From owner-freebsd-security Sun Mar 10 14:26:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73]) by hub.freebsd.org (Postfix) with ESMTP id F117E37B400 for ; Sun, 10 Mar 2002 14:26:03 -0800 (PST) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by smtp1.vol.cz (8.11.6/8.11.3) with ESMTP id g2AMPvq11426 for ; Sun, 10 Mar 2002 23:25:58 +0100 (CET) (envelope-from dan@obluda.cz) Message-ID: <3C8B83B5.3FC952F7@obluda.cz> Date: Sun, 10 Mar 2002 17:03:01 +0100 From: Dan Lukes X-Sender: "Dan Lukes" X-Mailer: Mozilla 4.79 [en]C-CCK-MCD {FIO} (Windows NT 5.0; U) X-Accept-Language: cs,sk,en,* MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: ESP + IPFW References: <20020308171818.G2192-100000@walter> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jason Stone wrote: > > So, from paranoid point of view - yes, it is more secure to use > > IKE and rotate the keys. > > Uh, doesn't IKE use public keys to share symmetric keys? Doesn't that > imply that if you crack the private keys, you can then go back and decrypt > the symmetric key exchange and finally decrypt the traffic? As far as I know, no, but i'm not sure, of course. IKE use Diffie-hellman handshaking to establish IKE transport symetric keys. Those one-time DH keys cover the IKE communication including IPSec symetric key exchange. Asymetric key is used for authentication purposed over DH keys encryptech channel only. So, your compromised private key allow you to establish and authenticate new connection, but it didn't help you to decrypt previously captured communication because the DH key for captured session remain unknown (DH keys exist only during specific session and not stored anywhere). Compromise of private key doesn't allow you to decrypt new connections originated by someone else (althought you can be man-in-the-middle). > Isn't this why people expire their PGP keys and SSL CA's encourage > you to expire your ssl keys? AFAIK, no. I know nothing about details of the PGP communication, so i can imagine only. PGP is designed for off-line (email) communication where establishing of one-time "session" key isn't possible. IMHO, the PGP encrypt message by random symetric key then encrypt symetric key by asymetric key then send message. Yes, the compromising of asymetric key compromise all messages in it scenario. > So it would seem to me that failing to expire your symmetric keys is not > so different from failing to expire your public keys True. Note, in "normal case" - you encrypt a huge amount of data by a symetric key for every byte encrypted by an asymetric key - so symmetric key should be changed often (in the terms of 'time') than asymetric key. > and that this is a > key management issue and doesn't effect the security of the system > directly. Well, the average time of validity of X509 certificate (one year) is rather bussiness decision than security decision. The validity of CA certificate itself is from 5 to 30 years and it is still counted secure, but CA key is used a few times every year and it encrypt only few bytes during its period of validity. The secure period of validity of a key (symetric or asymetric) isn't based on lenght and type of key itself only, but on (and not only) it's usage also. It's not key management issue only. True, trust me ... ;-) Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 4:47:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe000.worldonline.dk (fe000.worldonline.dk [212.54.64.194]) by hub.freebsd.org (Postfix) with SMTP id 5F0C637B402 for ; Mon, 11 Mar 2002 04:47:15 -0800 (PST) Received: (qmail 3974 invoked by uid 0); 11 Mar 2002 12:47:08 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe000.worldonline.dk with SMTP; 11 Mar 2002 12:47:08 -0000 Message-ID: <00ea01c1c8fa$e5801440$0301a8c0@dpws> From: "Dennis Pedersen" To: Cc: References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> <00cd01c1c450$4d627350$0301a8c0@dpws> <3C84D75B.C9E415FF@centtech.com> <011b01c1c45b$7721dae0$0301a8c0@dpws> <3C84E7F6.44D54DD9@centtech.com> Subject: Re: Racoon/sainfo - 'no policy found' Date: Mon, 11 Mar 2002 13:47:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! One thing i have been wondering about ; what encryption do you use?. Are all the clients/gateways running 3des/blowfish/twofish or? Regards, Dennis ----- Original Message ----- From: "Eric Anderson" To: "Dennis Pedersen" Cc: Sent: Tuesday, March 05, 2002 4:44 PM Subject: Re: Racoon/sainfo - 'no policy found' > Yes, I am using Racoon.. with ipnat and ipfilter. > > Eric > > > Dennis Pedersen wrote: > > > > Okai that was'nt so bad. > > are you using racoon or what other deamon or you using? > > > > Regards, > > Dennis > > ----- Original Message ----- > > From: "Eric Anderson" > > To: "Dennis Pedersen" > > Cc: > > Sent: Tuesday, March 05, 2002 3:34 PM > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > We have a T1, and when the T1 is full with people using the vpn's (which > > barely > > > ever happens), the load is only slightly noticeable on the work server. > > All > > > vpn's are always connected. bsdsar shows the machine about 95% idle > > throughout > > > the day. > > > > > > Eric > > > > > > > > > Dennis Pedersen wrote: > > > > > > > > ----- Original Message ----- > > > > From: "Eric Anderson" > > > > Sent: Tuesday, March 05, 2002 3:03 PM > > > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > > > > > I have about 60 vpn's connected to one host right now, all using cable > > > > modems, > > > > > ADSL, or SDSL connections. All work well, and are fast. It barely > > uses > > > > any > > > > > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the > > > > "server" (or > > > > > at the main office), which is overkill for its needs. > > > > > > > > Okai sweet.. > > > > What about CPU load in peek? > > > > Are all 60 vpns connected at the same time? > > > > What speed do you have at the office? > > > > > > > > I'm looking for some guidelines about how big my box at the Main should > > be > > > > :) > > > > > > > > /Dennis > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > -- > > > ------------------------------------------------------------------ > > > Eric Anderson Systems Administrator Centaur Technology > > > If at first you don't succeed, sky diving is probably not for you. > > > ------------------------------------------------------------------ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > If at first you don't succeed, sky diving is probably not for you. > ------------------------------------------------------------------ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 7:58:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id 7F1A937B498 for ; Mon, 11 Mar 2002 07:57:51 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2BFoqb10555; Mon, 11 Mar 2002 10:50:52 -0500 (EST) (envelope-from batsy@vapour.net) Date: Mon, 11 Mar 2002 10:50:52 -0500 (EST) From: batz To: lewwid Cc: freebsd-security@FreeBSD.ORG, Max Mouse Subject: Re: PHP 4.1.2 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 8 Mar 2002, lewwid wrote: :You could try; :cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile -h cvsup3.freebsd.org : Would it be useful to have a security branch from which people could cvsup security patches? I'm sure someone has thought about this, and if there isn't one, do the risks outweigh the benefits? I can see how all bugs should be patched, whether they are "security" related or not, but OTOH, I would rather not have to update my entire ports tree to patch SSH. I also realize I could just fetch the port, but it would be nice to be able to have a crontab that would give me security updates on a daily, bi-weeky or other basis. Does such a system exist just for security updates? Thanks :3/8/2002 1:33:31 PM, "Max Mouse" wrote: : :>Hey hey, :> :>After reading the security risks of anything previous to php 4.1.2, I :>upgraded my ports so I could install the lastest version. I have the :>following problem during the make: :> :>[root@stealth:/usr/ports/www/mod_php4]# make :>===> Building for mod_php4-4.1.2 :>make: cannot open Makefile. :>*** Error code 2 :> :>The file doesn't exists. I'm not sure why. Any ideas? :> :>Max :> :> :>To Unsubscribe: send mail to majordomo@FreeBSD.org :>with "unsubscribe freebsd-security" in the body of the message :> : : : : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : -- -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 8:26: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 02C2837B416 for ; Mon, 11 Mar 2002 08:26:00 -0800 (PST) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id 77BFB24410; Mon, 11 Mar 2002 10:25:57 -0600 (CST) Message-Id: <5.1.0.14.0.20020311102243.01b00c38@pop3s.schulte.org> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 11 Mar 2002 10:24:43 -0600 To: batz , lewwid From: Christopher Schulte Subject: Re: PHP 4.1.2 Cc: freebsd-security@FreeBSD.ORG, Max Mouse In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:50 AM 3/11/2002 -0500, batz wrote: >Would it be useful to have a security branch from which people could cvsup >security patches? For the base system? Yes. It's called RELENG_4_5 right now, which means 4.5-RELEASE + SECURITY FIXES. >Does such a system exist just for security updates? For ports? No. >Thanks -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 9:43:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from plab.ku.dk (plab.ku.dk [130.225.107.20]) by hub.freebsd.org (Postfix) with ESMTP id 3CBD137B402 for ; Mon, 11 Mar 2002 09:43:52 -0800 (PST) Received: (from tolid@localhost) by plab.ku.dk (8.11.6/8.9.3) id g2BHhpN81062 for freebsd-security@freebsd.org.AVP; Mon, 11 Mar 2002 18:43:51 +0100 (CET) (envelope-from tolid) Received: (from tolid@localhost) by plab.ku.dk (8.11.6/8.9.3) id g2BHhpQ81054 for freebsd-security@freebsd.org; Mon, 11 Mar 2002 18:43:51 +0100 (CET) (envelope-from tolid) Date: Mon, 11 Mar 2002 18:43:51 +0100 From: Anatoliy Dmytriyev To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020311184351.D80204@plab.ku.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: FreeBSD 4.5-STABLE Organization: The Protein Laboratory, University of Copenhagen Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-02:13 Security Advisory > FreeBSD, Inc. > > Topic: OpenSSH contains exploitable off-by-one bug What's about FreeBSD 3.5? Where is patch for this version? Anatoliy Dmytriyev. -- Anatoliy Dmytriyev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 9:46:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id C33F437B423 for ; Mon, 11 Mar 2002 09:45:59 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 0829513668; Mon, 11 Mar 2002 12:45:52 -0500 (EST) Date: Mon, 11 Mar 2002 12:45:52 -0500 From: Chris Faulhaber To: Anatoliy Dmytriyev Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020311174552.GA5642@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Anatoliy Dmytriyev , freebsd-security@freebsd.org References: <20020311184351.D80204@plab.ku.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline In-Reply-To: <20020311184351.D80204@plab.ku.dk> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 11, 2002 at 06:43:51PM +0100, Anatoliy Dmytriyev wrote: > On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wro= te: > > -----BEGIN PGP SIGNED MESSAGE----- > >=20 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > FreeBSD-SA-02:13 Security Ad= visory > > FreeBSD= , Inc. > >=20 > > Topic: OpenSSH contains exploitable off-by-one bug >=20 >=20 > What's about FreeBSD 3.5? Where is patch for this version? >=20 OpenSSH was never incorporated into FreeBSD 3.x. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEUEARECAAYFAjyM7VAACgkQObaG4P6BelCztACY6ndUiCxSbvTlKbexW6kdswym xwCeIwZkIfZFjO6e/tseF5W85ZBDF9E= =D3KP -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 12:11:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by hub.freebsd.org (Postfix) with ESMTP id 4BD9437B405; Mon, 11 Mar 2002 12:11:38 -0800 (PST) Received: from pittgoth.com (lcl234.zbzoom.net [208.236.36.234]) by pittgoth.com (8.11.6/8.11.6) with ESMTP id g2BKDev08939; Mon, 11 Mar 2002 15:13:41 -0500 (EST) (envelope-from darklogik@pittgoth.com) Message-ID: <3C8D1239.8050605@pittgoth.com> Date: Mon, 11 Mar 2002 15:23:21 -0500 From: Tom Rhodes Reply-To: darklogik@pittgoth.com User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: en-us MIME-Version: 1.0 To: rwatson@FreeBSD.ORG Cc: security-officer@FreeBSD.ORG, "Bruce A. Mah" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: sftp for windows clients Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello people who work with security, documentation, and FreeBSD in general. Today I was poking around sftp. Upon my browsing I noticed that a really neat program known as SafeTP was developed at Berkeley. This utility seems to attach itself to ANY ftp client in windows/unix and provide a secure connection... My few moments of testing pointed out to me that it works in windows easily, so newbies can use it with say WS_ftp. Though I lack the time to document this now, it appears to me that some people may have an interest in things like this, Robert Watson for example, because of the Trusted BSD project. I hope this does not come off as unwanted email, but just helps people involved in the use of FreeBSD. This program should probly be documented or at least linked on the site. The link for this program is: http://www.cs.berkeley.edu/~smcpeak/SafeTP/ Take care all! -- Tom (Darklogik) Rhodes www.Pittgoth.com Gothic Liberation Front www.FreeBSD.org The Power To Serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 12:16: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 2B18837B420 for ; Mon, 11 Mar 2002 12:15:46 -0800 (PST) Received: (qmail 11059 invoked by uid 3001); 11 Mar 2002 20:15:43 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 11 Mar 2002 20:15:43 -0000 Received: (qmail 18177 invoked by uid 1001); 11 Mar 2002 20:15:43 -0000 Date: Mon, 11 Mar 2002 15:15:43 -0500 From: Brian Reichert To: Tom Rhodes Cc: rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "Bruce A. Mah" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: Re: sftp for windows clients Message-ID: <20020311151543.I9824@numachi.com> References: <3C8D1239.8050605@pittgoth.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C8D1239.8050605@pittgoth.com>; from darklogik@pittgoth.com on Mon, Mar 11, 2002 at 03:23:21PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 11, 2002 at 03:23:21PM -0500, Tom Rhodes wrote: > Hello people who work with security, documentation, and FreeBSD in general. > > Today I was poking around sftp. Upon my browsing I noticed that a > really neat program known as SafeTP was developed at Berkeley. This > utility seems to attach itself to ANY ftp client in windows/unix and > provide a secure connection... My few moments of testing pointed out to > me that it works in windows easily, so newbies can use it with say WS_ftp. Under UNIX, it is a separate client that 'ftp'. But it does really drop into thew Windows world very nicely... > I hope this does not come off as unwanted email, but just helps people > involved in the use of FreeBSD. This program should probly be > documented or at least linked on the site. The link for this program is: > > http://www.cs.berkeley.edu/~smcpeak/SafeTP/ I'm using this with success for webhosting, but take note: this is _not_ a stock FTP server, and there are no Machintosh clients. All of the Mac-flavored 'tunnel FTP over SSH' techniques will not apply. > Take care all! > > -- > Tom (Darklogik) Rhodes > www.Pittgoth.com Gothic Liberation Front > www.FreeBSD.org The Power To Serve -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 12:48:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from everlast.rns.no (everlast.thewhitebird.com [217.118.36.94]) by hub.freebsd.org (Postfix) with ESMTP id E895837B404; Mon, 11 Mar 2002 12:48:31 -0800 (PST) Received: from arvinnl ([172.16.3.34]) by everlast.rns.no (Post.Office MTA v3.5.3 release 223 ID# 606-65179U200L2S100V35) with ESMTP id no; Mon, 11 Mar 2002 22:22:54 +0100 From: =?iso-8859-1?Q?Arvinn_L=F8kkebakken?= To: , Cc: , "'Bruce A. Mah'" , , Subject: Re: sftp for windows clients Date: Mon, 11 Mar 2002 21:49:43 +0100 Message-ID: <002d01c1c93e$45878830$220310ac@lan.ncnett.no> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <3C8D1239.8050605@pittgoth.com> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Hello people who work with security, documentation, and > FreeBSD in general. > > Today I was poking around sftp. Upon my browsing I noticed that a > really neat program known as SafeTP was developed at Berkeley. This > utility seems to attach itself to ANY ftp client in windows/unix and > provide a secure connection... My few moments of testing > pointed out to > me that it works in windows easily, so newbies can use it > with say WS_ftp. > Does it work with the sftp server that comes bundled with OpenSSH or do you have to install the SafeTP server-side daemon too? If not, how does it interfer with excisting sftpd bundled with OpenSSH when installed? Arvinn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13: 5:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id C606437B41A for ; Mon, 11 Mar 2002 13:04:51 -0800 (PST) Received: (qmail 11946 invoked by uid 3001); 11 Mar 2002 21:04:48 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 11 Mar 2002 21:04:48 -0000 Received: (qmail 18777 invoked by uid 1001); 11 Mar 2002 21:04:48 -0000 Date: Mon, 11 Mar 2002 16:04:48 -0500 From: Brian Reichert To: =?iso-8859-1?Q?Arvinn_L=F8kkebakken?= Cc: darklogik@pittgoth.com, rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "'Bruce A. Mah'" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: Re: sftp for windows clients Message-ID: <20020311160448.M9824@numachi.com> References: <3C8D1239.8050605@pittgoth.com> <002d01c1c93e$45878830$220310ac@lan.ncnett.no> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <002d01c1c93e$45878830$220310ac@lan.ncnett.no>; from arvinn@rns.no on Mon, Mar 11, 2002 at 09:49:43PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 11, 2002 at 09:49:43PM +0100, Arvinn Løkkebakken wrote: > > > > Hello people who work with security, documentation, and > > FreeBSD in general. > > > > Today I was poking around sftp. Upon my browsing I noticed that a > > really neat program known as SafeTP was developed at Berkeley. This > > utility seems to attach itself to ANY ftp client in windows/unix and > > provide a secure connection... My few moments of testing > > pointed out to > > me that it works in windows easily, so newbies can use it > > with say WS_ftp. > > > > Does it work with the sftp server that comes bundled with OpenSSH or do > you have to install the SafeTP server-side daemon too? If not, how does > it interfer with excisting sftpd bundled with OpenSSH when installed? This is part of the problem; the terminologies clash. SafeTP is a enhanced FTP server that encrypts the command channel only. Also provided is a client that can speak SateTP as well as stock FTP. You need such a client to talk to a SafeTP server. sftp(1) is an interactive file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport. (Right from the manpage). Different beast. And, this has nothing to do with 'Secure FTP', a java app that 'is a client package that allows for a secure connection to be made to an FTP daemon'. That requires astock FTP server. > > Arvinn > -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13: 6:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by hub.freebsd.org (Postfix) with ESMTP id 140E737B41D; Mon, 11 Mar 2002 13:06:34 -0800 (PST) Received: from pittgoth.com (lcl234.zbzoom.net [208.236.36.234]) by pittgoth.com (8.11.6/8.11.6) with ESMTP id g2BL8dv09095; Mon, 11 Mar 2002 16:08:39 -0500 (EST) (envelope-from darklogik@pittgoth.com) Message-ID: <3C8D1F1F.2040702@pittgoth.com> Date: Mon, 11 Mar 2002 16:18:23 -0500 From: Tom Rhodes Reply-To: darklogik@pittgoth.com User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: en-us MIME-Version: 1.0 To: Arvinn =?ISO-8859-1?Q?L=F8kkebakken?= Cc: rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "'Bruce A. Mah'" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: Re: sftp for windows clients References: <002d01c1c93e$45878830$220310ac@lan.ncnett.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Arvinn Løkkebakken wrote: >>Hello people who work with security, documentation, and >>FreeBSD in general. >> >>Today I was poking around sftp. Upon my browsing I noticed that a >>really neat program known as SafeTP was developed at Berkeley. This >>utility seems to attach itself to ANY ftp client in windows/unix and >>provide a secure connection... My few moments of testing >>pointed out to >>me that it works in windows easily, so newbies can use it >>with say WS_ftp. >> >> > > Does it work with the sftp server that comes bundled with OpenSSH or do > you have to install the SafeTP server-side daemon too? If not, how does > it interfer with excisting sftpd bundled with OpenSSH when installed? > > Arvinn > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-doc" in the body of the message > > > I have not tested as of current, but that is something I want to know about, and will probly test tonight... -- Tom (Darklogik) Rhodes www.Pittgoth.com Gothic Liberation Front www.FreeBSD.org The Power To Serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:12: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (veldy-host33.dsl.visi.com [209.98.200.33]) by hub.freebsd.org (Postfix) with ESMTP id DF61937B419 for ; Mon, 11 Mar 2002 13:11:56 -0800 (PST) Received: from HP2500B (localhost.veldy.net [127.0.0.1]) by veldy.net (Postfix) with SMTP id 5FA8D1A19C for ; Mon, 11 Mar 2002 15:11:54 -0600 (CST) Message-ID: <00d601c1c941$56be3dd0$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: Subject: zlib overflow problem? Date: Mon, 11 Mar 2002 15:11:39 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does the new zlib overflow bug affect FreeBSD as well? Reference http://news.com.com/2100-1001-857008.html I think that it would. Tom Veldhouse veldy@veldy.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:13:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by hub.freebsd.org (Postfix) with ESMTP id D816E37B416; Mon, 11 Mar 2002 13:13:16 -0800 (PST) Received: from pittgoth.com (lcl234.zbzoom.net [208.236.36.234]) by pittgoth.com (8.11.6/8.11.6) with ESMTP id g2BLFKv09166; Mon, 11 Mar 2002 16:15:21 -0500 (EST) (envelope-from darklogik@pittgoth.com) Message-ID: <3C8D20B0.8030801@pittgoth.com> Date: Mon, 11 Mar 2002 16:25:04 -0500 From: Tom Rhodes Reply-To: darklogik@pittgoth.com User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221 X-Accept-Language: en-us MIME-Version: 1.0 To: Brian Reichert Cc: Arvinn =?ISO-8859-1?Q?L=F8kkebakken?= , rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "'Bruce A. Mah'" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: Re: sftp for windows clients References: <3C8D1239.8050605@pittgoth.com> <002d01c1c93e$45878830$220310ac@lan.ncnett.no> <20020311160448.M9824@numachi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Brian Reichert wrote: Without really testing, will it interact with sftp-server(8)? -- Tom (Darklogik) Rhodes www.Pittgoth.com Gothic Liberation Front www.FreeBSD.org The Power To Serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:16:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id 0617E37B404 for ; Mon, 11 Mar 2002 13:16:37 -0800 (PST) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g2BLEg982979; Mon, 11 Mar 2002 13:14:43 -0800 (PST) (envelope-from roo) Date: Mon, 11 Mar 2002 13:14:42 -0800 From: Benjamin Krueger To: "Thomas T. Veldhouse" Cc: freebsd-security@freebsd.org Subject: Re: zlib overflow problem? Message-ID: <20020311131442.D77202@rain.macguire.net> References: <00d601c1c941$56be3dd0$3028680a@tgt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00d601c1c941$56be3dd0$3028680a@tgt.com>; from veldy@veldy.net on Mon, Mar 11, 2002 at 03:11:39PM -0600 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Thomas T. Veldhouse (veldy@veldy.net) [020311 13:10]: > Does the new zlib overflow bug affect FreeBSD as well? > > Reference http://news.com.com/2100-1001-857008.html > > I think that it would. > > Tom Veldhouse > veldy@veldy.net The above problem is believed to originate in the glibc library. FreeBSD does not use glibc, and thus should not be affected. Don't Panic. =) -- Benjamin Krueger "From the moment I picked up your book until I laid it down, I was convulsed with laughter. Some day I intend reading it." - Groucho Marx ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:20:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [130.64.1.215]) by hub.freebsd.org (Postfix) with ESMTP id B607037B402 for ; Mon, 11 Mar 2002 13:20:24 -0800 (PST) Received: from pir by moek.pir.net with local (Exim) id 16kXDT-0007Vg-00 for freebsd-security@freebsd.org; Mon, 11 Mar 2002 16:20:23 -0500 Date: Mon, 11 Mar 2002 16:20:23 -0500 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: zlib overflow problem? Message-ID: <20020311212023.GF20422@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <00d601c1c941$56be3dd0$3028680a@tgt.com> <20020311131442.D77202@rain.macguire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020311131442.D77202@rain.macguire.net> User-Agent: Mutt/1.3.27i X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Benjamin Krueger probably said: > * Thomas T. Veldhouse (veldy@veldy.net) [020311 13:10]: > > Does the new zlib overflow bug affect FreeBSD as well? > > Reference http://news.com.com/2100-1001-857008.html Full details at; http://www.gzip.org/zlib/advisory-2002-03-11.txt > The above problem is believed to originate in the glibc library. > FreeBSD does not use glibc, and thus should not be affected. > Don't Panic. =) The BSD free() implementation warns, but doesn't break, on free()ing a page that is already free so native things should be ok. However, linux binaries in the ports system and zlib/glibc in linux_base may well be affected to a greater or lesser degree. P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:21:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (veldy-host33.dsl.visi.com [209.98.200.33]) by hub.freebsd.org (Postfix) with ESMTP id A2FC037B405 for ; Mon, 11 Mar 2002 13:21:46 -0800 (PST) Received: from HP2500B (localhost.veldy.net [127.0.0.1]) by veldy.net (Postfix) with SMTP id 371C91A19F; Mon, 11 Mar 2002 15:21:45 -0600 (CST) Message-ID: <00e101c1c942$b6bfeb60$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: "Benjamin Krueger" Cc: References: <00d601c1c941$56be3dd0$3028680a@tgt.com> <20020311131442.D77202@rain.macguire.net> Subject: Re: zlib overflow problem? Date: Mon, 11 Mar 2002 15:21:30 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Where did you see that information. I can not verify your statement. Here is the RedHat posting. They don't even mention any changes or updates to glibc. http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Benjamin Krueger" To: "Thomas T. Veldhouse" Cc: Sent: Monday, March 11, 2002 3:14 PM Subject: Re: zlib overflow problem? > > The above problem is believed to originate in the glibc library. > FreeBSD does not use glibc, and thus should not be affected. > Don't Panic. =) > > -- > Benjamin Krueger > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:25:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mozone.net (mail.mozone.net [206.165.200.53]) by hub.freebsd.org (Postfix) with ESMTP id 1A7C337B493 for ; Mon, 11 Mar 2002 13:24:45 -0800 (PST) Received: (from mki@localhost) by mozone.net (8.11.2/8.11.2) id g2BLOe624152 for freebsd-security@FreeBSD.ORG; Mon, 11 Mar 2002 14:24:40 -0700 Date: Mon, 11 Mar 2002 14:24:40 -0700 From: mki@mozone.net To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020311142440.S4233@cyclonus.mozone.net> References: <20020311184351.D80204@plab.ku.dk> <20020311174552.GA5642@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020311174552.GA5642@peitho.fxp.org>; from jedgar@fxp.org on Mon, Mar 11, 2002 at 12:45:52PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm trying to update a 4.5 source tree on a 4.4-RELEASE nfs update server, and the following step always fails: # cd /usr/src/secure/usr.sbin/sshd # make depend && make all install cc -O -pipe -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DKRB4 -DKRB5 -DSKEY -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -DNO_IDEA -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o auth-pam.o login_access.o groupaccess.o auth-krb4.o auth-krb5.o -lkrb -lcom_err -lkrb5 -lasn1 -lcom_err -lmd -L/usr/obj/usr/src/secure/usr.sbin/sshd/../../../kerberos5/lib/libroken -lroken -lopie -lmd /usr/obj/usr/src/secure/usr.sbin/sshd/../../lib/libssh/libssh.a -lcrypt -lcrypto -lutil -lz -lwrap -lpam /usr/libexec/elf/ld: cannot find -lkrb *** Error code 1 Stop in /usr/src/secure/usr.sbin/sshd. Does the 4.4-RELEASE host *have* to be updated to 4.5 in order for this to work? the make.conf does have MAKE_KERBEROS4 and MAKE_KERBEROS5 set. Also, /usr/obj does have libkrb4 and libkrb5 in their appropriate dirs but based on the above, it doesn't appear that the depend is setting up the right library search path.... Any help would be greatly appreciated. -m To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 13:45:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id 73BC937B421 for ; Mon, 11 Mar 2002 13:45:24 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id C3BF82DDBD6 for ; Mon, 11 Mar 2002 15:45:21 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g2BLiOb22899 for freebsd-security@freebsd.org; Mon, 11 Mar 2002 15:44:24 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 11 Mar 2002 15:44:24 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Message-ID: <20020311154424.A22882@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? The relevant portion of the RH advisory: ---8<--- The zlib library provides in-memory compression/decompression functions. The library is widely used throughout Linux and other operating systems. While performing tests on the gdk-pixbuf library, Matthias Clasen created an invalid PNG image that caused libpng to crash. Upon further investigation, this turned out to be a bug in zlib 1.1.3 where certain types of input will cause zlib to free the same area of memory twice (called a "double free"). This bug can be used to crash any program that takes untrusted compressed input. Web browsers or email programs that display image attachments or other programs that uncompress data are particularly affected. This vulnerability makes it easy to perform various denial-of-service attacks against such programs. It is also possible that an attacker could manage a more significant exploit, since the result of a double free is the corruption of the malloc() implementation's data structures. This could include running arbitrary code on local or remote systems. Most packages in Red Hat Linux use the shared zlib library and can be protected against vulnerability by updating to the errata zlib package. However, we have identified a number of packages in Red Hat Linux that either statically link to zlib or contain an internal version of zlib code. Although no exploits for this issue or these packages are currently known to exist, this is a serious vulnerability which could be locally or remotely exploited. All users should upgrade affected packages immediately. --->8--- Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 14:41: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id DFFC237B400 for ; Mon, 11 Mar 2002 14:40:52 -0800 (PST) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g2BMeUnp064041; Mon, 11 Mar 2002 23:40:31 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: hawkeyd@visi.com Cc: security at FreeBSD Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? In-Reply-To: Your message of "Mon, 11 Mar 2002 15:44:24 CST." <20020311154424.A22882@sheol.localdomain> Date: Mon, 11 Mar 2002 23:40:30 +0100 Message-ID: <64040.1015886430@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes: >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? ============================================================================ From: Poul-Henning Kamp Subject: the zlib double free bug To: security-officer@freebsd.org Message-Id: <58959.1015884837@critter.freebsd.dk> Date: Mon, 11 Mar 2002 23:13:57 +0100 As author of our malloc(3) it is my opinion that we are not vulnerable to this (kind of) bug. Most mallocs keep their housekeeping data right next to the allocated range. This gives rise to all sorts of unpleassant situations if programs stray outside the dotted line, free(3) things twice or free(3) modified pointers. phkmalloc(3) does not store housekeeping next to allocated data, and in particular it has code that detects and complains about exactly the kind of double free this advisory talks about: critter phk> cat a.c main() { char *p; p = malloc(256); p = malloc(256); free(p); free(p); } critter phk> make a cc -O -pipe a.c -o a a.c: In function `main': a.c:7: warning: assignment makes pointer from integer without a cast a.c:8: warning: assignment makes pointer from integer without a cast critter phk> ./a a in free(): error: chunk is already free Abort (core dumped) critter phk> The malloc flag 'A' determines if the situation is just warned about or if the program should call abort(3). -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 14:44:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 89AD237B442 for ; Mon, 11 Mar 2002 14:44:30 -0800 (PST) Received: (qmail 14750 invoked by uid 3001); 11 Mar 2002 22:44:26 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 11 Mar 2002 22:44:26 -0000 Received: (qmail 20100 invoked by uid 1001); 11 Mar 2002 22:44:26 -0000 Date: Mon, 11 Mar 2002 17:44:26 -0500 From: Brian Reichert To: Tom Rhodes Cc: Brian Reichert , =?iso-8859-1?Q?Arvinn_L=F8kkebakken?= , rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "'Bruce A. Mah'" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG Subject: Re: sftp for windows clients Message-ID: <20020311174426.O9824@numachi.com> References: <3C8D1239.8050605@pittgoth.com> <002d01c1c93e$45878830$220310ac@lan.ncnett.no> <20020311160448.M9824@numachi.com> <3C8D20B0.8030801@pittgoth.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C8D20B0.8030801@pittgoth.com>; from darklogik@pittgoth.com on Mon, Mar 11, 2002 at 04:25:04PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 11, 2002 at 04:25:04PM -0500, Tom Rhodes wrote: > >Brian Reichert wrote: > > > > Without really testing, will it interact with sftp-server(8)? I don't know; it depends on how the 'Subsystem' elements of sshd work. let me know how testing shapes up for you... > -- > Tom (Darklogik) Rhodes > www.Pittgoth.com Gothic Liberation Front > www.FreeBSD.org The Power To Serve -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 15: 3:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail2000.popstick.com (dns1.popstick.com [66.37.210.4]) by hub.freebsd.org (Postfix) with SMTP id A052437B419 for ; Mon, 11 Mar 2002 15:03:39 -0800 (PST) Received: (qmail 89811 invoked by uid 1006); 11 Mar 2002 23:03:38 -0000 Received: from mlists@northglobe.com by dns1.popstick.com with qmail-scanner-0.96 (. Clean. Processed in 0.404405 secs); 11 Mar 2002 23:03:38 -0000 Received: from unknown (HELO hemingway.northglobe.com) (4.17.165.180) by 0 with SMTP; 11 Mar 2002 23:03:37 -0000 Message-Id: <5.1.0.14.0.20020311180214.00a69e90@dns1.popstick.com> X-Sender: mlists@northglobe.com@dns1.popstick.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 11 Mar 2002 18:02:43 -0500 To: darklogik@pittgoth.com, Brian Reichert From: Nicholas Basila Subject: Re: sftp for windows clients Cc: Arvinn =?iso-8859-1?Q?L=F8kkebakken?= , rwatson@FreeBSD.ORG, security-officer@FreeBSD.ORG, "'Bruce A. Mah'" , FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG In-Reply-To: <3C8D20B0.8030801@pittgoth.com> References: <3C8D1239.8050605@pittgoth.com> <002d01c1c93e$45878830$220310ac@lan.ncnett.no> <20020311160448.M9824@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 04:25 PM 3/11/2002 -0500, Tom Rhodes wrote: > >Brian Reichert wrote: > > > >Without really testing, will it interact with sftp-server(8)? I can't imagine that it would work. Here: http://www.cs.berkeley.edu/~smcpeak/SafeTP/compare.html They say: The security negotiation is similar to the one used by ssh and SSL I don't think "similar" will work with ssh. I seriously doubt they'd run their piece of the server on port 22 which is reserved for ssh. Sftp clients connect to port 22 and talk to the ssh server which, I believe, invokes the sftp-server. >-- >Tom (Darklogik) Rhodes >www.Pittgoth.com Gothic Liberation Front >www.FreeBSD.org The Power To Serve > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 15:42:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from h146n1fls31o859.telia.com (h146n1fls31o859.telia.com [213.66.12.146]) by hub.freebsd.org (Postfix) with SMTP id 4DA6D37B41B for ; Mon, 11 Mar 2002 15:42:00 -0800 (PST) Received: (qmail 8864 invoked from network); 11 Mar 2002 23:41:32 -0000 Received: from localhost (HELO 127.0.0.1) (root@127.0.0.1) by localhost with SMTP; 11 Mar 2002 23:41:32 -0000 Date: Tue, 12 Mar 2002 00:42:08 +0100 From: Tomas Svensson X-Mailer: The Bat! (v1.51) Personal Reply-To: Tomas Svensson X-Priority: 3 (Normal) Message-ID: <10933733005.20020312004208@gbdev.net> To: Tom Rhodes Cc: FreeBSD-security@FreeBSD.ORG Subject: SafeTP [was Re: sftp for windows clients] In-Reply-To: <3C8D1239.8050605@pittgoth.com> References: <3C8D1239.8050605@pittgoth.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Monday, March 11, 2002, 9:23:21 PM, you wrote: TR> Today I was poking around sftp. Upon my browsing I noticed that a TR> really neat program known as SafeTP was developed at Berkeley. This TR> utility seems to attach itself to ANY ftp client in windows/unix and TR> provide a secure connection... My few moments of testing pointed out to TR> me that it works in windows easily, so newbies can use it with say WS_ftp. There are some major problems with SafeTP (which for the consfused has absolutely nothing to do with SSH, SFTP nor SCP) : 1) It is limited to 3DES encryption only (and it does not use the assembly optimized or possibly hardware accelerated OpenSSL implementation). 2) The wrapper is only available for Windows. On unix you must use a terrible client called 'sftpc' which is very limited. 3) The Windows version is known to cause problems ranging from network problems to people beeing forced to reinstall Windows (because SafeTP is messing directly with the WinSock DLL files). 4) To get the source code you must fill out a form with your name, email address etc. Some quotes from the SafeTP license agreement are: "The end user ("you") may not redistribute the source code, whether modified or not." "You may not distribute compiled binaries, except those compiled from unmodified source code retrieved directly from the SafeTP website." "You may not use the SafeTP source code in any way to create a product that competes with SafeTP." So just don't go there. Use TLS/SSL or possibly SFTP if you need secure filetransfers that works on multiple platforms. -Tomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 16: 3:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id 53D3D37B402 for ; Mon, 11 Mar 2002 16:03:45 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id CA7732DDB68; Mon, 11 Mar 2002 18:03:42 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g2C02sW23233; Mon, 11 Mar 2002 18:02:54 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 11 Mar 2002 18:02:48 -0600 From: D J Hawkey Jr To: Poul-Henning Kamp Cc: security at FreeBSD Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Message-ID: <20020311180248.A23212@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <64040.1015886430@critter.freebsd.dk>; from phk@critter.freebsd.dk on Mon, Mar 11, 2002 at 11:40:30PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote: > > In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes: > > > > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" > > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? > > As author of our malloc(3) it is my opinion that we are not vulnerable to > this (kind of) bug. > > Most mallocs keep their housekeeping data right next to the allocated > range. This gives rise to all sorts of unpleassant situations if > programs stray outside the dotted line, free(3) things twice or > free(3) modified pointers. > > phkmalloc(3) does not store housekeeping next to allocated data, > and in particular it has code that detects and complains about > exactly the kind of double free this advisory talks about: > > [SNIP] Most excellent. Can't beat having the author's own explanation! > Poul-Henning Kamp Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 16:10:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from priv-edtnes12-hme0.telusplanet.net (fepout4.telus.net [199.185.220.239]) by hub.freebsd.org (Postfix) with ESMTP id 2E77337B400 for ; Mon, 11 Mar 2002 16:09:50 -0800 (PST) Received: from pfak ([216.232.34.44]) by priv-edtnes12-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020312000946.LVNS9959.priv-edtnes12-hme0.telusplanet.net@pfak>; Mon, 11 Mar 2002 17:09:46 -0700 Message-ID: <006901c1c95a$403cf1a0$6401a8c0@pfak> From: "Peter Kieser" To: Cc: References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> <20020311180248.A23212@sheol.localdomain> Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Date: Mon, 11 Mar 2002 16:10:00 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank gosh, At least it doesn't effect BSD, another blow for the faltering Linux. Hmm, someone real is going to have to verify it though (BSD). At least theres no remote exploits now, so we'll have time to prepare for the blow ^_^. --Peter ----- Original Message ----- From: "D J Hawkey Jr" To: "Poul-Henning Kamp" Cc: "security at FreeBSD" Sent: Monday, March 11, 2002 4:02 PM Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? > On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote: > > > > In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes: > > > > > > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" > > > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? > > > > As author of our malloc(3) it is my opinion that we are not vulnerable to > > this (kind of) bug. > > > > Most mallocs keep their housekeeping data right next to the allocated > > range. This gives rise to all sorts of unpleassant situations if > > programs stray outside the dotted line, free(3) things twice or > > free(3) modified pointers. > > > > phkmalloc(3) does not store housekeeping next to allocated data, > > and in particular it has code that detects and complains about > > exactly the kind of double free this advisory talks about: > > > > [SNIP] > > Most excellent. Can't beat having the author's own explanation! > > > Poul-Henning Kamp > > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 17:27: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from vmunix.dk (vmunix.dk [80.197.228.10]) by hub.freebsd.org (Postfix) with ESMTP id ABF3637B416 for ; Mon, 11 Mar 2002 17:26:59 -0800 (PST) Received: (from sst@localhost) by vmunix.dk (8.11.6/8.11.6) id g2C1Qpm27712; Tue, 12 Mar 2002 02:26:51 +0100 (CET) (envelope-from sst) Date: Tue, 12 Mar 2002 02:26:51 +0100 From: Sune Stjerneby To: "Thomas T. Veldhouse" Cc: freebsd-security@FreeBSD.ORG Subject: Re: zlib overflow problem? Message-ID: <20020312022651.A14838@fnyx.vmunix.dk> References: <00d601c1c941$56be3dd0$3028680a@tgt.com> <20020311131442.D77202@rain.macguire.net> <00e101c1c942$b6bfeb60$3028680a@tgt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00e101c1c942$b6bfeb60$3028680a@tgt.com>; from veldy@veldy.net on Mon, Mar 11, 2002 at 03:21:30PM -0600 X-waste-of: diskspace X-lemon: curry? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote: > Where did you see that information. I can not verify your statement. > > Here is the RedHat posting. They don't even mention any changes or updates > to glibc. The zlib bug is an issue on Linux-systems due to the brokeness of glibc malloc. There aren't any changes or updates to glibc because this specific issue was resolved within zlib; fixing the double free(), which causes a warning on most systems but trouble on glibc-systems. -- Sune Stjerneby - Part of an RFC 1876-compliant network. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 18:25:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id BD50C37B402 for ; Mon, 11 Mar 2002 18:25:40 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id C91452D0496; Mon, 11 Mar 2002 20:25:39 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g2C2PcY23553; Mon, 11 Mar 2002 20:25:38 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 11 Mar 2002 20:25:38 -0600 (CST) Message-Id: <200203120225.g2C2PcY23553@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <00e101c1c942$b6bfeb60$3028680a_tgt.com@ns.sol.net> <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net> In-Reply-To: <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: zlib overflow problem? X-Original-Newsgroups: sol.lists.freebsd.security To: sst@vmunix.dk, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>, sst@vmunix.dk writes: > On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote: >> Where did you see that information. I can not verify your statement. >> >> Here is the RedHat posting. They don't even mention any changes or updates >> to glibc. > > The zlib bug is an issue on Linux-systems due to the brokeness of > glibc malloc. > > There aren't any changes or updates to glibc because this specific > issue was resolved within zlib; fixing the double free(), which > causes a warning on most systems but trouble on glibc-systems. Um, on FreeBSD, aren't we talking about /usr/local/lib/libglib12.*? The library that so many Linux-born apps that are found in the ports collection depend on? If so, then aren't any ports that depend on it and libz vulnerable? Taking it a step further, aren't _any_ of the ports that depend on libglib12 at least suspect? If so [again], then the one comment on Slashdot is all too accurate: "This is huge.". If not for us BSDen, certainly for the Linuxen. If they won't fix their glibc, and it is one as the same as libglib12, wouldn't a patch-update for the libglib12 port fix things for us? TIA, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 18:31:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id B060737B419 for ; Mon, 11 Mar 2002 18:31:18 -0800 (PST) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Mon, 11 Mar 2002 18:31:17 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF49B@goofy.epylon.lan> From: "DiCioccio, Jason" To: "'hawkeyd@visi.com'" , sst@vmunix.dk, freebsd-security@freebsd.org Subject: RE: zlib overflow problem? Date: Mon, 11 Mar 2002 18:31:16 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 glib is not glibc. If you want to talk glibc, there is a copy in /compat/linux if you installed linux-base* Cheers, - -JD- - -----Original Message----- From: hawkeyd@visi.com [mailto:hawkeyd@visi.com] Sent: Monday, March 11, 2002 6:26 PM To: sst@vmunix.dk; freebsd-security@freebsd.org Subject: Re: zlib overflow problem? In article <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>, sst@vmunix.dk writes: > On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote: >> Where did you see that information. I can not verify your statement. >> >> Here is the RedHat posting. They don't even mention any changes or updates >> to glibc. > > The zlib bug is an issue on Linux-systems due to the brokeness of > glibc malloc. > > There aren't any changes or updates to glibc because this specific > issue was resolved within zlib; fixing the double free(), which > causes a warning on most systems but trouble on glibc-systems. Um, on FreeBSD, aren't we talking about /usr/local/lib/libglib12.*? The library that so many Linux-born apps that are found in the ports collection depend on? If so, then aren't any ports that depend on it and libz vulnerable? Taking it a step further, aren't _any_ of the ports that depend on libglib12 at least suspect? If so [again], then the one comment on Slashdot is all too accurate: "This is huge.". If not for us BSDen, certainly for the Linuxen. If they won't fix their glibc, and it is one as the same as libglib12, wouldn't a patch-update for the libglib12 port fix things for us? TIA, Dave - -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPI1qa78+wXo6G32BEQKV4QCcCX1EoBX/q0bWPAtogVoIRWrzxLAAnR6L Dbj31gcq1x1Cjg6g3ZxDwsy0 =eHzF -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 18:36:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id 8B60537B404 for ; Mon, 11 Mar 2002 18:36:28 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 8D7E32D04B0; Mon, 11 Mar 2002 20:36:27 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g2C2aRW23614; Mon, 11 Mar 2002 20:36:27 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 11 Mar 2002 20:36:27 -0600 From: D J Hawkey Jr To: "DiCioccio, Jason" Cc: sst@vmunix.dk, freebsd-security@freebsd.org Subject: Re: zlib overflow problem? Message-ID: <20020311203627.A23597@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <657B20E93E93D4118F9700D0B73CE3EA02FFF49B@goofy.epylon.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA02FFF49B@goofy.epylon.lan>; from jdicioccio@epylon.com on Mon, Mar 11, 2002 at 06:31:16PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 11, at 06:31 PM, DiCioccio, Jason wrote: > > glib is not glibc. If you want to talk glibc, there is a copy in > /compat/linux if you installed linux-base* OK, good. I wasn't sure; that's why I phrased my comments as questions. Thanks for the clarification. > Cheers, > - -JD- Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 18:41:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.viasoft.com.cn (unknown [61.153.1.177]) by hub.freebsd.org (Postfix) with ESMTP id CD20E37B405 for ; Mon, 11 Mar 2002 18:41:24 -0800 (PST) Received: from davidwnt (davidwnt.viasoft.com.cn [192.168.1.239]) by mail.viasoft.com.cn (8.9.3/8.9.3) with SMTP id KAA05078; Tue, 12 Mar 2002 10:51:13 +0800 Message-ID: <007901c1c96f$5825a720$ef01a8c0@davidwnt> From: "David Xu" To: "Sune Stjerneby" , "Thomas T. Veldhouse" Cc: References: <00d601c1c941$56be3dd0$3028680a@tgt.com> <20020311131442.D77202@rain.macguire.net> <00e101c1c942$b6bfeb60$3028680a@tgt.com> <20020312022651.A14838@fnyx.vmunix.dk> Subject: Re: zlib overflow problem? Date: Tue, 12 Mar 2002 10:40:53 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how about /sys/net/ppp* ? -- David Xu ----- Original Message -----=20 From: "Sune Stjerneby" To: "Thomas T. Veldhouse" Cc: Sent: Tuesday, March 12, 2002 9:26 AM Subject: Re: zlib overflow problem? > On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote: > > Where did you see that information. I can not verify your = statement. > >=20 > > Here is the RedHat posting. They don't even mention any changes or = updates > > to glibc. >=20 > The zlib bug is an issue on Linux-systems due to the brokeness of > glibc malloc. >=20 > There aren't any changes or updates to glibc because this specific > issue was resolved within zlib; fixing the double free(), which > causes a warning on most systems but trouble on glibc-systems. >=20 > --=20 > Sune Stjerneby > - Part of an RFC 1876-compliant network. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 19: 7:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.tietoverkot.net (ns.nimipalvelut.net [194.100.91.5]) by hub.freebsd.org (Postfix) with ESMTP id B799F37B400; Mon, 11 Mar 2002 19:07:13 -0800 (PST) Received: from localhost (lennu@localhost) by mail.tietoverkot.net (8.11.3/8.9.3) with ESMTP id g2C36B323639; Tue, 12 Mar 2002 05:06:11 +0200 (EET) (envelope-from lennu@tietoverkot.net) Date: Tue, 12 Mar 2002 05:06:10 +0200 (EET) From: Len Merikanto To: =?iso-8859-1?Q?Arvinn_L=F8kkebakken?= Cc: , , , "'Bruce A. Mah'" , , Subject: Re: sftp for windows clients In-Reply-To: <002d01c1c93e$45878830$220310ac@lan.ncnett.no> Message-ID: <20020312050456.S16589-100000@mail.tietoverkot.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 11 Mar 2002, Arvinn L=F8kkebakken wrote: > Date: Mon, 11 Mar 2002 21:49:43 +0100 > From: Arvinn L=F8kkebakken > To: darklogik@pittgoth.com, rwatson@FreeBSD.ORG > Cc: security-officer@FreeBSD.ORG, 'Bruce A. Mah' , > FreeBSD-security@FreeBSD.ORG, doc@FreeBSD.ORG > Subject: Re: sftp for windows clients > > > > > Hello people who work with security, documentation, and > > FreeBSD in general. > > > > Today I was poking around sftp. Upon my browsing I noticed that a > > really neat program known as SafeTP was developed at Berkeley. This > > utility seems to attach itself to ANY ftp client in windows/unix and > > provide a secure connection... My few moments of testing > > pointed out to > > me that it works in windows easily, so newbies can use it > > with say WS_ftp. > > > > Does it work with the sftp server that comes bundled with OpenSSH or do > you have to install the SafeTP server-side daemon too? If not, how does > it interfer with excisting sftpd bundled with OpenSSH when installed? > > Arvinn > http://www.lundman.net/ lftpd works sine with it im using it with my customers. lftpd compiles on any platform :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 11 19:35:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id B572637B416 for ; Mon, 11 Mar 2002 19:35:13 -0800 (PST) Received: from attbi.com ([66.56.88.62]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020312033513.WYCO2951.rwcrmhc53.attbi.com@attbi.com> for ; Tue, 12 Mar 2002 03:35:13 +0000 Message-ID: <3C8D7770.6070300@attbi.com> Date: Mon, 11 Mar 2002 22:35:12 -0500 From: Robert Heaven User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.8) Gecko/20020204 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Cisco VPN Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anyone had any success getting setkey/racoon (client) to work with a Cisco VPN Concentrator using an x509 certificate? I'd like to see an example /etc/ipsec.conf and /usr/local/etc/racoon/racoon.conf if I could. Also, how do you get racoon to deal with an encrypted private key? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 5:56:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.pov.com.pl (mx1.e-point.pl [217.153.26.147]) by hub.freebsd.org (Postfix) with ESMTP id 8B6DF37B400 for ; Tue, 12 Mar 2002 05:56:47 -0800 (PST) Received: from satellite.pov.com.pl ([192.168.0.61] helo=e-point.pl) by mail.pov.com.pl with asmtp (SSLv3:RC4-MD5:128) (Exim 3.34 #4) id 16kmlY-0003dI-00 for security@freebsd.org; Tue, 12 Mar 2002 14:56:36 +0100 Message-ID: <3C8E08F4.5B7C9E7D@e-point.pl> Date: Tue, 12 Mar 2002 14:56:04 +0100 From: Marcin Motylski X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.17 i686) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: subscribe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Scanner: exiscan *16kmlY-0003dI-00*1AQeBstZ7Nc* (e-point S.A., Warsaw, Poland) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 6: 2:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from host-212-42.tele2.pl (host-212-42.tele2.pl [213.173.212.42]) by hub.freebsd.org (Postfix) with ESMTP id E4AF637B400; Tue, 12 Mar 2002 06:02:28 -0800 (PST) Received: from localhost (irys@localhost) by host-212-42.tele2.pl (8.11.6/8.11.4) with ESMTP id g2CE2Rt25983; Tue, 12 Mar 2002 15:02:27 +0100 Date: Tue, 12 Mar 2002 15:02:26 +0100 (CET) From: Parys To: freebsd-bugs@FreeBSD.org Cc: freebsd-security@FreeBSD.org Subject: Re: i386/35816: no one can change password, because "passwd DB is locked" Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org my comment fot these: http://www.freebsd.org/cgi/query-pr.cgi?pr=35816 at bottom, below quote: --- cut --- no one can change password, because "passwd DB is locked" Confidential no Severity serious Priority medium Responsible freebsd-bugs@FreeBSD.org State closed Class sw-bug Submitter-Id current-users Arrival-Date Tue Mar 12 03:10:01 PST 2002 Closed-Date Tue Mar 12 03:43:52 PST 2002 Last-Modified Tue Mar 12 03:43:52 PST 2002 Originator Slawomir Parysek Release 4.5-RELEASE Organization ArgNet Environment FreeBSD my.host.name.com.pl 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 Description When one (malicious) user edit his own passwd database (via $ chpass command), no one can change password, because "passwd DB is locked". Also root cant't change any information in passwd database, eg add/delete It is very importand problem especialy on systems whih acts as shell box (TM.). How-To-Repeat how to repeat, huh, thats simple: log in into accont and leave an running "chpass" command on screen and log out, huh noone can change his/her passd and/or any other info by editing /etc/passwd* etc Fix how to fix it? hmm... block acces to command chpass for all suspicous users ;-P Audit-Trail State-Changed-From-To: open->closed State-Changed-By: billf State-Changed-When: Tue Mar 12 03:41:48 PST 2002 State-Changed-Why: this is not a bug. root can find the process that is holding the lock on the password database and kill both it and the user holding it. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35816 --- /cut --- Hi all. I affraid it can be big problem. I know, it's obvious, root can kill both user and process that is holding the lock on passwd database, but it may be problemous to monitor and/or kill all users(who play a joke) and his processes, especialy on productional system where all tenths/hundreds users pay $ for his accounts and, where lot of real users heave access to one account, and some users are careless for his doings. The siple way to prevent such incident is build an shell-based or perl script and run it periodicaly from crontab or run it in daemon-like mode(loop), script which take care on passswd database of course and some usrers which can lock it, or whatever. I think (if I can ever think ;o) that better way is to fix this problem in "chpass" binary file or whatever. thank's a lot for attention best regards Parys irys@irc.pl ps: sorry for my bad english knowledge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 6:28:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6C85237B417; Tue, 12 Mar 2002 06:27:51 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2CERpd64254; Tue, 12 Mar 2002 06:27:51 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Tue, 12 Mar 2002 06:27:51 -0800 (PST) Message-Id: <200203121427.g2CERpd64254@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:14.pam-pgsql Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:14 Security Advisory FreeBSD, Inc. Topic: pam-pgsql port authentication bypass Category: ports Module: pam-pgsql Announced: 2002-03-12 Credits: Jacques A. Vidrine Affects: pam-pgsql port prior to pam-pgsql-0.5.2 Corrected: 2002-01-21 20:06:05 UTC FreeBSD only: NO I. Background pam-pgsql is a PAM module which allows PAM-enabled applications such as login(1) to use a PostgreSQL database for user authentication. II. Problem Description The affected versions of the pam-pgsql port contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be executed. pam-pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information, verify user passwords, and change user passwords. The username and password given by the user is inserted into the SQL statement without any quoting or other safety checks. The pam-pgsql port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains thousands of third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.4 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A user interacting with a PAM-enabled application may insert arbitrary SQL code into the username or password fields during authentication or while changing passwords, leading to several exploit opportunities. In all versions of the pam-pgsql port prior to 0.5.2, attackers may add or change user account records. In addition, in versions of the pam-pgsql port prior to 0.3, attackers may cause pam-pgsql to completely bypass password authentication, allowing them to authenticate as any user and obtain unauthorized access using the PAM-enabled application. Since common PAM applications include login(1) and sshd(8), both local and remote attacks are possible. IV. Workaround 1) Deinstall the pam-pgsql port/package if you have it installed. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the port. 2) Download a new port skeleton for the pam-pgsql port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 3) Use the portcheckout utility to automate option (2) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD Ports Collection. Path Revision - ------------------------------------------------------------------------- ports/security/pam-pgsql/Makefile 1.9 ports/security/pam-pgsql/distinfo 1.3 ports/security/pam-pgsql/pkg-descr 1.2 - ------------------------------------------------------------------------- VII. References This vulnerability is very similar to previous vulnerabilities involving Apache modules and discovered by RUS-CERT. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCUAwUBPI4OwVUuHi5z0oilAQGXIgP4pJSV/n8+rQG8xj69zvyquOzjaYJW3aP3 0OvjTDmBh2NsB4y/3bxFzYnZnTH5reDEMtZnznpBGAElvibXesRN1f4NTaPa2mWo qpNF9ELBdNtGGqUZy6hm3kLjdgggpzTLP8luvt1tXdR4WRBgI48c8WxYxYd/u3oa g/gXHvFK2Q== =PWQc -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 6:28:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 41BF537B41D; Tue, 12 Mar 2002 06:27:58 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2CERwZ64329; Tue, 12 Mar 2002 06:27:58 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Tue, 12 Mar 2002 06:27:58 -0800 (PST) Message-Id: <200203121427.g2CERwZ64329@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:15.cyrus-sasl Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:15 Security Advisory FreeBSD, Inc. Topic: cyrus-sasl library contains format string vulnerability Category: ports Module: cyrus-sasl Announced: 2002-03-12 Credits: Kari Hurtta Affects: cyrus-sasl port prior to cyrus-sasl-1.5.24_8 Corrected: 2001-12-09 03:07:36 UTC FreeBSD only: NO CVE: CAN-2001-0869 I. Background Cyrus-SASL is an implementation of RFC 2222 SASL (Simple Authentication and Security Layer), a method for adding authentication support to connection based protocols. II. Problem Description Affected versions of the cyrus-sasl port contain a format string vulnerability. The format string vulnerability occurs during a call to the syslog(3) function. The cyrus-sasl port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains thousands of third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.4 is vulnerable to this problem since it was discovered after its release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious remote users may cause an application using cyrus-sasl to execute arbitrary code with the privileges of the process using the cyrus-sasl library. However, there are no known exploits at this writing, and the author of cyrus-sasl does not believe that this bug is exploitable. See the `References' section for more information. If the cyrus-sasl port is not installed, then your system is not vulnerable to this problem. The following command can be used to determine whether or not the cyrus-sasl port is installed: # pkg_info -I cyrus-sasl-\* IV. Workaround Deinstall the cyrus-sasl port if you have installed it. V. Solution Do one of the following: 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old port and install a corrected version from the following directories. [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) Download a new port skeleton for cyrus-sasl from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Path Revision - ------------------------------------------------------------------------- ports/security/cyrus-sasl/Makefile 1.30 ports/security/cyrus-sasl/files/patch-lib::common.c 1.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPI4Ox1UuHi5z0oilAQEqfAQAm21BK3iBrye7YKOpNIe4HhWyLx5YyPs+ AEASVCg9J4n3vp//nhaOlpC9vQgdoBSX/vRDx5GCS8fkkw/l0R/KmTit1Kezahht ms4LbcSqjxKzscPBwT3ZJZt166z5JyUXkzVOsGbEG11WMgeH/jQ4oTG/Xk9cGWH9 r+BCSjm3phw= =VRs8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 6:30:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A606F37B420; Tue, 12 Mar 2002 06:28:03 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2CES3U64416; Tue, 12 Mar 2002 06:28:03 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Tue, 12 Mar 2002 06:28:03 -0800 (PST) Message-Id: <200203121428.g2CES3U64416@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:16 Security Advisory FreeBSD, Inc. Topic: GIF/JPEG comment vulnerability in Netscape Category: ports Module: netscape Announced: 2002-03-12 Credits: Florian Wesch Affects: All Netscape ports with versions prior to 4.77 Corrected: 2001-04-07 16:41:36 UTC FreeBSD only: NO I. Background Netscape Navigator or Communicator is a popular web browser, available in several versions in the FreeBSD ports collection. II. Problem Description The GIF89a and JPEG standards permit images to have embedded comments, in which any kind of textual data may be stored. Versions 4.76 and earlier of the Netscape browser will execute JavaScript contained in such a comment block, if execution of JavaScript is enabled in the configuration of the browser. The Netscape browser supports a non-standard URL scheme, `about:'. Visiting `about:' URLs causes Navigator to display information which may be sensitive. For example, `about:global' gives a listing of recently accessed URLs; `about:cache' shows a similar listing, but with the time each page was visited and the name of each corresponding file in the disk cache; and `about:config' displays the full configuration of the browser. JavaScript executed from the comment block of a maliciously constructed image can send information from an `about:' URL back to a hostile Web server. The Netscape ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains thousands of third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.5 contains some Netscape versions which are vulnerable to these problems. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact The browser can be caused to transmit sensitive information to a hostile Web server, if JavaScript is enabled and a page on the server is visited. If you have not chosen to install a Netscape port or package, your system is not vulnerable to this problem. IV. Workarounds Do one of the following: 1) Deinstall affected Netscape ports or packages, if any are installed. 2) Disable JavaScript. This can be done interactively by running Navigator, going to the Edit menu, choosing Preferences, and changing the setting in the Advanced section. Alternatively, append the line: user_pref("javascript.enabled", false); to the $HOME/.netscape/preferences.js of every user. Users are likely to want to re-enable JavaScript, because its use is required by some Web sites. If they do, they could become vulnerable again. 3) Similarly, disable automatic loading of images. The corresponding configuration line is: user_pref("general.always_load_images", false); Some Web sites require images. If users enable automatic loading, or if they click the Images button, they could become vulnerable again. 4) Install a filtering proxy, and configure it to block all images from untrusted sites. The www/adzap or www/adzapper ports may be suitable. Doing this will make many Web sites unviewable. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the relevant Netscape port, if available. Netscape binaries for several platforms, including FreeBSD/i386, were discontinued before the release of 4.77. 2) Deinstall the old package and install a new package, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ linux-netscape-communicator-4.79.tgz linux-netscape-navigator-4.79.tgz [alpha] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ netscape-communicator-4.78.tgz 3) Download a new port skeleton for the Netscape port from: http://www.freebsd.org/ports/ and use it to rebuild the port. NOTE: Since there are so many variations of the Netscape ports in the FreeBSD ports collection they are not listed separately here. Localized versions are also available in the respective language subdirectory. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz VI. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPI4O0lUuHi5z0oilAQHv/AP+PQ4rd6932o1k3UJqc/+a6jdA5rD0LH1g GLki733Egvx7K7ChjjBO2mmHCRVsvIBy/dIU1rlX/YM5ncXT4Mpgm34eL6EzhjQq CD/733AIw2jEvSICBNeG3W1ytCzj4qBetjkXlj8/wbi/1f27jyj3kW+kVZ9TX20A gICIJdL948I= =al/K -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 6:30:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id CEE2C37B425; Tue, 12 Mar 2002 06:28:09 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2CES9264483; Tue, 12 Mar 2002 06:28:09 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Tue, 12 Mar 2002 06:28:09 -0800 (PST) Message-Id: <200203121428.g2CES9264483@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:17 Security Advisory FreeBSD, Inc. Topic: mod_frontpage port contains exploitable buffer overflow Category: ports Module: mod_frontpage Announced: 2002-03-12 Credits: Martin Blapp Affects: mod_frontpage port prior to version mod_portname-1.6.1 Corrected: 2002-02-05 16:18:42 2002 UTC FreeBSD only: NO I. Background mod_frontpage is a replacecement for Microsoft's frontpage apache patch to support FP extensions. It is installed as a DSO module. II. Problem Description Affected versions of the mod_frontpage port contains several exploitable buffer overflows in the fpexec wrapper, which is installed setuid root. The mod_frontpage port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 6000 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.5 contains this security problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A local attacker may obtain superuser privileges by exploiting the buffer overflow bugs in fpexec. IV. Workaround 1) Deinstall the mod_frontpage ports/packages if you have them installed. V. Solution Do one of the following: 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. NOTE: It may be several days before updated packages are available. 3) Download a new port skeleton for the mod_frontpage port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source. Path Revision - ------------------------------------------------------------------------- ports/www/mod_frontpage/Makefile 1.7 ports/www/mod_frontpage/distinfo 1.4 ports/www/mod_frontpage/files/patch-Makefile.PL 1.3 ports/www/mod_frontpage/files/patch-Makefile.in 1.1 ports/www/mod_frontpage/files/patch-mod_frontpage.c 1.4 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPI4O11UuHi5z0oilAQF43wQAlp8eUBSGRLb1ggNxDVwzvB40ZEOWrIB0 6P3xIvUW6bFXsHgrBm+WuF7evUm8K85hs1QPp4nDUSdgWArxP9izdSXMKsJ0rtkA RAeDMgpMOsDoQaKl9ljDVFbf9xs3hTO6S3UsRaRuQeTvcqhsKRZNbUvOVrAULEOG GZ6n2CFh+Rk= =sCnv -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7: 3:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id D9A4037BEC6; Tue, 12 Mar 2002 06:54:19 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id E7B6C44; Tue, 12 Mar 2002 08:53:37 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g2CErbX36079; Tue, 12 Mar 2002 08:53:37 -0600 (CST) (envelope-from nectar) Date: Tue, 12 Mar 2002 08:53:37 -0600 From: "Jacques A. Vidrine" To: freebsd-security@FreeBSD.ORG Cc: jedgar@FreeBSD.ORG, green@FreeBSD.ORG Subject: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312145337.GB35955@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG, jedgar@freebsd.org, green@freebsd.org References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64040.1015886430@critter.freebsd.dk> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In addition to Poul-Henning's information below, the zlib bug was also patched in the security branches around February 22nd ``just in case.'' Likewise, similar code in the kernel was fixed (sys/net/zlib.c). Hmm, I just noticed that for some reason, the fixes don't seem to have been committed to -CURRENT or -STABLE. Maybe Chris had a reason for this. It may be a moot point soon, as Brian has recently imported the new (fixed) zlib into -CURRENT, and I imagine he will merge it into -STABLE before long. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se On Mon, Mar 11, 2002 at 11:40:30PM +0100, Poul-Henning Kamp wrote: > ============================================================================ > From: Poul-Henning Kamp > Subject: the zlib double free bug > To: security-officer@freebsd.org > Message-Id: <58959.1015884837@critter.freebsd.dk> > Date: Mon, 11 Mar 2002 23:13:57 +0100 > > > As author of our malloc(3) it is my opinion that we are not vulnerable to > this (kind of) bug. > > Most mallocs keep their housekeeping data right next to the allocated > range. This gives rise to all sorts of unpleassant situations if > programs stray outside the dotted line, free(3) things twice or > free(3) modified pointers. > > phkmalloc(3) does not store housekeeping next to allocated data, > and in particular it has code that detects and complains about > exactly the kind of double free this advisory talks about: > > critter phk> cat a.c > main() > { > char *p; > > p = malloc(256); > p = malloc(256); > free(p); > free(p); > } > critter phk> make a > cc -O -pipe a.c -o a > a.c: In function `main': > a.c:7: warning: assignment makes pointer from integer without a cast > a.c:8: warning: assignment makes pointer from integer without a cast > critter phk> ./a > a in free(): error: chunk is already free > Abort (core dumped) > critter phk> > > The malloc flag 'A' determines if the situation is just warned about > or if the program should call abort(3). > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:17:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id AE71837C226 for ; Tue, 12 Mar 2002 07:06:23 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id 15A0B2DDDA6 for ; Tue, 12 Mar 2002 09:05:25 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g2CF5Oa29076 for freebsd-security@freebsd.org; Tue, 12 Mar 2002 09:05:24 -0600 (CST) (envelope-from hawkeyd) Date: Tue, 12 Mar 2002 09:05:24 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape Message-ID: <20020312090524.A29061@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All. Anyone know if [recent] Mozilla releases are vulnerable? Specifically, release 0.9.8? More specifically, the binary release of 0.9.8 from mozilla.org (which wouldn't have any patches found in the ports collection)? TIA, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ ----- Forwarded message from FreeBSD Security Advisories ----- FreeBSD-SA-02:16 Security Advisory FreeBSD, Inc. Topic: GIF/JPEG comment vulnerability in Netscape Category: ports Module: netscape Announced: 2002-03-12 Credits: Florian Wesch Affects: All Netscape ports with versions prior to 4.77 Corrected: 2001-04-07 16:41:36 UTC FreeBSD only: NO ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:22:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B4BCC37C507; Tue, 12 Mar 2002 07:11:55 -0800 (PST) Received: from localhost (green@localhost) by green.bikeshed.org (8.11.6/8.11.6) with ESMTP id g2CFB3U10275; Tue, 12 Mar 2002 10:11:06 -0500 (EST) (envelope-from green@green.bikeshed.org) Message-Id: <200203121511.g2CFB3U10275@green.bikeshed.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) In-Reply-To: Your message of "Tue, 12 Mar 2002 08:53:37 CST." <20020312145337.GB35955@madman.nectar.cc> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Mar 2002 10:11:03 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Jacques A. Vidrine" wrote: > In addition to Poul-Henning's information below, the zlib bug was also > patched in the security branches around February 22nd ``just in > case.'' Likewise, similar code in the kernel was fixed > (sys/net/zlib.c). > > Hmm, I just noticed that for some reason, the fixes don't seem to have > been committed to -CURRENT or -STABLE. Maybe Chris had a reason for > this. It may be a moot point soon, as Brian has recently imported the > new (fixed) zlib into -CURRENT, and I imagine he will merge it into > -STABLE before long. Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and it seems to work just fine (as I imagine it darn well should). Even though we're not vulnerable, and the bug is fixed earlier, I want to be able to say that we ship a known-good copy of zlib and have the version numbers there to back it up. Sound reasonable? -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org <> bfeldman@tislabs.com \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:37: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 7568537B901; Tue, 12 Mar 2002 07:32:56 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 0301970; Tue, 12 Mar 2002 09:32:04 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g2CFW3v36336; Tue, 12 Mar 2002 09:32:03 -0600 (CST) (envelope-from nectar) Date: Tue, 12 Mar 2002 09:32:03 -0600 From: "Jacques A. Vidrine" To: "Brian F. Feldman" Cc: freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312153203.GG35955@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , "Brian F. Feldman" , freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG References: <20020312145337.GB35955@madman.nectar.cc> <200203121511.g2CFB3U10275@green.bikeshed.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200203121511.g2CFB3U10275@green.bikeshed.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 12, 2002 at 10:11:03AM -0500, Brian F. Feldman wrote: > Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and > it seems to work just fine (as I imagine it darn well should). Even though > we're not vulnerable, and the bug is fixed earlier, I want to be able to say > that we ship a known-good copy of zlib and have the version numbers there to > back it up. Sound reasonable? Yes, that's reasonable --- and thanks for the quick reaction! ... however, RELENG_4_[345] are already fixed. But we still would like to merge zlib in -STABLE. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:38:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 15C8A37B85C; Tue, 12 Mar 2002 07:35:55 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2CFYrp79704; Tue, 12 Mar 2002 10:34:53 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 10:29:06 -0500 To: "Brian F. Feldman" , "Jacques A. Vidrine" From: Mike Tancsa Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Cc: freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG In-Reply-To: <200203121511.g2CFB3U10275@green.bikeshed.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Although it sounds like the bug is not exploitable on FreeBSD, is there a potential for a Denial of Service still with systems prior to the Feb 22 commit? ---Mike At 10:11 AM 3/12/02 -0500, Brian F. Feldman wrote: >"Jacques A. Vidrine" wrote: > > In addition to Poul-Henning's information below, the zlib bug was also > > patched in the security branches around February 22nd ``just in > > case.'' Likewise, similar code in the kernel was fixed > > (sys/net/zlib.c). > > > > Hmm, I just noticed that for some reason, the fixes don't seem to have > > been committed to -CURRENT or -STABLE. Maybe Chris had a reason for > > this. It may be a moot point soon, as Brian has recently imported the > > new (fixed) zlib into -CURRENT, and I imagine he will merge it into > > -STABLE before long. > >Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and >it seems to work just fine (as I imagine it darn well should). Even though >we're not vulnerable, and the bug is fixed earlier, I want to be able to say >that we ship a known-good copy of zlib and have the version numbers there to >back it up. Sound reasonable? > >-- >Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ > <> green@FreeBSD.org <> bfeldman@tislabs.com \ The Power to Serve! \ > Opinions expressed are my > own. \,,,,,,,,,,,,,,,,,,,,,,\ > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:49:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id BC0C137B402; Tue, 12 Mar 2002 07:49:25 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id AFA3144; Tue, 12 Mar 2002 09:47:19 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g2CFlJc36466; Tue, 12 Mar 2002 09:47:19 -0600 (CST) (envelope-from nectar) Date: Tue, 12 Mar 2002 09:47:19 -0600 From: "Jacques A. Vidrine" To: Mike Tancsa Cc: "Brian F. Feldman" , freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312154719.GK35955@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Mike Tancsa , "Brian F. Feldman" , freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG References: <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: > Hi, > Although it sounds like the bug is not exploitable on FreeBSD, is there a > potential for a Denial of Service still with systems prior to the Feb 22 > commit? I hesitate to say that there is not, but I don't know of anything specific. -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 7:53:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 265A037B7DC; Tue, 12 Mar 2002 07:53:39 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id C1A2D13667; Tue, 12 Mar 2002 10:52:16 -0500 (EST) Date: Tue, 12 Mar 2002 10:52:16 -0500 From: Chris Faulhaber To: Mike Tancsa Cc: "Brian F. Feldman" , "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312155216.GF94019@peitho.fxp.org> References: <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qp4W5+cUSnZs0RIF" Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --qp4W5+cUSnZs0RIF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: >=20 > Hi, > Although it sounds like the bug is not exploitable on FreeBSD, is there a= =20 > potential for a Denial of Service still with systems prior to the Feb 22= =20 > commit? >=20 With phkmalloc(3), normally you will just get: progname in free(): error: chunk is already free unless the 'A' malloc option is set, then the program will abort(3) which could be considered a Denial of Service. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --qp4W5+cUSnZs0RIF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyOJDAACgkQObaG4P6BelDZlACfVjxNM/KDwCn2L/QbIumsLwR/ leoAn2oFAZIvWRVf6JqZgsnHxaQVQeDA =XR4d -----END PGP SIGNATURE----- --qp4W5+cUSnZs0RIF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 8: 0:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 92CA637B8FC for ; Tue, 12 Mar 2002 07:59:08 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2CFtJp83997; Tue, 12 Mar 2002 10:55:19 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020312104817.0649e0c0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 10:49:31 -0500 To: Chris Faulhaber From: Mike Tancsa Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020312155216.GF94019@peitho.fxp.org> References: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is this possible to happen in kernel space as well (e.g. somewhere in the networking code) ? And if so, would that constitute a panic ? ---Mike At 10:52 AM 3/12/02 -0500, Chris Faulhaber wrote: >On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote: > > > > Hi, > > Although it sounds like the bug is not exploitable on FreeBSD, is there a > > potential for a Denial of Service still with systems prior to the Feb 22 > > commit? > > > >With phkmalloc(3), normally you will just get: > >progname in free(): error: chunk is already free > >unless the 'A' malloc option is set, then the program will >abort(3) which could be considered a Denial of Service. > >-- >Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org >-------------------------------------------------------- >FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 8: 5:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.6]) by hub.freebsd.org (Postfix) with ESMTP id B0B2E37B91D for ; Tue, 12 Mar 2002 08:03:41 -0800 (PST) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g2CG2H124156; Tue, 12 Mar 2002 11:02:17 -0500 (EST) Date: Tue, 12 Mar 2002 11:02:16 -0500 (EST) From: Trevor Johnson To: D J Hawkey Jr Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape In-Reply-To: <20020312090524.A29061@sheol.localdomain> Message-ID: <20020312104432.L19417-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Anyone know if [recent] Mozilla releases are vulnerable? > Specifically, release 0.9.8? > More specifically, the binary release of 0.9.8 from mozilla.org (which > wouldn't have any patches found in the ports collection)? I hadn't thought of that. I wasn't able to get the demonstration from http://www.dividuum.de/ to work with Mozilla 0.9.9. Mozilla's support for the about: protocol seems to be more limited than that of Netscape 4. In particular, it doesn't have about:global. Conceivably, old versions of Mozilla could have this bug. Regardless, I'd recommend that you update to Mozilla 0.9.9, because of the zlib "double free" bug. Mozilla contains its own copy of the zlib code, which was corrected as of version 0.9.9. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 8:30:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 6453137B670; Tue, 12 Mar 2002 08:30:34 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id CE0FA13669; Tue, 12 Mar 2002 10:28:37 -0500 (EST) Date: Tue, 12 Mar 2002 10:28:37 -0500 From: Chris Faulhaber To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG, green@freebsd.org Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312152837.GC94019@peitho.fxp.org> References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> <20020312145337.GB35955@madman.nectar.cc> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4jXrM3lyYWu4nBt5" Content-Disposition: inline In-Reply-To: <20020312145337.GB35955@madman.nectar.cc> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --4jXrM3lyYWu4nBt5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2002 at 08:53:37AM -0600, Jacques A. Vidrine wrote: > In addition to Poul-Henning's information below, the zlib bug was also > patched in the security branches around February 22nd ``just in > case.'' Likewise, similar code in the kernel was fixed > (sys/net/zlib.c). >=20 > Hmm, I just noticed that for some reason, the fixes don't seem to have > been committed to -CURRENT or -STABLE. Maybe Chris had a reason for > this. It may be a moot point soon, as Brian has recently imported the > new (fixed) zlib into -CURRENT, and I imagine he will merge it into > -STABLE before long. >=20 I committed fixes to HEAD, RELENG_4, and RELENG_[345] for both src/lib/libz/infblock.c and src/net/zlib.c in February. Did I miss something? --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --4jXrM3lyYWu4nBt5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyOHqUACgkQObaG4P6BelDQKACfR2AFMxdJOzm2gfoeGe4uUWnf /9MAnjOvqD70AfOnBSsXQnHqnN1Im4L7 =NY5q -----END PGP SIGNATURE----- --4jXrM3lyYWu4nBt5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 8:33:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id C7D5A37BB5A; Tue, 12 Mar 2002 08:33:22 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 4564044; Tue, 12 Mar 2002 10:33:22 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g2CGXMG36789; Tue, 12 Mar 2002 10:33:22 -0600 (CST) (envelope-from nectar) Date: Tue, 12 Mar 2002 10:33:22 -0600 From: "Jacques A. Vidrine" To: Chris Faulhaber Cc: freebsd-security@FreeBSD.ORG, green@FreeBSD.ORG Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) Message-ID: <20020312163322.GW35955@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Chris Faulhaber , freebsd-security@FreeBSD.ORG, green@freebsd.org References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> <20020312145337.GB35955@madman.nectar.cc> <20020312152837.GC94019@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020312152837.GC94019@peitho.fxp.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 12, 2002 at 10:28:37AM -0500, Chris Faulhaber wrote: > On Tue, Mar 12, 2002 at 08:53:37AM -0600, Jacques A. Vidrine wrote: > > In addition to Poul-Henning's information below, the zlib bug was also > > patched in the security branches around February 22nd ``just in > > case.'' Likewise, similar code in the kernel was fixed > > (sys/net/zlib.c). > > > > Hmm, I just noticed that for some reason, the fixes don't seem to have > > been committed to -CURRENT or -STABLE. Maybe Chris had a reason for > > this. It may be a moot point soon, as Brian has recently imported the > > new (fixed) zlib into -CURRENT, and I imagine he will merge it into > > -STABLE before long. > > > > I committed fixes to HEAD, RELENG_4, and RELENG_[345] for > both src/lib/libz/infblock.c and src/net/zlib.c in February. > Did I miss something? No, I guess I did. I thought I had saved each of the resulting cvs messages to a folder for later reference, but I must have missed HEAD and RELENG_4. A quick scan of the `cvs log' output resulted in me missing it again. Sorry about that! Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 10: 4:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.6]) by hub.freebsd.org (Postfix) with ESMTP id A34C837B416 for ; Tue, 12 Mar 2002 10:04:52 -0800 (PST) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g2CI4k528525; Tue, 12 Mar 2002 13:04:47 -0500 (EST) Date: Tue, 12 Mar 2002 13:04:46 -0500 (EST) From: Trevor Johnson To: Brian Behlendorf Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape In-Reply-To: <20020312092148.J653-100000@localhost> Message-ID: <20020312125415.W25328-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brian Behlendorf wrote: > On Tue, 12 Mar 2002, Trevor Johnson wrote: > > Regardless, I'd recommend that you update to Mozilla 0.9.9, because of the > > zlib "double free" bug. Mozilla contains its own copy of the zlib code, > > which was corrected as of version 0.9.9. > > Unless I misunderstand something, even those apps with their own > statically linked copies of zlib are not vulnerable on freebsd due to > freebsd's malloc implementation, right? Unless they also statically > compiled in glibc? I would suppose that dynamically linking to glibc would cause problems too. The Linux binary of Mozilla, which I assumed Dave Hawkey was asking about, does that (I updated the port of it today). I would suppose that the native Mozilla might be fine--unless, as you suggest, it contains its own copy of GNU malloc. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 12:39:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id 82E3C37B404 for ; Tue, 12 Mar 2002 12:39:07 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2CKW0b16445; Tue, 12 Mar 2002 15:32:01 -0500 (EST) (envelope-from batsy@vapour.net) Date: Tue, 12 Mar 2002 15:31:56 -0500 (EST) From: batz To: Christopher Schulte Cc: lewwid , freebsd-security@FreeBSD.ORG, Max Mouse Subject: Re: PHP 4.1.2 In-Reply-To: <5.1.0.14.0.20020311102243.01b00c38@pop3s.schulte.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 11 Mar 2002, Christopher Schulte wrote: :>Would it be useful to have a security branch from which people could cvsup :>security patches? : :>Does such a system exist just for security updates? : :For ports? No. I would volunteer as maintainer as it isn't too far removed from my day job to handle something like this. :) On a simple level, it could just be a tree with copies of updated ports with patches that people could cvsup from a given site. What other features would people want from such a service? Though I suppose cvsup'ing the ports tree on a regular basis would accomplish the same thing, it might be nice to do it on a security specific basis. A vulnerability in zlib suggests that it would be worth having a specific method for users to update all ports that use zlib, no? Cheers, -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14: 0:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 4621837B417 for ; Tue, 12 Mar 2002 14:00:24 -0800 (PST) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id E97AC24463; Tue, 12 Mar 2002 16:00:21 -0600 (CST) Message-Id: <5.1.0.14.0.20020312155431.04f93ac0@pop3s.schulte.org> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 15:59:07 -0600 To: batz , Christopher Schulte From: Christopher Schulte Subject: Re: PHP 4.1.2 Cc: lewwid , freebsd-security@FreeBSD.ORG, Max Mouse In-Reply-To: References: <5.1.0.14.0.20020311102243.01b00c38@pop3s.schulte.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 03:31 PM 3/12/2002 -0500, batz wrote: >Though I suppose cvsup'ing the ports tree on a regular basis would >accomplish the same thing, it might be nice to do it on a security >specific basis. I don't think so. The port maintainers can upgrade their ports without much fear of breaking the rest of the base OS, unlike commits to STABLE. This is why RELENG_4_X was created. You get all the critical fixes ( mostly security at this point ) without having to worry about all the other muck in -STABLE that could possibly cause problems or change expected behavior. No need to add unnecessary complexity. The ports work quite well as is. >Cheers, > > >-- >batz -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:12: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id 9343737B405 for ; Tue, 12 Mar 2002 14:11:58 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2CM4vb17820; Tue, 12 Mar 2002 17:04:57 -0500 (EST) (envelope-from batsy@vapour.net) Date: Tue, 12 Mar 2002 17:04:54 -0500 (EST) From: batz To: Christopher Schulte Cc: lewwid , freebsd-security@FreeBSD.ORG, Max Mouse Subject: Re: PHP 4.1.2 In-Reply-To: <5.1.0.14.0.20020312155431.04f93ac0@pop3s.schulte.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, Christopher Schulte wrote: :I don't think so. The port maintainers can upgrade their ports without :much fear of breaking the rest of the base OS, unlike commits to :STABLE. This is why RELENG_4_X was created. You get all the critical :fixes ( mostly security at this point ) without having to worry about all :the other muck in -STABLE that could possibly cause problems or change :expected behavior. : :No need to add unnecessary complexity. The ports work quite well as is. I don't see how my suggestion would change the way the ports work at all. It could work in paralell and co-exist quite peacefully. So just a point of clarification then. By what you are saying, I can infer that RELENG_4_X also includes security fixes in ports which I can cvsup on a daily basis, and by doing this, fix any ports which have been declared vulnerable. I should further be able to automaticly upgrade any ports which use the vulnerable one as a dependency, by cvsup'ing RELENG_4_X. This is true? Thx, -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:33:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from aurora.regenstrief.org (aurora.regenstrief.org [134.68.31.122]) by hub.freebsd.org (Postfix) with ESMTP id AB25F37B428; Tue, 12 Mar 2002 14:33:21 -0800 (PST) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by aurora.regenstrief.org (8.11.6/8.9.3) with ESMTP id g2CMWv068917; Tue, 12 Mar 2002 17:32:57 -0500 (EST) (envelope-from gunther@aurora.regenstrief.org) Message-ID: <3C8E822E.7070509@aurora.regenstrief.org> Date: Tue, 12 Mar 2002 17:33:18 -0500 From: Gunther Schadow Organization: Regenstrief Institute for Health Care User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org, PicoBSD List Subject: Smartcard device support? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm wondering if it isn't time to roll out smart card use a bit more aggressively. The question is: are any smart card devices useable with FreeBSD? Let's say for enabling IPsec associations with racoon (X509 cert on smartcard instead of a file on disk.) Only if smartcard is in the box will the IPsec connection work. Of course my constraint is cost of hardware. So is there any cheap stuff around? thanks for any hint, -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistant Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:36:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id C93FE37B400 for ; Tue, 12 Mar 2002 14:36:10 -0800 (PST) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id 3C8D324467; Tue, 12 Mar 2002 16:36:05 -0600 (CST) Message-Id: <5.1.0.14.0.20020312161930.057a9240@pop3s.schulte.org> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 12 Mar 2002 16:34:50 -0600 To: batz , Christopher Schulte From: Christopher Schulte Subject: Re: PHP 4.1.2 Cc: lewwid , freebsd-security@FreeBSD.ORG, Max Mouse In-Reply-To: References: <5.1.0.14.0.20020312155431.04f93ac0@pop3s.schulte.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:04 PM 3/12/2002 -0500, batz wrote: >By what you are saying, I can infer that RELENG_4_X also includes security >fixes in ports which I can cvsup on a daily basis, and by doing this, fix >any ports which have been declared vulnerable. I should further be able >to automaticly upgrade any ports which use the vulnerable one as a >dependency, by cvsup'ing RELENG_4_X. The ports live on their own cvs island, there is no RELENG_ANYTHING associated with them. The combined tree is maintained separately from the source code of the actual Operating System and bundled applications. Check out the supfile samples in /usr/share/examples/cvsup/ : ############################################################################### # # DANGER! WARNING! LOOK OUT! VORSICHT! # # If you add any of the ports collections to this file, be sure to # specify them like this: # # ports-all tag=. # # If you leave out the "tag=." portion, CVSup will delete all of # the files in your ports tree. That is because the ports collections # do not use the same tags as the main part of the FreeBSD source tree. # ############################################################################### Just cvsup your ports tree daily, you'll pick up the new ports as the maintainers fix/add them. You can then opt to reinstall ports already in use on your system. If it's a new port install, you'll get the newest and greatest automatically. /usr/ports/sysutils/portupgrade is great for keeping track of this kind of thing. I hope that sheds some light. Followups might be appropriate to -questions... >-- >batz -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:50:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id C4EBA37B417; Tue, 12 Mar 2002 14:50:15 -0800 (PST) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g2CMnrnp035127; Tue, 12 Mar 2002 23:49:53 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: hackers@freebsd.org, security@freebsd.org Subject: Userland Hacker Task: divert socket listener... From: Poul-Henning Kamp Date: Tue, 12 Mar 2002 23:49:53 +0100 Message-ID: <35126.1015973393@critter.freebsd.dk> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Here is something I miss a lot: I would like a small program which can listen to a specified divert(4) socket and act on the incoming packets. Specifically I want to direct all unwanted trafic from my ipfw rules into the divert socket and have the program examine these packets and when configured thresholds were exceeded take actions like: Add a blackhole route for a period of time to the source IP to prevent any packets getting back to the attacker. Add a blocking ipfw rule for incoming trafic from the attackers IP# for some period of time. Add a divert ipfw rule for incoming trafic from the attackers IP# to capture all the tricks he is trying to do. Log the received packets in detail in pcap format files. Report the packets to Dshield.org etc. Any takers ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:50:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailtest.btconnex.net (mailtest.btconnex.net [209.47.192.8]) by hub.freebsd.org (Postfix) with SMTP id 5F2BF37B41F for ; Tue, 12 Mar 2002 14:50:30 -0800 (PST) Received: (qmail 53982 invoked from network); 12 Mar 2002 22:48:04 -0000 Received: from unknown (HELO ?192.168.66.52?) (192.168.66.52) by mailtest.btconnex.net with SMTP; 12 Mar 2002 22:48:04 -0000 Date: Tue, 12 Mar 2002 17:49:28 -0500 (EST) From: Elliott Perrin X-X-Sender: To: Subject: A Linux Virus that infects ELF (x86 only) Message-ID: <20020312173313.P13359-100000@decalpha.beanfield.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was just wondering if anyone knows if a new LINUX virus that is posted at SARC http://www.sarc.com/avcenter/venc/data/linux.jac.8759.html is capable of infecting ELF executables on the BSD platform. There is little information about this posted there, I couldn't find any info about it at sophos, and a google search pointed me back to Symantec. I ran across it while looking at information on the new W32.Gibe worm that poses as an MS Security Update, so I figured I'd ask to see if anyone here knows about this. Cheers, eperrin@beanfield.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 14:59: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mobile.webweaving.org (uds84-60.dial.hccnet.nl [62.251.60.84]) by hub.freebsd.org (Postfix) with ESMTP id 5522137B448; Tue, 12 Mar 2002 14:58:12 -0800 (PST) Received: from localhost.leiden.webweaving.org (localhost.leiden.webweaving.org [127.0.0.1] (may be forged)) by mobile.webweaving.org (8.10.2/8.10.2) with ESMTP id g2CMvs210242; Tue, 12 Mar 2002 23:57:54 +0100 (CET) X-Curiosity: Killed the Cat X-Huis-aan-Huis-deur-sticker: nee-nee X-Spam: no X-Passed: MX on Gandalf.WebWeaving.org Tue, 12 Mar 2002 23:57:54 +0100 (CET) and masked X-No-Spam: Neither the receipients nor the senders email address(s) are to be used for Unsolicited (Commercial) Email without the explicit written consent of either party; as a per-message fee is incurred for inbound and outbound traffic to the originator. Date: Tue, 12 Mar 2002 23:57:54 +0100 (CET) From: dirkx@covalent.net X-X-Sender: dirkx@gandalf.leiden.webweaving.org To: phk@FreeBSD.ORG Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Userland Hacker Task: divert socket listener... In-Reply-To: <35126.1015973393@critter.freebsd.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > Here is something I miss a lot: > > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. > > Specifically I want to direct all unwanted trafic from my ipfw rules > into the divert socket and have the program examine these packets > and when configured thresholds were exceeded take actions like: > > Add a blackhole route for a period of time to the source > IP to prevent any packets getting back to the attacker. > > Add a blocking ipfw rule for incoming trafic from the > attackers IP# for some period of time. > > Add a divert ipfw rule for incoming trafic from the > attackers IP# to capture all the tricks he is trying to > do. > > Log the received packets in detail in pcap format files. > > Report the packets to Dshield.org Reroute/rewrite all my outgoing port 25 mail to some magic smart host over an userland ssh connection. Dw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 15: 3:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id 9E83937B420 for ; Tue, 12 Mar 2002 15:02:33 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2CMtCb18515; Tue, 12 Mar 2002 17:55:14 -0500 (EST) (envelope-from batsy@vapour.net) Date: Tue, 12 Mar 2002 17:55:04 -0500 (EST) From: batz To: Christopher Schulte Cc: lewwid , freebsd-security@FreeBSD.ORG, Max Mouse Subject: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: <5.1.0.14.0.20020312161930.057a9240@pop3s.schulte.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, Christopher Schulte wrote: :The ports live on their own cvs island, there is no RELENG_ANYTHING :associated with them. The combined tree is maintained separately from the :source code of the actual Operating System and bundled applications. I had thought this, but it seemed your answers only came in the form of corrections, so I thought I would try to get an answer by postulating the opposite. :Just cvsup your ports tree daily, you'll pick up the new ports as the :maintainers fix/add them. You can then opt to reinstall ports already in :use on your system. If it's a new port install, you'll get the newest and :greatest automatically. /usr/ports/sysutils/portupgrade is great for :keeping track of this kind of thing. :I hope that sheds some light. : :Followups might be appropriate to -questions... I'm not sure a discussion about streamlining the application of security patches is as relevant to -questions. Back to my original post, about whether cvs would be a useful way to manage security specific information, so that people who just wanted to fix open vulnerabilities could do so in a way that did not involve sucking down most of the ports tree if they had not upgraded it in a while. Has anyone else done anything especially different for managing security specific patches? Thankyou for your time Christopher, -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 15:20:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id A494337B41E; Tue, 12 Mar 2002 15:20:18 -0800 (PST) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020312232018.YHOX2951.rwcrmhc53.attbi.com@InterJet.elischer.org>; Tue, 12 Mar 2002 23:20:18 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA71260; Tue, 12 Mar 2002 15:03:47 -0800 (PST) Date: Tue, 12 Mar 2002 15:03:45 -0800 (PST) From: Julian Elischer To: Poul-Henning Kamp Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: Userland Hacker Task: divert socket listener... In-Reply-To: <35126.1015973393@critter.freebsd.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org nice idea.. procmail for packets. On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > Here is something I miss a lot: > > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 15:34:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from duluth.camulus.org (c24.158.24.190.dul.mn.charter.com [24.158.24.190]) by hub.freebsd.org (Postfix) with ESMTP id 2C54437B400; Tue, 12 Mar 2002 15:34:26 -0800 (PST) Received: from nihilist.local.net (nihilist.local.net [192.168.100.1]) by duluth.camulus.org (8.11.6/8.11.6) with ESMTP id g2CNY5T50339; Tue, 12 Mar 2002 23:34:05 GMT (envelope-from alex@camulus.com) Date: Tue, 12 Mar 2002 23:34:05 +0000 (GMT) From: "Alex C. Jokela" X-X-Sender: alex@duluth.camulus.org To: Julian Elischer Cc: Poul-Henning Kamp , , Subject: Re: Userland Hacker Task: divert socket listener... In-Reply-To: Message-ID: <20020312232838.R50303-100000@duluth.camulus.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org what about a program - like snort - but instead of listening on an interface, it would listen on your divert(4) socket. a setup like this could actually help snort (or an other program) be more responsive. i know that i have run into troubles with snort's flex-resp mechanism not stopping packets. with the divert(4) socket, i think you would be able to stop packets dead in their tracks. -aj- ---- http://www.camulus.org/ On Tue, 12 Mar 2002, Julian Elischer wrote: > nice idea.. procmail for packets. > > > On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > > > > Here is something I miss a lot: > > > > I would like a small program which can listen to a specified divert(4) > > socket and act on the incoming packets. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 15:50: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-239.dsl.lsan03.pacbell.net [64.165.226.239]) by hub.freebsd.org (Postfix) with ESMTP id 0FA7637B416; Tue, 12 Mar 2002 15:49:52 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 573A266C76; Tue, 12 Mar 2002 15:49:51 -0800 (PST) Date: Tue, 12 Mar 2002 15:49:51 -0800 From: Kris Kennaway To: Poul-Henning Kamp Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <20020312154951.A72677@xor.obsecurity.org> References: <35126.1015973393@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <35126.1015973393@critter.freebsd.dk>; from phk@freebsd.org on Tue, Mar 12, 2002 at 11:49:53PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2002 at 11:49:53PM +0100, Poul-Henning Kamp wrote: >=20 > Here is something I miss a lot: >=20 > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. There are a number of ports which may do something similar to what you require. I've never used them, though. One of them is portsentry, but I think there are others already in the collection. Kris --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8jpQeWry0BWjoQKURAluIAKDOzcy5Vt2qTcFLp+25BBjALQOrWQCgj0cU rp85CqikuxfoPhcQQ1rBPLw= =pW0B -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 17:13:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id C38A537B416; Tue, 12 Mar 2002 17:13:00 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020313011254.NJKN1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Wed, 13 Mar 2002 01:12:54 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2D1Csr34325; Tue, 12 Mar 2002 17:12:54 -0800 (PST) (envelope-from cjc) Date: Tue, 12 Mar 2002 17:12:54 -0800 From: "Crist J. Clark" To: Poul-Henning Kamp Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <20020312171254.H29705@blossom.cjclark.org> References: <35126.1015973393@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <35126.1015973393@critter.freebsd.dk>; from phk@FreeBSD.ORG on Tue, Mar 12, 2002 at 11:49:53PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 12, 2002 at 11:49:53PM +0100, Poul-Henning Kamp wrote: > > Here is something I miss a lot: > > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. > > Specifically I want to direct all unwanted trafic from my ipfw rules > into the divert socket and have the program examine these packets > and when configured thresholds were exceeded take actions like: > > Add a blackhole route for a period of time to the source > IP to prevent any packets getting back to the attacker. > > Add a blocking ipfw rule for incoming trafic from the > attackers IP# for some period of time. > > Add a divert ipfw rule for incoming trafic from the > attackers IP# to capture all the tricks he is trying to > do. > > Log the received packets in detail in pcap format files. > > Report the packets to Dshield.org > > etc. > > Any takers ? I wrote a framework for something like that a few months ago during a fit of boredom. Meet dpcd, the Divert Packet Capture Daemon. I don't even remember if I left the code in a working state. I'm sure I had writing pcap(3) files working at one point. Tarball of what I got attatched. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org --IJpNTDwzlM2Ie8A6 Content-Type: application/x-tar-gz Content-Disposition: attachment; filename="dpcd.tgz" Content-Transfer-Encoding: base64 H4sIAGGmjjwAA+xbe3fa1pbvv+hTnHF7W3AJBj/iXKdpB4PsaK4NDOCmWW2Xr5AEqBYS1cOO p5PvPr+9zzl6gOO2N0m77pqymiKOztnvt2R37bh7n3zcjzhsHx8diU+E6Bwfdcrf+tMW4vjw sHNweNw5xLU4PmrvfyKOPjJd/MmS1I6F+MT5yXl036/d/zf9uKT/S/vGm/uB95FwdNrtp4eH 79b/QecYKj94erB/eHC0j+tOZ3//+BPR/kj0VD7/z/X/qfjMck+EtoDmrei09sV+u93Z67T3 2n8XnWcnB09POvsCAhDmmzV/f2YYl11rMMU/c1x7QWv/OY89b5a4rSheGKPx8LyGdbIuYzLu TfSPliNWkZsFXoIrN1utCSku13G0iO1VyzF6Zxfd80lNmcaXL8STV3YQAN3gWQ7kmWG0/NAJ MtcTXxFOOt5a3Xxt/Nni/Lf7sP+PzW7/0vxoOOD/h4/4//7R0wP2f0SJ/acUCzrtw+P9v/z/ j/jA/8/guKeTPny61vdvvTgVI9u58VLRs9dpFnuib3urKDQMo9MSr152p8KaiP6o1/8GJ8h+ 6s8awk/EyrPDVKSRmHnCFom/WgcefkaBmEexcCM/XAiAn0WJZ9SCaLHAQlM4EklTYE+ULr1Y 2PHMT2M7vqeo4HhJQgejuVgzVYlRm8fRSrhMav2wIZKI11ugxkqJkDDCV5h6oeu5RI8bCe8N fiY4IuzQDu4T7AJExJBoRdBdO7VbRm0K9NiBf4vYs1MmPhGBf+OJSRjFaVPsZUm8t8Zlspd4 Thb76f1ewrdAVs5lkmbzuTwHOIGw+pOWkLRVhcTSyRLPNWpYQgSciWTtOf7cd0R6v/aSEt/C A0sxgb+PsljM/di7Q2Qk4QJ3FkvZKe6ALkxSz3YJwErJ8M5PlwLbxI0Xh17QlOG5xqJK/QhH g3uRIhMk2IUDCUkxIvriwA5dXLCstOCNmpa8gODE2otBysoOHU+Q7n3HJqDMAsAlIllGWeAS 44QjZMSRsB0nyiASnxiVdAZ2vIB0VrTOx0k9gBFH2YIZgNmxSULl+y0xvhoMrME5m2TJIu/s RNxBQWCO5B1noYhCoYyd1UE7XO/WC6I1DAUWXlN3xVGr3RSzrKoxBcEO78mME/BGtOkjRo3F +6BZknicCMlKYkz8RSgtE7Jw42hN6FkYpBwNMIGWHbCa4ndLnGZ+4JJwUg1rHgVBdJfwwp0H Q3AjJ1uRkbiUY70AIHEadyUEi9RA9g2ebLidNB3hw6rvfPxYBzZpLpWU2IKs3KhhB3xkRcss BIK3sv1QAjWMAwoJ5tgU06E4N6daCYNI3DGynxBfxb2XYuthS3Svpi+HY5YIqMhFMrMTVoAI 7ZR01xRkbguIMpTs+RCl+8SBt5Cph460VjgfW4cWeZNoJHiIPggg/mKZgsM7O3YpkvzkOURF 7cyDaKhYIXYSBAnxc+axpTZFki0WXqJ+zP03Hr5gy3F065Fkk6YSSJjGPsyDzTuNmoDai30w +l8t0YP13oivNiqir5lnO7yBPfzZIb/y4fwvi6qPhuPx/N/ZP9rvbOb/pwftv/L/H/Fp/bBj 4J/oRev7mDym7jS4/BdVi25u1fj65NhzsVH7g5CJAoEkVBGMV2Z+SAmdEkTSlIkIjkTfUZYy GIQsSnucM5qcg5FQVhS+2XtvfU7mS8rKSx38KB7CGV2fPZHB0MGVl57wD9QrVeo4myiyOPqs KDzFXsoRDXDtGVwdt5QwGAo+qCh8BzUK57GA5AI4BWZmsUoWsDqB7a+8uMVA9rdJAcqSWDQp 4NXNQN5HokZIRjUonTNsrbu9vAxb2VRu2CiAcvHnBUSZkVZuCdOXKAwnw7Ppqy4SAq7RBn5r 9c2+OH2Nm6boDQfTsXV6NR2OJ+Kf/+xOsOmLL0R30Me/1wzD/G40NicTMRwL63J0YeEwoI27 g6llTprCGvQurvrI9k0BMGIwnIoL69KaYtt02CQkDGX7qBieiUtz3HuJn91T68Kavma8Z9Z0 QPjOgLArRt3x1OpdXXTHDGZ0NR4NJ6YgdvrWpHfRtS5N1A4gA6iF+a05mIrJy+7FxTZ7p5KS C6t7emFK8IPXgDI2e1Pio7jqQUQg6qIpJiOzZ9GF+Z0JDrrj100GgsOAPTH/+wobsUH0u5fd czBV/xV5QAG9q7F5iWMS0JmYXJ1Optb0amqK8+Gwz5KemONvrZ45eS4uhhMW1dXEbALLtNuk +wADOeH2UMrl9GpisdSswdQcj69GU2s4aIiXw1cQCWjt4nifxTscMNuQznD8mgCTPFj6kjPU Drg3JoGy9Lokkgmk2JuWthINEOq0xK8YmOcX1rk56JlaREOC9MqamA0ozJrQJkuif9UFbogH +ElPoE5elsxVkkMaFdaZ6Pa/tYgFdQBGMLGU0bAIey+VCgrj5zGKTKQ8ROlsDlH+ftJp50OU z4xW3xVDJ41mcLVnTd6MtZQLKPHMaA0TXQkarclSDLqXYHSwkjV7a+CKR3s1OjJ5PRiOJtaE jhmt0xvx5C6KXYTJ4VqcBeDR1Zcj0Y3F2ndpGKPX1rxGNSAtdLnqmfsLucW8YQx9c9IbW6x9 gys6NcbRESMp+sA5lj3gv+GiUzZ9FJl0c0M9ndH6LlbVnDg0VP1MVWzr7I1oGbKKBo/cUHg5 MrRYblIBJOyHQDW5wfBkxSy3q84iQu1ZBqubTjWqahoqoobC8zk2+iFVkxVIM3wVRTyKCkey qjozo9zLxlz1l4/DjkZr4zKSsZzWqSuLqRYlIRVnZXumanWNTY/UyiJirZfbF6WTQiWMYU6A Zl5656Eje1D+OpsoJNQGhUQJEonuDFviUt40VvY96yNXB51WnaFAmxWrntD11qi8WRgy8YLV LEBzX/dai5ZsgtGh+P+DrJOPCmheWLYZblN4asl1fOmWgVtoOoBd5jLZLmqLaQovdVqNnGpB VCPRRYpCTxFlsHVos1Bq9uYkX43PV4ovq13qcrpRpaxWJIrAJ0NbqzxNw4Zb2w/sWeChYjkN xJPUXsBPfReJ1g9dZGajhU6V3NU4vYfY5jbE1GTlShuiPi4X9hwazWkDQStN2JZRU8/uJ4Yk RThoTRbKM2b20r71YaM0OZH4hOzTvXXaEoMo9WQdtirpHHYKOlCtxDHZGFcm6rCcDgR2AlaY jyjmi76hRh2y9ZN9bUlKgECTEbYgDZgCyq0dZJ6R1yS+PkrRKZP2xUbR0pLrf1jJ8WDAYA6J c7TwUnqPkcLCVnrXp3jsQ6GnEBrZVZoq53o3qPeQZi4U1yiT5IVkgokez0Fas2zB3pml6ywt mXfoUjsNiqOYSTGUa7mRJwdvc4rxeWQi51jEURYWmCvJZpgrlstKZW64y8zC9R1VmSZyxmHn FiBKFmC8S1Y90oyemuRQQ6QiJZB5FiAcho5nrMitYdc04/HYShxcQ0863sHibT2TQCWd81Mk yncww9PBVv9nIXttjq9Ng6NknvUQSG9R0yfiSCDblJilYdMmu9umYRSmYccLrui1mYX4FfsO JR2bFJ2i3wCITaxgxww4cHUhbVe2EnZQgMvdMXmHZWpDhqyMEv+AaYs9BFw5ZaBzhAzyjb2f Mz9mn34AWlpEY7COq+C+xUUH6sQz6/xq3KWyA/X7hanS3haIJdF6R0MeHhipOeXcj5Fl1RrP ctD86UiYcM5OVRqVZMIH4EHKh/1ERXWIYnZPybQKSLWkJdX4IY9FJVkKeBGDPSHv6jQj7+RQ ZZ4EdaEqCmA+vptBMWojOXgxWC2NAHWvZmhcw5Cmu1sCoECN7jBLSLk0sivS1wMi5dkhqg8y Qu9NqtzMXK3Te44zCdkZXxg0V0nzsbNN2lhSqIxtB7EWSH4W8IlPDcqC/iKEuFFH9OzEy0f4 K3Idql5IbDfePZevwGY7S8ZhLJUxFiK09b4NLbEPtYwLOJ2qwEB9bIu7pZ96yZqKICViHS1z kiqJ3CjnbkQ1D6KMIrf5WPJGeOjScRlxEy+txgeZWHVRiHAR+M69HM1ylVmueCicGtUikyfZ siq0xSyKAtR7kl0ZdO6hCsoRuAwjWSFqzDrZqECnE1Eo1JClkkBye6qmHWHMA3sh6zwFR6dD JdA5zG52/44qRAsIzcyIQihllEoVSiZAsQCKcpbsjzysnvmhqzxSYbVlWC+yoB50VOKcISNV TNtVYNQRrgqOhOG77xCGURHGWhlFzszId88ouU08eZQJU/7N+Hk0XjBDTym8PEVV25DHqTIq KpJSZppGmzTJUleaoDZxFYCVjcs04ydbJKtIw48rDGRDRRLPq2aSbqpHJFjZbuRxzqburRxE u/SggspqlcZYHrL6SnPaVOriFKmYUkTIJxaIMndhNTwV+YtbX9MU3YvJsGJLyKz001/P76jB xjb5OGLCThHFPioFBFbun8oPj2b3TQkYmXFjzN/9eWss+mcPdH/np5j/f7zx9uPz//3jI9wU xwfH+532/tPDpzT/P+789fz/D/ns7Rpi91+Y/gs+9wFm/4DyAUb/gJJP/nH9/oN/AHnvuT9g fJCx//vTopOhhPRBhv7SAN535A8Q7z/xB5APMPAHlPec9wPCe4/7AeODTPsJzvsP+wHlw8z6 AeiDjPqleN5z0k9G9/sH/dLgizG/w2P+QzXm7+y1j0W7fXLUOTkqj/nF7p5hfJq/rJjcJ3v8 Yk9r+fXGspy3VtdDj6qmdM8P37V+jaPp6h1317ReuuEQ6upelPxbC+gTKkuBj2CcbOFwZ9Wl tZ0uN/lCF2UHG2upi5J7a82PtpYCf7a5Rs8MtkTnvdkiD6tBtLEzCxHA3KpIdujFsBjS3Smt sXqxYnjoEWhEdi3fxfrFqMH1h6+uh6Np06hdDvtXF6b6MbL6NIrQv2DBdGm8fW5QI4zITa+k ZE6qJm7XNBXg8vhadZTf/yheEIZfxA53izvN2ulweNGkhR3xVrxt8j1Zx+MmeQ4CwcZt1XoU 98UvQpFWbFLNFjYRnQUIpvY28ql3QlKxafx+raa8dUW+/CnJ391VvygbNQpO0aDWaJS6vknr uBbI+tT3i931LJs3BS8BNE6oA4SzliX2wqvT5cYNGBE6SleC8hcbd9d2nIBKSLLOXO4684XE sUu9RPMhue/iB73LU6PXjGkr9ExLjS1tkVParhvjXI2+c9zZdbKEDAEC7QU1qThKfOM3zU6h y/ZztbCI5C/jUzTe3KfRa4VpXJ81RL0+Ey9wtyG+ETvRfL4jTvAd7jQYGhsI8w2PcbQUcX37 /Y8NA8ZCCzVQ/lxdEvPX3FK9UHMykom+S+L/3hpdX3a/G3V7/zCnP+bn1DwWxwZXFxfP+d28 mq++bbJH3HrSwUJCqrtOazF9S8Z4EzduL0RH/QRAdeUmeunO9lMNhhaU1PGLqGTi82ucv55r 0BGYsh2fX/h6gbR1ft3vmpfDwXOxtyv6eprBLl8/aIh8L2Jv7SG7lT+gkRrOU5euxuBqMCKH gGEUPpEBB004Qap4ax4IfmyhcW75ShKVPToKVLYwzhEZbWWkIFHcLUkJ9TogYPfCS3FRl7on rTcRG/ru6GR9stNoiP8gUTZgxQlKNGcp6FSDQkjNoSnaF90vTsjEtfZI6rDONThK5/UdxTLf PRF/S34Id5q5ZfJqo8EnZmjDb57nUPtVqO0PA9WVULXvPEwr392CyqsPQx1JqIVxAxDk+NDW tSJAOjO2AjSkj+u6PATZy0HCjkTlz0U9300eTIs1ZM83dfO766sJagYcmdGjUNpya1PYfpDK bxi1sj2mQoZC3vzWqJH+xRMm3g/Jq8gU6C8j9ILBxPC2r0VHmsCdHYdv6jtpRFkmvM+nXImk ocDwVngBtWwaAnhhoypFEg44bQoWZLxGjRs/233oOUBpeC7UzIf27xllZXrhA6PlXK8aMRFH VNWxACLmdK6ub0K0MfnACxmwiGCIvs7FS3OH96r2CGjkkOmHHSDYQXDAD7eKp0Qdz5y2qQNl RI+KWGQeiH7RvF7294bY08vbOYdOl1IVJ6nPZYIqw2iWU5FUq3Q09nVhFI73aDR6XuJIT3nz efPjvmk8aNmsiMI5HgtzjcIdNk4VLsUl1k7JpRoP+BB1JOg4sCuMoL3S0zOo0Q93eDOPkHbk AyY95mVVbfFPiMH2MmO+wzRaJpq2gu88VBR2VUSPKtdFwScZTx5Eqp85ppEyQMauYEq027XW 5/KC2CCPquvswsz64isyEr1ZfP45pYA0dlbrulx78jWNb6uG9X1RrSpyGznAL79sqvz45Zfa 63wSQQmN8rANxWThTUijWLmJjGqHyioG++vYc2nN6QFxCQjL6FfPcyblaGTlIpSDClgKh6CW ij0UDqg20GYncwZKLiolRmAFPeUJ/6DGu/G/vGz1m6JceTRK9UK2VhOR6sv+jEwaPccIXqyP zq7RQVOzO+z943rcfdUU1ghd9nR43bfQQ0+l9ctcXkQxwZEyLP7kQiNREYwkSCVpK4Gc5vbK D6g46kpk5Xvygr+wwRp0+/3xNZrl8h7loXkty1zQQxZwAnltVMO7DfE5fTdVvKMHxvE7mCAg xVv62zy8U4v6scOSX5WI+WmFl6T0DsNGRsk9qHiw9NutqFbfzd2GAF3T3xc0GpUI3dZ09iP9 JKycWSrEOEGUbD0Els9JVRIh0c5pm0dIuI7jyEcpG77AdzaT10Pykq/6QVxaIBy4uRoySsVT 6X0tenVJvo2hSKHUr6K7fI+j3iZuC01WVOnwY2Z6NOtq1DlFr/gZlg53rQdSvr6Xq6YIgtJn uOTPM726C7R3G4leFfrkpK+64wF3uSXatpBVUXG1QxXSXFHHaAHhb66mSpbeuKjLslIpizfy Qs7YXRyVuFZCfSsl0rOpKH95NaKh31T+ScvUHF9ykURv9tlxKh/fr6IIFpUss9RFME02hKdT CWKOHKcI6oYDL04UvoQeXKVQUoZmYWKdM8rOQ3eYjgfvEGHFLSDJAanuu3qHAT14RwIqbhnk gEEUrU/y7ob6YW55f1GmpxpDWeL8khcOusOMPeeWXpShUMQ5X/1xME8TygsqGG2ttyu/yIy2 FvIQLPEzAWz25J0m2B3rOw+bX/42j4pzO2UEqE+2Qzd96J0RP8w8+fMt/V+V4xJXqSp1PMDV r1UqxeNTCl7wcx275JyF5YcYJks7uV/34NyUS5RkrkWlqdjMMafxPb8/pf5UagO/BqenPZQs SshlByNUlKkOAAitblwXEaPldkja3Ql19mPlJOQOZbFbg7MhubydLZapcgpg9GQe4DQg49K/ 1nT89q5DyqpEGVVFRknvv96I5DWTPlPgQtLl9+ykIaoOl2adauG5Vt5vbF7KI5rf3YsYNMdK 5ciS3Pl5oS54B6trogIY60vfpHhw8lvUR+FP9ikAIenFfxRHsySFX+kXozQSW7/TxdZR8gOS kHYEDaYkoRU9W3ssF7H6sxDyuNFJqJwQN7RNfISUduQJpdwNiLrhL/X4W2A4HFN0Z53LGM9/ S8zykQJh5T/pyCQDvvg3FSdvy7NX8VtmrzQ9/L/2rnSpjSQJ/249RVmEsSRzSOjwLAp7g8Hn jg0E4B1PsATRIAlYC0krCbB3hnffPCrr6EMHw+GJ7Y6JMequI+vKyszK+hJ/XOMvXCvXmtti 5nG/YBYyM5GyEevVjNKg3tW52CesMFuWz7wVevXN1vbPn9/uUdcO2+PLYU8RaxKekchteemQ WxCLHdYFP7aeElbRTc7bXqEXPLamyUAuBSm1oddRXmGBjcbSq/B6SXlvQCToG+OsKrVxqXT7 eK1Zi9bSfaCtYt2l0fAKB6DrasndApe82B7AtlyW3oTSsC8t8yFWBQWwyIJFHn9H5U9nZ2Ki DIsFTdHdtNYM/bbKspKTk1iOEFb2ubm8LmDjikDD8qvRkW7iDZPLSV6pz3vvd/fR7GxtUyi1 gwh+zuaxJfUUpLdXqlGvV+tAA2VknuVUfmPGpqBHpaj79EafW2iuRpwgehww8TSA+B1Ncfc4 AEcxJQMJPWgIV912rymDDWOdE1QbseUOcBuBwekaTtvusfVWhkRFHpKJDiCZWlaVQxy8Z//q PSvG0snjpoWk5WfNWFIrVMT5V9zLE/lZr32NPZZ3tzM1Rr+MXghK2BJ7aj1FdRr/StmdonSw YVt3eJxMHj8srwDzfhHSmU3IVBPNg6+fP2/6L02qG4c3ulPkdudFMkAzzxEzLfzZQgrCbvJu bXz54scC06eSFqgTJg/KX/F5YhltktXNzILkgTdTo2RmgBnfkRUyUoZTMvEu/6GjrtvPrsjp 7+Ss7V450iv3P5fnWhTEJj7RFi8oS8xdcjZadDYTKr7AVcEkQWEAuEiihVEEDI2/QQOSL0Z5 CzVGj2ryXClRM2mKcEOF+UDLZdulozU+ebsemD9xq2AT09fzAcwU9lUmF2VFPsrebDgf0btC aUANHkDzOPcH8lym0yU0+LMPVjcE4YQcs1eslao0oPmx8Kyo/vhDyU+YGFSi7UEo9C2Z6Fge Rx2rT5ghIK5of2tNGs5QbBDRWHji0KgWF9WTaBWaaNra7BeeEW/YbmRXQTCwx5N61mImM5OZ TjQ3iQ84ej3hxRbOn2JKJYM+EIcTCoRWnFQFHMOizKvrgW8q5a9RUykzg0lGUk2VWUC+uVTP EF2dbQu75Toe8Hb8IrJAdF4Unj+HqWFEWr+D3c7UBosd9jjWNcZu6KEPBKxR1f42QCQNPlzV Cpx0GKaxqhz6L6wLSxIZBGfaE6evYRXlv6PNHj/ozoh+x4Vo8ul3FVTEaEeTytGid2wOD80h 243LMZxCe32nULeyToc+uLToT+XUOsvxOuMTQSt+3IGuu74czkEamQ55u736s1E4iShgu282 4p0sprs4lyM8InOpB6cVU7VkN/q8mqFurwdaIra2iM+3B2bSOfJqMkms7Qw1ryPqoIbj9jC+ TCLrZOCpVtQXqInO3hWocZ0S3tTd9gayGNS9iiLJazG+bJcid4tZi9O6RVN6my7Bw7k5+oSk bTMdk3vBbTdtI9HGW1VpkHzEF6/aOSfHmysJMoZbq9dCdnSao43s1HEnw441QnHdk8F3rxdQ exZ12P8A3fBK2Fzyd6uhgXDRO0GZS/xT/M5JmwV+eSn2B+kZ4xVptini87414om2a0dE6ahj Fgo35OwEP6zcJJq2qyR3LoDXrayssDxkji2It16F5E+mQpKG8CdJHYUQehTysUVelzkat4BA nGTsGsJmkqvoZ6ouHCQ2wnE7Q2J8B448fWWHT3WwvPG6dQj/7Ihx5zCfk9lysDygCQzfLVDC IcuPj+3jP+lx7n8A2fdTxxT810p1rarvf9RqtcYa4r9WG7Xs/sdDPAuuRzPMAHJqrk7ELmEA 2IXcwmQIEkywtb3/Zt1cnEV/9VAhCEjyAalqXbblqnknPBlDARfArs4RrEK8HfCWh7njt6Le 96/bV7gzAhPB+/ycDDJ6atwIZC66ZIkl4xEuYvAN8TIzuimRSbi15FzPoxuGWApZqFbUJqtS yIgvx/qeK2ZltowCVa8lF4CNnw0xa4T/w474hF+02QNe5BbIxzcIyrkF7Y1LuIW5Be3AG6xe hcNV4P+8NoHf6HJYSXVLUq8vLwYCo9mKg2PkFjhTEGBCupi4gP/fBz4fDMNr59cASskt7PXC wcd2Lwh+KvO3Ldj3mKBu/1QTRCnxIxTeDsqNchlJ2WvTNdAkUjT2Rk6I2dG/9b+g8iG05vF5 b/Ws/Q2RPtTyJrUO7+h0LQwInaZEarBN/Nj/y93Ae9zH8v+ze6tjCv+vNl6UDf73izLj/73I 8L8f5Mnu/2X3/7L7f9n9v+z+37z3/86SYyUkiMp0B9C5qYJS2QhfyoUge1VH5X2onLxJI7e4 4Dna2dh/f/RPmOqft/RtNRAQ8/aC0UcYsZ8/vyXlqrxWM++3d/ahwz9tfFGqUbPX2/DsgrR+ 0H/pzlkuQKsi/IN+XnybDf5hQ4u+0hY790Cjr9Hwg6CExhI01EfqCPB/8P6yh7wH9X1KPzow tB2SYaU3Do7lj3PyuetfHoOEh/cfblC2btrbahMtDM07PL1p/slTZl2cdau5nXMBuuPc1f5P 8p9cgryrQiPPNPmvUqtr+a/+olpuUPyXRib/PciTyX+Z/JfJf5n8l8l/c8h/sl/OAPTsS4A2 9hW8SLiZ/Lu4gmjpiW64F0r2XkqKzxL+yf7PRZvLOITT6YYqeQ6gOrvxDdd5rPOs3MRHKYvb K7KLXAlryvv0K9Z0ktPMLHI/7kPyn5mW91PHFPmvXq2Xjfy3VqP4f7VqJZP/HuLJ5L9M/rtP +W/3DWzc+3skIKTLglgUbt8/iCwogiCRNZssKO1k4c0VC7VMiGXdWiyMyYRY2i3EwiSZUMtU c4iFKTIhFjSfWDhJJhRpehaxcKpMSG2cIhbOJhNiSWliodlG55MLU9DB5gTpmgihlQh4lYvI c+qlqjZJTHUCswKBBhHqSN5PlEJ7WgylbCiDmlyOGKpRhJJEUUpFcqiXscikmUCxPmX69XyE SaZ56XLzFW2PjdujMdO1umopw7czkaUzIWGUhy1+06jSuYguyiZE3RrHS1yyCu5bdGmM5ywV L5COk4I7i0oREBQnfTEdscXc6KICEfXdOP+PxuaWucwIrUEFHo3Fg/LhCipOGCc4L84O+WZS MqNRQVJvaiemFk0KErsTuhkkJTYqFKT2prFugzeDo/krTgu0Z0RCAyoJDdDFJiaO0C9J4+RX Esg3BZsRsBM9WF2NlLDmNGAf0iH1SYli9GOhKWkj5FPKIDlpjHou9sf2wXvMh/Q/MyXvp44p +l9jrbxm/P9e1Mqk/1Uamf73EE+m/2X6X2b/z+z/mf3/dvjPjpb3kyrX1+m/22l5s6AzpwAq xzS/RFDk+QGQ9UUJRD4aByeE6epg/HZaIHJNBDhGwSIB4FgkWxel2EUx3iO0nJ1wfJaQhE8k 0K1ESidkZpi27zBIpiAww0/CW4ugMLPDSDtsnZydd11MYXGSCT5tfNnYfbcXkOfMrVRMg8yL /hqn4fB0dKALVc9VxQHdbfo4uzF0Sbf7pqFLGmhOxKczQLY6XKFcJOO4eIQWZnHE0rA8bVqL ljHQwLUx1328RKWHVWtuGk3Dc5ahXtM95jbOh73UDdns9+h6gcDkclx6xD7leE8x4o4vYUhN WFBMqWmgm790Ndmdj+6M0XhwMI7u/eCSuaaHF4TxtrAeR+c+MF9aMgN9fqhvQCdc06YLcFhS yb/+R7egEy/pmgulpcIAq7KXnU2jCZz1aevQQNmcc9dqaorJpDj13uTmKsz+pMlsbhFbaNhL E2hTRsjCg22+//h6ya4/DwXyBBpLaGqDtoOUhz8LnZaFyUOrwZsvR7BPM3wF5mKozQFPQypZ Qn6yYUGX5wBODr8itoFEWTK1FU4Y/w0TFKK4jG6tBm4OUzrkcn4Db2ZqbH9rnzxDMnWt2D2C y4TfrgqmY8uHttP5u183JXehxNwR5MYDETCEDGiHFDkwBq7haxYTEzIzQtmBQTioHGL0S40K 5BQaN4tBtptpTJfTPLYG9P/98P0PY9S5lzqmnf/Wqw06/11bazRq1Qrq/421TP9/kCfT/zP9 P9P/M/0/0/8fXf+/9SkvxyiZKyrSnAaABNUe5YUE1V7uC6cp7rpAVqJbHas+zHFiapTsWXDX 6FIGga45Vy+siu02Y7qKjRK+rt8X7/mlnFniwZcI94Ru0XFRcJTSgNKtjqBR/nBYgan5bwMT l1YW69gpsH6MJOcOz5xwgWkFWzQ4/70DGagRybzJgUe7jKjiauiJADOYjawiFEVXNtK8H2iE kIHpnrsHRJtcpWinLYuPnpgwAS09TmEEKp1AP9OqdbXGmb0ScGk6EOkIX/cUA/lCAXjCbxpN DRacaELFZ0XTwZ2tLClYJbgAKhHodxcnCbPZMNlYh8V+z01AgvXUV+s9YUBpOj7Amofx3/ba 4eLEy7L+S+i2Rv9jf597qWNy/N9KvVE28X+r5Wod9b/6i3Km/z3Ek+l/mf6X6X+Z/pfpf/Po f2a/BB1wzWAAmBjA1fXa3+4sBjC+v4wqfXccGHgW1bNz0htHTp4RBep+9NM/c2iNyLkYiaV7 fowEro7Cq7b1ZhYshP3NndefP2Ew1HcfNlX5W1g5XjuptmqTdF4c94jOK0qDp/rC7+SDbUHa Sj35FkQtSIDYC5HovhqZK/rRnogLgXQijiq0cyKOP/d/23F/ftp+LT/3tjZ2ILk5LrfFCTLE zubGzhEWgPAQG7/Sn65KT8FuSUHByAn6JYNBiC50YEhinAedyK8raDFExO38zk3ghX63lVYt J8DQTd/GNIz5FUidTzMRuKM+8yn8bn+Mh5l0Ng66xFhD4IVCKHllh7yV0iGpUtq60BPzQlRx TTE2iKMzayFQjKO7LFfwuNmoJfoMFdPEVanxkBA2lAQwM5FMpBud0gXz1Olkm84AnzpfGfYU s5MmlvT99xhdNuCHRkJFcQXFInFlwJzSaA5P02tfay9ug/tMtIZjn1Ye/DRKcxPJnIHIcCDg 2eO+H0GB4ytoulOoNgONEWUI8q7bMu01lgKXLDE0UdAa20o3iRffKjmEGgey8cPYRGuZTDAH wXGHx5Abo1WH2JmfwGiknan03eT07/V5nWQCj+O7LNOJ6dwoo8OIl9LhpvHgz3frdCPLf0av G5fMRK+bbbQJIWHoqJBIDlmN5Kvj+iBMwc6/WO9F3W38heYxi9i73JRllwwpSoTkc84K1Cjs JiBrfnY64XEnm+kR6YzUCW+Nd2S7sz20ffTr7vbWx9/UH/Dn5u6bjX2nrmmTzw1ahywwxtKx MsvKabqwOc4EQY7wdi9+C7y4sfPidZuNu47di6CiY9Ojg1ELKA1+Nt0Ra4zIIhEbp4PGPy3L Uh7lu3zR8bfRmzK+pyhqR2ewztrD4Kw1bNrP44sgKHXxnCAYg3p8NMb9Y8wR40jceamMtKMD lOColNSXL19AaTw+J907VGfhydcVtQ+KMyw/VNWBlSDCbfid7Jx9m4n2/+PvSoJxkj4djkP4 A7bd0zOimGLXw2TmwGaUeZVjYfyKy1EHRUGK/4sgtv1OZ6RjzgZkK4cPBbJWYsO6+AqvUnXp /eLYhFqZIBwH2FErF+EpSGUvfRG5qT9etYcjFHguwn/3h9JRoAnugVoIKf+xvRtLed5LSPlh C1PqpNg91CYgebz8anxxdHoxhvZJUSMQfPHc4qUqTOOzr3Aq/B13gmkpn6uaWlcfsH1fdjY2 f6GouVwdwnefjiSuA77CLUdPjdcf94/E541jnJHVutVZUvoqYXHxzIZDK8DffIbj/Y5uc1Hb vI5sBmOkeA7HIpv5+x4tXWvnL8reZ8O7z7WyhuF13iL2y6oQub/pxFGNtUGA5H0+EbXGz8IP khp1451JzHW3lI4MdcSSlh+qxCz3dUVYczFmMvg6hnFTA81IsNQQ+fmOxFu+My5xfdaHLjuG pft1IsfgbBP4Bo75KQaPvYBZ1wq/FxYLA1pso+KSPtV4Yhhn2tGKW8AssfXsmJG7okxD0zcf P2z9QiNNsWDOezzDGRHxLEQFqbaMJ0Uq3xmilMy5eAUIxLZ0x8bboxJtaviDoPFO+l3bfmos cw0KQgjr3RzIzsBEqFM4JmKhQH+8UlPyacYzlfOsm1MvJvJEuJtLp91QsSPo07o5R+OglbqB RqROYEQDlxMNoqyIX0wY/sjJmh6HJKVGR1pOmhI+aYsh/K9GVNRmqVpHNI+d6k2ahH6N1mPV BKKcvcnzVBuNC00lRAbNiYurT/3L8ZgmwmfX/UKdWJewcoBFa0/4tCoeqRtuEe5U+2HTqYUj Ora8HYNYtrstiEnX3xcSsAO8E2kxcETPb6eZTWa2meilYKX8KWfQj3n+55//3g8C6BT/37X6 GuE/1V/Ua40qngVXKvVGPTv/fYgnO//Nzn8z/KcM/ynDf/qz+E98zvvY/Dx7sid7smfW539d 9AsUAMgAAA== --IJpNTDwzlM2Ie8A6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 17:44:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from midway.uchicago.edu (midway.uchicago.edu [128.135.12.12]) by hub.freebsd.org (Postfix) with ESMTP id 341CF37B420 for ; Tue, 12 Mar 2002 17:44:16 -0800 (PST) Received: from there (adsl-65-42-135-112.dsl.chcgil.ameritech.net [65.42.135.112]) by midway.uchicago.edu (8.11.6/8.11.6) with SMTP id g2D1iDn21277; Tue, 12 Mar 2002 19:44:13 -0600 (CST) Message-Id: <200203130144.g2D1iDn21277@midway.uchicago.edu> Content-Type: text/plain; charset="iso-8859-1" From: David Syphers Reply-To: charon@seektruth.org To: batz Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) Date: Tue, 12 Mar 2002 19:44:13 -0600 X-Mailer: KMail [version 1.3.2] Cc: freebsd-security@FreeBSD.ORG References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 12 March 2002 04:55 pm, batz wrote: > Back to my original post, about whether cvs would be a useful way to > manage security specific information, so that people who just wanted to > fix open vulnerabilities could do so in a way that did not involve > sucking down most of the ports tree if they had not upgraded it in a while. But if you just cvsup'd the vulnerable ports and you hadn't cvsup'd the rest in a while, there's a good chance some of them wouldn't build due to dependency issues. -David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 18:45:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 588F537B404; Tue, 12 Mar 2002 18:45:38 -0800 (PST) Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g2D2jbY28875; Tue, 12 Mar 2002 21:45:37 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200203130245.g2D2jbY28875@whizzo.transsys.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Gunther Schadow Cc: freebsd-security@FreeBSD.ORG, PicoBSD List X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: Smartcard device support? References: <3C8E822E.7070509@aurora.regenstrief.org> In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST." <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Mar 2002 21:45:37 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? You should take a look at the Dallas Semiconductor Java iButton, which is a small Java smartcard like device in a package about the size of a button-battery. There's also an inexpensive reader dongle you can attach to a serial port to talk with it. The Java iButton can do RSA public key processing; in fact, with a suitably written application (in Java, of course), you can have the device generate a public/private keypair, hand you back the public key, and never expose the private key inside the tamper resistant device. Very cool. See http://www.ibutton.com/ for information. See also /usr/ports/comms/mlan3 for some low-level code used to talk to these types of "one-wire" devices. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 22:53:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 47AE037B402 for ; Tue, 12 Mar 2002 22:53:35 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g2D6rW38003808; Wed, 13 Mar 2002 19:53:32 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Wed, 13 Mar 2002 19:53:32 +1300 (NZDT) From: Andrew McNaughton X-X-Sender: andrew@a2 To: batz Cc: Christopher Schulte , lewwid , , Max Mouse Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: Message-ID: <20020313194713.A3633-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, batz wrote: > Back to my original post, about whether cvs would be a useful way to > manage security specific information, so that people who just wanted to > fix open vulnerabilities could do so in a way that did not involve > sucking down most of the ports tree if they had not upgraded it in a while. > > Has anyone else done anything especially different for managing security > specific patches? Rather than looking at separate distribution of ports, why not look at a protocol for providing a list of versions of ports which are insecure. This could be added into the daily security check. No remedy to problems found, just notification. Something similar to the version checking available through periodic at present except that it would only cover security issues. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 23: 4:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from m5.andara.com (m5-real.eastlink.ca [24.222.0.25]) by hub.freebsd.org (Postfix) with ESMTP id 5FB0237B416 for ; Tue, 12 Mar 2002 23:04:32 -0800 (PST) Received: from trippy (u132n13.hfx.eastlink.ca [24.222.132.13]) by m5.andara.com (8.12.1/8.12.1) with SMTP id g2D74Vj3006813 for ; Wed, 13 Mar 2002 03:04:33 -0400 (AST) Message-ID: <004701c1ca5d$65cd30c0$0200a8c0@trippy666.com> From: "Tyler Shaw" To: Subject: Intrusion Detection Date: Wed, 13 Mar 2002 03:05:02 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0044_01C1CA3B.DE925DE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0044_01C1CA3B.DE925DE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Anyone know of an intrusion detection system for FreeBSD?? Tyler ------=_NextPart_000_0044_01C1CA3B.DE925DE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Anyone know of an intrusion detection = system for=20 FreeBSD??
 
Tyler
------=_NextPart_000_0044_01C1CA3B.DE925DE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 23: 9:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.voljatel.si (mail.voljatel.si [217.72.64.15]) by hub.freebsd.org (Postfix) with ESMTP id 4249F37B405 for ; Tue, 12 Mar 2002 23:09:12 -0800 (PST) Received: from pxna.hide.voljatel.si (pehta.voljatel.si [217.72.64.8]) by mail.voljatel.si (Postfix) with SMTP id A5BC553501 for ; Wed, 13 Mar 2002 08:09:07 +0100 (CET) Date: Wed, 13 Mar 2002 08:11:24 +0100 From: Damir Horvat To: security@freebsd.org Subject: Re: Intrusion Detection Message-Id: <20020313081124.2862e94f.damir@voljatel.si> In-Reply-To: <004701c1ca5d$65cd30c0$0200a8c0@trippy666.com> References: <004701c1ca5d$65cd30c0$0200a8c0@trippy666.com> Reply-To: damir@voljatel.si Organization: Voljatel telekomunikacije d.d. X-Mailer: Sylpheed version 0.7.2 (GTK+ 1.2.10; i386-portbld-freebsd4.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 13 Mar 2002 03:05:02 -0400 "Tyler Shaw" wrote: > Anyone know of an intrusion detection system for FreeBSD?? > tail -f /var/log/messages for start. logcheck tripwire snort need more? damir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 12 23:24:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from TYO202.gate.nec.co.jp (TYO202.gate.nec.co.jp [210.143.35.52]) by hub.freebsd.org (Postfix) with ESMTP id 89E7737B404 for ; Tue, 12 Mar 2002 23:24:19 -0800 (PST) Received: from mailgate4.nec.co.jp ([10.7.69.197]) by TYO202.gate.nec.co.jp (8.11.6/3.7W01080315) with ESMTP id g2D7O3Q19472; Wed, 13 Mar 2002 16:24:05 +0900 (JST) Received: from mailsv4.nec.co.jp (mailgate51.nec.co.jp [10.7.69.190]) by mailgate4.nec.co.jp (8.11.6/3.7W-MAILGATE-NEC) with ESMTP id g2D7O0R00179; Wed, 13 Mar 2002 16:24:00 +0900 (JST) Received: from necspl.do.mms.mt.nec.co.jp (necspl.do.mms.mt.nec.co.jp [10.16.5.21]) by mailsv4.nec.co.jp (8.11.6/3.7W-MAILSV4-NEC) with ESMTP id g2D7NeB21471; Wed, 13 Mar 2002 16:23:49 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by necspl.do.mms.mt.nec.co.jp (8.12.2/8.12.2) with ESMTP id g2D7NeQB071910; Wed, 13 Mar 2002 16:23:40 +0900 (JST) Date: Wed, 13 Mar 2002 16:23:39 +0900 (JST) Message-Id: <20020313.162339.74701644.y-koga@jp.FreeBSD.org> To: tshaw@hfx.eastlink.ca Cc: security@FreeBSD.ORG Subject: Re: Intrusion Detection From: Koga Youichirou In-Reply-To: <004701c1ca5d$65cd30c0$0200a8c0@trippy666.com> References: <004701c1ca5d$65cd30c0$0200a8c0@trippy666.com> X-Mailer: Mew version 3.0.54 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Tyler Shaw" : > Anyone know of an intrusion detection system for FreeBSD?? There are some IDSs: o snort (GPL) o Enterasys Dragon (commercial product) -- Koga, Youichirou To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 0:25:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.2]) by hub.freebsd.org (Postfix) with ESMTP id CA22637B405 for ; Wed, 13 Mar 2002 00:25:56 -0800 (PST) Received: from akela.ti.cz (akela.ti.cz [213.210.153.2]) by smtp.nextra.cz (Postfix) with ESMTP id B100B5E93 for ; Wed, 13 Mar 2002 09:25:54 +0100 (CET) Received: (from akela@localhost) by akela.ti.cz (8.11.6/8.11.6) id g2D8PsR12124; Wed, 13 Mar 2002 09:25:54 +0100 (CET) (envelope-from hd@nextra.cz) X-Authentication-Warning: akela.ti.cz: akela set sender to hd@nextra.cz using -f To: security@FreeBSD.ORG Subject: Re: security-digest V5 #455 References: From: akela_at_terminal.cz@no.spam Reply-To: akela@terminal.cz (Honza =?iso-8859-2?q?Du=B9=E1k?=) Date: Wed, 13 Mar 2002 09:25:54 +0100 In-Reply-To: (owner-freebsd-security-digest@FreeBSD.ORG's message of "Tue, 12 Mar 2002 14:12:07 -0800 (PST)") Message-ID: <877kogoovh.fsf@akela.ti.cz> Lines: 15 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter> Ahojte Peter> Asi to tu uz vela krat bolo, ale akosi to nemozem najst v archive. Peter> Potreboval by som obrazok freebsd daemona (chunkieho ?) ale v nejakej Peter> rozumnej rozlisovacke. ak niekto mate url, pls poslite. Peter> dik Peter> pete Peter> (ide o to, ze tricko, na ktorom ho mam uz je nenositelne a obrazok, z Peter> ktoreho som tricko vyplodil je nekde strateny ;-) v novejsich verzich /usr/share/examples/BSD_daemon/beastie.eps -- Honza Dusak email: akela@terminal.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 0:33:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from guardian.hermes.si (guardian.hermes.si [193.77.5.150]) by hub.freebsd.org (Postfix) with ESMTP id 49E2537B402 for ; Wed, 13 Mar 2002 00:33:02 -0800 (PST) Received: from primus.hermes.si (primus.hermes.si [193.77.5.98]) by guardian.hermes.si (8.9.3/8.9.3) with ESMTP id JAA27128; Wed, 13 Mar 2002 09:32:59 +0100 (MET) Received: from localhost (localhost.localdomain [127.0.0.1]) by primus.hermes.si (Postfix) with ESMTP id 4101673C74; Wed, 13 Mar 2002 09:32:57 +0100 (CET) Received: from hal9000.hermes.si (hal9000.hermes.si [10.17.5.136]) by primus.hermes.si (Postfix) with ESMTP id 8130173C6C; Wed, 13 Mar 2002 09:32:56 +0100 (CET) Received: by hal9000.hermes.si with Internet Mail Service (5.5.2650.21) id ; Wed, 13 Mar 2002 09:32:57 +0100 Message-ID: From: Matjaz Martincic To: "'Tyler Shaw'" , security@FreeBSD.ORG Subject: RE: Intrusion Detection Date: Wed, 13 Mar 2002 09:32:55 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1CA69.AC2CF990" X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1CA69.AC2CF990 Content-Type: text/plain; charset="iso-8859-1" Take a look at mtree also. It is simmilar to Tripwire, and comes with FreeBSD. Rgds, Matjaz -----Original Message----- From: Tyler Shaw [mailto:tshaw@hfx.eastlink.ca] Sent: Wednesday, March 13, 2002 8:05 AM To: security@FreeBSD.ORG Subject: Intrusion Detection Anyone know of an intrusion detection system for FreeBSD?? Tyler ------_=_NextPart_001_01C1CA69.AC2CF990 Content-Type: text/html; charset="iso-8859-1"
Take a look at mtree also. It is simmilar to Tripwire, and comes with FreeBSD.
 
Rgds,
 
Matjaz
-----Original Message-----
From: Tyler Shaw [mailto:tshaw@hfx.eastlink.ca]
Sent: Wednesday, March 13, 2002 8:05 AM
To: security@FreeBSD.ORG
Subject: Intrusion Detection

Anyone know of an intrusion detection system for FreeBSD??
 
Tyler
------_=_NextPart_001_01C1CA69.AC2CF990-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 1:45:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 9C3D337B419 for ; Wed, 13 Mar 2002 01:45:37 -0800 (PST) Received: (qmail 968 invoked by uid 1031); 13 Mar 2002 09:33:44 -0000 Date: Wed, 13 Mar 2002 09:33:43 +0000 From: Bruce M Simpson To: Gunther Schadow Cc: freebsd-security@freebsd.org, PicoBSD List Subject: Re: Smartcard device support? Message-ID: <20020313093343.U10322@spc.org> Mail-Followup-To: Bruce M Simpson , Gunther Schadow , freebsd-security@freebsd.org, PicoBSD List References: <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C8E822E.7070509@aurora.regenstrief.org>; from gunther@aurora.regenstrief.org on Tue, Mar 12, 2002 at 05:33:18PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I looked at IBM's OpenCryptoki briefly, but it only supports Linux. Also, it seems that it requires a drop-in 'STDLL' to be written for each device. It might be possible to do something similar to SSH by hacking ssh-agent to be tied to a removable medium. BMS On Tue, Mar 12, 2002 at 05:33:18PM -0500, Gunther Schadow wrote: > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? > > thanks for any hint, > -Gunther To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 3:14:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from webweaving.org (adsl-66-124-87-42.dsl.snfc21.pacbell.net [66.124.87.42]) by hub.freebsd.org (Postfix) with ESMTP id 7A00637B404; Wed, 13 Mar 2002 03:14:23 -0800 (PST) Received: from dirkx (helo=localhost) by webweaving.org with local-esmtp (Exim 3.14 #1) id 16l7MP-0007Mr-00; Wed, 13 Mar 2002 11:56:01 +0000 Date: Wed, 13 Mar 2002 11:56:01 +0000 (GMT) From: Dirk-Willem van Gulik X-Sender: dirkx@router.ispra.webweaving.org To: "Louis A. Mamakos" Cc: Gunther Schadow , freebsd-security@FreeBSD.ORG, PicoBSD List Subject: Re: Smartcard device support? In-Reply-To: <200203130245.g2D2jbY28875@whizzo.transsys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 12 Mar 2002, Louis A. Mamakos wrote: > You should take a look at the Dallas Semiconductor Java iButton, > which is a small Java smartcard like device in a package about the > size of a button-battery. There's also an inexpensive reader > dongle you can attach to a serial port to talk with it. > > The Java iButton can do RSA public key processing; in fact, with > a suitably written application (in Java, of course), you can have > the device generate a public/private keypair, hand you back the > public key, and never expose the private key inside the tamper > resistant device. Very cool. And extremely easy to write/handle. I used it to do the above; have it signed by a CA - and then use the iButton to sign 5 day cert's which go down into a web server. They are not that fast though - i.e. do not expect those nice <1msec touch-and-go you see with the nedap devices. You have to conciously press them against the blue connector for a noticable period of time. I.e. there is a 'rest' moment. > See http://www.ibutton.com/ for information. See also > /usr/ports/comms/mlan3 for some low-level code used to talk > to these types of "one-wire" devices. I found them working just fine. However - the IDE requirers java comm support - which I could not get to work on FreeBSD (a year ago). So I had to do the initial part of the development on Sun Solaris box (PC is fine too). But once you are set up it is 100% java and platform agnostics; and especially if during development you allow the iButton to DHCP network itself in - using one of the adaptor cards and the java SIM - you can use (t)ftp to do all your develpment just fine from any unix. And may only need ot do something special when you are rolling out the ibottons on a PC. DW. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 5:51:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 2FCA137B4FC; Wed, 13 Mar 2002 05:51:43 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 729DC5347; Wed, 13 Mar 2002 14:51:41 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: security@freebsd.org Subject: sshd UseLogin option From: Dag-Erling Smorgrav Date: 13 Mar 2002 14:51:40 +0100 Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Could someone please explain to me why we don't use sshd's UseLogin option by default? I know that there was a security hole related to that option recently, but that's not a real reason - security holes can show up anywhere - so is there anything that makes UseLogin a particularly bad idea? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 7: 1:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 27B9437B41A for ; Wed, 13 Mar 2002 07:00:57 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g2DF0pK04988; Wed, 13 Mar 2002 09:00:51 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id JAA23605; Wed, 13 Mar 2002 09:00:50 -0600 (CST) Message-ID: <3C8F6984.F90D02C@centtech.com> Date: Wed, 13 Mar 2002 09:00:20 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Andrew McNaughton Cc: batz , Christopher Schulte , lewwid , freebsd-security@freebsd.org, Max Mouse Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) References: <20020313194713.A3633-100000@a2> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Andrew McNaughton wrote: > > On Tue, 12 Mar 2002, batz wrote: > > Has anyone else done anything especially different for managing security > > specific patches? > > Rather than looking at separate distribution of ports, why not look at a > protocol for providing a list of versions of ports which are insecure. > This could be added into the daily security check. No remedy to problems > found, just notification. Something similar to the version checking > available through periodic at present except that it would only cover > security issues. > > Andrew McNaughton That would be pretty handy - as long as you could tell it "only look at installed ports" or "look at all ports", and other things like a way to tell it to exclude certain ports from checking. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 8:28:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from draco.over-yonder.net (draco.over-yonder.net [198.78.58.61]) by hub.freebsd.org (Postfix) with ESMTP id A553B37B419 for ; Wed, 13 Mar 2002 08:28:31 -0800 (PST) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3844EFC2; Wed, 13 Mar 2002 10:28:31 -0600 (CST) Date: Wed, 13 Mar 2002 10:28:31 -0600 From: "Matthew D. Fuller" To: Dag-Erling Smorgrav Cc: security@freebsd.org Subject: Re: sshd UseLogin option Message-ID: <20020313102831.M57293@over-yonder.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5-fullermd.1i In-Reply-To: ; from des@ofug.org on Wed, Mar 13, 2002 at 02:51:40PM +0100 X-Editor: vi X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100 I heard the voice of Dag-Erling Smorgrav, and lo! it spake thus: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? On a side note, it sure would be nifty if UseLogin actually used login(1), which it didn't last I checked. Noticed-by: /etc/login.access strangely not applying to ssh connections. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 9:53:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from tulum.brsys.com (dnai-216-15-45-74.cust.dnai.com [216.15.45.74]) by hub.freebsd.org (Postfix) with ESMTP id E97EF37B416 for ; Wed, 13 Mar 2002 09:53:52 -0800 (PST) Received: (from adamw@localhost) by tulum.brsys.com (8.10.0/8.10.0) id g2DIGkj04614; Wed, 13 Mar 2002 10:16:46 -0800 (PST) Message-ID: <20020313101646.A4570@brsys.com> Date: Wed, 13 Mar 2002 10:16:46 -0800 From: Adam Wight To: Andrew McNaughton Cc: freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) References: <20020313194713.A3633-100000@a2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <20020313194713.A3633-100000@a2>; from Andrew McNaughton on Wed, Mar 13, 2002 at 07:53:32PM +1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What about a new make target, "upgrade," that only sync'ed the ports subtree for the port being built and its dependencies? I don't think that ports needs a cvs branch for security fixes, but a way to bring only a selected package up-to-date would be useful for its speed and reduced cvsupd load after security advisories, as well as for the decreased bandwidth on the users' boxes. If this sounds good to people, I would be happy to implement it. -adam wight On Wed, Mar 13, 2002 at 07:53:32PM +1300, Andrew McNaughton wrote: > On Tue, 12 Mar 2002, batz wrote: > > Back to my original post, about whether cvs would be a useful way to > > manage security specific information, so that people who just wanted to > > fix open vulnerabilities could do so in a way that did not involve > > sucking down most of the ports tree if they had not upgraded it in a while. > > > > Has anyone else done anything especially different for managing security > > specific patches? > > Rather than looking at separate distribution of ports, why not look at a > protocol for providing a list of versions of ports which are insecure. > This could be added into the daily security check. No remedy to problems > found, just notification. Something similar to the version checking > available through periodic at present except that it would only cover > security issues. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 11:10:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83]) by hub.freebsd.org (Postfix) with ESMTP id 71F7437B400 for ; Wed, 13 Mar 2002 11:10:40 -0800 (PST) Received: from fwd06.sul.t-online.de by mailout07.sul.t-online.com with smtp id 16lE0h-0008No-0E; Wed, 13 Mar 2002 20:02:03 +0100 Received: from frolic.no-support.loc (520094253176-0001@[80.130.205.223]) by fmrl06.sul.t-online.com with esmtp id 16lE0c-0kClW4C; Wed, 13 Mar 2002 20:01:58 +0100 Received: (from bjoern@localhost) by frolic.no-support.loc (8.11.6/8.9.3) id g2DJ0M702145; Wed, 13 Mar 2002 20:00:22 +0100 (CET) (envelope-from bjoern) From: Bjoern Fischer Date: Wed, 13 Mar 2002 20:00:21 +0100 To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020313190021.GB1761@frolic.no-support.loc> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: User-Agent: Mutt/1.3.25i X-Sender: 520094253176-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? And additionally to that, why is the environment variable MAIL hardcoded to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c although setusercontext() is used? Crap! -Bj=F6rn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 11:14:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id D896F37B404 for ; Wed, 13 Mar 2002 11:14:26 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2DJ76b23455; Wed, 13 Mar 2002 14:07:06 -0500 (EST) (envelope-from batsy@vapour.net) Date: Wed, 13 Mar 2002 14:07:06 -0500 (EST) From: batz To: Adam Wight Cc: Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: <20020313101646.A4570@brsys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 13 Mar 2002, Adam Wight wrote: :What about a new make target, "upgrade," that only sync'ed the ports :subtree for the port being built and its dependencies? Hrm, so it would be implemented in the makefiles of the entire ports collection? A top level makefile or one in each port? I was thinking about this a bit more, and it occured to me that using /var/db/pkg as a reference point, and either sup'ing a new port, which would then get a sort of 'reverse dependancies' list, from /var/db/pkg/portname/+REQUIRED_BY, and selectively upgrading anything in there which had the original port as a dependancy. That sounds like it might run into problems with recursion, thoughts? -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 11:31:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 42F2237B400 for ; Wed, 13 Mar 2002 11:31:09 -0800 (PST) Received: (qmail 25934 invoked by uid 1000); 13 Mar 2002 19:31:03 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 13 Mar 2002 19:31:03 -0000 Date: Wed, 13 Mar 2002 11:30:59 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: sshd UseLogin option In-Reply-To: <20020313190021.GB1761@frolic.no-support.loc> Message-ID: <20020313112159.G9375-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Could someone please explain to me why we don't use sshd's UseLogin > > option by default? I know that there was a security hole related to > > that option recently, but that's not a real reason - security holes > > can show up anywhere - so is there anything that makes UseLogin a > > particularly bad idea? > > And additionally to that, why is the environment variable MAIL hardcoded > to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c > although setusercontext() is used? Crap! the CheckMail option in sshd is deprecated (I think that it actually generates an error in 3.1, the current version) and should not be used anymore. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8j6j3swXMWWtptckRAlaDAJ9roGP6R8x2oC0bJoDbCc4KRJMKNgCfXc6F MMOFXKEYLWFK9figidjzWGU= =TyAr -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 11:31:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.enic.cc (lobo.nic.cc [206.253.214.247]) by hub.freebsd.org (Postfix) with ESMTP id 1194F37B404 for ; Wed, 13 Mar 2002 11:31:46 -0800 (PST) Received: from smokey.lan.enic.cc (tailback [206.253.214.252]) by mail.enic.cc (Postfix) with ESMTP id AD6F36A916 for ; Wed, 13 Mar 2002 11:31:45 -0800 (PST) Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) From: Mark Foster To: freebsd-security@FreeBSD.ORG In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 13 Mar 2002 11:31:45 -0800 Message-Id: <1016047905.6825.34.camel@smokey.lan.enic.cc> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sounds alot like pkg_version -c -v | sh (assuming an updated ports tree) On Wed, 2002-03-13 at 11:07, batz wrote: > On Wed, 13 Mar 2002, Adam Wight wrote: > > :What about a new make target, "upgrade," that only sync'ed the ports > :subtree for the port being built and its dependencies? > > Hrm, so it would be implemented in the makefiles of the entire ports > collection? A top level makefile or one in each port? > > I was thinking about this a bit more, and it occured to me that > using /var/db/pkg as a reference point, and either sup'ing a new > port, which would then get a sort of 'reverse dependancies' list, > from /var/db/pkg/portname/+REQUIRED_BY, and selectively upgrading > anything in there which had the original port as a dependancy. > > That sounds like it might run into problems with recursion, thoughts? > > > > -- > batz > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -mdf [Mark D. Foster] Phone: 206-381-0449 System Administrator - eNIC Corporation Fax: 206-329-7107 or mergatroid on AIM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 12:18:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id CA64D37B400 for ; Wed, 13 Mar 2002 12:17:58 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2DKASb27118; Wed, 13 Mar 2002 15:10:33 -0500 (EST) (envelope-from batsy@vapour.net) Date: Wed, 13 Mar 2002 15:10:19 -0500 (EST) From: batz To: Mark Foster Cc: freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: <1016047905.6825.34.camel@smokey.lan.enic.cc> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 13 Mar 2002, Mark Foster wrote: :Sounds alot like :pkg_version -c -v | sh : :(assuming an updated ports tree) Yeah, it does. So much for streamlining. Somebody close the patent office, everything has been invented. Thanks:) : :On Wed, 2002-03-13 at 11:07, batz wrote: :> On Wed, 13 Mar 2002, Adam Wight wrote: :> :> :What about a new make target, "upgrade," that only sync'ed the ports :> :subtree for the port being built and its dependencies? :> :> Hrm, so it would be implemented in the makefiles of the entire ports :> collection? A top level makefile or one in each port? :> :> I was thinking about this a bit more, and it occured to me that :> using /var/db/pkg as a reference point, and either sup'ing a new :> port, which would then get a sort of 'reverse dependancies' list, :> from /var/db/pkg/portname/+REQUIRED_BY, and selectively upgrading :> anything in there which had the original port as a dependancy. :> :> That sounds like it might run into problems with recursion, thoughts? :> :> :> :> -- :> batz :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message : -- -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 12:27:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from pythagoras.toolhouse.com (ip32.toolhouse.com [216.57.198.32]) by hub.freebsd.org (Postfix) with SMTP id DE16F37B6DB for ; Wed, 13 Mar 2002 12:26:43 -0800 (PST) Received: (qmail 96897 invoked from network); 13 Mar 2002 17:21:15 -0000 Received: from cameron.toolhouse.com (HELO toolhouse.com) (192.168.1.10) by 0 with SMTP; 13 Mar 2002 17:21:15 -0000 Message-ID: <3C8F7EA4.8050405@toolhouse.com> Date: Wed, 13 Mar 2002 08:30:28 -0800 From: "Cameron S. Watters" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9+) Gecko/20020311 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security Subject: IPSec (IKE negotiation) Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, NOTE: I don't subscribe, so please copy me in directly to any response. I'm trying to setup an IPSec using FreeBSD on my end. I'm having trouble, however, getting it to use the correct local IP address to originate the IKE negotiation from my end. The address that I'd like to be used is an alias of my external interface, however racoon seems to insist upon using the primary address assigned to the NIC. Adding a NIC is not an option. Is there any way to force racoon to use the correct external address? My second question would be: If the answer to the above is "no", then would using isakmpd instead of racoon help me solve this problem? --cam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 12:39:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 57D1F37B404 for ; Wed, 13 Mar 2002 12:39:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g2DKdGrZ028151; Thu, 14 Mar 2002 09:39:16 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Thu, 14 Mar 2002 09:39:16 +1300 (NZDT) From: Andrew McNaughton X-X-Sender: andrew@a2 To: Adam Wight Cc: freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-Reply-To: <20020313101646.A4570@brsys.com> Message-ID: <20020314091045.D25004-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 13 Mar 2002, Adam Wight wrote: > Date: Wed, 13 Mar 2002 10:16:46 -0800 > From: Adam Wight > To: Andrew McNaughton > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) > > What about a new make target, "upgrade," that only sync'ed the ports > subtree for the port being built and its dependencies? > > I don't think that ports needs a cvs branch for security fixes, but a > way to bring only a selected package up-to-date would be useful for its > speed and reduced cvsupd load after security advisories, as well as for > the decreased bandwidth on the users' boxes. This sounds good to me - it's one I've thought about before. It should not be a separate target though. It should be done via a flag, and that flag should be setable in /etc/make.conf, and over-rideable on the command line eg something like: make install clean PORT_UPGRADE=TRUE I suspect though that there may be efficiency issues to be careful of when using cvsup's filter utility like this. The following command takes close to a minute to run: cvsup -h cvsup.au.freebsd.org \ -i ports/net/net-snmp \ /usr/share/examples/cvsup/ports-supfile I don't know the details of cvsup very well, but I suspect that the server may be walking much more of the directory tree than it should be? What you propose would require multiple cvs runs. It's not till you have each port that you know for sure what dependencies exist. I suspect the extra load this implies for the cvsup servers may be an important factor. In any case, why not just work out the dependencies once and distribute a complete list of security problem ports which also includes info on the latest safe version and the latest versions of the ports on which it depends (recursively)? It's sometimes a weakness of the ports system that it carries very little information on version dependencies. It's also somewhat of a blessing as anyone who has tried to upgrade perl on a debian box will know. [ Actually upgrading perl on freebsd is a pain too, but less of one. I don't think it's possible to globally override bsd.port.mk 's idea of what the system's version of perl is. I keep adjusting that file and then having to repeat myself every time I update it via cvsup. Couldn't this be calculated using (perl -v) or (perl -e 'print $]') . ] Andrew McNaughton > > If this sounds good to people, I would be happy to implement it. > > -adam wight > > On Wed, Mar 13, 2002 at 07:53:32PM +1300, Andrew McNaughton wrote: > > On Tue, 12 Mar 2002, batz wrote: > > > Back to my original post, about whether cvs would be a useful way to > > > manage security specific information, so that people who just wanted to > > > fix open vulnerabilities could do so in a way that did not involve > > > sucking down most of the ports tree if they had not upgraded it in a while. > > > > > > Has anyone else done anything especially different for managing security > > > specific patches? > > > > Rather than looking at separate distribution of ports, why not look at a > > protocol for providing a list of versions of ports which are insecure. > > This could be added into the daily security check. No remedy to problems > > found, just notification. Something similar to the version checking > > available through periodic at present except that it would only cover > > security issues. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 12:51: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 4EAAC37B446 for ; Wed, 13 Mar 2002 12:50:38 -0800 (PST) Received: from bmah.dyndns.org ([12.233.149.189]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020313205038.PTYC2626.rwcrmhc51.attbi.com@bmah.dyndns.org>; Wed, 13 Mar 2002 20:50:38 +0000 Received: (from bmah@localhost) by bmah.dyndns.org (8.11.6/8.11.6) id g2DKoWP52263; Wed, 13 Mar 2002 12:50:32 -0800 (PST) (envelope-from bmah) Message-Id: <200203132050.g2DKoWP52263@bmah.dyndns.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: batz Cc: Mark Foster , freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) In-reply-to: References: Comments: In-reply-to batz message dated "Wed, 13 Mar 2002 15:10:19 -0500." From: "Bruce A. Mah" Reply-To: bmah@FreeBSD.ORG X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 13 Mar 2002 12:50:32 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If memory serves me right, batz wrote: > On 13 Mar 2002, Mark Foster wrote: > > :Sounds alot like > :pkg_version -c -v | sh > : > :(assuming an updated ports tree) > > Yeah, it does. So much for streamlining. Somebody > close the patent office, everything has been invented. Please RTFM for pkg_version(8), paying particular attention to the warnings *against* doing this very thing. Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 14:35:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from pythagoras.toolhouse.com (ip32.toolhouse.com [216.57.198.32]) by hub.freebsd.org (Postfix) with SMTP id 4C90937B417 for ; Wed, 13 Mar 2002 14:35:09 -0800 (PST) Received: (qmail 85511 invoked from network); 12 Mar 2002 19:03:01 -0000 Received: from cameron.toolhouse.com (HELO toolhouse.com) (192.168.1.10) by 0 with SMTP; 12 Mar 2002 19:03:01 -0000 Message-ID: <3C8E44F8.9040302@toolhouse.com> Date: Tue, 12 Mar 2002 10:12:08 -0800 From: "Cameron S. Watters" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9+) Gecko/20020311 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: IPSec (IKE negotiation) Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, NOTE: I don't subscribe, so please copy me in directly to any response. I'm trying to setup an IPSec using FreeBSD on my end. I'm having trouble, however, getting it to use the correct local IP address to originate the IKE negotiation from my end. The address that I'd like to be used is an alias of my external interface, however racoon seems to insist upon using the primary address assigned to the NIC. Adding a NIC is not an option. Is there any way to force racoon to use the correct external address? My second question would be: If the answer to the above is "no", then would using isakmpd instead of racoon help me solve this problem? --cam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 19:26:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 0371A37B405 for ; Wed, 13 Mar 2002 19:26:18 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id DAA19641; Thu, 14 Mar 2002 03:26:15 GMT Date: Thu, 14 Mar 2002 03:26:15 +0000 From: rik To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020314032614.GA19164@spoon.pkl.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? ISTR this feature is intended for use on very old/weird systems where sshd doesn't know how to authenticate the user or setup a login session. We don't use it, because it's not needed, since we are both supported, and use PAM anyway. Of course, I could be completely wrong, and at 3:30am, I can't find any docs quickly to hand... -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 19:53:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe49.pav1.hotmail.com [64.4.30.21]) by hub.freebsd.org (Postfix) with ESMTP id 6425E37B417 for ; Wed, 13 Mar 2002 19:53:17 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 13 Mar 2002 19:53:17 -0800 X-Originating-IP: [24.114.220.250] From: "jack xiao" To: Subject: AES Date: Wed, 13 Mar 2002 22:54:49 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: base64 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 14 Mar 2002 03:53:17.0343 (UTC) FILETIME=[C6338AF0:01C1CB0B] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org SGksDQoNCkNhbiBhbnlib2R5IHNob3cgbWUgc29tZSByZXNvdXJjZSBhYm91dCB0aGUgY29tcGFy aXNvbiBiZXR3ZWVuIEFFUyBhbmQgM0RFUyBvciBERVM/DQoNClRoYW5rcyBhIGxvdCENCg0KSmFj aw0K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 21:15:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailout04.sul.t-online.com (mailout04.sul.t-online.com [194.25.134.18]) by hub.freebsd.org (Postfix) with ESMTP id 964DF37B400 for ; Wed, 13 Mar 2002 21:15:24 -0800 (PST) Received: from fwd07.sul.t-online.de by mailout04.sul.t-online.com with smtp id 16lNWo-0000K4-00; Thu, 14 Mar 2002 06:11:50 +0100 Received: from frolic.no-support.loc (520094253176-0001@[217.225.32.206]) by fmrl07.sul.t-online.com with esmtp id 16lNWa-1Dj32mC; Thu, 14 Mar 2002 06:11:36 +0100 Received: (from bjoern@localhost) by frolic.no-support.loc (8.11.6/8.9.3) id g2E5APE00599; Thu, 14 Mar 2002 06:10:25 +0100 (CET) (envelope-from bjoern) From: Bjoern Fischer Date: Thu, 14 Mar 2002 06:10:25 +0100 To: Jason Stone Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020314051025.GA350@frolic.no-support.loc> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Mutt/1.3.25i X-Sender: 520094253176-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >> And additionally to that, why is the environment variable MAIL hardcoded >> to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c >> although setusercontext() is used? Crap! > >the CheckMail option in sshd is deprecated (I think that it actually >generates an error in 3.1, the current version) and should not be used >anymore. It's not just for the CheckMail option, but the MAIL variable ends up in the users environment for the session. Normally the admin would have configured an appropriate environment via login.conf, so no dealing with shell specific files or, even worse, no telling the user what variable he has to set. And if a user doesn't start a normal shell session, but directly fires up his (X11 based) MUA with that wrong MAIL var. -Bj=F6rn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 22:59: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from svr3.applink.net (svr3.applink.net [206.50.88.3]) by hub.freebsd.org (Postfix) with ESMTP id E61A137B402 for ; Wed, 13 Mar 2002 22:58:55 -0800 (PST) Received: from home.ashavan.org. (pri12-10-79.applink.net [216.91.197.79]) by svr3.applink.net (8.12.1/8.12.1) with ESMTP id g2E6wgHN013438; Thu, 14 Mar 2002 00:58:43 -0600 Received: from there (IDENT:zjvalWs7xzF2vEwoCud/X9O0GehdUSPB@argent.home.ashavan.org [172.16.10.50]) by home.ashavan.org. (8.11.6/8.11.6) with SMTP id g2E6sUC05049; Thu, 14 Mar 2002 06:54:51 GMT Message-Id: <200203140654.g2E6sUC05049@home.ashavan.org.> Content-Type: text/plain; charset="iso-8859-1" From: "\"\"" Reply-To: dirac@applink.net To: "jack xiao" , Subject: Re: AES Date: Thu, 14 Mar 2002 00:57:50 -0600 X-Mailer: KMail [version 1.3.2] References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 13 March 2002 21:54, jack xiao wrote: > Hi, > > Can anybody show me some resource about the comparison between AES and 3DES > or DES? AES means Advanced Encryption Standard. The United Corporations of America just authorized it as a replacement to (3)DES. That should be enough info for you to make a choice, one would think. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 13 23: 5:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id D9E9E37B417 for ; Wed, 13 Mar 2002 23:05:37 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020314070537.JCYU1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Thu, 14 Mar 2002 07:05:37 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2E75aL39503; Wed, 13 Mar 2002 23:05:36 -0800 (PST) (envelope-from cjc) Date: Wed, 13 Mar 2002 23:05:36 -0800 From: "Crist J. Clark" To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020313230536.B29705@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Wed, Mar 13, 2002 at 02:51:40PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? Who uses system passwords with ssh(1)? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 1:36:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f18.pav0.hotmail.com [64.4.33.89]) by hub.freebsd.org (Postfix) with ESMTP id 06A7F37B420 for ; Thu, 14 Mar 2002 01:36:30 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 14 Mar 2002 01:36:29 -0800 Received: from 24.217.8.73 by pv0fd.pav0.hotmail.msn.com with HTTP; Thu, 14 Mar 2002 09:36:29 GMT X-Originating-IP: [24.217.8.73] From: "Chest Rockwell" To: freebsd-security@freebsd.org Subject: New BSD user with a couple Qs Date: Thu, 14 Mar 2002 03:36:29 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 14 Mar 2002 09:36:29.0917 (UTC) FILETIME=[B854F8D0:01C1CB3B] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've read a couple docs on how to secure my machine. I just installed 4.4 stable. I turned off pretty much everything except for ftp(users only, no anon) and ssh. I am a little familiar with redhat and remember editing my hosts.deny file so that it locked out everyone except for my home and work machines. I think that I need to edit the /etc/rc.firewall file. Is this a good idea to deny everyone except for a few users and how would I do that? I'm running 4.4 stable. Is that good enough or should I get the 4.5 release? Do I need to upgrade/update any files or do anything else to secure the machine? If so, could you send me a good link or give me some help please? Thankyou in advance, Jason uin 1401272 _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 2:22:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227]) by hub.freebsd.org (Postfix) with ESMTP id 9D2D437B419 for ; Thu, 14 Mar 2002 02:22:37 -0800 (PST) Received: from nomad.tor.lets.net (H74.C220.tor.velocet.net [216.138.220.74]) by spitfire.velocet.net (Postfix) with SMTP id 48F2FFB4503 for ; Thu, 14 Mar 2002 05:22:36 -0500 (EST) Received: (qmail 56366 invoked by uid 1001); 14 Mar 2002 10:17:31 -0000 Date: Thu, 14 Mar 2002 05:17:31 -0500 From: Steve Shorter To: Chest Rockwell Cc: freebsd-security@freebsd.org Subject: Re: New BSD user with a couple Qs Message-ID: <20020314051731.A56353@nomad.lets.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from cdgaming@msn.com on Thu, Mar 14, 2002 at 03:36:29AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 14, 2002 at 03:36:29AM -0600, Chest Rockwell wrote: > > I've read a couple docs on how to secure my machine. I just installed 4.4 > stable. I turned off pretty much everything except for ftp(users only, no > anon) and ssh. I am a little familiar with redhat and remember editing my > hosts.deny file so that it locked out everyone except for my home and work FreeBSD uses hosts.allow only. > machines. I think that I need to edit the /etc/rc.firewall file. Is this a > good idea to deny everyone except for a few users and how would I do that? > > I'm running 4.4 stable. Is that good enough or should I get the 4.5 > release? Depends. 4.4 is good, but 4.5 has some networking and NFS fixes/improvements. > > Do I need to upgrade/update any files or do anything else to secure the > machine? If so, could you send me a good link or give me some help please? man security http://www.freebsd.org/security -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 2:33: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id F412537B402 for ; Thu, 14 Mar 2002 02:32:55 -0800 (PST) Received: (qmail 55998 invoked by uid 1000); 14 Mar 2002 10:32:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Mar 2002 10:32:50 -0000 Date: Thu, 14 Mar 2002 02:32:47 -0800 (PST) From: Jason Stone X-X-Sender: To: Chest Rockwell Cc: Subject: Re: New BSD user with a couple Qs In-Reply-To: Message-ID: <20020314021011.J9375-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I've read a couple docs on how to secure my machine. I just installed > 4.4 stable. I turned off pretty much everything except for ftp(users > only, no anon) and ssh. FTP is totally insecure as it sends all data in the clear - many attacks start by sniffing user passwords out of ftp sessions and then using local exploits to get root. Consider using sftp, the secure ftp-like alternative that comes with ssh. From the unix commandline, it works just like ftp, and for windows clients, CuteFTP, Secure iXplorer, and others support it - just change the port from 21 to 22. If you must use plain ftp, consider using opie passwords instead of plain passwords. Opie calculators exist for pretty much every platform, and some gui clients even have builtin support for it (Fetch for the Mac comes to mind). "man opie" for details. > I am a little familiar with redhat and remember editing my hosts.deny > file so that it locked out everyone except for my home and work > machines. I think that I need to edit the /etc/rc.firewall file. Is > this a good idea to deny everyone except for a few users and how would > I do that? FreeBSD also supports tcpwrappers-style access lists in /etc/hosts.allow, but using ipfw firewalling rules is probablly a better idea, as this will prevent, for example, buffer overflows, whereas tcpwrappers will not. I reccommend against editing /etc/rc.firewall, as this will create conflicts when you upgrade via cvsup (see below). I prefer to set all my firewall rules in a separate file. For example, my /etc/rc.conf contains: #------------------------------# firewall_enable="YES" firewall_logging="YES" firewall_type="/etc/ipfw.conf" #------------------------------# And then I have my ipfw rules in /etc/ipfw.conf: add deny tcp from any to any 111 add deny udp from any to any 111 add deny tcp from any to any 1023 add deny udp from any to any 1023 etc.... > I'm running 4.4 stable. Is that good enough or should I get the 4.5 > release? > > Do I need to upgrade/update any files or do anything else to secure > the machine? If so, could you send me a good link or give me some > help please? You definitely should upgrade. To upgrade to 4.5-stable, install the cvsup package, edit /usr/share/examples/cvsup/stable-supfile and change the line "*default host=CHANGE_THIS.FreeBSD.org" to "*default host=cvsup9.FreeBSD.org" and then run "cvsup -g -L 2 /usr/share/examples/cvsup/stable-supfile" to update your source tree. Finally, rebuild the user-space with something like "cd /usr/src && make world" You should also rebuild the kernel and use mergemaster to clean up your /etc files - check out the handbook for more help with that. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8kHxSswXMWWtptckRAiz9AJwMjH1PbdEdkjpzALxUZQX0XII7TwCffFOS SN4deJTkrSkVcYLr9vMk5VI= =lTSy -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 3:23:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.johnrshannon.com (mail.johnrshannon.com [208.141.183.125]) by hub.freebsd.org (Postfix) with ESMTP id D3CA037B41B for ; Thu, 14 Mar 2002 03:23:13 -0800 (PST) Received: from pablo.johnrshannon.com (pablo.johnrshannon.com [192.168.1.3]) by mail.johnrshannon.com (Postfix) with ESMTP id A94EBE8B4; Thu, 14 Mar 2002 04:23:12 -0700 (MST) Received: from pablo.johnrshannon.com (localhost [127.0.0.1]) by pablo.johnrshannon.com (8.12.2/8.11.6) with ESMTP id g2EBNCgN006689; Thu, 14 Mar 2002 04:23:12 -0700 (MST) (envelope-from john@pablo.johnrshannon.com) Received: (from john@localhost) by pablo.johnrshannon.com (8.12.2/8.12.1/Submit) id g2EBNB7e006688; Thu, 14 Mar 2002 04:23:11 -0700 (MST)?g (envelope-from john) Message-Id: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com> Content-Type: text/plain; charset="iso-8859-1" From: "John R. Shannon" Reply-To: john@johnrshannon.com To: "jack xiao" , Subject: Re: AES Date: Thu, 14 Mar 2002 04:23:11 -0700 X-Mailer: KMail [version 1.3.2] References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org AES and DES are compared on this AES fact sheet: http://csrc.nist.gov/encryption/aes/aesfact.html The problem with DES is that it's 56 bit key, which was adequate in the 70s, can be discovered by exhaustive keysearch. 3DES attacks this by applying DES 3 times: encrypt with 1 key, decrypt with a second, and encrypt with a third. The best known attack on 3DES is O(2^108) operations with something like 2^64 storage. The problem with 3DES, is it's high computational cost. On Wednesday 13 March 2002 08:54 pm, jack xiao wrote: > Hi, > > Can anybody show me some resource about the comparison between AES and 3DES > or DES? > > Thanks a lot! > > Jack > -- John R. Shannon john@johnrshannon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 3:58: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 5BC0137B404; Thu, 14 Mar 2002 03:58:06 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 162EC5346; Thu, 14 Mar 2002 12:58:05 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "Crist J. Clark" Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option References: <20020313230536.B29705@blossom.cjclark.org> From: Dag-Erling Smorgrav Date: 14 Mar 2002 12:58:04 +0100 In-Reply-To: <20020313230536.B29705@blossom.cjclark.org> Message-ID: Lines: 8 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" writes: > Who uses system passwords with ssh(1)? Does UseLogin disable key authentication? I've never tried it... DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 4:20:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 1E0EB37B402 for ; Thu, 14 Mar 2002 04:20:16 -0800 (PST) Received: (from rik@localhost) by pkl.net (8.9.3/8.9.3) id MAA01526 for security@freebsd.org; Thu, 14 Mar 2002 12:20:15 GMT Date: Thu, 14 Mar 2002 12:20:15 +0000 From: rik To: FreeBSD Security Subject: Re: sshd UseLogin option Message-ID: <20020314122015.GA1344@spoon.pkl.net> References: <20020313230536.B29705@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 14, 2002 at 12:58:04PM +0100, Dag-Erling Smorgrav wrote: > "Crist J. Clark" writes: > > Who uses system passwords with ssh(1)? > > Does UseLogin disable key authentication? I've never tried it... I don't think so, but specifying a command to run does ignore UseLogin (and is documented as such), so you'll get an inconsistent environment because of that when doing cvs over ssh, as opposed to logging in over ssh. All in all, the UseLogin option seems to be not very useful, and poorly implemented. But then, we aren't using OpenSSH-portable (well, not in my source tree, anyway). These things ought to be checked against -portable -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 6:47:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from eudoramail.com (netturbo3.cscoms.com [202.183.214.4]) by hub.freebsd.org (Postfix) with SMTP id 972D737B404 for ; Thu, 14 Mar 2002 06:47:01 -0800 (PST) From: "Moissanite" To: Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 14 Mar 2002 21:50:49 +0700 Reply-To: "Moissanite" Content-Transfer-Encoding: 8bit Message-Id: <20020314144701.972D737B404@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Moissanite: More Fire and Brilliance
The Truth About Moissanite
 
Fact - Moissanite delivers more
fire, brilliance and luster than any other hard jewel on Earth.
This unretouched photograph supports the adage that "a picture is worth a thousand words". Here, a light source over a similar sized moissanite and diamond placed in shallow water clearly shows the superior fire and brilliance of this unique new jewel. And the picture is supported by measurable facts: the GIA publishes the dispersion (fire) of created moissanite at 0.104, refractive index (brilliance) at 2.65 to 2.69, and luster at 20.4%. No other hard jewel measures up, not even a fine diamond. And only moissanite and diamond are over 9 on the Mohs hardness scale. Moissanite jewels created by Charles & Colvard are available in all popular shapes and sizes. 

www.moissanitesource.com is the place to buy moissanite jewelry on the internet. Buy with confidence at the best prices in the world. 

 

Moissanite Created By Charles &
Colvard
 

Moissanite created by Charles & Colvard is a unique jewel, not a synthetic diamond.

Moissanite Source is an authorized distributor of Moissanite.

 

If you wish to stop receiving these occasional mailings, simply reply to this email with the word "REMOVE" in
the subject line and we will remove your name and email address from our database.

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 6:49:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card4-0-cust77.cdf.cable.ntl.com [62.252.49.77]) by hub.freebsd.org (Postfix) with ESMTP id ECB5037B400 for ; Thu, 14 Mar 2002 06:49:02 -0800 (PST) Received: from rasputin by shikima.mine.nu with local (Exim 3.35 #1) id 16lWXL-0004CZ-00; Thu, 14 Mar 2002 14:48:59 +0000 Date: Thu, 14 Mar 2002 14:48:59 +0000 From: Rasputin To: "Matthew D. Fuller" Cc: security@freebsd.org Subject: Re: sshd UseLogin option Message-ID: <20020314144859.A13371@shikima.mine.nu> Reply-To: Rasputin References: <20020313102831.M57293@over-yonder.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020313102831.M57293@over-yonder.net>; from fullermd@over-yonder.net on Wed, Mar 13, 2002 at 10:28:31AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Matthew D. Fuller [020313 16:29]: > On Wed, Mar 13, 2002 at 02:51:40PM +0100 I heard the voice of > Dag-Erling Smorgrav, and lo! it spake thus: > > Could someone please explain to me why we don't use sshd's UseLogin > > option by default? I know that there was a security hole related to > > that option recently, but that's not a real reason - security holes > > can show up anywhere - so is there anything that makes UseLogin a > > particularly bad idea? > > On a side note, it sure would be nifty if UseLogin actually used login(1), > which it didn't last I checked. Noticed-by: /etc/login.access strangely > not applying to ssh connections. I think that's fixed now - I was able to bounce incoming ssh session using login.access last month, anyway. -- "You can bring any calculator you like to the midterm, as long as it doesn't dim the lights when you turn it on." -- Hepler, Systems Design 182 Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 6:54:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from eudoramail.com (netturbo3.cscoms.com [202.183.214.4]) by hub.freebsd.org (Postfix) with SMTP id 8362F37B416 for ; Thu, 14 Mar 2002 06:53:23 -0800 (PST) From: "Moissanite" To: Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 14 Mar 2002 21:57:11 +0700 Reply-To: "Moissanite" Content-Transfer-Encoding: 8bit Message-Id: <20020314145323.8362F37B416@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Moissanite: More Fire and Brilliance
The Truth About Moissanite
 
Fact - Moissanite delivers more
fire, brilliance and luster than any other hard jewel on Earth.
This unretouched photograph supports the adage that "a picture is worth a thousand words". Here, a light source over a similar sized moissanite and diamond placed in shallow water clearly shows the superior fire and brilliance of this unique new jewel. And the picture is supported by measurable facts: the GIA publishes the dispersion (fire) of created moissanite at 0.104, refractive index (brilliance) at 2.65 to 2.69, and luster at 20.4%. No other hard jewel measures up, not even a fine diamond. And only moissanite and diamond are over 9 on the Mohs hardness scale. Moissanite jewels created by Charles & Colvard are available in all popular shapes and sizes. 

www.moissanitesource.com is the place to buy moissanite jewelry on the internet. Buy with confidence at the best prices in the world. 

 

Moissanite Created By Charles &
Colvard
 

Moissanite created by Charles & Colvard is a unique jewel, not a synthetic diamond.

Moissanite Source is an authorized distributor of Moissanite.

 

If you wish to stop receiving these occasional mailings, simply reply to this email with the word "REMOVE" in
the subject line and we will remove your name and email address from our database.

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 8:18: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by hub.freebsd.org (Postfix) with SMTP id 3E47637B400; Thu, 14 Mar 2002 08:18:05 -0800 (PST) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 14 Mar 2002 16:17:31 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA08886; Thu, 14 Mar 2002 11:17:19 -0500 (EST) Received: from quattro.rsa.com (quattro.rsa.com [10.81.217.239]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id IAA12510; Thu, 14 Mar 2002 08:22:26 -0800 (PST) Received: from rsasecurity.com (localhost.rsa.com [127.0.0.1]) by quattro.rsa.com (8.11.0/8.11.0) with ESMTP id g2EGH2J10681; Thu, 14 Mar 2002 08:17:02 -0800 (PST) (envelope-from davef@rsasecurity.com) Message-Id: <200203141617.g2EGH2J10681@quattro.rsa.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Gunther Schadow Cc: freebsd-security@FreeBSD.ORG, PicoBSD List Subject: Re: Smartcard device support? In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST." <3C8E822E.7070509@aurora.regenstrief.org> From: David Finkelstein Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 14 Mar 2002 08:17:02 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gunther Schadow wrote: >Hi, > >I'm wondering if it isn't time to roll out smart card use a bit more >aggressively. The question is: are any smart card devices useable >with FreeBSD? I believe nCipher has drivers for FreeBSD. --- David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 8:43:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 9E86937B416; Thu, 14 Mar 2002 08:43:01 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA26423; Thu, 14 Mar 2002 09:42:54 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g2EGgr139282; Thu, 14 Mar 2002 09:42:53 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15504.54029.424057.761653@caddis.yogotech.com> Date: Thu, 14 Mar 2002 09:42:53 -0700 To: "Crist J. Clark" Cc: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: sshd UseLogin option In-Reply-To: <20020313230536.B29705@blossom.cjclark.org> References: <20020313230536.B29705@blossom.cjclark.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Could someone please explain to me why we don't use sshd's UseLogin > > option by default? I know that there was a security hole related to > > that option recently, but that's not a real reason - security holes > > can show up anywhere - so is there anything that makes UseLogin a > > particularly bad idea? > > Who uses system passwords with ssh(1)? We do for our remote access boxes that have numerous users accessing them. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 9:53:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from m5.andara.com (m5-real.eastlink.ca [24.222.0.25]) by hub.freebsd.org (Postfix) with ESMTP id 0E07837B405 for ; Thu, 14 Mar 2002 09:53:41 -0800 (PST) Received: from xeno (u206n232.hfx.eastlink.ca [24.222.206.232]) by m5.andara.com (8.12.1/8.12.1) with SMTP id g2EHrhOB001439 for ; Thu, 14 Mar 2002 13:53:43 -0400 (AST) Message-ID: <003501c1cb81$2e12faa0$e8cede18@xeno> From: "N. J. Cash" To: "FreeBSD Security" Subject: telnet / ipfw question Date: Thu, 14 Mar 2002 13:53:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 x-mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have telnet enabled on my system running 4.5-stable and have it hidden behind very strick ipfw rules so that the only IP that has access to the box on port 23 is my home static IP, everything else is denied by the firewall. I'm well aware of the risks of having telnet open and how insecure it can be so, i'm just looking for some input here if this sounds like a safe way to have the daemon running on a system. Would there still be security risks involved that i'm not aware about running it this way? Here's basically what's going on in ipfw for port 23. ipfw add 1400 allow log tcp from x.x.myip.x.x to any 23 ipfw add 09000 deny log ip from any to any Look safe ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 10: 0:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 0CB0737B42A for ; Thu, 14 Mar 2002 09:59:56 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g2EHxsK19168; Thu, 14 Mar 2002 11:59:54 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id LAA09907; Thu, 14 Mar 2002 11:59:54 -0600 (CST) Message-ID: <3C90E4F9.A4CA41CA@centtech.com> Date: Thu, 14 Mar 2002 11:59:21 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "N. J. Cash" Cc: FreeBSD Security Subject: Re: telnet / ipfw question References: <003501c1cb81$2e12faa0$e8cede18@xeno> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why do you need telnet so badly? The rules are fine, but those won't matter when someone sniffs your plain text password and source ip, then spoofs it and logs in as you. Eric "N. J. Cash" wrote: > > I have telnet enabled on my system running 4.5-stable and have it hidden > behind very strick ipfw rules so that the only IP that has access to the box > on port 23 is my home static IP, everything else is denied by the firewall. > I'm well aware of the risks of having telnet open and how insecure it can be > so, i'm just looking for some input here if this sounds like a safe way to > have the daemon running on a system. Would there still be security risks > involved > that i'm not aware about running it this way? > > Here's basically what's going on in ipfw for port 23. > > ipfw add 1400 allow log tcp from x.x.myip.x.x to any 23 > ipfw add 09000 deny log ip from any to any > > Look safe ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 10:11:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from lakemtao04.cox.net (lakemtao04.cox.net [68.1.17.241]) by hub.freebsd.org (Postfix) with ESMTP id 922FE37B405 for ; Thu, 14 Mar 2002 10:11:32 -0800 (PST) Received: from ip68-7-57-142 ([68.7.57.142]) by lakemtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020311055816.RSGQ7722.lakemtao03.cox.net@ip68-7-57-142>; Mon, 11 Mar 2002 00:58:16 -0500 Date: Sun, 10 Mar 2002 21:58:07 -0800 From: Lawrence Sica To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-Id: <20020310215807.4b09a52f.lomion1@cox.net> In-Reply-To: <4.3.2.7.2.20020307093957.01f65ad0@nospam.lariat.org> References: <4.3.2.7.2.20020307093957.01f65ad0@nospam.lariat.org> X-Mailer: Sylpheed version 0.7.2claws (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="=.l0F_DU1+dT,Z2." Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.l0F_DU1+dT,Z2. Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 07 Mar 2002 09:40:20 -0700 Brett Glass may have typed: > I'd like to install OpenSSH 3.1 instead of merely applying the patch. > Can this be brought into the ports tree? I could install from the > portable OpenSSH source, but of course some subtle changes made for > better integration would be missing. > If you install the openssh-portable port you can specify OPENSSH_OVERWRITE_BASE to overwrite the base OpenSSH. I know this exists in the protable port. I don't normally use the ports for OpenSSH thought jsuthave read the Makefiles. HTH --Larry --=.l0F_DU1+dT,Z2. Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) iD8DBQE8jEdzv919pZHFe2ERAj7ZAJ9/9tx/dGHDo+O+GH3paAY5siFILgCfQnY2 GqKBn3FvgojlNpcVzvDpIQs= =nkX4 -----END PGP SIGNATURE----- --=.l0F_DU1+dT,Z2.-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 10:38:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from tulum.brsys.com (dnai-216-15-45-74.cust.dnai.com [216.15.45.74]) by hub.freebsd.org (Postfix) with ESMTP id 2A98D37B405 for ; Thu, 14 Mar 2002 10:38:29 -0800 (PST) Received: (from adamw@localhost) by tulum.brsys.com (8.10.0/8.10.0) id g2EJ1Mr07295; Thu, 14 Mar 2002 11:01:22 -0800 (PST) Message-ID: <20020314110122.A7150@brsys.com> Date: Thu, 14 Mar 2002 11:01:22 -0800 From: Adam Wight To: Andrew McNaughton Cc: freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) References: <20020313101646.A4570@brsys.com> <20020314091045.D25004-100000@a2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <20020314091045.D25004-100000@a2>; from Andrew McNaughton on Thu, Mar 14, 2002 at 09:39:16AM +1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 14, 2002 at 09:39:16AM +1300, Andrew McNaughton wrote: > On Wed, 13 Mar 2002, Adam Wight wrote: > > What about a new make target, "upgrade," that only sync'ed the ports > > subtree for the port being built and its dependencies? > > > > I don't think that ports needs a cvs branch for security fixes, but a > > way to bring only a selected package up-to-date would be useful for its > > speed and reduced cvsupd load after security advisories, as well as for > > the decreased bandwidth on the users' boxes. > > It should not be a separate target though. It should be done via a flag, > and that flag should be setable in /etc/make.conf, and over-rideable on > the command line > > eg something like: > > make install clean PORT_UPGRADE=TRUE A flag sounds better than a target, I agree. > I suspect though that there may be efficiency issues to be careful of when > using cvsup's filter utility like this. The following command takes close > to a minute to run: > > cvsup -h cvsup.au.freebsd.org \ > -i ports/net/net-snmp \ > /usr/share/examples/cvsup/ports-supfile I think that cvsup would be problematic for exactly the reasons you mention. I doubt I'll make many friends for saying it, but rsync would be perfect for this task. Since that is unlikely to happen, maybe this behavior of cvsup can be fixed? My question for someone who actually knows m3 would be the following: Is there some room for improvement at cvsup-snap-16.1f/server/src/FSServer.m3:1558? I think the whole directory tree is parsed, then filtered. Wouldn't it make more sense to check whether the filter strings are directories and use them as the directory tree in the first place? This thread may be diverging from -security... > I don't know the details of cvsup very well, but I suspect that the server > may be walking much more of the directory tree than it should be? > > What you propose would require multiple cvs runs. It's not till you have > each port that you know for sure what dependencies exist. I suspect the > extra load this implies for the cvsup servers may be an important factor. > > In any case, why not just work out the dependencies once and distribute a > complete list of security problem ports which also includes info on the > latest safe version and the latest versions of the ports on which it > depends (recursively)? > > It's sometimes a weakness of the ports system that it carries very little > information on version dependencies. It's also somewhat of a blessing as > anyone who has tried to upgrade perl on a debian box will know. > > [ Actually upgrading perl on freebsd is a pain too, but less of one. I > don't think it's possible to globally override bsd.port.mk 's idea of what > the system's version of perl is. I keep adjusting that file and then > having to repeat myself every time I update it via cvsup. Couldn't this > be calculated using (perl -v) or (perl -e 'print $]') . ] > > Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 10:45:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from tulum.brsys.com (dnai-216-15-45-74.cust.dnai.com [216.15.45.74]) by hub.freebsd.org (Postfix) with ESMTP id 7E90037B419; Thu, 14 Mar 2002 10:45:34 -0800 (PST) Received: (from adamw@localhost) by tulum.brsys.com (8.10.0/8.10.0) id g2EJ8PF07356; Thu, 14 Mar 2002 11:08:25 -0800 (PST) Message-ID: <20020314110824.B7150@brsys.com> Date: Thu, 14 Mar 2002 11:08:24 -0800 From: Adam Wight To: bmah@FreeBSD.ORG, batz Cc: Mark Foster , freebsd-security@FreeBSD.ORG Subject: Re: Managing port security upgrades (was:Re: PHP 4.1.2) References: <200203132050.g2DKoWP52263@bmah.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <200203132050.g2DKoWP52263@bmah.dyndns.org>; from Bruce A. Mah on Wed, Mar 13, 2002 at 12:50:32PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think I should clarify that the original problem was bringing specific port Makefiles, patches, etc. up-to-date in a low-bandwidth fashion, not simply getting the distfiles. -adam On Wed, Mar 13, 2002 at 12:50:32PM -0800, Bruce A. Mah wrote: > If memory serves me right, batz wrote: > > On 13 Mar 2002, Mark Foster wrote: > > > > :Sounds alot like > > :pkg_version -c -v | sh > > : > > :(assuming an updated ports tree) > > > > Yeah, it does. So much for streamlining. Somebody > > close the patent office, everything has been invented. > > Please RTFM for pkg_version(8), paying particular attention to the > warnings *against* doing this very thing. > > Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 10:58:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from web11308.mail.yahoo.com (web11308.mail.yahoo.com [216.136.131.211]) by hub.freebsd.org (Postfix) with SMTP id 6D21637B400 for ; Thu, 14 Mar 2002 10:58:39 -0800 (PST) Message-ID: <20020314185839.8844.qmail@web11308.mail.yahoo.com> Received: from [205.175.225.24] by web11308.mail.yahoo.com via HTTP; Thu, 14 Mar 2002 10:58:39 PST Date: Thu, 14 Mar 2002 10:58:39 -0800 (PST) From: Dean Phillips Subject: Re: telnet / ipfw question To: FreeBSD Security Cc: "N. J. Cash" In-Reply-To: <003501c1cb81$2e12faa0$e8cede18@xeno> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org No, it does not look safe. All of your traffic (including any passwords) can be sniffed any time you use telnet. Limiting the IP address helps but is vulnerable to IP spoofing. IP spoofing can be used to hijack your connection or even log in. I highly recommend ssh as a much better alternative. Clients are available for most common operating systems. Regards, Dean M. Phillips --- "N. J. Cash" wrote: > I have telnet enabled on my system running > 4.5-stable and have it hidden > behind very strick ipfw rules so that the only IP > that has access to the box > on port 23 is my home static IP, everything else is > denied by the firewall. > I'm well aware of the risks of having telnet open > and how insecure it can be > so, i'm just looking for some input here if this > sounds like a safe way to > have the daemon running on a system. Would there > still be security risks > involved > that i'm not aware about running it this way? > > Here's basically what's going on in ipfw for port > 23. > > ipfw add 1400 allow log tcp from x.x.myip.x.x to any > 23 > ipfw add 09000 deny log ip from any to any > > > Look safe ? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 11: 9:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14807.mail.yahoo.com (web14807.mail.yahoo.com [216.136.224.223]) by hub.freebsd.org (Postfix) with SMTP id CD22C37B402 for ; Thu, 14 Mar 2002 11:09:36 -0800 (PST) Message-ID: <20020314190936.3548.qmail@web14807.mail.yahoo.com> Received: from [198.88.119.219] by web14807.mail.yahoo.com via HTTP; Thu, 14 Mar 2002 11:09:36 PST Date: Thu, 14 Mar 2002 11:09:36 -0800 (PST) From: krzysztof Strzelczyk Subject: Re: telnet / ipfw question To: "N. J. Cash" Cc: FreeBSD Security In-Reply-To: <3C90E4F9.A4CA41CA@centtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why not use ssh? Of course you will want 3.1 to avoid the fiasco last week. -Chris --- Eric Anderson wrote: > Why do you need telnet so badly? The rules are > fine, but those won't matter > when someone sniffs your plain text password and > source ip, then spoofs it and > logs in as you. > > Eric > > > "N. J. Cash" wrote: > > > > I have telnet enabled on my system running > 4.5-stable and have it hidden > > behind very strick ipfw rules so that the only IP > that has access to the box > > on port 23 is my home static IP, everything else > is denied by the firewall. > > I'm well aware of the risks of having telnet open > and how insecure it can be > > so, i'm just looking for some input here if this > sounds like a safe way to > > have the daemon running on a system. Would there > still be security risks > > involved > > that i'm not aware about running it this way? > > > > Here's basically what's going on in ipfw for port > 23. > > > > ipfw add 1400 allow log tcp from x.x.myip.x.x to > any 23 > > ipfw add 09000 deny log ip from any to any > > > > Look safe ? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of > the message > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur > Technology > If at first you don't succeed, sky diving is > probably not for you. > ------------------------------------------------------------------ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message __________________________________________________ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 13:58:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 7A72E37B41F for ; Thu, 14 Mar 2002 13:58:16 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020314215816.CKYV2626.rwcrmhc51.attbi.com@blossom.cjclark.org>; Thu, 14 Mar 2002 21:58:16 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2ELwFH41609; Thu, 14 Mar 2002 13:58:15 -0800 (PST) (envelope-from cjc) Date: Thu, 14 Mar 2002 13:58:15 -0800 From: "Crist J. Clark" To: "John R. Shannon" Cc: jack xiao , freebsd-security@FreeBSD.ORG Subject: Re: AES Message-ID: <20020314135815.H29705@blossom.cjclark.org> References: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com>; from john@johnrshannon.com on Thu, Mar 14, 2002 at 04:23:11AM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 14, 2002 at 04:23:11AM -0700, John R. Shannon wrote: > AES and DES are compared on this AES fact sheet: > > http://csrc.nist.gov/encryption/aes/aesfact.html > > The problem with DES is that it's 56 bit key, which was adequate in the 70s, > can be discovered by exhaustive keysearch. > > 3DES attacks this by applying DES 3 times: encrypt with 1 key, decrypt with a > second, and encrypt with a third. That depends. Many 3DES implementations encrypt with key 1, decrypt with key 2, and encrypt with key 1 again. This is because, > The best known attack on 3DES is O(2^108) > operations with something like 2^64 storage. You still get the same effective key length as you do by using three separate keys. The attack on the three separate keys basically reduces the problem two two keys, so why not just use two keys (the reduced problem) in the first place? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 14: 5:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.johnrshannon.com (mail.johnrshannon.com [208.141.183.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B7D137B421; Thu, 14 Mar 2002 14:04:56 -0800 (PST) Received: from pablo.johnrshannon.com (pablo.johnrshannon.com [192.168.1.3]) by mail.johnrshannon.com (Postfix) with ESMTP id 727DAE8B4; Thu, 14 Mar 2002 15:04:50 -0700 (MST) Received: from pablo.johnrshannon.com (localhost [127.0.0.1]) by pablo.johnrshannon.com (8.12.2/8.11.6) with ESMTP id g2EM4oVb002492; Thu, 14 Mar 2002 15:04:50 -0700 (MST) (envelope-from john@pablo.johnrshannon.com) Received: (from john@localhost) by pablo.johnrshannon.com (8.12.2/8.12.1/Submit) id g2EM4o3F002491; Thu, 14 Mar 2002 15:04:50 -0700 (MST)?g (envelope-from john) Message-Id: <200203142204.g2EM4o3F002491@pablo.johnrshannon.com> Content-Type: text/plain; charset="iso-8859-1" From: "John R. Shannon" Reply-To: john@johnrshannon.com To: "Crist J. Clark" Subject: Re: AES Date: Thu, 14 Mar 2002 15:04:50 -0700 X-Mailer: KMail [version 1.3.2] Cc: jack xiao , freebsd-security@FreeBSD.ORG References: <200203141123.g2EBNB7e006688@pablo.johnrshannon.com> <20020314135815.H29705@blossom.cjclark.org> In-Reply-To: <20020314135815.H29705@blossom.cjclark.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday 14 March 2002 02:58 pm, Crist J. Clark wrote: > That depends. Many 3DES implementations encrypt with key 1, decrypt > with key 2, and encrypt with key 1 again. I avoided going into that because I conjectured, from the original query, that the individual was looking for a quick answer as to what to specify in his ssh_config file. SSH uses three separate keys. -- John R. Shannon john@johnrshannon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 15:42:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by hub.freebsd.org (Postfix) with ESMTP id C618737B420 for ; Thu, 14 Mar 2002 15:42:26 -0800 (PST) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 7C8F25924 for ; Thu, 14 Mar 2002 15:42:26 -0800 (PST) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 306E63B1AB for ; Thu, 14 Mar 2002 15:42:26 -0800 (PST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: freebsd-security@freebsd.org Subject: Re: sshd UseLogin option In-Reply-To: Your message of Thu, 14 Mar 2002 09:42:53 MST. <15504.54029.424057.761653@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-317853754P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Thu, 14 Mar 2002 15:42:26 -0800 From: Eli Dart Message-Id: <20020314234226.306E63B1AB@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-317853754P Content-Type: text/plain; charset=us-ascii In reply to Nate Williams : > > > Could someone please explain to me why we don't use sshd's UseLogin > > > option by default? I know that there was a security hole related to > > > that option recently, but that's not a real reason - security holes > > > can show up anywhere - so is there anything that makes UseLogin a > > > particularly bad idea? > > > > Who uses system passwords with ssh(1)? > > We do for our remote access boxes that have numerous users accessing > them. Also, if you want to use sudo, you need to have local passwords. Yes, you can use keys as well, but many folks don't bother. --eli --==_Exmh_-317853754P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE8kTViLTFEeF+CsrMRAmFEAJoCbUb+fqaej0my6Gw0tcUXs+d3+ACg1ECU FNn2ZF3RLmC8N2aXxY7az3U= =Lj30 -----END PGP SIGNATURE----- --==_Exmh_-317853754P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 14 23: 6: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 24B9837B400 for ; Thu, 14 Mar 2002 23:06:01 -0800 (PST) Received: (qmail 3762 invoked by uid 1000); 15 Mar 2002 07:06:11 -0000 Date: Fri, 15 Mar 2002 09:06:11 +0200 From: Peter Pentchev To: "N. J. Cash" Cc: FreeBSD Security Subject: Re: telnet / ipfw question Message-ID: <20020315090611.A337@straylight.oblivion.bg> Mail-Followup-To: "N. J. Cash" , FreeBSD Security References: <003501c1cb81$2e12faa0$e8cede18@xeno> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003501c1cb81$2e12faa0$e8cede18@xeno>; from ncash@pei.eastlink.ca on Thu, Mar 14, 2002 at 01:53:42PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 14, 2002 at 01:53:42PM -0400, N. J. Cash wrote: > I have telnet enabled on my system running 4.5-stable and have it hidden > behind very strick ipfw rules so that the only IP that has access to the = box > on port 23 is my home static IP, everything else is denied by the firewal= l. > I'm well aware of the risks of having telnet open and how insecure it can= be > so, i'm just looking for some input here if this sounds like a safe way to > have the daemon running on a system. Would there still be security risks > involved > that i'm not aware about running it this way? >=20 > Here's basically what's going on in ipfw for port 23. >=20 > ipfw add 1400 allow log tcp from x.x.myip.x.x to any 23 > ipfw add 09000 deny log ip from any to any >=20 >=20 > Look safe ? I do not know about safe, but you either have not tested this, or are not showing us your complete ruleset. This, by itself, would allow packets from your IP address to any host's telnet port, but it will NOT allow the responses; thus, you will not even be able to establish a connection, let alone actually use telnet :) If this host is the server that you want to use, a better (actually working) firewall ruleset would contain something like.. ipfw add 1000 allow tcp from me to any setup ipfw add 1400 allow tcp from x.x.myip.x.x to me 23 setup ipfw add 9000 deny tcp from any to me 23 setup And.. others have already commented on the dangers of using telnet, I will not restate their arguments, just say that I agree in them that you should not really use telnet except in *very* exceptional circumstances (a really local-area network, and even then maybe only for access to routers, access servers, switches and such, that do not yet support SSH; and even some of those do now). G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence no verb. --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyRnWMACgkQ7Ri2jRYZRVPgmwCgstS6IU+12514PnEB5QxrzXjq fv4AoKC3ihRcKYno4HPpSOafetx6eXW4 =J9/t -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 4: 8:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from snmail.softnet.ro (snmail.SoftNet.ro [193.231.173.3]) by hub.freebsd.org (Postfix) with ESMTP id EFD2437B400 for ; Fri, 15 Mar 2002 04:08:32 -0800 (PST) Received: from softnet.ro ([193.231.173.125]) by snmail.softnet.ro (Lotus Domino Release 5.0.5) with ESMTP id 2002031513503578:12489 ; Fri, 15 Mar 2002 13:50:35 +0200 Message-ID: <3C91E020.9CB247E3@softnet.ro> Date: Fri, 15 Mar 2002 13:50:57 +0200 From: Florin MANAILA Organization: SoftNet Services X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: BSD Subject: !!! Syslog message !!! X-Priority: 1 (High) X-MIMETrack: Itemize by SMTP Server on server1/softnet(Release 5.0.5 |September 22, 2000) at 03/15/2002 01:50:35 PM, Serialize by Router on server1/softnet(Release 5.0.5 |September 22, 2000) at 03/15/2002 02:11:56 PM, Serialize complete at 03/15/2002 02:11:56 PM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I receve some strange error on my FreeBSD 4.5 : /kernel: microptime () went backwords (29281.21038151 -> 29281.820797) /kernel: microptime () went backwords (29281.21038151 -> 29281.639506) /kernel: microptime () went backwords (29281.21038151 -> 29281.639505) /kernel: microptime () went backwords (29281.21038151 -> 29281.639507) etc. ????? What's this strange error ???? My system wen I receve this error is work very , very slow , but all traffic that is make from an ether to anoter (from xl0 to xl1) is OK This system is a firewall/gateway freebsd-router with 200 CPU Pentium MMX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 4:13: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card4-0-cust77.cdf.cable.ntl.com [62.252.49.77]) by hub.freebsd.org (Postfix) with ESMTP id 6D32B37B404 for ; Fri, 15 Mar 2002 04:12:57 -0800 (PST) Received: from rasputin by shikima.mine.nu with local (Exim 3.35 #1) id 16lqZp-0005Ow-00; Fri, 15 Mar 2002 12:12:53 +0000 Date: Fri, 15 Mar 2002 12:12:53 +0000 From: Rasputin To: Florin MANAILA Cc: security@freebsd.org Subject: Re: !!! Syslog message !!! Message-ID: <20020315121253.A20726@shikima.mine.nu> Reply-To: Rasputin References: <3C91E020.9CB247E3@softnet.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C91E020.9CB247E3@softnet.ro>; from florin.manaila@softnet.ro on Fri, Mar 15, 2002 at 01:50:57PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Florin MANAILA [020315 12:09]: > Hi all, > I receve some strange error on my FreeBSD 4.5 : > > > /kernel: microptime () went backwords (29281.21038151 -> 29281.820797) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639506) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639505) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639507) Search the mailing list archives - saw a lot of posts about this a year or so back. Can't remember the fix, though. -- "What is the robbing of a bank compared to the FOUNDING of a bank?" -- Bertold Brecht Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 8:29:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-166-7.stny.rr.com [24.169.166.7]) by hub.freebsd.org (Postfix) with ESMTP id 4DECB37B404 for ; Fri, 15 Mar 2002 08:29:38 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.6) with ESMTP id g2FGTWo08804; Fri, 15 Mar 2002 11:29:32 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Fri, 15 Mar 2002 11:29:32 -0500 (EST) From: Matt Piechota To: Rasputin Cc: Florin MANAILA , Subject: Re: !!! Syslog message !!! In-Reply-To: <20020315121253.A20726@shikima.mine.nu> Message-ID: <20020315112506.T8772-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 15 Mar 2002, Rasputin wrote: > > /kernel: microptime () went backwords (29281.21038151 -> 29281.820797) > > /kernel: microptime () went backwords (29281.21038151 -> 29281.639506) > > /kernel: microptime () went backwords (29281.21038151 -> 29281.639505) > > /kernel: microptime () went backwords (29281.21038151 -> 29281.639507) > > Search the mailing list archives - saw a lot of posts about this a > year or so back. Can't remember the fix, though. The usual answer is disable APM in your kernel. If that doesn't work (and it didn't for one of my machines), you might just have an iffy clock chip (or processor[0]). For me disabling apm helped, but didn't fix the problem completely. This isn't really a security issue in any case, and we shouldn't be discussing it here. [0] I switched the processor from a AMD K62-350 to a AMD K63-450 and the problem went away. So either the processor was funky, or the board wasn't stable at 350, but was at 450. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 11:21:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id CDAD037B400 for ; Fri, 15 Mar 2002 11:21:55 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g2FJPZO53233; Fri, 15 Mar 2002 11:25:35 -0800 (PST) (envelope-from fasty) Date: Fri, 15 Mar 2002 11:25:35 -0800 From: faSty To: Florin MANAILA Cc: freebsd-security@freebsd.org Subject: Re: !!! Syslog message !!! Message-ID: <20020315112535.B53163@i-sphere.com> References: <3C91E020.9CB247E3@softnet.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C91E020.9CB247E3@softnet.ro>; from florin.manaila@softnet.ro on Fri, Mar 15, 2002 at 01:50:57PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you need ntpclient to update your time clock. -trev On Fri, Mar 15, 2002 at 01:50:57PM +0200, Florin MANAILA wrote: > Hi all, > I receve some strange error on my FreeBSD 4.5 : > > > /kernel: microptime () went backwords (29281.21038151 -> 29281.820797) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639506) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639505) > /kernel: microptime () went backwords (29281.21038151 -> 29281.639507) > > etc. > > ????? What's this strange error ???? > > My system wen I receve this error is work very , very slow , but all > traffic that is make from an ether to anoter (from xl0 to xl1) is OK > This system is a firewall/gateway freebsd-router with 200 CPU Pentium > MMX > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- H. L. Mencken suffers from the hallucination that he is H. L. Mencken -- there is no cure for a disease of that magnitude. -- Maxwell Bodenheim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 12: 5: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 7947E37B402 for ; Fri, 15 Mar 2002 12:05:00 -0800 (PST) Received: (qmail 84544 invoked from network); 15 Mar 2002 20:07:32 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 20:07:32 -0000 Message-ID: <001101c1cc5c$af84d460$0100a8c0@alexus> From: "alexus" To: Subject: openssh Date: Fri, 15 Mar 2002 15:04:59 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is there a way to disable that "banner" when someone telnets to port 22 SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 and/or disable any SSH daemon information retrieval? like: without person having access to my computer, that person can already obtain some of info SSH1 supported yes Supported authentification methods for SSH1 RSA,keyboard interactive,password Supported ciphers for SSH1 3des,blowfish SSH2 supported yes Supported keys exchange algorithm for SSH2 diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 Supported decryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se Supported encryption ciphers for SSH2 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se Supported decryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm ac-md5-96 Supported encryption mac for SSH2 hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm ac-md5-96 Supported authentification methods for SSH2 publickey,password,keyboard-interactive is there a way to *NOT* allowe user to get any info at all? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 12:49:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from svr3.applink.net (svr3.applink.net [206.50.88.3]) by hub.freebsd.org (Postfix) with ESMTP id 018C637B400 for ; Fri, 15 Mar 2002 12:49:06 -0800 (PST) Received: from home.ashavan.org. (pri12-10-99.applink.net [216.91.197.99]) by svr3.applink.net (8.12.1/8.12.1) with ESMTP id g2FKmoHN027331; Fri, 15 Mar 2002 14:48:51 -0600 Received: from there (IDENT:5PJ+72XuYarhEiJFBgYpWUqUtIenPdlA@argent.home.ashavan.org [172.16.10.50]) by home.ashavan.org. (8.11.6/8.11.6) with SMTP id g2FKirC17842; Fri, 15 Mar 2002 20:44:58 GMT Message-Id: <200203152044.g2FKirC17842@home.ashavan.org.> Content-Type: text/plain; charset="iso-8859-1" From: "\"\"" Reply-To: dirac@applink.net To: "alexus" , Subject: Re: openssh Date: Fri, 15 Mar 2002 14:48:17 -0600 X-Mailer: KMail [version 1.3.2] References: <001101c1cc5c$af84d460$0100a8c0@alexus> In-Reply-To: <001101c1cc5c$af84d460$0100a8c0@alexus> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday 15 March 2002 14:04, alexus wrote: > is there a way to disable that "banner" when someone telnets to port 22 Yes, edit the source code and put in fake info. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13: 8:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-e83a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.232]) by hub.freebsd.org (Postfix) with ESMTP id CE57037B402 for ; Fri, 15 Mar 2002 13:08:35 -0800 (PST) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id 95143715; Fri, 15 Mar 2002 22:07:12 +0100 (CET) Received: from 213.112.58.232 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Fri, 15 Mar 2002 22:07:12 +0100 (CET) Message-ID: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> Date: Fri, 15 Mar 2002 22:07:12 +0100 (CET) Subject: Is PortSentry really safe to use? From: "Jesper Wallin" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey.. Lets say I want to hide all my services by changing the standard ports on all server and run PortSentry.. I used to run my system like that before but yesterday a friend of mine was talking about a little security issue.. Lets say we run a system like that on www.blah.com, what happens if I run a traceroute on it and fake a portscan from his default gateway? Sure he can add the default gateway to the portsentry.ignore file but then I just take the box before that and the one before that and the... and so on.. Isn't PortSentry more like a problem then a help then? I'm not sure if all fo this work but I know it's possible to fake portscans with softwares like "rain" and other "custom packets" programs. Jesper Wallin (aka Z3l3zT) "it's better to be a lame hacker than a hacked lamer" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13:29:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96]) by hub.freebsd.org (Postfix) with ESMTP id 672EF37B402 for ; Fri, 15 Mar 2002 13:28:50 -0800 (PST) Received: from germanium (germanium.reverse-bias.org [192.168.1.1]) by tesla.foo.is (Postfix) with SMTP id 20AA0276B; Fri, 15 Mar 2002 21:28:44 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" From: Baldur Gislason To: "Jesper Wallin" Subject: Re: Is PortSentry really safe to use? Date: Fri, 15 Mar 2002 21:30:23 +0000 X-Mailer: KMail [version 1.2] References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Message-Id: <02031521302303.03229@germanium> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That's right, you cannot rely on portsentry in "stealth scan" mode, since SYN packets are easily spoofable. Baldur On Friday 15 March 2002 21:07, you wrote: > Hey.. > > Lets say I want to hide all my services by changing the standard ports on > all server and run PortSentry.. I used to run my system like that before > but yesterday a friend of mine was talking about a little security issue.. > > Lets say we run a system like that on www.blah.com, what happens if I run a > traceroute on it and fake a portscan from his default gateway? Sure he can > add the default gateway to the portsentry.ignore file but then I just take > the box before that and the one before that and the... and so on.. > > Isn't PortSentry more like a problem then a help then? I'm not sure if all > fo this work but I know it's possible to fake portscans with softwares like > "rain" and other "custom packets" programs. > > > Jesper Wallin (aka Z3l3zT) > "it's better to be a lame hacker than a hacked lamer" > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13:35: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 4152E37B417 for ; Fri, 15 Mar 2002 13:34:59 -0800 (PST) Received: (qmail 86075 invoked from network); 15 Mar 2002 21:37:30 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 21:37:30 -0000 Message-ID: <004701c1cc69$4131a710$0100a8c0@alexus> From: "alexus" To: Cc: , References: Subject: Re: openssh Date: Fri, 15 Mar 2002 16:34:56 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i do keep it up to date but since there was a vulnarability with open ssh 2.9.x everyone tells me to upgrade it to latest 3.x, but i trust freebsd team i keep latest -STABLE build, however most of the scaners they just look at the versions and they automaticly assume that this server can be exploited just for reaosn i run ssh 2.9.x ----- Original Message ----- From: To: "alexus" Cc: ; Sent: Friday, March 15, 2002 4:11 PM Subject: Re: openssh > It's better practice to ensure sshd is up-to-date and keep your banner. > Security by obscurity is an end run around the problem. Keeping > services up-to-date should be a primary concern. > > Cory Vokey > Systems Administrator > ACI/MessagingDirect > www.messagingdirect.com > www.aciworldwide.com > > > > > > "alexus" > Sent by: owner-freebsd-security@FreeBSD.ORG > 03/15/2002 01:04 PM > > > To: > cc: > Subject: openssh > > > is there a way to disable that "banner" when someone telnets to port 22 > > SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 > > and/or > > disable any SSH daemon information retrieval? like: without person having > access to my computer, that person can already obtain some of info > > SSH1 supported yes > Supported authentification methods for SSH1 RSA,keyboard > interactive,password > Supported ciphers for SSH1 3des,blowfish > SSH2 supported yes > Supported keys exchange algorithm for SSH2 > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > Supported decryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported encryption ciphers for SSH2 > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r > ijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > Supported decryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported encryption mac for SSH2 > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hm > ac-md5-96 > Supported authentification methods for SSH2 > publickey,password,keyboard-interactive > > > is there a way to *NOT* allowe user to get any info at all? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13:37: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.enic.cc (lobo.nic.cc [206.253.214.247]) by hub.freebsd.org (Postfix) with ESMTP id AC3C737B402 for ; Fri, 15 Mar 2002 13:37:01 -0800 (PST) Received: from smokey.lan.enic.cc (tailback [206.253.214.252]) by mail.enic.cc (Postfix) with ESMTP id 2C7756A912; Fri, 15 Mar 2002 13:37:01 -0800 (PST) Subject: Re: Is PortSentry really safe to use? From: Mark Foster To: Jesper Wallin Cc: Baldur Gislason , freebsd-security@freebsd.org In-Reply-To: <02031521302303.03229@germanium> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <02031521302303.03229@germanium> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 15 Mar 2002 13:37:00 -0800 Message-Id: <1016228221.10601.69.camel@smokey.lan.enic.cc> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This attack (spoofing) can be circumvented by using ingress filtering on your router or firewall. On Fri, 2002-03-15 at 13:30, Baldur Gislason wrote: > That's right, you cannot rely on portsentry in "stealth scan" mode, since SYN > packets are easily spoofable. > > Baldur > > On Friday 15 March 2002 21:07, you wrote: > > Hey.. > > > > Lets say I want to hide all my services by changing the standard ports on > > all server and run PortSentry.. I used to run my system like that before > > but yesterday a friend of mine was talking about a little security issue.. > > > > Lets say we run a system like that on www.blah.com, what happens if I run a > > traceroute on it and fake a portscan from his default gateway? Sure he can > > add the default gateway to the portsentry.ignore file but then I just take > > the box before that and the one before that and the... and so on.. > > > > Isn't PortSentry more like a problem then a help then? I'm not sure if all > > fo this work but I know it's possible to fake portscans with softwares like > > "rain" and other "custom packets" programs. > > > > > > Jesper Wallin (aka Z3l3zT) > > "it's better to be a lame hacker than a hacked lamer" > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -mdf [Mark D. Foster] Phone: 206-381-0449 System Administrator - eNIC Corporation Fax: 206-329-7107 or mergatroid on AIM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13:42:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 2200637B416; Fri, 15 Mar 2002 13:42:50 -0800 (PST) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id 5704424438; Fri, 15 Mar 2002 15:42:48 -0600 (CST) Message-Id: <5.1.0.14.0.20020315153913.061b8ea8@pop3s.schulte.org> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 15 Mar 2002 15:41:27 -0600 To: "alexus" , From: Christopher Schulte Subject: Re: openssh Cc: , In-Reply-To: <004701c1cc69$4131a710$0100a8c0@alexus> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 04:34 PM 3/15/2002 -0500, alexus wrote: >however most of the scaners they just look at the versions and they >automaticly assume that this server can be exploited just for reaosn i run >ssh 2.9.x And quite a few scanner will probe you no matter what banner is displayed. Changing the banner will not increase your security. Keeping up to date, using a packet filter, and having an IDS/backup will. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 13:53:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 1FFA437B402 for ; Fri, 15 Mar 2002 13:53:12 -0800 (PST) Received: from velvet.zaraska.dhs.org (velvet.zaraska.dhs.org [192.168.11.2]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP id 0E7261E38; Fri, 15 Mar 2002 21:53:08 +0000 (GMT) Received: from velvet.zaraska.dhs.org (velvet.zaraska.dhs.org [127.0.0.1]) by velvet.zaraska.dhs.org (8.11.2/8.11.2) with SMTP id g2FLqM901129; Fri, 15 Mar 2002 22:52:22 +0100 Date: Fri, 15 Mar 2002 22:52:21 +0100 From: Krzysztof Zaraska To: "Mark Foster" Cc: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-Id: <20020315225221.043fe3b8.kzaraska@student.uci.agh.edu.pl> In-Reply-To: <1016228221.10601.69.camel@smokey.lan.enic.cc> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> <02031521302303.03229@germanium> <1016228221.10601.69.camel@smokey.lan.enic.cc> Organization: University Of Mining And Metallurgy X-Mailer: Sylpheed version 0.6.2 (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 15 Mar 2002 13:37:00 -0800 Mark Foster wrote: > This attack (spoofing) can be circumvented by using ingress filtering on > your router or firewall. Not in all cases. A (partial) DoS can still be achieved by spoofing attack from external machines the network in question relies on, like DNS servers or HTTP proxies. An 'active response' mechanism in IDS can be valuable, provided it does not trigger on easily spoofable probes. -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 15:28:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id B342137B416 for ; Fri, 15 Mar 2002 15:28:07 -0800 (PST) Received: (qmail 87343 invoked from network); 15 Mar 2002 23:30:40 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 23:30:40 -0000 Message-ID: <004e01c1cc79$109ba730$0100a8c0@alexus> From: "alexus" To: , References: <001101c1cc5c$af84d460$0100a8c0@alexus> <200203152044.g2FKirC17842@home.ashavan.org.> Subject: Re: openssh Date: Fri, 15 Mar 2002 18:28:07 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is there a way to disable it at all? instead of puting fake info? ----- Original Message ----- From: """" To: "alexus" ; Sent: Friday, March 15, 2002 3:48 PM Subject: Re: openssh > On Friday 15 March 2002 14:04, alexus wrote: > > is there a way to disable that "banner" when someone telnets to port 22 > > Yes, edit the source code and put in fake info. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 15:29: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id E2E9437B405 for ; Fri, 15 Mar 2002 15:29:00 -0800 (PST) Received: (qmail 87354 invoked from network); 15 Mar 2002 23:31:33 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 23:31:33 -0000 Message-ID: <005a01c1cc79$307ea5c0$0100a8c0@alexus> From: "alexus" To: , "Christopher Schulte" Cc: , References: <5.1.0.14.0.20020315153913.061b8ea8@pop3s.schulte.org> Subject: Re: openssh Date: Fri, 15 Mar 2002 18:29:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I understand that changing banner won't increase any security, i'm asking if it's possible to remove it at all, I do not want for this banner to be appear at all, period. ----- Original Message ----- From: "Christopher Schulte" To: "alexus" ; Cc: ; Sent: Friday, March 15, 2002 4:41 PM Subject: Re: openssh > At 04:34 PM 3/15/2002 -0500, alexus wrote: > >however most of the scaners they just look at the versions and they > >automaticly assume that this server can be exploited just for reaosn i run > >ssh 2.9.x > > And quite a few scanner will probe you no matter what banner is displayed. > > Changing the banner will not increase your security. Keeping up to date, > using a packet filter, and having an IDS/backup will. > > -- > Christopher Schulte > http://www.schulte.org/ > Do not un-munge my @nospam.schulte.org > email address. This address is valid. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 15:37: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from palanthas.neverending.org (palanthas.neverending.org [167.206.208.232]) by hub.freebsd.org (Postfix) with ESMTP id 68D4C37B400 for ; Fri, 15 Mar 2002 15:37:00 -0800 (PST) Received: by palanthas.neverending.org (Postfix, from userid 1000) id D0FFB26D7C; Fri, 15 Mar 2002 18:37:00 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by palanthas.neverending.org (Postfix) with ESMTP id CA59C22EC3; Fri, 15 Mar 2002 18:37:00 -0500 (EST) Date: Fri, 15 Mar 2002 18:37:00 -0500 (EST) From: Frank Tobin To: alexus Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh In-Reply-To: <005a01c1cc79$307ea5c0$0100a8c0@alexus> Message-ID: <20020315183615.P35758-100000@palanthas.neverending.org> X-Bogus: aaron7@neverending.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org alexus, on 2002-03-15, wrote: > I understand that changing banner won't increase any security, i'm > asking if it's possible to remove it at all, I do not want for this > banner to be appear at all, period. Apparently it's an inappropriate question for freebsd-security, then. -- Frank Tobin http://www.neverending.org/~ftobin/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 15:37:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 8DFDB37B402 for ; Fri, 15 Mar 2002 15:37:48 -0800 (PST) Received: (qmail 87492 invoked from network); 15 Mar 2002 23:40:20 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 15 Mar 2002 23:40:20 -0000 Message-ID: <007e01c1cc7a$6ac24ec0$0100a8c0@alexus> From: "alexus" To: "Frank Tobin" Cc: References: <20020315183615.P35758-100000@palanthas.neverending.org> Subject: Re: openssh Date: Fri, 15 Mar 2002 18:37:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sorry ----- Original Message ----- From: "Frank Tobin" To: "alexus" Cc: Sent: Friday, March 15, 2002 6:37 PM Subject: Re: openssh > alexus, on 2002-03-15, wrote: > > > I understand that changing banner won't increase any security, i'm > > asking if it's possible to remove it at all, I do not want for this > > banner to be appear at all, period. > > Apparently it's an inappropriate question for freebsd-security, then. > > -- > Frank Tobin http://www.neverending.org/~ftobin/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 15:53:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id C65B937B400 for ; Fri, 15 Mar 2002 15:53:50 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.6) id g2FNrmt99923; Fri, 15 Mar 2002 18:53:48 -0500 (EST) (envelope-from wollman) Date: Fri, 15 Mar 2002 18:53:48 -0500 (EST) From: Garrett Wollman Message-Id: <200203152353.g2FNrmt99923@khavrinen.lcs.mit.edu> To: "alexus" Cc: Subject: Re: openssh In-Reply-To: <005a01c1cc79$307ea5c0$0100a8c0@alexus> References: <5.1.0.14.0.20020315153913.061b8ea8@pop3s.schulte.org> <005a01c1cc79$307ea5c0$0100a8c0@alexus> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > I understand that changing banner won't increase any security, i'm asking if > it's possible to remove it at all, I do not want for this banner to be > appear at all, period. Then don't run an SSH server. The banner is part of the protocol. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 16:26:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-239.dsl.lsan03.pacbell.net [64.165.226.239]) by hub.freebsd.org (Postfix) with ESMTP id 04F4B37B43D for ; Fri, 15 Mar 2002 16:26:29 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3BE6C66D5A; Fri, 15 Mar 2002 16:26:29 -0800 (PST) Date: Fri, 15 Mar 2002 16:26:29 -0800 From: Kris Kennaway To: Jesper Wallin Cc: freebsd-security@freebsd.org Subject: Re: Is PortSentry really safe to use? Message-ID: <20020315162629.D84361@xor.obsecurity.org> References: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="EP0wieDxd4TSJjHq" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <2332.213.112.58.232.1016226432.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, Mar 15, 2002 at 10:07:12PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --EP0wieDxd4TSJjHq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 15, 2002 at 10:07:12PM +0100, Jesper Wallin wrote: > Hey.. >=20 > Lets say I want to hide all my services by changing the standard ports on > all server and run PortSentry.. I used to run my system like that before = but > yesterday a friend of mine was talking about a little security issue.. >=20 > Lets say we run a system like that on www.blah.com, what happens if I run= a > traceroute on it and fake a portscan from his default gateway? Sure he can > add the default gateway to the portsentry.ignore file but then I just take > the box before that and the one before that and the... and so on.. >=20 > Isn't PortSentry more like a problem then a help then? I'm not sure if all > fo this work but I know it's possible to fake portscans with softwares li= ke > "rain" and other "custom packets" programs. Yes, it's dangerous and you need to be absolutely sure you know what you're doing (e.g. what can be spoofed and what cannot) before you start configuring active responses to traffic. Kris --EP0wieDxd4TSJjHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8kpEyWry0BWjoQKURAmfAAKDn4jKvuL3dr10yLC4zlgDDB5et8gCg6URV qcEygKBNDBY6Su3wz1GSK8A= =MgVE -----END PGP SIGNATURE----- --EP0wieDxd4TSJjHq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 18:19:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from dns1.digitalglobe.com (dns1.digitalglobe.com [205.166.175.34]) by hub.freebsd.org (Postfix) with ESMTP id CF31337B417 for ; Fri, 15 Mar 2002 18:19:01 -0800 (PST) Received: from lohr.digitalglobe.com (lohr.digitalglobe.com [10.10.11.18]) by dns1.digitalglobe.com (8.11.6/8.11.4) with ESMTP id g2G2IJv90138; Fri, 15 Mar 2002 19:18:32 -0700 (MST) Subject: Re: sshd UseLogin option From: John-David Childs To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2-4mdk Date: 15 Mar 2002 19:18:19 -0700 Message-Id: <1016245112.5568.15.camel@lohr.digitalglobe.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Keeping UseLogin off allows for more controlled environments, e.g. environments where users might not have a shell account...but still require a valid shell for sftp and scp. Also, for those who care... From session.c if (options.use_login) { packet_send_debug("X11 forwarding disabled; " "not compatible with UseLogin=yes."); return 0; On Wed, 2002-03-13 at 06:51, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? > > DES > -- > Dag-Erling Smorgrav - des@ofug.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 18:39:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 7077937B41C for ; Fri, 15 Mar 2002 18:39:00 -0800 (PST) Received: (qmail 88414 invoked from network); 16 Mar 2002 02:41:32 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 16 Mar 2002 02:41:32 -0000 Message-ID: <001701c1cc93$ba83e770$0100a8c0@alexus> From: "alexus" To: "Garrett Wollman" Cc: References: <5.1.0.14.0.20020315153913.061b8ea8@pop3s.schulte.org><005a01c1cc79$307ea5c0$0100a8c0@alexus> <200203152353.g2FNrmt99923@khavrinen.lcs.mit.edu> Subject: Re: openssh Date: Fri, 15 Mar 2002 21:38:59 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wasn't aware of that banner is part of the protocol. the only reason i wanted it to be removed is due to when scaners scan my box they saying that my box is vulnerable due to it runs 2.9.x instead of latest 3.1.x, and sine i run -STABLE i'm pretty much sure that there is no vulnerabilty there. ----- Original Message ----- From: "Garrett Wollman" To: "alexus" Cc: Sent: Friday, March 15, 2002 6:53 PM Subject: Re: openssh > < said: > > > I understand that changing banner won't increase any security, i'm asking if > > it's possible to remove it at all, I do not want for this banner to be > > appear at all, period. > > Then don't run an SSH server. The banner is part of the protocol. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 15 22:48: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id 8F21537B400 for ; Fri, 15 Mar 2002 22:48:04 -0800 (PST) Received: from tarmap.nospam.schulte.org (tarmap.schulte.org [209.134.156.198]) by clink.schulte.org (Postfix) with ESMTP id BD26D243BF; Sat, 16 Mar 2002 00:48:01 -0600 (CST) Message-Id: <5.1.0.14.0.20020316004252.0504be40@pop3s.schulte.org> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 16 Mar 2002 00:47:57 -0600 To: "alexus" , "Garrett Wollman" From: Christopher Schulte Subject: Re: openssh Cc: In-Reply-To: <001701c1cc93$ba83e770$0100a8c0@alexus> References: <5.1.0.14.0.20020315153913.061b8ea8@pop3s.schulte.org> <005a01c1cc79$307ea5c0$0100a8c0@alexus> <200203152353.g2FNrmt99923@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:38 PM 3/15/2002 -0500, alexus wrote: >the only reason i wanted it to be removed is due to when scaners scan my box >they saying that my box is vulnerable due to it runs 2.9.x instead of latest >3.1.x, and sine i run -STABLE i'm pretty much sure that there is no >vulnerabilty there. I promise that you will be probed no matter what the banner version says. If you don't like this, firewall the port off from the public network. That will stop the probes. As was already spoken of, the banner is part of the client/server protocol handshake, you'd be better off leaving it well alone. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 16 6:57:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 1648737B404; Sat, 16 Mar 2002 06:57:49 -0800 (PST) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g2GEvlF29690; Sat, 16 Mar 2002 09:57:47 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 16 Mar 2002 09:57:46 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Poul-Henning Kamp Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: Userland Hacker Task: divert socket listener... In-Reply-To: <35126.1015973393@critter.freebsd.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Heh. I had something a little like that at one point -- it just acted as a pass-through, but also logged in the pcap format. I thought someone had done modifications to tcpdump to allow it to speak to divert sockets, don't know that it was ever actually committed. Might be in the PR's still. Was great for testing and understanding firewall rules. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > > Here is something I miss a lot: > > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. > > Specifically I want to direct all unwanted trafic from my ipfw rules > into the divert socket and have the program examine these packets > and when configured thresholds were exceeded take actions like: > > Add a blackhole route for a period of time to the source > IP to prevent any packets getting back to the attacker. > > Add a blocking ipfw rule for incoming trafic from the > attackers IP# for some period of time. > > Add a divert ipfw rule for incoming trafic from the > attackers IP# to capture all the tricks he is trying to > do. > > Log the received packets in detail in pcap format files. > > Report the packets to Dshield.org > > etc. > > Any takers ? > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 16 12: 6:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id 3A26137B400; Sat, 16 Mar 2002 12:06:11 -0800 (PST) Received: by tao.org.uk (Postfix, from userid 100) id B598B2FB; Sat, 16 Mar 2002 20:05:14 +0000 (GMT) Date: Sat, 16 Mar 2002 20:05:14 +0000 From: Josef Karthauser To: Robert Watson Cc: Poul-Henning Kamp , hackers@freebsd.org, security@freebsd.org Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <20020316200514.GC1154@genius.tao.org.uk> References: <35126.1015973393@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4jXrM3lyYWu4nBt5" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --4jXrM3lyYWu4nBt5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote: > Heh. I had something a little like that at one point -- it just acted as a > pass-through, but also logged in the pcap format. I thought someone had > done modifications to tcpdump to allow it to speak to divert sockets, > don't know that it was ever actually committed. Might be in the PR's > still. Was great for testing and understanding firewall rules. ... and essential for debuging ipsec and tunnelled connections properly ;). Joe --4jXrM3lyYWu4nBt5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyTpXoACgkQXVIcjOaxUBZDjgCcDWnM48GuADez1D2Zoo5xtgHk oWoAnjeFMaTUUg0hBG8+W45I19QS3reE =QOZR -----END PGP SIGNATURE----- --4jXrM3lyYWu4nBt5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 16 21:12:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from naughty.monkey.org (naughty.monkey.org [204.181.64.8]) by hub.freebsd.org (Postfix) with ESMTP id 1D70737B404; Sat, 16 Mar 2002 21:12:24 -0800 (PST) Received: by naughty.monkey.org (Postfix, from userid 1001) id 5864917AD04; Sun, 17 Mar 2002 00:12:18 -0500 (EST) Date: Sun, 17 Mar 2002 00:12:18 -0500 From: Dug Song To: Robert Watson Cc: Poul-Henning Kamp , hackers@freebsd.org, security@freebsd.org Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <20020317051218.GM30121@naughty.monkey.org> References: <35126.1015973393@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote: > Heh. I had something a little like that at one point -- it just > acted as a pass-through, but also logged in the pcap format. I > thought someone had done modifications to tcpdump to allow it to > speak to divert sockets, don't know that it was ever actually > committed. Might be in the PR's still. Was great for testing and > understanding firewall rules. in OpenBSD pf, packets matching a 'log' rule are dup'd to the pflog dummy device, annotated with an additional header (interface, rule number, reason, etc.). you can then use pflogd, tcpdump (either in OpenBSD or from tcpdump.org), or snort listening on pflog0 to save the packets in pcap format, print them out, or analyze them for attacks, etc. -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message