeks to make up my mind to participate in this plan. But conservative that I am, I decided that the initial investment was so little that there was just no way that I wouldn't get enough orders to at least get my money back. I was surprised when I found my medium size post office box crammed with orders. I made $319,210.00 in the first 12 weeks. The nice thing about this deal is that it does not matter where people live. There simply isn't a better investment with a faster return and so big''. Dan Sondstrom, Alberta, Canada ------------------------------------------------------------------------- 'I had received this program before. I deleted it, but later I wondered if I should have given it a try. Of course, I had no idea who to contact to get another copy, so I had to wait until I was e- mailed again by someone else.........11 months passed then it luckily came again...... I did not delete this one! I made more than $490,000 on my first try and all the money came within 22 weeks''. Susan De Suza, New York, N.Y. ----------------------------------------------------------------------- '' It really is a great opportunity to make relatively easy money with little cost to you. I followed the simple instructions and within 10 days the money started to come in. My first month I made $ 20, 560.00 and by the end of third month my total cash count was $ 362,840.00. Life is beautiful, Thanx to Internet''. Fred Dellaca, Westport, New Zealand ------------------------------------------------------------------------- ORDER YOUR REPORTS TODAY AND GET STARTED ON OUR ROAD TO FINANCIAL FREEDOM! ================================================= If you have any questions of the legality of this program, contact the Office of Associate Director for Marketing Practices, Federal Trade Commission, Bureau of Consumer Protection, Washington, D.C. his message is sent in compliance of the proposed bill SECTION 301. per Section 301, Paragraph (a)(2)(C) of S. 1618. Further transmission to you by the sender of this e-mail may be stopped promptly by sending a reply with the word REMOVE in the subject Line to the email address at the top of this page. This message is not intended for residents in the State of Washington, screening of addresses has been done to the best of our technical ability. _____________________________________________ to be removed randall5050us@yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 11: 9:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-4.dsl.lsan03.pacbell.net [64.169.107.4]) by hub.freebsd.org (Postfix) with ESMTP id 44BFA37B41A for ; Sat, 5 Jan 2002 11:09:39 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id B021D66C7A; Sat, 5 Jan 2002 11:09:38 -0800 (PST) Date: Sat, 5 Jan 2002 11:09:38 -0800 From: Kris Kennaway To: Nevermind Cc: Kris Kennaway , faSty , Dominick LaTrappe , freebsd-security@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020105110938.C1594@xor.obsecurity.org> References: <20020104025408.A31131@i-sphere.com> <20020104163819.B40314@xor.obsecurity.org> <20020105174526.GA5788@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="f+W+jCU1fRNres8c" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020105174526.GA5788@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Sat, Jan 05, 2002 at 07:45:26PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --f+W+jCU1fRNres8c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [BOn Sat, Jan 05, 2002 at 07:45:26PM +0200, Nevermind wrote: > Hello, Kris Kennaway! >=20 > On Fri, Jan 04, 2002 at 04:38:19PM -0800, you wrote: >=20 > > > Can the SSP patch work with FreeBSD 4.5-PRERELEASE? > >=20 > > Yes; let me know if it fails to apply and I'll send you mine, which > > might have been slightly changed by CVS over time. > Is there any reasons of not including this into main tree? The gcc maintainer in FreeBSD doesn't like to hack up the gcc sources in FreeBSD with external patches, because they're truly hell to update for newer versions of gcc. There probably should be a port, though. Kris --f+W+jCU1fRNres8c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8N09xWry0BWjoQKURAiu3AKDbIb+xkSv6kXwpd6azScErfCVWMQCg7PkR TSJFyCO+oGgHL/CWKRkKScg= =fjxU -----END PGP SIGNATURE----- --f+W+jCU1fRNres8c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 11:39:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 47F3337B419 for ; Sat, 5 Jan 2002 11:39:40 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id TAA08631 for freebsd-security@freebsd.org; Sat, 5 Jan 2002 19:39:39 GMT Date: Sat, 5 Jan 2002 19:39:39 +0000 From: Rik To: freebsd-security@freebsd.org Subject: Re: MS5 password salt calculation Message-ID: <20020105193939.A7927@spoon.pkl.net> References: <20011230013854.A39364@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011230013854.A39364@wjv.com>; from bv@wjv.com on Sun, Dec 30, 2001 at 01:38:54AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've been thinking about this Modulær Crypt Format, and wondering what it's capable of, and where the docs are for it... On Sun, Dec 30, 2001 at 01:38:54AM -0500, Bill Vermillion wrote: > You can't say that $1$ 'caught on' as that's the way it is defined > to indicate what follows. The $1$ indicates the following is an MD5. > I was looking for the docs the other day, and from memory if the > first characters are $5$, then that indicates that the following > string would be blowfish encryption. You should also not that the > next $ is the salt separator, and on my system there are typically 8 > digits after $1$ and before the next $, for 2trillion+ salts. I've mailed Bill, and he doesn't know of any *good* docs about it. The best I've found is man 3 crypt, and the best Google can find is more copies of man 3 crypt, usually out of date. Are there any better docs about Modular Crypt Format (to give it the proper title). The man page says: If the salt begins with the string $digit$ then the Modular Crypt Format is used. The digit represents which algorithm is used in encryption. But in what way does it represent it? Is there a lookup table somewhere? If so, where? The "currently supported algorithms list" on the man page says $1$ == MD5 and $2$ == Blowfish. Assuming blowfish works, then if I ran perl -le 'print crypt( "meow", "\$2\$SALT" )' ought to yield a blowfish crypted password, shouldn't it? It doesn't, AFAICS. rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 12:13:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail7.wlv.netzero.net (mail7.wlv.netzero.net [209.247.163.57]) by hub.freebsd.org (Postfix) with SMTP id 6957237B41A for ; Sat, 5 Jan 2002 12:13:51 -0800 (PST) Received: (qmail 14258 invoked from network); 5 Jan 2002 20:13:50 -0000 Received: from ppp-65-91-244-170.mclass.broadwing.net (HELO daleco) (65.91.244.170) by mail7.wlv.netzero.net with SMTP; 5 Jan 2002 20:13:50 -0000 Message-ID: <034201c19625$9b9564a0$6af25b41@daleco> From: "Kevin Kinsey" To: Subject: maxstartups in sshd_config Date: Sat, 5 Jan 2002 14:14:39 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_033F_01C195F3.4FD47600" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_033F_01C195F3.4FD47600 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Considering setting mentioned variable more in the neighborhood of 4:50:25. However, questions that occurs is, is someone is trying to login in w/o authorization, wouldn't the daemon treat my login attempts in the same way? How likely would I be to have trouble logging in if I set this to this value? Also, what am I not thinking of, and is there really any benefit anyway? TIA, Kevin Kinsey ------=_NextPart_000_033F_01C195F3.4FD47600 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Considering setting mentioned variable=20 more
in the neighborhood of = 4:50:25.
 
However, questions that occurs is, is=20 someone
is trying to login in w/o = authorization,=20 wouldn't
the daemon treat my login attempts in = the=20 same
way?  How likely would I be to = have trouble=20 logging
in if I set this to this = value?
 
Also, what am I not thinking of, and is = there
really any benefit anyway?
 
TIA, Kevin = Kinsey
------=_NextPart_000_033F_01C195F3.4FD47600-- ---------------------------------------------------- Sign Up for NetZero Platinum Today Only $9.95 per month! http://my.netzero.net/s/signup?r=platinum&refcd=PT97 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 12:16:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail9.wlv.netzero.net (mail9.wlv.netzero.net [209.247.163.66]) by hub.freebsd.org (Postfix) with SMTP id AAA5437B419 for ; Sat, 5 Jan 2002 12:16:47 -0800 (PST) Received: (qmail 28683 invoked from network); 5 Jan 2002 20:16:44 -0000 Received: from ppp-65-91-244-170.mclass.broadwing.net (HELO daleco) (65.91.244.170) by mail9.wlv.netzero.net with SMTP; 5 Jan 2002 20:16:44 -0000 Message-ID: <035701c19626$032a1de0$6af25b41@daleco> From: "Kevin Kinsey" To: Subject: Repost: txt only: maxstartups in sshd_config Date: Sat, 5 Jan 2002 14:17:33 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry, upgraded M$ OE last night and forgot to tell it txt only when dealing with freebsd.org.... ----- Original Message ----- From: Kevin Kinsey To: freebsd-security@freebsd.org Sent: Saturday, January 05, 2002 2:14 PM Subject: maxstartups in sshd_config Considering setting mentioned variable more in the neighborhood of 4:50:25. However, questions that occurs is, is someone is trying to login in w/o authorization, wouldn't the daemon treat my login attempts in the same way? How likely would I be to have trouble logging in if I set this to this value? Also, what am I not thinking of, and is there really any benefit anyway? TIA, Kevin Kinsey ---------------------------------------------------- Sign Up for NetZero Platinum Today Only $9.95 per month! http://my.netzero.net/s/signup?r=platinum&refcd=PT97 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 13:16:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from gateway.sigterm.nl (coredump.xs4all.nl [213.84.219.40]) by hub.freebsd.org (Postfix) with ESMTP id 38AC237B416 for ; Sat, 5 Jan 2002 13:16:40 -0800 (PST) Received: from winbak (unknown [10.30.1.5]) by gateway.sigterm.nl (Postfix) with SMTP id 66CA6194BB for ; Sat, 5 Jan 2002 22:17:01 +0100 (CET) Message-ID: <001501c1962e$43768f70$05011e0a@winbak> From: "M.v.Buytene" To: Subject: subscribe Date: Sat, 5 Jan 2002 22:16:38 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_01C19636.A50A2370" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C19636.A50A2370 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable subscribe ------=_NextPart_000_0012_01C19636.A50A2370 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
subscribe
------=_NextPart_000_0012_01C19636.A50A2370-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 13:18:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by hub.freebsd.org (Postfix) with ESMTP id 39B7937B41D for ; Sat, 5 Jan 2002 13:17:49 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.11.6/8.11.6) id g05LHm557661; Sat, 5 Jan 2002 13:17:48 -0800 (PST) (envelope-from david) Date: Sat, 5 Jan 2002 13:17:48 -0800 (PST) From: David Wolfskill Message-Id: <200201052117.g05LHm557661@bunrab.catwhisker.org> To: freebsd-security@FreeBSD.ORG, freebsd-security@rikrose.net Subject: Re: MS5 password salt calculation In-Reply-To: <20020105193939.A7927@spoon.pkl.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Date: Sat, 5 Jan 2002 19:39:39 +0000 >From: Rik >I've been thinking about this Modulær Crypt Format, and wondering what >it's capable of, and where the docs are for it... >Are there any better docs about Modular Crypt Format (to give it the >proper title). UTS -- see /usr/src/lib/libcrypt/crypt.c; in particular, the crypt_types array. Cheers, david -- David H. Wolfskill david@catwhisker.org I believe it would be irresponsible (and thus, unethical) for me to advise, recommend, or support the use of any product that is or depends on any Microsoft product for any purpose other than personal amusement. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 13:38:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id 94C1F37B419 for ; Sat, 5 Jan 2002 13:38:17 -0800 (PST) Received: from DAVE ([192.168.0.56]) by chaos.evolve.za.net (8.11.6/1.1.3) with SMTP id g05LbvI36958; Sat, 5 Jan 2002 23:37:59 +0200 (SAST) (envelope-from dave@raven.za.net) Message-ID: <009101c19630$d443e320$3800a8c0@DAVE> From: "Dave Raven" To: "Kevin Kinsey" , References: <035701c19626$032a1de0$6af25b41@daleco> Subject: Re: Repost: txt only: maxstartups in sshd_config Date: Sat, 5 Jan 2002 23:34:57 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thats a rather odd setting. It would allow 4 connections, then drop 50% of the new ones until it reaches 25. Then stop accepting. It is good to prevent any attempts at some sort of denial of service attack. All logins are treated the same; so you would be locked out. But would you not be locked out if someone managed to crash your box with a ton of ssh connections? ----- Original Message ----- From: "Kevin Kinsey" To: Sent: Saturday, January 05, 2002 10:17 PM Subject: Repost: txt only: maxstartups in sshd_config > Sorry, upgraded M$ OE last night and forgot > to tell it txt only when dealing with freebsd.org.... > > ----- Original Message ----- > From: Kevin Kinsey > To: freebsd-security@freebsd.org > Sent: Saturday, January 05, 2002 2:14 PM > Subject: maxstartups in sshd_config > > > Considering setting mentioned variable more > in the neighborhood of 4:50:25. > > However, questions that occurs is, is someone > is trying to login in w/o authorization, wouldn't > the daemon treat my login attempts in the same > way? How likely would I be to have trouble logging > in if I set this to this value? > > Also, what am I not thinking of, and is there > really any benefit anyway? > > TIA, Kevin Kinsey > > ---------------------------------------------------- > Sign Up for NetZero Platinum Today > Only $9.95 per month! > http://my.netzero.net/s/signup?r=platinum&refcd=PT97 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 14:34:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 554BE37B402 for ; Sat, 5 Jan 2002 14:34:14 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id WAA18597; Sat, 5 Jan 2002 22:34:07 GMT Date: Sat, 5 Jan 2002 22:34:07 +0000 From: Rik To: David Wolfskill Cc: freebsd-security@FreeBSD.ORG, freebsd-security@rikrose.net Subject: Re: MD5 password salt calculation Message-ID: <20020105223407.A18480@spoon.pkl.net> References: <20020105193939.A7927@spoon.pkl.net> <200201052117.g05LHm557661@bunrab.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200201052117.g05LHm557661@bunrab.catwhisker.org>; from david@catwhisker.org on Sat, Jan 05, 2002 at 01:17:48PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > >Are there any better docs about Modular Crypt Format (to give it the > >proper title). > > UTS -- see /usr/src/lib/libcrypt/crypt.c; in particular, the crypt_types > array. Yes, I'd found that thanks, I was more wondering about docs that agreed between OS'es that defined what the various algorithms are, and how long the salt usually is, and how I would switch to blowfish crypted passwords on a system. -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 14:46: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id 6741537B419 for ; Sat, 5 Jan 2002 14:45:50 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id g05MjdD67226 for security@FreeBSD.ORG; Sat, 5 Jan 2002 17:45:40 -0500 (EST) (envelope-from bv) Date: Sat, 5 Jan 2002 17:45:39 -0500 From: Bill Vermillion To: security@FreeBSD.ORG Subject: Re: MS5 salt password generation Message-ID: <20020105224539.GA38820@wjv.com> Reply-To: bv@wjv.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.3.25i Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Date: Sat, 5 Jan 2002 19:39:39 +0000 > From: Rik > Subject: Re: MS5 password salt calculation > > I've been thinking about this Modulær Crypt Format, and wondering what > it's capable of, and where the docs are for it... > > On Sun, Dec 30, 2001 at 01:38:54AM -0500, Bill Vermillion wrote: > > You can't say that $1$ 'caught on' as that's the way it is defined > > to indicate what follows. The $1$ indicates the following is an MD5. > > I was looking for the docs the other day, and from memory if the > > first characters are $5$, then that indicates that the following > > string would be blowfish encryption. You should also not that the > > next $ is the salt separator, and on my system there are typically 8 > > digits after $1$ and before the next $, for 2trillion+ salts. > > I've mailed Bill, and he doesn't know of any *good* docs about it. The > best I've found is man 3 crypt, and the best Google can find is more > copies of man 3 crypt, usually out of date. > Are there any better docs about Modular Crypt Format (to give it the > proper title). > The man page says: If the salt begins with the string $digit$ > then the Modular Crypt Format is used. The digit represents which > algorithm is used in encryption. > But in what way does it represent it? Is there a lookup table > somewhere? If so, where? The "currently supported algorithms list" > on the man page says $1$ == MD5 and $2$ == Blowfish. Assuming > blowfish works, then if I ran perl -le 'print crypt( "meow", > "\$2\$SALT" )' ought to yield a blowfish crypted password, > shouldn't it? It doesn't, AFAICS. I had thought I had remember that $5$ was blowfish. That may have been in some docs a friend sent me now that I think about it, and you are correct that blowish is the $2$. I don't know enough about what you are doing to tell you if you are right or not - but I changed the encryption on my system for each of the methods and changed passwords to generate a new pw. This is what I get From my master.passwd file I get this for an account called fp DES encrypted: fp:i6v76dyNQzwjA:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 Blowfish encrypted: fp:$2a$04$.d4.6FZpPIj9GC6DRIRDUuJhPWGP059OmLP2IxSgTQ11LWHVGxxbu:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 And MD5 encrypted: fp:$1$cdTdrg6t$mk4TW.xk15XFoygp1S3UQ1:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 So the Blowfish has a $2a$ Actually a single $ is the delimeter. So the blf is 2a, and MD5 is 1. If the password string starts with $ the data up to the next is the type of encryption, and the data to the next is salt, and you know the lenght of the salt from the number of characters between the two $. Then the remainging string up the the : is the encrypted password. So MD5 uses a much larger salt, but blowish generates a much long encrypted key, 52 vs 22. I have no docs but >if< the salt is only 2 characters in blowfish - assuming it works as does MD5 - the even with the longer encrypted key you could easily encode a dictionary with 4096 keys in a reasonable lenght of time vs one with 2+ trillion. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 5 18:29:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mta0x15.coxmail.com (cm-fe1.coxmail.com [206.157.225.48]) by hub.freebsd.org (Postfix) with ESMTP id A06DE37B43E for ; Sat, 5 Jan 2002 18:28:58 -0800 (PST) Received: from tick.sc.omation.com ([64.58.167.31]) by mta0x15.coxmail.com (InterMail vK.4.03.04.01 201-232-130-101 license 6e1a3d42bf0668978482829d4ed8437d) with ESMTP id <20020106022841.KYB1821.mta0x15@tick.sc.omation.com>; Sat, 5 Jan 2002 21:28:41 -0500 Received: from tick.sc.omation.com (tick.sc.omation.com [192.168.128.2]) by tick.sc.omation.com (8.11.6/8.11.6) with ESMTP id g062SmL41195; Sat, 5 Jan 2002 18:28:49 -0800 (PST) (envelope-from pherman@frenchfries.net) Message-Id: <200201060228.g062SmL41195@tick.sc.omation.com> Date: Sat, 5 Jan 2002 18:28:48 -0800 (PST) From: Paul Herman To: Bill Vermillion Cc: security@FreeBSD.ORG Subject: Blowfish salt generation (was Re: MS5 salt password generation) In-Reply-To: <20020105224539.GA38820@wjv.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 5 Jan 2002, Bill Vermillion wrote: > Blowfish encrypted: > > fp:$2a$04$.d4.6FZpPIj9GC6DRIRDUuJhPWGP059OmLP2IxSgTQ11LWHVGxxbu:1007:1007::0:0:Bogus Name:/home/fp:/bin/ksh93 > > [...] > > So MD5 uses a much larger salt, but blowish generates a much > long encrypted key, 52 vs 22. I have no docs but >if< the salt is > only 2 characters in blowfish - assuming it works as does MD5 Use the source Luke! See /usr/src/secure/lib/libcrypt The "04" in the blowfish password is the number of iterations to generate the hash (actually on the order of 2^4). The cool thing is you can change this "on the fly" without having to recompile libcrypt. Change that and you've just increased the time it would take to do a dictionary attack. The default (and the minimum) is 4, but could be anything. The blowfish salt is included in the hash and stops with the 23rd character. So, the salt above is ".d4.6FZpPIj9GC6DRIRDUuJ" which is about 16 bytes. The rest is the password hash. So, the blowfish salt is indeed larger than MD5's, which I believe is only 6 bytes. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message