From owner-freebsd-security Sun Mar 16 14: 0:27 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3848037B401 for ; Sun, 16 Mar 2003 14:00:25 -0800 (PST) Received: from wvths.com (h0009b74df4c5.ne.client2.attbi.com [66.31.200.227]) by mx1.FreeBSD.org (Postfix) with SMTP id 94C9B43F3F for ; Sun, 16 Mar 2003 14:00:23 -0800 (PST) (envelope-from sysadmin@wvths.com) Received: from wvths.com (www.wvths.com [192.168.0.6]) by wvths.com (WVTHS Mail Gateway) with SMTP id 8092D115BA for ; Sun, 16 Mar 2003 17:02:56 -0500 (EST) Received: from 24.218.220.202 (SquirrelMail authenticated user sysadmin) by webmail.wvths.com with HTTP; Sun, 16 Mar 2003 17:01:29 -0500 (EST) Message-ID: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> Date: Sun, 16 Mar 2003 17:01:29 -0500 (EST) Subject: openssh 3.5 connection timeout From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello list, I am having a problem with establishing the connection to the ssh server runnning on 4.7 as well as 5.0. The tcpdump capture shows that the OpenSSH server tries to resolve the the IP address of the client by doing the series of 4-8 PTR queries to the UDP port 53 of 127.0.0.1. The timeout takes about 38-40 seconds. After that I get the password prompt as usual. Has anyone anyone seen this behavior before or know of the solution? Any input will be apreciated. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 16 16:35:58 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 890A037B401 for ; Sun, 16 Mar 2003 16:35:56 -0800 (PST) Received: from mail.opensourcegroup.com (mail.opensourcegroup.com [66.207.128.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6DDA43F85 for ; Sun, 16 Mar 2003 16:35:55 -0800 (PST) (envelope-from jason@sopko.net) Received: from sopko.net (hades.cirqular.com [66.207.137.3]) by mail.opensourcegroup.com (Postfix) with ESMTP id 6A55C5BA7D for ; Sun, 16 Mar 2003 19:35:49 -0500 (EST) Message-ID: <3E75185F.9070001@sopko.net> Date: Sun, 16 Mar 2003 19:35:43 -0500 From: Jason Sopko User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030206 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: openssh 3.5 connection timeout References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> In-Reply-To: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sysadmin@wvths.com wrote: >Hello list, > > I am having a problem with establishing the connection to the ssh server >runnning on 4.7 as well as 5.0. > > The tcpdump capture shows that the OpenSSH server tries to resolve the >the IP address of the client by doing the series of 4-8 PTR queries to >the UDP port 53 of 127.0.0.1. The timeout takes about 38-40 seconds. >After that I get the password prompt as usual. > >Has anyone anyone seen this behavior before or know of the solution? Any >input will be apreciated. > >Thanks. > > You probably have 127.0.0.1 in /etc/resolv.conf, and your ssh server is trying to lookup the PTR record for the client host as it connects. If it's timing out, that would tell me that you most likely don't have DNS running locally and have no other entries in /etc/resolv.conf for the server to look to. Change /etc/resolv.conf to have the IP address of a valid DNS host, and either remove 127.0.0.1 or install and configure BIND properly and you should be fine ///Jason To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 16 19:25:17 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC89C37B401 for ; Sun, 16 Mar 2003 19:25:14 -0800 (PST) Received: from wvths.com (h0009b74df4c5.ne.client2.attbi.com [66.31.200.227]) by mx1.FreeBSD.org (Postfix) with SMTP id BE08D43F3F for ; Sun, 16 Mar 2003 19:25:13 -0800 (PST) (envelope-from sysadmin@wvths.com) Received: from wvths.com (www.wvths.com [192.168.0.6]) by wvths.com (WVTHS Mail Gateway) with SMTP id 89E69115BA for ; Sun, 16 Mar 2003 22:27:46 -0500 (EST) Received: from 24.218.220.202 (SquirrelMail authenticated user sysadmin) by webmail.wvths.com with HTTP; Sun, 16 Mar 2003 22:26:19 -0500 (EST) Message-ID: <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> Date: Sun, 16 Mar 2003 22:26:19 -0500 (EST) Subject: Re: openssh 3.5 connection timeout From: To: In-Reply-To: References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, /etc/resolv.conf lists the valid DNS servers, which don't include 127.0.0.1 as I'm not running bind locally. The connection timeout disapears after satrting named locally. Following Dag-Erling Sm=F8rgrav's advise on starting sshd in debugging mo= de, I don't get "debug1: res_init()". I'm currently using FreeBSD 4.7-p6 and openssh 3.5 built today(03/16). I'll upgrade to 4-STABLE today and post i= f anything changes .. Thanks for replies so far ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 16 22:10:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEEC237B401 for ; Sun, 16 Mar 2003 22:10:32 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [212.14.80.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41D5D43FBD for ; Sun, 16 Mar 2003 22:10:31 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9]) by buexe.b-5.de (8.11.6/8.11.6/b-5/buexe-2.2) with ESMTP id h2H6ARt26528; Mon, 17 Mar 2003 07:10:28 +0100 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 236B95E0; Mon, 17 Mar 2003 07:10:27 +0100 (CET) Date: Mon, 17 Mar 2003 07:10:27 +0100 To: sysadmin@wvths.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh 3.5 connection timeout Message-ID: <20030317061027.GA27778@lupe-christoph.de> References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> User-Agent: Mutt/1.5.3i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, 2003-03-16 at 22:26:19 -0500, sysadmin@wvths.com wrote: > /etc/resolv.conf lists the valid DNS servers, which don't include > 127.0.0.1 as I'm not running bind locally. The connection timeout > disapears after satrting named locally. If there is no /etc/resolv.conf, the resolver falls back to 127.0.0.1. I'd bet (if I did any betting ;-) you have UsePrivilegeSeparation yes in your /etc/ssh/sshd_config. When /etc/resolv.conf is opened, sshd is already chrooted. Either set UsePrivilegeSeparation to no (not recommended), put a /etc/resolve.conf in /var/empty (not too good), or set ReverseMappingCheck to no (better). You may also want to run a local caching named (best). > Following Dag-Erling Smørgrav's advise on starting sshd in debugging mode, > I don't get "debug1: res_init()". I'm currently using FreeBSD 4.7-p6 and > openssh 3.5 built today(03/16). I'll upgrade to 4-STABLE today and post if > anything changes .. This is not a bug in OpenSSH, and has been discussed here before. HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 17 4:36:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4758337B401 for ; Mon, 17 Mar 2003 04:36:17 -0800 (PST) Received: from wvths.com (h0009b74df4c5.ne.client2.attbi.com [66.31.200.227]) by mx1.FreeBSD.org (Postfix) with SMTP id 2F3AD43F85 for ; Mon, 17 Mar 2003 04:36:16 -0800 (PST) (envelope-from sysadmin@wvths.com) Received: from wvths.com (www.wvths.com [192.168.0.6]) by wvths.com (WVTHS Mail Gateway) with SMTP id A906C115BA for ; Mon, 17 Mar 2003 07:38:49 -0500 (EST) Received: from 192.168.0.51 (SquirrelMail authenticated user sysadmin) by webmail.wvths.com with HTTP; Mon, 17 Mar 2003 07:37:21 -0500 (EST) Message-ID: <1158.192.168.0.51.1047904641.squirrel@webmail.wvths.com> Date: Mon, 17 Mar 2003 07:37:21 -0500 (EST) Subject: Re: openssh 3.5 connection timeout - SOLVED From: To: In-Reply-To: References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <16705.24.218.220.202.1047871579.squirrel@webmail.wvths.com> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just cvsup'd to 4-STABLE(4.8-RC) and the timeout seems to have disappear= ed. Thanks everyone for reply and have a nice day ;] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 17 10:22:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8F1B37B401 for ; Mon, 17 Mar 2003 10:22:15 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [212.14.80.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3BE643FBD for ; Mon, 17 Mar 2003 10:22:13 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9]) by buexe.b-5.de (8.11.6/8.11.6/b-5/buexe-2.2) with ESMTP id h2HILBt29364; Mon, 17 Mar 2003 19:21:11 +0100 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 8FD535E0; Mon, 17 Mar 2003 19:21:10 +0100 (CET) Date: Mon, 17 Mar 2003 19:21:10 +0100 To: Tobias Roth Cc: freebsd-security@FreeBSD.ORG Subject: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) Message-ID: <20030317182110.GJ12105@lupe-christoph.de> References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <20030317074556.GA28299@speedy.unibe.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030317074556.GA28299@speedy.unibe.ch> User-Agent: Mutt/1.5.3i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday, 2003-03-17 at 08:45:56 +0100, Tobias Roth wrote: > Please do not direct application-specific questions to freebsd-security. > Even if the application is related to security, freebsd-questions (or > other lists) are the place to get help, not freebsd-security. We had this discussion a while ago. There is no mailing list that provides qualified answers to security-related questions. You are fighting windmills. These questions will come to this mailing list, as long as there is no freebsd-security-questions. Sorry, I have no idea what needs to be done to start such a mailing list. Can people more versed in the FreeBSD mailing list procedures please explain how such a mailing list can be started? > Also, please do not reply to offtopic questions. It will only encourage > the sender to send more offtopic questions. If you would like to reply > anyway, remind the sender that he or she sent an offtopic message and > do not cc your reply to the mailing list, send it privately. So that people who search the mailing list archives first be unable to find the answer and send their question to the list anyway? Lupe Christoph PS: I have to admit that I'm always confused by the difference in policies between debian-security and freebsd-security. The Debian crowd welcomes all questions related to security while the freebsd crowd seems to be obsessed with policies. -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 17 10:33:44 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 314B837B401 for ; Mon, 17 Mar 2003 10:33:41 -0800 (PST) Received: from web10105.mail.yahoo.com (web10105.mail.yahoo.com [216.136.130.55]) by mx1.FreeBSD.org (Postfix) with SMTP id 0985C43F3F for ; Mon, 17 Mar 2003 10:33:40 -0800 (PST) (envelope-from twigles@yahoo.com) Message-ID: <20030317183339.47873.qmail@web10105.mail.yahoo.com> Received: from [68.5.49.41] by web10105.mail.yahoo.com via HTTP; Mon, 17 Mar 2003 10:33:39 PST Date: Mon, 17 Mar 2003 10:33:39 -0800 (PST) From: twig les Subject: Re: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) To: Lupe Christoph Cc: freebsd-security@freebsd.org In-Reply-To: <20030317182110.GJ12105@lupe-christoph.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Please don't think that the FreeBSD community is obsessed with policy. Most ppl I know that run FreeBSD would never complain about this garbage. It's splitting hairs and IMO a waste of everyone's time. --- Lupe Christoph wrote: > On Monday, 2003-03-17 at 08:45:56 +0100, Tobias Roth wrote: > > > Please do not direct application-specific questions to > freebsd-security. > > Even if the application is related to security, > freebsd-questions (or > > other lists) are the place to get help, not > freebsd-security. > > We had this discussion a while ago. There is no mailing list > that > provides qualified answers to security-related questions. You > are > fighting windmills. These questions will come to this mailing > list, as > long as there is no freebsd-security-questions. > > Sorry, I have no idea what needs to be done to start such a > mailing > list. Can people more versed in the FreeBSD mailing list > procedures > please explain how such a mailing list can be started? > > > Also, please do not reply to offtopic questions. It will > only encourage > > the sender to send more offtopic questions. If you would > like to reply > > anyway, remind the sender that he or she sent an offtopic > message and > > do not cc your reply to the mailing list, send it privately. > > So that people who search the mailing list archives first be > unable to > find the answer and send their question to the list anyway? > > Lupe Christoph > > PS: I have to admit that I'm always confused by the difference > in > policies between debian-security and freebsd-security. The > Debian > crowd welcomes all questions related to security while the > freebsd > crowd seems to be obsessed with policies. > -- > | lupe@lupe-christoph.de | > http://www.lupe-christoph.de/ | > | Big Misunderstandings #6398: The Titanic was not supposed to > be | > | unsinkable. The designer had a speech impediment. He said: > "I have | > | thith great unthinkable conthept ..." > | > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 17 10:44:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2337937B404 for ; Mon, 17 Mar 2003 10:44:16 -0800 (PST) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD7DF43F75 for ; Mon, 17 Mar 2003 10:44:14 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.3/8.12.3) with ESMTP id h2HIf1Ju005452; Mon, 17 Mar 2003 10:41:01 -0800 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.3/8.12.3/Submit) id h2HIf1lI005451; Mon, 17 Mar 2003 10:41:01 -0800 Date: Mon, 17 Mar 2003 10:41:01 -0800 From: Brooks Davis To: Lupe Christoph Cc: Tobias Roth , freebsd-security@FreeBSD.ORG Subject: Re: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) Message-ID: <20030317104101.D21173@Odin.AC.HMC.Edu> References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <20030317074556.GA28299@speedy.unibe.ch> <20030317182110.GJ12105@lupe-christoph.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="/unnNtmY43mpUSKx" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030317182110.GJ12105@lupe-christoph.de>; from lupe@lupe-christoph.de on Mon, Mar 17, 2003 at 07:21:10PM +0100 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --/unnNtmY43mpUSKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 17, 2003 at 07:21:10PM +0100, Lupe Christoph wrote: > PS: I have to admit that I'm always confused by the difference in > policies between debian-security and freebsd-security. The Debian > crowd welcomes all questions related to security while the freebsd > crowd seems to be obsessed with policies. freebsd-security gained a strict no general questions policy recently because it was discovered that virtually no developers were reading the list due to all the stupid questions. This included most of the developers who do anything related to security. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --/unnNtmY43mpUSKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dha8XY6L6fI4GtQRAqBQAJ40aXEiddxhDjk2GI269igTKzBH8QCgujnu YGgyxVv/SCv07nT/VQtwqgg= =Asky -----END PGP SIGNATURE----- --/unnNtmY43mpUSKx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 17 13: 0: 8 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09E2E37B401 for ; Mon, 17 Mar 2003 13:00:06 -0800 (PST) Received: from buexe.b-5.de (buexe.b-5.de [212.14.80.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90AA043F3F for ; Mon, 17 Mar 2003 13:00:02 -0800 (PST) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9]) by buexe.b-5.de (8.11.6/8.11.6/b-5/buexe-2.2) with ESMTP id h2HKwxt30250; Mon, 17 Mar 2003 21:58:59 +0100 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 8BA815E0; Mon, 17 Mar 2003 21:58:55 +0100 (CET) Date: Mon, 17 Mar 2003 21:58:55 +0100 To: Brooks Davis Cc: Tobias Roth , freebsd-security@FreeBSD.ORG Subject: Re: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) Message-ID: <20030317205855.GA308@lupe-christoph.de> References: <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <20030317074556.GA28299@speedy.unibe.ch> <20030317182110.GJ12105@lupe-christoph.de> <20030317104101.D21173@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030317104101.D21173@Odin.AC.HMC.Edu> User-Agent: Mutt/1.5.3i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday, 2003-03-17 at 10:41:01 -0800, Brooks Davis wrote: > On Mon, Mar 17, 2003 at 07:21:10PM +0100, Lupe Christoph wrote: > > PS: I have to admit that I'm always confused by the difference in > > policies between debian-security and freebsd-security. The Debian > > crowd welcomes all questions related to security while the freebsd > > crowd seems to be obsessed with policies. > freebsd-security gained a strict no general questions policy recently > because it was discovered that virtually no developers were reading > the list due to all the stupid questions. This included most of the > developers who do anything related to security. Maybe this means that freebsd-security is already a "questions" list. Maybe this means that a security-devel list is in order. Or maybe developers don't need a security list because security is always foremost in their minds ;-) My experience is that a mailing list that has been lost to a group of people has a real challenge regaining those people. It seems to be easier to start a new mailing list. Full-disclosure had a really good start until it fell prey to Stoopid Eediots (tm) who used it for their ego wars. Freebsd-security-devel? Moderated? Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 3:59: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB89437B404 for ; Tue, 18 Mar 2003 03:58:57 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9102943F75 for ; Tue, 18 Mar 2003 03:58:56 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h2IBwtIo084071; Tue, 18 Mar 2003 11:58:55 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h2IBwtAA084070; Tue, 18 Mar 2003 11:58:55 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.8/8.12.7) with ESMTP id h2IBwu4j028502; Tue, 18 Mar 2003 11:58:56 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200303181158.h2IBwu4j028502@grimreaper.grondar.org> To: lupe@lupe-christoph.de (Lupe Christoph) Cc: freebsd-security@FreeBSD.ORG Subject: Administrativia: Mailing list procedures. In-Reply-To: Your message of "Mon, 17 Mar 2003 19:21:10 +0100." <20030317182110.GJ12105@lupe-christoph.de> Date: Tue, 18 Mar 2003 11:58:56 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lupe Christoph writes: > We had this discussion a while ago. There is no mailing list that > provides qualified answers to security-related questions. You are > fighting windmills. These questions will come to this mailing list, as > long as there is no freebsd-security-questions. I've been tolerating certain QnA sessions as long as they were short and somewhat security focussed, with no answer already available. > Sorry, I have no idea what needs to be done to start such a mailing > list. Can people more versed in the FreeBSD mailing list procedures > please explain how such a mailing list can be started? Sure. :-) We are looking at more up-to-date mailing list software. Watch this spot. I certainly intend to set up a security-questions list. The need for new software came after I set myself up as list-owner of this list. 600-700 bounces _per_message_ was not funny. I've manually removed the more chronic bouncers, and now it its a more reasonable <100 bounces per posting :-(. > PS: I have to admit that I'm always confused by the difference in > policies between debian-security and freebsd-security. The Debian > crowd welcomes all questions related to security while the freebsd > crowd seems to be obsessed with policies. We are not Debian. I can't speak for them. In our case, security@ was a virtual clone of questions@, and most of the security folks that I know either unsubscribed or scanned the list very infrequently. I do see the need for a questions list, but I _don't_ want yet-another-noise-channel. We have enough of those already. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 5:22:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80F1137B401 for ; Tue, 18 Mar 2003 05:22:24 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5AB843F3F for ; Tue, 18 Mar 2003 05:22:22 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.8/8.12.5) with ESMTP id h2IDMMKd021215; Tue, 18 Mar 2003 06:22:22 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.8/8.12.5/Submit) id h2IDMJlI021214; Tue, 18 Mar 2003 06:22:19 -0700 (MST) Date: Tue, 18 Mar 2003 06:22:19 -0700 From: Duncan Patton a Campbell To: Mark Murray Cc: lupe@lupe-christoph.de, freebsd-security@FreeBSD.ORG Subject: Re: Administrativia: Mailing list procedures. Message-Id: <20030318062219.4da69ba8.campbell@neotext.ca> In-Reply-To: <200303181158.h2IBwu4j028502@grimreaper.grondar.org> References: <20030317182110.GJ12105@lupe-christoph.de> <200303181158.h2IBwu4j028502@grimreaper.grondar.org> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="9CgOsF.l=.pbOq9c" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --9CgOsF.l=.pbOq9c Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 18 Mar 2003 11:58:56 +0000 Mark Murray wrote: > Lupe Christoph writes: > > We had this discussion a while ago. There is no mailing list that > > provides qualified answers to security-related questions. You are > > fighting windmills. These questions will come to this mailing list, as > > long as there is no freebsd-security-questions. > > I've been tolerating certain QnA sessions as long as they were > short and somewhat security focussed, with no answer already > available. > > > Sorry, I have no idea what needs to be done to start such a mailing > > list. Can people more versed in the FreeBSD mailing list procedures > > please explain how such a mailing list can be started? > > Sure. :-) > > We are looking at more up-to-date mailing list software. Watch this spot. > I certainly intend to set up a security-questions list. > > The need for new software came after I set myself up as list-owner of > this list. 600-700 bounces _per_message_ was not funny. I've manually > removed the more chronic bouncers, and now it its a more reasonable > <100 bounces per posting :-(. > > > PS: I have to admit that I'm always confused by the difference in > > policies between debian-security and freebsd-security. The Debian > > crowd welcomes all questions related to security while the freebsd > > crowd seems to be obsessed with policies. > Only _some_ folks around here, like our self-appointed net-nanny, have these kind of fetishistic obsessions. Recently one of our more idiot-minded policies, regarding subscriber-only posts, was abandoned. However there is some other stink in the ointment: every time I post something the nannies object to, my email feed from this list ceases for a while. Strange but true. Dhu > We are not Debian. I can't speak for them. In our case, security@ > was a virtual clone of questions@, and most of the security folks > that I know either unsubscribed or scanned the list very infrequently. > > I do see the need for a questions list, but I _don't_ want > yet-another-noise-channel. We have enough of those already. > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --9CgOsF.l=.pbOq9c Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+dx2LXgQtJ7uBra8RAr/QAJ9wz/DSkXOtGixvezzb/ybHhnkyegCgwexK D9knUCty+BJl08zIk07XHlU= =fDUP -----END PGP SIGNATURE----- --9CgOsF.l=.pbOq9c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 6: 0:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B30037B401 for ; Tue, 18 Mar 2003 06:00:15 -0800 (PST) Received: from leopold.manicmoment.net (leopold.manicmoment.net [198.31.26.194]) by mx1.FreeBSD.org (Postfix) with SMTP id 225C943F85 for ; Tue, 18 Mar 2003 06:00:14 -0800 (PST) (envelope-from gkuhn@leopold.manicmoment.net) Received: (qmail 4355 invoked by uid 1000); 18 Mar 2003 14:00:13 -0000 Date: Tue, 18 Mar 2003 07:00:13 -0700 From: Gregory Kuhn To: freebsd-security@freebsd.org Subject: Re: Administrativia: Mailing list procedures. Message-ID: <20030318140013.GA4276@leopold.manicmoment.net> References: <20030317182110.GJ12105@lupe-christoph.de> <200303181158.h2IBwu4j028502@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303181158.h2IBwu4j028502@grimreaper.grondar.org> User-Agent: Mutt/1.4i Organization: Manicmoment Network Services X-URL: http://www.manicmoment.net X-Operating-System: FreeBSD 4.7-RELEASE-p7 X-GPG-Fingerprint: CEA9 41B9 7453 69C8 D0EF 4B59 7078 D758 475C C7C0 X-GPG-Key: http://id.manicmoment.net/~gkuhn/pubkey.php Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Mark, May I recommend running ezmlm as your mailing list software on top of qmail as your mail server software. ezmlm will handle all the bounces automatically without any assistance from you at all. You will not be bothered with the bounces, nor will anyone else, except those whose mail is bouncing. ezmlm can handle mailing lists with 100s of thousands of subscribers and the subscribe/ unsubscribe process is much more straight-forward than it is with majordomo. Another plus of ezmlm is that it is easy to control the parameters of each individule list, i.e., one list requires all posts be from subscribers only, another list could be configured to allow anyone to post, it is even possible to have an announcement list where people can subscribe but only the moderator can post, as well as moderated post mailing lists. I recommend qmail as the MTA as it can handle very large volumes of messages, is very secure against unauthorized relaying, and it interfaces with ezmlm as if the two were written for each other. Gregory Kuhn On Tue, Mar 18, 2003 at 11:58:56AM +0000, Mark Murray wrote: > Lupe Christoph writes: > > We had this discussion a while ago. There is no mailing list that > > provides qualified answers to security-related questions. You are > > fighting windmills. These questions will come to this mailing list, as > > long as there is no freebsd-security-questions. > > I've been tolerating certain QnA sessions as long as they were > short and somewhat security focussed, with no answer already > available. > > > Sorry, I have no idea what needs to be done to start such a mailing > > list. Can people more versed in the FreeBSD mailing list procedures > > please explain how such a mailing list can be started? > > Sure. :-) > > We are looking at more up-to-date mailing list software. Watch this spot. > I certainly intend to set up a security-questions list. > > The need for new software came after I set myself up as list-owner of > this list. 600-700 bounces _per_message_ was not funny. I've manually > removed the more chronic bouncers, and now it its a more reasonable > <100 bounces per posting :-(. > > > PS: I have to admit that I'm always confused by the difference in > > policies between debian-security and freebsd-security. The Debian > > crowd welcomes all questions related to security while the freebsd > > crowd seems to be obsessed with policies. > > We are not Debian. I can't speak for them. In our case, security@ > was a virtual clone of questions@, and most of the security folks > that I know either unsubscribed or scanned the list very infrequently. > > I do see the need for a questions list, but I _don't_ want > yet-another-noise-channel. We have enough of those already. > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Gregory Scott Kuhn Manicmoment Network Services Denver, Colorado - 303.333.8947 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 6:38:20 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B0CD37B401 for ; Tue, 18 Mar 2003 06:38:18 -0800 (PST) Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5C4543FB1 for ; Tue, 18 Mar 2003 06:38:02 -0800 (PST) (envelope-from never@kurush.osdn.org.ua) Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1]) by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h2IEbxDE078092 for ; Tue, 18 Mar 2003 16:37:59 +0200 (EET) (envelope-from never@kurush.osdn.org.ua) Received: (from never@localhost) by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h2IEbxkO078091 for security@freebsd.org; Tue, 18 Mar 2003 16:37:59 +0200 (EET) Date: Tue, 18 Mar 2003 16:37:59 +0200 From: Alexandr Kovalenko To: security@freebsd.org Subject: Samba vulnerability Message-ID: <20030318143759.GA77729@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://samba.org/samba/samba.html (14th Mar, 2003) Security Release - Samba 2.2.8 A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445. The Release Notes are available on-line. In addition to addressing this security issue, Samba 2.2.8 includes many unrelated improvements. These improvements result from our process of continuous quality assurance and code review, and are part of the Samba team's committment to excellence. -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 7: 8:36 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01E3337B401 for ; Tue, 18 Mar 2003 07:08:35 -0800 (PST) Received: from outpost.lukarcos.com (outpost.globcon.net [62.141.88.161]) by mx1.FreeBSD.org (Postfix) with SMTP id 4CE6643F93 for ; Tue, 18 Mar 2003 07:08:33 -0800 (PST) (envelope-from sergei@kolobov.com) Received: (qmail 18951 invoked by uid 911); 18 Mar 2003 15:08:34 -0000 Date: Tue, 18 Mar 2003 18:08:34 +0300 From: Sergei Kolobov To: freebsd-security@freebsd.org Subject: Re: Administrativia: Mailing list procedures. Message-ID: <20030318150834.GC10716@globcon.net> Mail-Followup-To: freebsd-security@freebsd.org References: <20030317182110.GJ12105@lupe-christoph.de> <200303181158.h2IBwu4j028502@grimreaper.grondar.org> <20030318140013.GA4276@leopold.manicmoment.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030318140013.GA4276@leopold.manicmoment.net> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2003-03-18 at 07:00 -0700, Gregory Kuhn wrote: > [...] qmail [...] and it interfaces with ezmlm as if the two were > written for each other. I have not seen a smiley there but you must be kidding - qmail and ezmlm in fact WERE written for each other, and they both were developed by the same person. In any case, I fully agree with you on qmail/ezmlm recommendation. Sergei To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 7:36:29 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 154CB37B401 for ; Tue, 18 Mar 2003 07:36:26 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id F05F343F93 for ; Tue, 18 Mar 2003 07:36:24 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.8/8.12.5) with ESMTP id h2IFaOKd021670 for ; Tue, 18 Mar 2003 08:36:24 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.8/8.12.5/Submit) id h2IFaOfp021669; Tue, 18 Mar 2003 08:36:24 -0700 (MST) Date: Tue, 18 Mar 2003 08:36:24 -0700 From: Duncan Patton a Campbell To: freebsd-security@FreeBSD.ORG Subject: Wireless encryption Message-Id: <20030318083624.0910cd15.campbell@neotext.ca> In-Reply-To: <200303181158.h2IBwu4j028502@grimreaper.grondar.org> References: <20030317182110.GJ12105@lupe-christoph.de> <200303181158.h2IBwu4j028502@grimreaper.grondar.org> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="1K59'V9L2=.SkS7o" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --1K59'V9L2=.SkS7o Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit So here goes another post that will be seen as off-topic... I am looking for 802.11x encryption software. The issues are: - ease of use/installation/upgrade - commonality of operation - Applicability to a WinDose environment AND *nix (not gonna convert the world tomorrow) - interoperability with PK schemas and *nix servers Currently I am looking at a package called NE2 from Calgary. It has some nice features (like hardware feedback that vastly complicates hacking it thru state-modeling) but there are some serious drawbacks: - Point to point only - Unpublished algorythm (I may know what it does, but there has been no public critique) - lengthly session startup Any comments/suggestions would be welcome. If there is interest, I will summarize and post them (here ;-). Dhu --1K59'V9L2=.SkS7o Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+dzz4XgQtJ7uBra8RAgGXAJ98UccaZPDD9V1iBYys/H1ddBQJEQCg8T6e rMYiEMQsEU/NIQ2V0A7qoxk= =2s+j -----END PGP SIGNATURE----- --1K59'V9L2=.SkS7o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 8:31:32 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEAA037B401 for ; Tue, 18 Mar 2003 08:31:30 -0800 (PST) Received: from PIKES.panasas.com (gw2.panasas.com [65.194.124.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE87C43F93 for ; Tue, 18 Mar 2003 08:31:29 -0800 (PST) (envelope-from behanna@zbzoom.net) Received: from waumbek.panasas.com ([172.17.2.36]) by PIKES.panasas.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XA3FCWLX; Tue, 18 Mar 2003 11:31:28 -0500 From: Chris BeHanna Reply-To: behanna@zbzoom.net Organization: Western Pennsylvania Pizza Disposal Unit To: security@freebsd.org Subject: Re: Wireless encryption Date: Tue, 18 Mar 2003 11:31:27 -0500 User-Agent: KMail/1.5 References: <20030317182110.GJ12105@lupe-christoph.de> <200303181158.h2IBwu4j028502@grimreaper.grondar.org> <20030318083624.0910cd15.campbell@neotext.ca> In-Reply-To: <20030318083624.0910cd15.campbell@neotext.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303181131.27931.behanna@zbzoom.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 18 March 2003 10:36, Duncan Patton a Campbell wrote: > So here goes another post that will be seen as off-topic... > > I am looking for 802.11x encryption software. > > The issues are: > > - ease of use/installation/upgrade > - commonality of operation > - Applicability to a WinDose environment AND *nix (not gonna convert the > world tomorrow) > - interoperability with PK schemas and *nix servers It sounds like what you want is a VPN connection over 802.11(a/b/g/i), in which case, any existing VPN solution should work. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net Turning coffee into software since 1990. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 8:41:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83AEC37B401 for ; Tue, 18 Mar 2003 08:41:40 -0800 (PST) Received: from imap.drweb.ru (blag3.drweb.ru [62.16.103.215]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DA4B43F85 for ; Tue, 18 Mar 2003 08:41:39 -0800 (PST) (envelope-from nikolaj@drweb.ru) Received: from drweb.ru (unknown [192.168.100.12]) by imap.drweb.ru (Postfix) with ESMTP id 528E892D63 for ; Tue, 18 Mar 2003 19:41:36 +0300 (MSK) Message-ID: <3E774C85.902@drweb.ru> Date: Tue, 18 Mar 2003 19:42:45 +0300 From: "Nikolaj I. Potanin" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: ru, en-us MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: Samba vulnerability References: <20030318143759.GA77729@nevermind.kiev.ua> In-Reply-To: <20030318143759.GA77729@nevermind.kiev.ua> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > A flaw has been detected in the Samba main smbd code which could allow > an external attacker to remotely and anonymously gain Super User (root) ^^^^^^^^^^^^^^^^^ Does anyone here have smbd bound to an external interface? ;-) > privileges on a server running a Samba server. This flaw exists in > previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a > serious problem and all sites should either upgrade to Samba 2.2.8 > immediately or prohibit access to TCP ports 139 and 445. The Release > Notes are available on-line. -- Nikolaj I. Potanin, SA http://www.drweb.ru ID Anti-Virus Lab (SalD Ltd) nikolaj@drweb.ru St. Petersburg, Russia ph.: +7-812-3888624 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 10:16:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1DA237B404 for ; Tue, 18 Mar 2003 10:16:33 -0800 (PST) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B2E243FE5 for ; Tue, 18 Mar 2003 10:16:31 -0800 (PST) (envelope-from rehsack@liwing.de) Received: (qmail 87393 invoked from network); 18 Mar 2003 18:16:28 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 18 Mar 2003 18:16:28 -0000 Message-ID: <3E77627C.2020709@liwing.de> Date: Tue, 18 Mar 2003 19:16:28 +0100 From: Jens Rehsack Organization: LiWing IT-Services User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Nikolaj I. Potanin" Cc: security@FreeBSD.ORG Subject: Re: Samba vulnerability References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nikolaj I. Potanin wrote: >> A flaw has been detected in the Samba main smbd code which could allow >> an external attacker to remotely and anonymously gain Super User (root) > > ^^^^^^^^^^^^^^^^^ > > Does anyone here have smbd bound to an external interface? ;-) Even if it's possible when you're using ssl-binding in samba as described in the book "Samba unleashed". If someone hacks your ssl-keys, I think the open samba is a minor problem :-) Jens To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 18 22:18:47 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3063537B404 for ; Tue, 18 Mar 2003 22:18:44 -0800 (PST) Received: from cirb503493.alcatel.com.au (c18609.belrs1.nsw.optusnet.com.au [210.49.80.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 065C543F93 for ; Tue, 18 Mar 2003 22:18:42 -0800 (PST) (envelope-from peterjeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.8/8.12.8) with ESMTP id h2J6ITM2004257; Wed, 19 Mar 2003 17:18:29 +1100 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h2J6IR27004256; Wed, 19 Mar 2003 17:18:27 +1100 (EST) Date: Wed, 19 Mar 2003 17:18:27 +1100 From: Peter Jeremy To: "Nikolaj I. Potanin" Cc: security@FreeBSD.ORG Subject: Re: Samba vulnerability Message-ID: <20030319061826.GA4238@cirb503493.alcatel.com.au> References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E774C85.902@drweb.ru> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 18, 2003 at 07:42:45PM +0300, Nikolaj I. Potanin wrote: >>A flaw has been detected in the Samba main smbd code which could allow >>an external attacker to remotely and anonymously gain Super User (root) > ^^^^^^^^^^^^^^^^^ > >Does anyone here have smbd bound to an external interface? ;-) I read this as "external to the Samba server" - which covers everyone who installs Samba in a usable system. If you read it as an Internet accessible server then this is a lot risker - but remember that some people offer NFS across the Internet so it's within the realm of possibility that someone would want to offer Samba on the Internet. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 1: 6:29 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8274837B404 for ; Wed, 19 Mar 2003 01:06:26 -0800 (PST) Received: from konvergencia.hu (konvergencia.hu [195.228.254.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3C9743F85 for ; Wed, 19 Mar 2003 01:06:25 -0800 (PST) (envelope-from mkenyeres@konvergencia.hu) Received: from [127.0.0.25] (helo=localhost) by konvergencia.hu with esmtp (Exim 4.10) id 18vZZH-000BSs-00 for security@freebsd.org; Wed, 19 Mar 2003 09:09:03 +0000 Received: from konvergencia.hu ([127.0.0.25]) by localhost (kavegep.konvergencia.hu [127.0.0.25:10024]) (amavisd-new) with ESMTP id 42006-08 for ; Wed, 19 Mar 2003 10:08:52 +0100 (CET) Received: from adsl-110-98.adsl-pool.axelero.hu ([62.201.98.110] helo=nerd.kvg.hu) by konvergencia.hu with asmtp (Exim 4.10) id 18vZZ6-000BSl-00 for security@freebsd.org; Wed, 19 Mar 2003 09:08:52 +0000 From: Marton Kenyeres Organization: KVG:) Konvergencia Ltd To: security@freebsd.org Subject: Re: Samba vulnerability Date: Wed, 19 Mar 2003 10:08:28 +0100 User-Agent: KMail/1.5 References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru> In-Reply-To: <3E774C85.902@drweb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200303191008.28706.mkenyeres@konvergencia.hu> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 18 March 2003 17.42, Nikolaj I. Potanin wrote: > > A flaw has been detected in the Samba main smbd code which could allow > > an external attacker to remotely and anonymously gain Super User (root) > > ^^^^^^^^^^^^^^^^^ > > Does anyone here have smbd bound to an external interface? ;-) > Although the advisory mentions external attackers, I bet this vulnerability= =20 allows malicious internal users to gain root privileges on an intranet file= =20 server. As far as I know a vast majority of attacks are attempted by=20 insiders, so I don't find this funny at all.=20 Also, form smb.conf(5): By default Samba will query the kernel for the list of all active interface= s=20 and use any interfaces except 127.0.0.1 that are broadcast capable. So it is very well possible that in fact, someone here have smbd bound to a= n=20 external interface. Anyway, I don't think that this kind of 'lamaz deserve = to=20 be r00ted' attitude is appropriate for this list. Pardon me, if I=20 misunderstood your intentions. Cheers, =2D-=20 Kenyeres M=E1rton mkenyeres@konvergencia.hu KVG:) Konvergencia Kft. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 5:24:44 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 825AD37B401 for ; Wed, 19 Mar 2003 05:24:42 -0800 (PST) Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A06E43FBF for ; Wed, 19 Mar 2003 05:24:34 -0800 (PST) (envelope-from never@kurush.osdn.org.ua) Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1]) by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h2JDNXDE018692 for ; Wed, 19 Mar 2003 15:24:16 +0200 (EET) (envelope-from never@kurush.osdn.org.ua) Received: (from never@localhost) by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h2JDNWxu018690 for freebsd-security@freebsd.org; Wed, 19 Mar 2003 15:23:33 +0200 (EET) Date: Wed, 19 Mar 2003 15:23:32 +0200 From: Alexandr Kovalenko To: freebsd-security@freebsd.org Subject: MySQL vulnerability: will go into -RELEASE? Message-ID: <20030319132332.GA18138@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wonder if there are plans to update MySQL to version 3.23.56 before 4.8 in order to fix security vulnerability described here: http://marc.theaimsgroup.com/?l=bugtraq&m=104739810523433&w=2 ? -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 6:10:41 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1A2637B401 for ; Wed, 19 Mar 2003 06:10:38 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id B7B3643F3F for ; Wed, 19 Mar 2003 06:10:36 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 15253 invoked from network); 19 Mar 2003 14:05:59 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 19 Mar 2003 14:05:58 -0000 Received: (qmail 45217 invoked by uid 1000); 19 Mar 2003 14:08:55 -0000 Date: Wed, 19 Mar 2003 16:08:55 +0200 From: Peter Pentchev To: Alexandr Kovalenko Cc: freebsd-security@freebsd.org Subject: Re: MySQL vulnerability: will go into -RELEASE? Message-ID: <20030319140855.GG27330@straylight.oblivion.bg> Mail-Followup-To: Alexandr Kovalenko , freebsd-security@freebsd.org References: <20030319132332.GA18138@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Oiv9uiLrevHtW1RS" Content-Disposition: inline In-Reply-To: <20030319132332.GA18138@nevermind.kiev.ua> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Oiv9uiLrevHtW1RS Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote: > I wonder if there are plans to update MySQL to version 3.23.56 before > 4.8 in order to fix security vulnerability described here: >=20 > http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2 >=20 > ? I wrote a follow-up to that message which never made it to Bugtraq; the list moderators somehow failed to act upon it, neither approving nor rejecting it after a few days. Basically, the FreeBSD port of MySQL is safe, as long as people use the startup script provided by the port. The --user command-line option overrides any and all config file settings, thus rendering this particular vulnerability harmless. Of course, other config file settings may still affect the MySQL server, but the most dangerous one is moot for users of the FreeBSD port. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the thought you are now thinking. --Oiv9uiLrevHtW1RS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+eHn37Ri2jRYZRVMRAlgAAJ4nwF05hGdCPQpHz65csrO9yUC3EQCdGaXM bmskDXhGQrnUNTeTxZ/dW1A= =cjWQ -----END PGP SIGNATURE----- --Oiv9uiLrevHtW1RS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 6:20: 8 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5910037B401 for ; Wed, 19 Mar 2003 06:20:06 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id C770943FBD for ; Wed, 19 Mar 2003 06:20:02 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 16528 invoked from network); 19 Mar 2003 14:15:26 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 19 Mar 2003 14:15:26 -0000 Received: (qmail 45873 invoked by uid 1000); 19 Mar 2003 14:18:23 -0000 Date: Wed, 19 Mar 2003 16:18:23 +0200 From: Peter Pentchev To: Alexandr Kovalenko Cc: freebsd-security@freebsd.org Subject: Re: MySQL vulnerability: will go into -RELEASE? Message-ID: <20030319141823.GH27330@straylight.oblivion.bg> Mail-Followup-To: Alexandr Kovalenko , freebsd-security@freebsd.org References: <20030319132332.GA18138@nevermind.kiev.ua> <20030319140855.GG27330@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="R6sEYoIZpp9JErk7" Content-Disposition: inline In-Reply-To: <20030319140855.GG27330@straylight.oblivion.bg> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --R6sEYoIZpp9JErk7 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 19, 2003 at 04:08:55PM +0200, Peter Pentchev wrote: > On Wed, Mar 19, 2003 at 03:23:32PM +0200, Alexandr Kovalenko wrote: > > I wonder if there are plans to update MySQL to version 3.23.56 before > > 4.8 in order to fix security vulnerability described here: > >=20 > > http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D104739810523433&w=3D2 > >=20 > > ? >=20 > I wrote a follow-up to that message which never made it to Bugtraq; > the list moderators somehow failed to act upon it, neither approving > nor rejecting it after a few days. >=20 > Basically, the FreeBSD port of MySQL is safe, as long as people use > the startup script provided by the port. The --user command-line > option overrides any and all config file settings, thus rendering > this particular vulnerability harmless. Of course, other config file > settings may still affect the MySQL server, but the most dangerous > one is moot for users of the FreeBSD port. And just for the record, this is not a recent development in answer to this particular advisory; it has been so since rev. 1.58 of the port's Makefile, sometime in July 1999. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 When you are not looking at it, this sentence is in Spanish. --R6sEYoIZpp9JErk7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+eHwv7Ri2jRYZRVMRAlrdAJkBdI66H8PJzjDu9EL7mKIIsOWvLACglzln XQm3kfX7+9NkGR6fkGSafgc= =tEkx -----END PGP SIGNATURE----- --R6sEYoIZpp9JErk7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 8: 6:59 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44B1D37B405 for ; Wed, 19 Mar 2003 08:06:57 -0800 (PST) Received: from supermarine.crossflight.co.uk (supermarine.crossflight.co.uk [195.172.72.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4079F43F3F for ; Wed, 19 Mar 2003 08:06:55 -0800 (PST) (envelope-from guy@crossflight.co.uk) Received: from mailscan1.crossflight.co.uk (mailscan1.crossflight.co.uk [195.172.72.202]) by supermarine.crossflight.co.uk (8.12.8/8.10.1) with ESMTP id h2JG6ruO002141 for ; Wed, 19 Mar 2003 16:06:53 GMT Received: from crossflight.co.uk (unverified) by mailscan1.crossflight.co.uk (Content Technologies SMTPRS 4.3.1) with ESMTP id ; Wed, 19 Mar 2003 16:06:53 +0000 Message-ID: <3E78959C.3040204@crossflight.co.uk> Date: Wed, 19 Mar 2003 16:06:52 +0000 From: Guy Dawson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: security@freebsd.org Subject: Re: Samba vulnerability References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru> <20030319061826.GA4238@cirb503493.alcatel.com.au> In-Reply-To: <20030319061826.GA4238@cirb503493.alcatel.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter Jeremy wrote: > On Tue, Mar 18, 2003 at 07:42:45PM +0300, Nikolaj I. Potanin wrote: > >>>A flaw has been detected in the Samba main smbd code which could allow >>>an external attacker to remotely and anonymously gain Super User (root) >> >> ^^^^^^^^^^^^^^^^^ >> >>Does anyone here have smbd bound to an external interface? ;-) > > > I read this as "external to the Samba server" - which covers everyone > who installs Samba in a usable system. Me too! In otherwords the attacker does not need an account on the server they are attacking. Guy -- -------------------------------------------------------------------- Guy Dawson I.T. Manager Crossflight Ltd guy@crossflight.co.uk 07973 797819 01753 776104 ********************************************************************** This email contains the views and opinions of a Crossflight Limited employee and at this stage are in no way a direct representation of Crossflight Limited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. To ensure the integrity and appropriate use of its email system, Crossflight Limited reserves the right to examine any email held on its email system or sent to or from it. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. We strongly recomend that you check this email with your own virus software as Crossflight Limited will not be held responsible for any damage caused by viruses as a result of opening this email. ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 9:49:54 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A009437B401 for ; Wed, 19 Mar 2003 09:49:51 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEDF543F3F for ; Wed, 19 Mar 2003 09:49:50 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA03927; Wed, 19 Mar 2003 10:48:24 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030319104517.03ff1380@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 19 Mar 2003 10:48:17 -0700 To: lupe@lupe-christoph.de (Lupe Christoph), Tobias Roth From: Brett Glass Subject: Re: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030317182110.GJ12105@lupe-christoph.de> References: <20030317074556.GA28299@speedy.unibe.ch> <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <20030317074556.GA28299@speedy.unibe.ch> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:21 AM 3/17/2003, Lupe Christoph wrote: >> Please do not direct application-specific questions to freebsd-security. >> Even if the application is related to security, freebsd-questions (or >> other lists) are the place to get help, not freebsd-security. > >We had this discussion a while ago. There is no mailing list that >provides qualified answers to security-related questions. You are >fighting windmills. These questions will come to this mailing list, as >long as there is no freebsd-security-questions. Agree 100%. If there is a desire to have a list which allows no discussion and no questions, then a separate announcement list (freebsd-security-announce) should be created. The current situation, with the moderator arbitrarily squelching legitimate and useful discussion, is not tolerable and is highly detrimental to the community. Just my $0.02. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 10: 6:14 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BEEB37B401 for ; Wed, 19 Mar 2003 10:06:11 -0800 (PST) Received: from mail.gmx.net (mail.gmx.net [213.165.65.60]) by mx1.FreeBSD.org (Postfix) with SMTP id 5ADA743FA3 for ; Wed, 19 Mar 2003 10:06:10 -0800 (PST) (envelope-from blueeskimo@gmx.net) Received: (qmail 17944 invoked by uid 0); 19 Mar 2003 18:06:07 -0000 Received: from i216-58-29-174.gta.igs.net (HELO ?216.58.29.174?) (216.58.29.174) by mail.gmx.net (mp003-rz3) with SMTP; 19 Mar 2003 18:06:07 -0000 Subject: Unable to unsubscribe from this list From: Adam To: freebsd-security@FreeBSD.ORG Content-Type: text/plain Organization: Message-Id: <1048097165.72953.23.camel@jake> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Date: 19 Mar 2003 13:06:05 -0500 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've tried unsubscribing from this list several times, but I keep getting errors back from Majordomo. I sent an email to majordomo@freebsd.org with "unsubscribe freebsd-security" in the body. Majordomo emails back that I need to confirm my removal, which I do. I then receive another email from Majordomo: >>>> auth xxxxxxx unsubscribe freebsd-security blueeskimo@gmx.net >>> Sorry, an error has occurred while processing your request >>> The caretaker of Majordomo ( Majordomo-Owner@FreeBSD.ORG ) has been notified >>> of the problem. I first tried to unsubscribe a few days ago, but I have been unable to do it myself, and the 'caretaker' doesn't seem to be noticing the problem. Can anyone advise me further as to how to remove myself from this list? Thanks, -- Adam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 11: 1:34 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 999F937B401 for ; Wed, 19 Mar 2003 11:01:32 -0800 (PST) Received: from gigatrex.com (graceland.gigatrex.com [209.10.113.211]) by mx1.FreeBSD.org (Postfix) with SMTP id 132D343FCB for ; Wed, 19 Mar 2003 11:01:30 -0800 (PST) (envelope-from piechota@argolis.org) Received: (qmail 13716 invoked from network); 19 Mar 2003 19:06:50 -0000 Received: from unknown (HELO cithaeron.argolis.org) (138.88.83.93) by graceland.gigatrex.com with SMTP; 19 Mar 2003 19:06:50 -0000 Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.8/8.12.7) with ESMTP id h2JJ1QxN075559; Wed, 19 Mar 2003 14:01:26 -0500 (EST) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.8/8.12.7/Submit) with ESMTP id h2JJ1QQn075556; Wed, 19 Mar 2003 14:01:26 -0500 (EST) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Wed, 19 Mar 2003 14:01:25 -0500 (EST) From: Matt Piechota To: Brett Glass Cc: Lupe Christoph , Tobias Roth , freebsd-security@FreeBSD.ORG Subject: Re: freebsd-security-questions (was: Re: openssh 3.5 connection timeout) In-Reply-To: <4.3.2.7.2.20030319104517.03ff1380@localhost> Message-ID: <20030319135917.J70244@cithaeron.argolis.org> References: <20030317074556.GA28299@speedy.unibe.ch> <15678.24.218.220.202.1047852089.squirrel@webmail.wvths.com> <20030317074556.GA28299@speedy.unibe.ch> <4.3.2.7.2.20030319104517.03ff1380@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 19 Mar 2003, Brett Glass wrote: > Agree 100%. If there is a desire to have a list which allows no > discussion and no questions, then a separate announcement list > (freebsd-security-announce) should be created. There is an announce mailing list, freebsd-security-notifications@. I believe it just gets the security notices. Ref: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 12:50:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5854D37B404 for ; Wed, 19 Mar 2003 12:50:18 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E79743FBF for ; Wed, 19 Mar 2003 12:50:17 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h2JKoErj024026 for ; Wed, 19 Mar 2003 15:50:14 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 19 Mar 2003 15:54:49 -0500 To: security@freebsd.org From: Mike Tancsa Subject: Fwd: EEYE: XDR Integer Overflow Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anyone know if this effects FreeBSD ? There is no mention in the CERT advisory. ---Mike >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >List-Id: >List-Post: >List-Help: >List-Unsubscribe: >List-Subscribe: >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >From: "Marc Maiffret" >To: "BUGTRAQ" >Subject: EEYE: XDR Integer Overflow >Date: Wed, 19 Mar 2003 12:20:14 -0800 >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) >Importance: Normal >X-Spam-Status: No, hits=0.6 required=7.0 > tests=DISCLAIMER,KNOWN_MAILING_LIST,SPAM_PHRASE_01_02, > TO_LOCALPART_EQ_REAL,USER_AGENT_OUTLOOK > version=2.43 >X-Virus-Scanned: by Sentex Communications (avscan1/20021227) > >XDR Integer Overflow > >Release Date: >March 19, 2003 > >Severity: >High (Remote Code Execution/Denial of Service) > >Systems Affected: > >Sun Microsystems Network Services Library (libnsl) >BSD-derived libraries with XDR/RPC routines (libc) >GNU C library with sunrpc (glibc) > >Description: > >XDR is a standard for the description and encoding of data which is used >heavily in RPC implementations. Several libraries exist that allow a >developer to incorporate XDR into his or her applications. Vulnerabilities >were discovered in these libraries during the testing of new Retina auditing >technologies developed by the eEye research department. > >ADAM and EVE are two technologies developed by eEye to remotely and locally >audit applications for the existence of common vulnerabilities. During an >ADAM audit, an integer overflow was discovered in the SUN Microsystems XDR >library. By supplying specific integer values in length fields during an RPC >transaction, we were able to produce various overflow conditions in UNIX RPC >services. > >Technical Description: > >The xdrmem_getbytes() function in the XDR library provided by Sun >Microsystems contains an integer overflow. Depending on the location and use >of the vulnerable xdrmem_getbytes() routine, various conditions may be >presented that can permit an attacker to remotely exploit a service using >this vulnerable routine. > >For the purpose of signature development and further security research a >sample session is included below that replicates an integer overflow in the >rpcbind shipped with various versions of the Solaris operating system. > >char evil_rpc[] = > >"\x23\x0D\xF6\xD2\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86" >"\xA0\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00" >"\x00\x20\x3D\xD2\xC9\x9F\x00\x00\x00\x09\x6C\x6F\x63\x61\x6C" >"\x68\x6F\x73\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" >"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86" >"\xa0\x00\x00\x00\x02\x00\x00\x00\x04" >"\xFF\xFF\xFF\xFF" // RPC argument length >"EEYECLIPSE2003"; > >Vendor Status: > >Sun Microsystems was contacted on November 13, 2002 and CERT was contacted >shortly afterwards. Vendors believed to be vulnerable were contacted by CERT >during a grace period of several months. Due to some difficulties >communicating with vendors, after rescheduling several times a release date >was set for March 18, 2003. > >eEye recommends obtaining the necessary patches or updates from vendors as >they become available after the release of this and the CERT advisory. > >For a list of vendors and their responses, please review the CERT advisory >at: http://www.cert.org/advisories/CA-2003-10.html > >You can find the latest copy of this advisory, along with other eEye >research at http://www.eeye.com/. > >Credit: >Riley Hassell - Senior Research Associate > >Greetings: >Liver destroyers of the world: >Barnes (DOW!), FX, and last but definitely not least, Heather and Jenn. > >Copyright (c) 1998-2003 eEye Digital Security >Permission is hereby granted for the redistribution of this alert >electronically. It is not to be edited in any way without express consent of >eEye. If you wish to reprint the whole or any part of this alert in any >other medium excluding electronic medium, please e-mail alert@eEye.com for >permission. > >Disclaimer >The information within this paper may change without notice. Use of this >information constitutes acceptance for use in an AS IS condition. There are >NO warranties with regard to this information. In no event shall the author >be liable for any damages whatsoever arising out of or in connection with >the use or spread of this information. Any use of this information is at the >user's own risk. > >Feedback >Please send suggestions, updates, and comments to: > >eEye Digital Security >http://www.eEye.com >info@eEye.com -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 14: 7:45 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2505037B401; Wed, 19 Mar 2003 14:07:39 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B60543F85; Wed, 19 Mar 2003 14:07:38 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h2JM7arj024884; Wed, 19 Mar 2003 17:07:37 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 19 Mar 2003 17:13:06 -0500 To: security@FreeBSD.org From: Mike Tancsa Subject: Re: Fwd: EEYE: XDR Integer Overflow In-Reply-To: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org One of the patches seems to deal with =================================================================== RCS file: /cvs/glibc/libc/sunrpc/rpc/xdr.h,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- libc/sunrpc/rpc/xdr.h 1999/10/09 21:26:03 1.26 +++ libc/sunrpc/rpc/xdr.h 2002/12/16 02:05:49 1.27 @@ -126,7 +126,7 @@ /* returns bytes off from beginning */ bool_t (*x_setpostn) (XDR *__xdrs, u_int __pos); /* lets you reposition the stream */ - int32_t *(*x_inline) (XDR *__xdrs, int __len); + int32_t *(*x_inline) (XDR *__xdrs, u_int __len); /* buf quick ptr to buffered data */ void (*x_destroy) (XDR *__xdrs); /* free privates of this xdr_stream */ @@ -139,7 +139,7 @@ caddr_t x_public; /* users' data */ caddr_t x_private; /* pointer to private data */ caddr_t x_base; /* private used for position info */ - int x_handy; /* extra private word */ + u_int x_handy; /* extra private word */ }; /* NetBSD is not vulnerable due to, "The length types of the various xdr*_getbytes functions were made consistent somewhere back in 1997 (all u_int), so we're not vulnerable in that area." However, FreeBSD still seems to have the above as an int as well. So it appears to be vulnerable ? ---Mike At 03:54 PM 19/03/2003 -0500, Mike Tancsa wrote: >Anyone know if this effects FreeBSD ? There is no mention in the CERT >advisory. > > ---Mike > > >>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >>List-Id: >>List-Post: >>List-Help: >>List-Unsubscribe: >>List-Subscribe: >>Delivered-To: mailing list bugtraq@securityfocus.com >>Delivered-To: moderator for bugtraq@securityfocus.com >>From: "Marc Maiffret" >>To: "BUGTRAQ" >>Subject: EEYE: XDR Integer Overflow >>Date: Wed, 19 Mar 2003 12:20:14 -0800 >>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) >>Importance: Normal >>X-Spam-Status: No, hits=0.6 required=7.0 >> tests=DISCLAIMER,KNOWN_MAILING_LIST,SPAM_PHRASE_01_02, >> TO_LOCALPART_EQ_REAL,USER_AGENT_OUTLOOK >> version=2.43 >>X-Virus-Scanned: by Sentex Communications (avscan1/20021227) >> >>XDR Integer Overflow >> >>Release Date: >>March 19, 2003 >> >>Severity: >>High (Remote Code Execution/Denial of Service) >> >>Systems Affected: >> >>Sun Microsystems Network Services Library (libnsl) >>BSD-derived libraries with XDR/RPC routines (libc) >>GNU C library with sunrpc (glibc) >> >>Description: >> >>XDR is a standard for the description and encoding of data which is used >>heavily in RPC implementations. Several libraries exist that allow a >>developer to incorporate XDR into his or her applications. Vulnerabilities >>were discovered in these libraries during the testing of new Retina auditing >>technologies developed by the eEye research department. >> >>ADAM and EVE are two technologies developed by eEye to remotely and locally >>audit applications for the existence of common vulnerabilities. During an >>ADAM audit, an integer overflow was discovered in the SUN Microsystems XDR >>library. By supplying specific integer values in length fields during an RPC >>transaction, we were able to produce various overflow conditions in UNIX RPC >>services. >> >>Technical Description: >> >>The xdrmem_getbytes() function in the XDR library provided by Sun >>Microsystems contains an integer overflow. Depending on the location and use >>of the vulnerable xdrmem_getbytes() routine, various conditions may be >>presented that can permit an attacker to remotely exploit a service using >>this vulnerable routine. >> >>For the purpose of signature development and further security research a >>sample session is included below that replicates an integer overflow in the >>rpcbind shipped with various versions of the Solaris operating system. >> >>char evil_rpc[] = >> >>"\x23\x0D\xF6\xD2\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86" >>"\xA0\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00" >>"\x00\x20\x3D\xD2\xC9\x9F\x00\x00\x00\x09\x6C\x6F\x63\x61\x6C" >>"\x68\x6F\x73\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" >>"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86" >>"\xa0\x00\x00\x00\x02\x00\x00\x00\x04" >>"\xFF\xFF\xFF\xFF" // RPC argument length >>"EEYECLIPSE2003"; >> >>Vendor Status: >> >>Sun Microsystems was contacted on November 13, 2002 and CERT was contacted >>shortly afterwards. Vendors believed to be vulnerable were contacted by CERT >>during a grace period of several months. Due to some difficulties >>communicating with vendors, after rescheduling several times a release date >>was set for March 18, 2003. >> >>eEye recommends obtaining the necessary patches or updates from vendors as >>they become available after the release of this and the CERT advisory. >> >>For a list of vendors and their responses, please review the CERT advisory >>at: http://www.cert.org/advisories/CA-2003-10.html >> >>You can find the latest copy of this advisory, along with other eEye >>research at http://www.eeye.com/. >> >>Credit: >>Riley Hassell - Senior Research Associate >> >>Greetings: >>Liver destroyers of the world: >>Barnes (DOW!), FX, and last but definitely not least, Heather and Jenn. >> >>Copyright (c) 1998-2003 eEye Digital Security >>Permission is hereby granted for the redistribution of this alert >>electronically. It is not to be edited in any way without express consent of >>eEye. If you wish to reprint the whole or any part of this alert in any >>other medium excluding electronic medium, please e-mail alert@eEye.com for >>permission. >> >>Disclaimer >>The information within this paper may change without notice. Use of this >>information constitutes acceptance for use in an AS IS condition. There are >>NO warranties with regard to this information. In no event shall the author >>be liable for any damages whatsoever arising out of or in connection with >>the use or spread of this information. Any use of this information is at the >>user's own risk. >> >>Feedback >>Please send suggestions, updates, and comments to: >> >>eEye Digital Security >>http://www.eEye.com >>info@eEye.com > >-------------------------------------------------------------------- >Mike Tancsa, tel +1 519 651 3400 >Sentex Communications, mike@sentex.net >Providing Internet since 1994 www.sentex.net >Cambridge, Ontario Canada www.sentex.net/mike > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 14:18:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CCE437B401 for ; Wed, 19 Mar 2003 14:18:51 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EA0F43F3F for ; Wed, 19 Mar 2003 14:18:50 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-89-252.client.attbi.com[12.234.89.252]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2003031922184900100e5s07e>; Wed, 19 Mar 2003 22:18:49 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.6/8.12.3) with ESMTP id h2JMImeq051902; Wed, 19 Mar 2003 14:18:48 -0800 (PST) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.6/8.12.6/Submit) id h2JMIlbf051901; Wed, 19 Mar 2003 14:18:47 -0800 (PST) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 19 Mar 2003 14:18:47 -0800 From: "Crist J. Clark" To: Mike Tancsa Cc: security@FreeBSD.org Subject: Re: Fwd: EEYE: XDR Integer Overflow Message-ID: <20030319221847.GD50947@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org revision 1.12 date: 2003/03/07 13:19:40; author: nectar; state: Exp; lines: +14 -8 Clean up some signed/unsigned issues in the XDR code. Obtained from: OpenBSD Suspicious, no? Nothing merged into RELENG_4 (or RELENG_5) yet. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 17:41:59 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6677737B401 for ; Wed, 19 Mar 2003 17:41:57 -0800 (PST) Received: from yoda.cubidou.net (puzo.quatriemek.com [62.4.18.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCF0B43F93 for ; Wed, 19 Mar 2003 17:41:55 -0800 (PST) (envelope-from freebsd@quatriemek.com) Received: from padme.cubidou.net (padme.cubidou.net [192.168.0.6]) by yoda.cubidou.net (Postfix) with SMTP id 66F3D3682; Thu, 20 Mar 2003 02:41:53 +0100 (CET) Date: Thu, 20 Mar 2003 02:41:53 +0100 From: cube To: Mike Tancsa Cc: security@FreeBSD.org Subject: Re: Fwd: EEYE: XDR Integer Overflow Message-Id: <20030320024153.3b54e5c2.freebsd@quatriemek.com> In-Reply-To: <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> References: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> Organization: cubidou.net X-Mailer: Sylpheed version 0.8.11claws (GTK+ 1.2.10; i386--netbsdelf) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le Wed, 19 Mar 2003 17:13:06 -0500 Mike Tancsa a ecrit : > NetBSD is not vulnerable due to, "The length types of the various > xdr*_getbytes functions were made consistent somewhere back in 1997 (all > u_int), so we're not vulnerable in that area." > > However, FreeBSD still seems to have the above as an int as well. So it > appears to be vulnerable ? About the NetBSD bit, Christos Zoulas checked in similar modifications a few days ago. -- Quentin Garnier - cube@cubidou.net "Feels like I'm fiddling while Rome is burning down. Should I lay my fiddle down and take a rifle from the ground ?" Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 18: 0:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F76637B404 for ; Wed, 19 Mar 2003 18:00:13 -0800 (PST) Received: from mail2.insweb.com (mail2.insweb.com [204.254.158.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5912343FBD for ; Wed, 19 Mar 2003 18:00:12 -0800 (PST) (envelope-from fbsd-secure@ursine.com) Received: from ursine.com ([10.4.100.63]) by mail2.insweb.com (8.11.0/8.11.0) with ESMTP id h2K20B011949; Wed, 19 Mar 2003 18:00:11 -0800 (PST) (envelope-from fbsd-secure@ursine.com) Message-ID: <3E7920AB.FAC7B5C1@ursine.com> Date: Wed, 19 Mar 2003 18:00:11 -0800 From: Michael Bryan X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: FreeBSD and CERT announcements (Was: EEYE: XDR Integer Overflow) References: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Tancsa wrote: > > Anyone know if this effects FreeBSD ? There is no mention in the CERT advisory. Yeah, I also noticed that the Sendmail advisory from CERT had no info about FreeBSD. Has there been a breakdown in communication between FreeBSD and CERT? I just did a little digging through the CERT Advisories, as well as their vulnerabilities database, looking for items that could at least potentially affect FreeBSD. I've also looked for corresponding FreeBSD advisories. My results are all detailed below, but there does seem to be a disturbing lack of FreeBSD info/response in most recent CERT documents. The kadmind and BIND Advisories in Oct/Nov of 2002 mentioned FreeBSD in the Advisories and the Vulnerability Notes. Subsequent CERT advisories don't mention FreeBSD, though in some cases the associated vulnerabilities do have a brief status on FreeBSD. (There have been at least six potentially relevant CERT advisories since December 1, 2002.) Can anyone on the FreeBSD Security Team or from CERT shed a little light on this subject? Summary of FreeBSD references in CERT Advisories and Vulnerability Notes for last five months: CA-2003-10, 19-Mar-2003, XDR: CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD status = unknown, 18-Feb-2003 FreeBSD Advisory: None Links: http://www.cert.org/advisories/CA-2003-10.html http://www.kb.cert.org/vuls/id/516825 CA-2003-07, 03-Mar-2003, Sendmail: CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD status = vulnerable, 03-Mar-2003 FreeBSD Advisory: Yes Links: http://www.cert.org/advisories/CA-2003-07.html http://www.kb.cert.org/vuls/id/398025 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc CA-2003-06, 21-Feb-2003, SIP: CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD status = unknown, 17-Feb-2003 FreeBSD Advisory: None Links: http://www.cert.org/advisories/CA-2003-06.html http://www.kb.cert.org/vuls/id/528719 CA-2003-02, 22-Jan-2003, CVS: CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD status = Vulnerable, 04-Feb-2003 FreeBSD Advisory: Yes Links: http://www.cert.org/advisories/CA-2003-02.html http://www.kb.cert.org/vuls/id/650937 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc CA-2003-01, 15-Jan-2003, ISC DHCPD CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD status = Unknown, 15-Jan-2003 FreeBSD Advisory: None Links: http://www.cert.org/advisories/CA-2003-01.html http://www.kb.cert.org/vuls/id/284857 CA-2002-36, 16-Dec-2002, SSH CERT Advisory: Nothing for FreeBSD CERT Vulnerability Note: FreeBSD not contacted??? FreeBSD Advisory: None Links: http://www.cert.org/advisories/CA-2002-36.html http://www.kb.cert.org/vuls/id/389665#systems CA-2002-31, 14-Nov-2002, BIND CERT Advisory: References FreeBSD-SA-02:43.bind CERT Vulnerability Note: Four separate notes, each with different FreeBSD status: VU#852283: Vulnerable, 14-Nov-2002 VU#229595: Unknown, 12-Nov-2002 VU#581682: FreeBSD not listed as a contacted vendor??? VU#844360: Not Vulnerable, 14-Nov-2002 FreeBSD Advisory: Yes Links: http://www.cert.org/advisories/CA-2002-31.html http://www.kb.cert.org/vuls/id/852283 http://www.kb.cert.org/vuls/id/229595 http://www.kb.cert.org/vuls/id/581682 http://www.kb.cert.org/vuls/id/844360 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc CA-2002-29, 25-Oct-2002 CERT Advisory: References FreeBSD-SA-02:40.kadmind.asc CERT Vulnerability Note: FreeBSD status = Vulnerable, 13-Nov-2002 FreeBSD Advisory: Yes Links: http://www.cert.org/advisories/CA-2002-29.html http://www.kb.cert.org/vuls/id/875073 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:40.kadmind.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 20:56:36 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB3BE37B401 for ; Wed, 19 Mar 2003 20:56:33 -0800 (PST) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id C031E43FA3 for ; Wed, 19 Mar 2003 20:56:31 -0800 (PST) (envelope-from blueeskimo@gmx.net) Received: (qmail 2194 invoked by uid 0); 20 Mar 2003 04:56:30 -0000 Received: from i216-58-29-174.gta.igs.net (HELO ?216.58.29.174?) (216.58.29.174) by mail.gmx.net (mp022-rz3) with SMTP; 20 Mar 2003 04:56:30 -0000 Subject: Re: Unable to unsubscribe from this list From: Adam To: Doug Barton Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030319125233.F677@znfgre.tberna.bet> References: <1048097165.72953.23.camel@jake> <20030319125233.F677@znfgre.tberna.bet> Content-Type: text/plain Organization: Message-Id: <1048136188.72953.38.camel@jake> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Date: 19 Mar 2003 23:56:29 -0500 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 2003-03-19 at 15:53, Doug Barton wrote: > Try the two-line version of the auth command. I've noticed the same > problem at times with the all on one line version. Do you mean by putting a backslash before the email address? Eg: auth xxxxxxx unsubscribe freebsd-security \ blueeskimo@gmx.net I tried that too, with no luck. -- Adam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 19 22:54:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8AA837B401 for ; Wed, 19 Mar 2003 22:54:20 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 0AF3943FB1 for ; Wed, 19 Mar 2003 22:54:19 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 8845 invoked from network); 20 Mar 2003 06:49:38 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 20 Mar 2003 06:49:37 -0000 Received: (qmail 8639 invoked by uid 1000); 20 Mar 2003 06:52:34 -0000 Date: Thu, 20 Mar 2003 08:52:34 +0200 From: Peter Pentchev To: Adam Cc: freebsd-security@FreeBSD.ORG Subject: Re: Unable to unsubscribe from this list Message-ID: <20030320065234.GI27330@straylight.oblivion.bg> Mail-Followup-To: Adam , freebsd-security@FreeBSD.ORG References: <1048097165.72953.23.camel@jake> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RDS4xtyBfx+7DiaI" Content-Disposition: inline In-Reply-To: <1048097165.72953.23.camel@jake> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --RDS4xtyBfx+7DiaI Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 19, 2003 at 01:06:05PM -0500, Adam wrote: > I've tried unsubscribing from this list several times, but I keep > getting errors back from Majordomo. >=20 > I sent an email to majordomo@freebsd.org with "unsubscribe > freebsd-security" in the body. Majordomo emails back that I need to > confirm my removal, which I do. I then receive another email from > Majordomo: >=20 > >>>> auth xxxxxxx unsubscribe freebsd-security blueeskimo@gmx.net > >>> Sorry, an error has occurred while processing your request > >>> The caretaker of Majordomo ( Majordomo-Owner@FreeBSD.ORG ) has been > notified > >>> of the problem. >=20 >=20 > I first tried to unsubscribe a few days ago, but I have been unable to > do it myself, and the 'caretaker' doesn't seem to be noticing the > problem. >=20 > Can anyone advise me further as to how to remove myself from this list? You could drop a note to postmaster@FreeBSD.org. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word. --RDS4xtyBfx+7DiaI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+eWUy7Ri2jRYZRVMRAkQRAJ95YrIU3IFQeKh+4vldb5SAzIfQgQCgh9j8 yCy3A87RWNS6ReSMcLbr8rs= =XPRC -----END PGP SIGNATURE----- --RDS4xtyBfx+7DiaI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 0:19:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8474D37B401 for ; Thu, 20 Mar 2003 00:19:20 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42B8D43F75 for ; Thu, 20 Mar 2003 00:19:19 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h2K8JHIo095034; Thu, 20 Mar 2003 08:19:17 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h2K8JHOd095033; Thu, 20 Mar 2003 08:19:17 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.8/8.12.7) with ESMTP id h2K8FS4j052541; Thu, 20 Mar 2003 08:15:28 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200303200815.h2K8FS4j052541@grimreaper.grondar.org> To: Adam Cc: freebsd-security@FreeBSD.ORG Subject: Administrativia: Re: Unable to unsubscribe from this list In-Reply-To: Your message of "19 Mar 2003 23:56:29 EST." <1048136188.72953.38.camel@jake> Date: Thu, 20 Mar 2003 08:15:28 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Adam writes: > On Wed, 2003-03-19 at 15:53, Doug Barton wrote: > > Try the two-line version of the auth command. I've noticed the same > > problem at times with the all on one line version. > Do you mean by putting a backslash before the email address? > Eg: auth xxxxxxx unsubscribe freebsd-security \ > blueeskimo@gmx.net > > I tried that too, with no luck. For the record, there is no subscriber email address of blueeskimo@gmx.net on freebsd-security@. Somebody may have already fixed this for you. If you are part of a "local exploder", you will need to unsubscribe from that. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 1: 1:22 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E115D37B401 for ; Thu, 20 Mar 2003 01:01:17 -0800 (PST) Received: from mx1.vermoe.dk (mx3.w4b.dk [130.227.212.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29D9B43F75 for ; Thu, 20 Mar 2003 01:01:16 -0800 (PST) (envelope-from t@garbage.dk) Received: from garbage.dk ([130.227.212.254]) (AUTH: LOGIN t@garbage.dk) by mx1.vermoe.dk with esmtp; Thu, 20 Mar 2003 10:02:25 +0100 Date: Thu, 20 Mar 2003 10:01:28 +0100 Subject: Re: Unable to unsubscribe from this list Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v551) Cc: freebsd-security@FreeBSD.ORG From: Thomas von Hassel Content-Transfer-Encoding: 7bit In-Reply-To: <20030320065234.GI27330@straylight.oblivion.bg> Message-Id: <894C542E-5AB2-11D7-A72F-003065B0995C@garbage.dk> X-Mailer: Apple Mail (2.551) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday, March 20, 2003, at 07:52 AM, Peter Pentchev wrote: > On Wed, Mar 19, 2003 at 01:06:05PM -0500, Adam wrote: >> I've tried unsubscribing from this list several times, but I keep >> getting errors back from Majordomo. >> >> I sent an email to majordomo@freebsd.org with "unsubscribe >> freebsd-security" in the body. Majordomo emails back that I need to >> confirm my removal, which I do. I then receive another email from >> Majordomo: >> >>>>>> auth xxxxxxx unsubscribe freebsd-security blueeskimo@gmx.net >>>>> Sorry, an error has occurred while processing your request >>>>> The caretaker of Majordomo ( Majordomo-Owner@FreeBSD.ORG ) has been >> notified >>>>> of the problem. >> >> >> I first tried to unsubscribe a few days ago, but I have been unable to >> do it myself, and the 'caretaker' doesn't seem to be noticing the >> problem. >> >> Can anyone advise me further as to how to remove myself from this >> list? > > You could drop a note to postmaster@FreeBSD.org. > i've got the same problem ... /thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 5:55: 2 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E732837B401; Thu, 20 Mar 2003 05:54:59 -0800 (PST) Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0EA3443FB1; Thu, 20 Mar 2003 05:54:42 -0800 (PST) (envelope-from never@kurush.osdn.org.ua) Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1]) by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h2KDrCDE084861; Thu, 20 Mar 2003 15:54:21 +0200 (EET) (envelope-from never@kurush.osdn.org.ua) Received: (from never@localhost) by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h2KDrBE7084859; Thu, 20 Mar 2003 15:53:12 +0200 (EET) Date: Thu, 20 Mar 2003 15:53:09 +0200 From: Alexandr Kovalenko To: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Fwd: mutt-1.4.1 fixes a buffer overflow. Message-ID: <20030320135309.GA84224@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Forwarded message from Thomas Roessler ----- Date: Thu, 20 Mar 2003 00:15:46 +0100 From: Thomas Roessler To: BUGTRAQ@securityfocus.com Subject: mutt-1.4.1 fixes a buffer overflow. Mutt versions 1.4.1 and 1.5.4 have just been released and will soon be available from ftp://ftp.mutt.org/mutt/. Both versions fix a buffer overflow in mutt's IMAP client code which was identified by Core Security Technologies, and fixed by Edmund Grimley Evans. A more detailed advisory will be published by Core Security. Version 1.4.1 is a release on mutt's stable branch. The only differences against 1.4 are a number of bug fixes. If you are currently using mutt 1.4, it's probably a very good idea to update. Version 1.5.4 is a snapshot of mutt's unstable branch, and may be interesting to those brave souls who would like to play with the latest features. (Or want to help us to identify some bugs in that code.) -- Thomas Roessler ----- End forwarded message ----- -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 12:24:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C168D37B401 for ; Thu, 20 Mar 2003 12:24:15 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23ED843F75 for ; Thu, 20 Mar 2003 12:24:14 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h2KKOCIo002903 for ; Thu, 20 Mar 2003 20:24:12 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h2KKOCGk002902 for security@freebsd.org; Thu, 20 Mar 2003 20:24:12 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.8/8.12.7) with ESMTP id h2KKOu4j058708 for ; Thu, 20 Mar 2003 20:24:56 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> To: security@freebsd.org Subject: Documentation people needed. FreeBSD/Security clue beneficial. Date: Thu, 20 Mar 2003 20:24:56 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all In the past, a heartening number of you offered up help in getting security-related documentation going. Some of you submitted stuff, and I asked some to hold off for a while until I could organise things. Now is the time. Please reply to this mail if you are (still) interested in this job. I'm looking for a _small_ team, not an individual. :-) M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 16:57:57 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BFB337B401; Thu, 20 Mar 2003 16:57:51 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4F9D43FA3; Thu, 20 Mar 2003 16:57:47 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 064123ABB93; Fri, 21 Mar 2003 01:58:39 +0100 (CET) Date: Fri, 21 Mar 2003 01:58:38 +0100 From: Pawel Jakub Dawidek To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, cerber-list@lists.sourceforge.net Subject: CerbNG 1.0-RC1 is now avaliable. Message-ID: <20030321005838.GA567@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="/8Xxy37xq6kDVsli" Content-Disposition: inline X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-PRERELEASE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --/8Xxy37xq6kDVsli Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good news everyone. After six months of hard work, many hundreds CVS commits and lots of lost nights we would like to proudly announce, that the CerbNG project released first generally available version (1.0-RC1) of it's kernel security module. It is hard to write some terse words of encouragement for using/testing a program which we have worked on for so long. Nevertheless, we will try to do it in this message. CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come= ). Our main purpose is providing the administrator with tools for enforcing fi= ne grained control for critical system applications/processes/environments, i.= e. privileged daemons (not only those running with uid 0), and setuid programs. But it is just a small part of CerbNG functionality. Lead principles in CerbNG development are transparency and flexibility. Sysadmins often do not have time and resources to patch all buggy applicati= ons, even for security related vulnerabilities. For defining the system protecting rules, we use a flexible language vaguely similar to C. Some basic CerbNG capabilities are: - detailed control and validation of selected system calls and their arguments - ability of changing syscall arguments and returned values - possibility of modifying process properties and environment - modifying sysctls during process runtime depending on process behavior and context - precise and configurable logging - intuitive, flexible and powerful rule description language Tarball for Version 1.0-RC1 contains some example policy files described below: openssh.cb - Controls sshd(8) (if sshd is running when the policy is being loaded, it has to be restarted). The policy degrades sshd privileges after it's been started to uid and gid for user/group sshd. CerbNG elevates sshd rights for performing privileged operations only. passwd.cb - Controls passwd(1). Similarly to openssh.cb, privileges of the passwd process are changed to those of user running this program. Privileges are degraded regardless of the setuid bit on /usr/bin/passwd. ping.cb, su.cb - Similar privilege degradation examples. noexec-by-group.cb - Noexec for all users but root and members of exec group. Additionally environment variables with names beginning with LD_ are checked. degrade-unknown-sugids.cb - All setuid/setgid files, which are not controlled by Cerb are denied elevated privileges and run with credentials of user performing the execve(2) syscall. restricted-debug.cb - Using ptrace(2) and ktrace(2) syscalls will be limited to root user and members of 'debug' group. restricted-link.cb - Non-root users will be denied the right to create hard links to other users' files. log-exec.cb - All execve(2) calls performed by non-privileged users will be logged. We encourage all interested members of FreeBSD community to testing, sharing ideas/comments and last but not least - reporting bugs. We hope, that CerbNG becomes another useful tool for improving security of servers running FreeB= SD. CerbNG CVS repository and latest tarballs are available at: http://sourceforge.net/projects/cerber/ For detailed installation instructions see INSTALL file, or HOWTO.html at: http://cerber.sourceforge.net/docs/HOWTO.html Project HomePage: http://cerber.sourceforge.net/ We invite all interested users and would-be users to subscription of our mailing lists. To subscribe those lists, visit: http://lists.sourceforge.net/mailman/listinfo/cerber-list http://lists.sourceforge.net/mailman/listinfo/cerber-commits CerbNG authors are: Pawel Jakub Dawidek Cerb project initiator, head programmer, kernel part developer, polish documentation author. Slawek Zak Designer of CerbNG configuration language syntax and compiler structure, author of userland policy compiler, documentation translator. PS. We are also preparing a technical document for BSDCon 2003. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --/8Xxy37xq6kDVsli Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPnpjvj/PhmMH/Mf1AQFm1wP/US9IrHODuZaa5Y0F+IU40N9UazkqgdE/ QqIxX4ww8SR9X0X3BcQvqkT1uqvtU18NhD1nhAJ8vTVZ7y6c1y81AaJsrnVsM1Jd AjE0XzFb7E8+DCVdKf+RR7Q9faTkAYpKy0YUfuX0TacqEY+fN94IikUG1MSa2gs4 SJaTsFyDlhY= =tScJ -----END PGP SIGNATURE----- --/8Xxy37xq6kDVsli-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 20 20:22:27 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 479B137B401 for ; Thu, 20 Mar 2003 20:22:24 -0800 (PST) Received: from util.inch.com (ns.inch.com [216.223.192.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4CE843F3F for ; Thu, 20 Mar 2003 20:22:22 -0800 (PST) (envelope-from spork@inch.com) Received: from shell.inch.com (inch.com [216.223.192.20]) by util.inch.com (8.12.8/8.12.8/UTIL-INCH-3.0.10) with ESMTP id h2L4MKQY025253; Thu, 20 Mar 2003 23:22:21 -0500 (EST) (envelope-from spork@inch.com) Received: from shell.inch.com (localhost [127.0.0.1]) by shell.inch.com (8.12.7/8.12.6) with ESMTP id h2L4MKwY011043; Thu, 20 Mar 2003 23:22:20 -0500 (EST) (envelope-from spork@inch.com) Received: from localhost (spork@localhost) by shell.inch.com (8.12.7/8.12.7/Submit) with ESMTP id h2L4MFDm011036; Thu, 20 Mar 2003 23:22:19 -0500 (EST) X-Authentication-Warning: shell.inch.com: spork owned process doing -bs Date: Thu, 20 Mar 2003 23:22:15 -0500 (EST) From: Charles Sprickman To: Mark Murray Cc: security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Message-ID: <20030320232152.T10946@shell.inch.com> References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For those of us not around when this was discussed, could you summarize what you are looking for? Thanks, Charles -- Charles Sprickman spork@inch.com On Thu, 20 Mar 2003, Mark Murray wrote: > Hi all > > In the past, a heartening number of you offered up help in getting > security-related documentation going. Some of you submitted stuff, > and I asked some to hold off for a while until I could organise > things. > > Now is the time. > > Please reply to this mail if you are (still) interested in this job. > I'm looking for a _small_ team, not an individual. :-) > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 0:11:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C110937B404 for ; Fri, 21 Mar 2003 00:11:21 -0800 (PST) Received: from kumprang.or.id (kumprang.or.id [202.143.103.227]) by mx1.FreeBSD.org (Postfix) with SMTP id C959543F75 for ; Fri, 21 Mar 2003 00:11:08 -0800 (PST) (envelope-from budsz@kumprang.or.id) Received: (qmail 13207 invoked by uid 1008); 21 Mar 2003 08:14:52 -0000 Date: Fri, 21 Mar 2003 15:14:51 +0700 From: budsz To: FreeBSD-Security Subject: About *.asc Message-ID: <20030321081451.GA13163@kumprang.or.id> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-URL: "http://www.kumprang.or.id/~budsz/" X-Pubkey: "http://www.kumprang.or.id/~budsz/pubkey.txt" X-Pubkey-MD5: "http://www.kumprang.or.id/~budsz/pubkey-checksum.md5" X-Finger-Print: "A05A 268C 3CD4 ABBD D9EB 11E1 F64C 4B4E 6269 5304" X-Organization: "Internet Cafe and Game PC Kumprang" User-Agent: Mutt/1.5.3i X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I was search in web resource about this problem, mailing list etc, today I get some advisory from FreeBSD security about trouble, so I try to verify the *asc: $ gpg --verify xdr-5.patch.asc $ gpg --verify xdr-5.patch.asc gpg: Signature made Thu Mar 20 08:10:01 2003 WIT using DSA key ID CA6CDFB2 gpg: Good signature from "FreeBSD Security Officer " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DFB2 What happen about warning message, Would you give me some clue pls. TIA -- budsz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 0:20:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4E6B37B401 for ; Fri, 21 Mar 2003 00:20:52 -0800 (PST) Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FEA043FAF for ; Fri, 21 Mar 2003 00:20:51 -0800 (PST) (envelope-from stijn@pcwin002.win.tue.nl) Received: from pcwin002.win.tue.nl (orb_rules@localhost [127.0.0.1]) by pcwin002.win.tue.nl (8.12.8/8.12.8) with ESMTP id h2L8KhSZ055349; Fri, 21 Mar 2003 09:20:43 +0100 (CET) (envelope-from stijn@pcwin002.win.tue.nl) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.12.8/8.12.8/Submit) id h2L8KcdF055348; Fri, 21 Mar 2003 09:20:38 +0100 (CET) Date: Fri, 21 Mar 2003 09:20:38 +0100 From: Stijn Hoop To: budsz Cc: FreeBSD-Security Subject: Re: About *.asc Message-ID: <20030321082038.GC54854@pcwin002.win.tue.nl> References: <20030321081451.GA13163@kumprang.or.id> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="48TaNjbzBVislYPb" Content-Disposition: inline In-Reply-To: <20030321081451.GA13163@kumprang.or.id> User-Agent: Mutt/1.4i X-Bright-Idea: Let's abolish HTML mail! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --48TaNjbzBVislYPb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 21, 2003 at 03:14:51PM +0700, budsz wrote: > I was search in web resource about this problem, mailing list etc, today > I get some advisory from FreeBSD security about trouble, so I try to veri= fy=20 > the *asc: >=20 > $ gpg --verify xdr-5.patch.asc > gpg: Signature made Thu Mar 20 08:10:01 2003 WIT using DSA key ID > CA6CDFB2 > gpg: Good signature from "FreeBSD Security Officer " > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C > DFB2 >=20 > What happen about warning message, Would you give me some clue pls. You need to tell gpg that you trust the fact that that key is indeed the one that the people at FreeBSD use to sign the advisory. In other words, gpg has verified that the digital signature was not tampered with, but there is no way for gpg to know whether it was really the FreeBSD security officer key -- anyone can create a key saying that they are the security officer. You can verify that it is the correct key by comparing the fingerprint to a trusted source of fingerprints. The most secure solution is to go up to the security officer in person and compare the key fingerprints by hand, but th= is is of course not practical. For most purposes it is enough to compare the fingerprint with the one on the web at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html#PGPK= EYS-OFFICERS But it's up to you to assign a level of trust in these procedures (how secu= re is the FreeBSD web site? etc). To tell gpg that you trust that this is the key used by the FreeBSD officer: $ gpg --edit-key security-officer@freebsd.org enter 'trust' and then e.g. '4'. HTH, --Stijn --=20 If today is the first day of the rest of your life, what the hell was yesterday? --48TaNjbzBVislYPb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+estWY3r/tLQmfWcRAq9aAJ9hhIb9qjoguQ2X8dM5SCCdIkVL1ACdG6n3 ENIF2bj70tXT35CWl4rxKjw= =/YEc -----END PGP SIGNATURE----- --48TaNjbzBVislYPb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 1:28:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37DC337B404 for ; Fri, 21 Mar 2003 01:28:14 -0800 (PST) Received: from kumprang.or.id (kumprang.or.id [202.143.103.227]) by mx1.FreeBSD.org (Postfix) with SMTP id B2ABB43F85 for ; Fri, 21 Mar 2003 01:28:03 -0800 (PST) (envelope-from budsz@kumprang.or.id) Received: (qmail 14782 invoked by uid 1008); 21 Mar 2003 09:31:59 -0000 Date: Fri, 21 Mar 2003 16:31:58 +0700 From: budsz To: FreeBSD-Security Subject: Re: About *.asc Message-ID: <20030321093158.GA13920@kumprang.or.id> References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline In-Reply-To: <20030321082038.GC54854@pcwin002.win.tue.nl> X-URL: "http://www.kumprang.or.id/~budsz/" X-Pubkey: "http://www.kumprang.or.id/~budsz/pubkey.txt" X-Pubkey-MD5: "http://www.kumprang.or.id/~budsz/pubkey-checksum.md5" X-Finger-Print: "A05A 268C 3CD4 ABBD D9EB 11E1 F64C 4B4E 6269 5304" X-Organization: "Internet Cafe and Game PC Kumprang" User-Agent: Mutt/1.5.3i X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 21, 2003 at 09:20:38AM +0100, Stijn Hoop wrote: >You need to tell gpg that you trust the fact that that key is indeed the o= ne >that the people at FreeBSD use to sign the advisory. > >In other words, gpg has verified that the digital signature was not tamper= ed >with, but there is no way for gpg to know whether it was really the FreeBSD >security officer key -- anyone can create a key saying that they are the >security officer. > >You can verify that it is the correct key by comparing the fingerprint to a >trusted source of fingerprints. The most secure solution is to go up to the >security officer in person and compare the key fingerprints by hand, but t= his >is of course not practical. For most purposes it is enough to compare the >fingerprint with the one on the web at > >http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html#PGP= KEYS-OFFICERS > >But it's up to you to assign a level of trust in these procedures (how sec= ure >is the FreeBSD web site? etc). > >To tell gpg that you trust that this is the key used by the FreeBSD office= r: > >$ gpg --edit-key security-officer@freebsd.org > >enter 'trust' and then e.g. '4'. Thanks for your advice, I was import gpgkey in http://www.freebsd.org/doc/pgpkeyring.txt, then I try to: $ gpg --edit-key security-officer@FreeBSD.org gpg (GnuPG) 1.2.1; Copyright (C) 2002 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: checking the trustdb gpg: checking at depth 0 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1 pub 1024R/73D288A5 created: 1996-04-22 expires: never trust: f/- (1) FreeBSD Security Officer (2). FreeBSD Security Officer (Deprecated key) Command> trust pub 1024R/73D288A5 created: 1996-04-22 expires: never trust: f/- (1) FreeBSD Security Officer (2). FreeBSD Security Officer (Deprecated key) Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources...)? 1 =3D Don't know 2 =3D I do NOT trust 3 =3D I trust marginally 4 =3D I trust fully 5 =3D I trust ultimately m =3D back to the main menu Your decision? 4 pub 1024R/73D288A5 created: 1996-04-22 expires: never trust: f/- (1) FreeBSD Security Officer (2). FreeBSD Security Officer (Deprecated key) Command> save Key not changed so no update needed. This's some problem? But if I try again: $ gpg --verify xdr-4.patch.asc gpg: Signature made Thu Mar 20 08:09:54 2003 WIT using DSA key ID CA6CDFB2 gpg: Good signature from "FreeBSD Security Officer " gpg: checking the trustdb gpg: checking at depth 0 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1 gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owne= r. Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DFB2 WARNING message still appeare. how to resolv this? TIA --=20 budsz --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+etwO9kxLTmJpUwQRAsxLAKC0RH0mag5KFQV5ja6ga3ri2bvvOgCcC2i+ OE66RtVKd9cj7wF6ujzXsoY= =UayR -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 1:43:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4647437B401 for ; Fri, 21 Mar 2003 01:43:35 -0800 (PST) Received: from smtpzilla3.xs4all.nl (smtpzilla3.xs4all.nl [194.109.127.139]) by mx1.FreeBSD.org (Postfix) with ESMTP id A325943F85 for ; Fri, 21 Mar 2003 01:43:33 -0800 (PST) (envelope-from rosc@imc.nl) Received: from imc.nl ([212.123.215.10]) by smtpzilla3.xs4all.nl (8.12.0/8.12.0) with ESMTP id h2L9hVNj027714 for ; Fri, 21 Mar 2003 10:43:32 +0100 (CET) Message-ID: <3E7ADFAE.3000509@imc.nl> Date: Fri, 21 Mar 2003 10:47:26 +0100 From: Roelf Schreurs User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Patch for OpenSSL and freebsd 4.4 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I was wondering if there will be a patch release for the 2 new OpenSSl vulnerabilities found this week? "Researchers have discovered a timing attack on RSA keys to which OpenSSL is vulnerable." "Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0." -- Roelf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 2: 4:39 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55E5337B401 for ; Fri, 21 Mar 2003 02:04:37 -0800 (PST) Received: from arbor.panaso.com (arbor.panaso.com [199.60.48.160]) by mx1.FreeBSD.org (Postfix) with SMTP id C398343FB1 for ; Fri, 21 Mar 2003 02:04:36 -0800 (PST) (envelope-from tbaur@panaso.com) Received: (qmail 27606 invoked from network); 21 Mar 2003 09:57:55 -0000 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.panaso.com with SMTP; 21 Mar 2003 09:57:55 -0000 Date: Fri, 21 Mar 2003 01:57:55 -0800 (PST) From: Tim Baur To: freebsd-security@FreeBSD.ORG Subject: Re: Patch for OpenSSL and freebsd 4.4 In-Reply-To: <3E7ADFAE.3000509@imc.nl> Message-ID: <0303210148040.31535@neobe.cnanfb.pbz> References: <3E7ADFAE.3000509@imc.nl> X-PGP: 0x44DB0D83 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 21 Mar 2003, Roelf Schreurs wrote: > I was wondering if there will be a patch release for the 2 new OpenSSl > vulnerabilities found this week? RELENG_4_4 is no longer supported by the security officer. Please review: http://www.ca.freebsd.org/security/index.html#adv You could however cvsup ports, and install the updated openssl port which contains the patches to address this advisory. You can also overwrite base system via OPENSSL_OVERWRITE_BASE. -tbaur dinoex 2003/03/18 22:26:53 PST FreeBSD ports repository Modified files: security/openssl Makefile Added files: security/openssl/files patch-security Log: - switch to USE_PERL5_BUILD - add security patch Approved by: kris Obtained from: http://www.openssl.org/news/secadv_20030317.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 2:28:54 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5220937B401 for ; Fri, 21 Mar 2003 02:28:52 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id B2D0143F85 for ; Fri, 21 Mar 2003 02:28:50 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 19730 invoked from network); 21 Mar 2003 10:24:11 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 21 Mar 2003 10:24:11 -0000 Received: (qmail 20935 invoked by uid 1000); 21 Mar 2003 10:27:08 -0000 Date: Fri, 21 Mar 2003 12:27:08 +0200 From: Peter Pentchev To: Tim Baur Cc: freebsd-security@FreeBSD.ORG Subject: Re: Patch for OpenSSL and freebsd 4.4 Message-ID: <20030321102707.GG13251@straylight.oblivion.bg> Mail-Followup-To: Tim Baur , freebsd-security@FreeBSD.ORG References: <3E7ADFAE.3000509@imc.nl> <0303210148040.31535@neobe.cnanfb.pbz> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XWOWbaMNXpFDWE00" Content-Disposition: inline In-Reply-To: <0303210148040.31535@neobe.cnanfb.pbz> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --XWOWbaMNXpFDWE00 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 21, 2003 at 01:57:55AM -0800, Tim Baur wrote: > On Fri, 21 Mar 2003, Roelf Schreurs wrote: >=20 > > I was wondering if there will be a patch release for the 2 new OpenSSl > > vulnerabilities found this week? >=20 > RELENG_4_4 is no longer supported by the security officer. Please review: >=20 > http://www.ca.freebsd.org/security/index.html#adv jedgar@ committed fixes to a couple of files 13 hours ago, which seem to address at least one of those vulnerabilities. I believe there are FreeBSD developers who are actively committed to keeping the 4.4 security branch alive, so my advice would be to wait a bit more, the fixes will probably be MFC'd there, too. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If you think this sentence is confusing, then change one pig. --XWOWbaMNXpFDWE00 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+euj77Ri2jRYZRVMRAkdZAJ9goXG4/A0D5IvsqbSMS1wd7vOoPgCfdC7c ibSZY+qGWie+vu/Iuv07AaQ= =HEoA -----END PGP SIGNATURE----- --XWOWbaMNXpFDWE00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 2:42:57 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3533437B401 for ; Fri, 21 Mar 2003 02:42:55 -0800 (PST) Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00E8943F85 for ; Fri, 21 Mar 2003 02:42:53 -0800 (PST) (envelope-from stijn@pcwin002.win.tue.nl) Received: from pcwin002.win.tue.nl (orb_rules@localhost [127.0.0.1]) by pcwin002.win.tue.nl (8.12.8/8.12.8) with ESMTP id h2LAgmSZ055974; Fri, 21 Mar 2003 11:42:48 +0100 (CET) (envelope-from stijn@pcwin002.win.tue.nl) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.12.8/8.12.8/Submit) id h2LAgkn6055973; Fri, 21 Mar 2003 11:42:46 +0100 (CET) Date: Fri, 21 Mar 2003 11:42:46 +0100 From: Stijn Hoop To: budsz Cc: FreeBSD-Security Subject: Re: About *.asc Message-ID: <20030321104246.GG54854@pcwin002.win.tue.nl> References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> <20030321093158.GA13920@kumprang.or.id> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="nHwqXXcoX0o6fKCv" Content-Disposition: inline In-Reply-To: <20030321093158.GA13920@kumprang.or.id> User-Agent: Mutt/1.4i X-Bright-Idea: Let's abolish HTML mail! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --nHwqXXcoX0o6fKCv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 21, 2003 at 04:31:58PM +0700, budsz wrote: > I was import gpgkey in http://www.freebsd.org/doc/pgpkeyring.txt, then I > try to: > $ gpg --edit-key security-officer@FreeBSD.org [snip logs] > Command> save > Key not changed so no update needed. >=20 > This's some problem? No, because the trust database is separate from the key database. The key has not changed, so the message is correct. > But if I try again: >=20 > $ gpg --verify xdr-4.patch.asc > gpg: Signature made Thu Mar 20 08:09:54 2003 WIT using DSA key ID CA6CDFB2 > gpg: Good signature from "FreeBSD Security Officer " > gpg: checking the trustdb > gpg: checking at depth 0 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1 > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the ow= ner. > Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DF= B2 >=20 > WARNING message still appeare. how to resolv this? Hmm, that is strange. I thought I did this (with an other key) before, but it seems that you're right. If I set it to 5, 'ultimate trust' the warning disappears. I think I need to read up on the trust relations and GnuPG. For now, if you understand why the message appears you can always ignore it. HTH, --Stijn --=20 I have great faith in fools -- self confidence my friends call it. -- Edgar Allan Poe --nHwqXXcoX0o6fKCv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+euymY3r/tLQmfWcRAl84AJ9zAfQdK/uQXd2KPnGK5hp0omGeowCePZpp JIuUkz4Nm4vSKWkCUp+If6g= =gelI -----END PGP SIGNATURE----- --nHwqXXcoX0o6fKCv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 3:10:27 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AE3337B401 for ; Fri, 21 Mar 2003 03:10:26 -0800 (PST) Received: from mail-pm.star.spb.ru (mail-pm.star.spb.ru [217.195.82.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAB9D43F85 for ; Fri, 21 Mar 2003 03:10:24 -0800 (PST) (envelope-from nkritsky@internethelp.ru) Received: from pink.star.spb.ru ([217.195.82.10]) by mail-pm.star.spb.ru (8.12.8/8.12.8) with ESMTP id h2LBAMeQ031146 for ; Fri, 21 Mar 2003 14:10:22 +0300 (MSK) Received: from IBMKA ([217.195.82.7]) by pink.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id HFKCP7HH; Fri, 21 Mar 2003 14:10:22 +0300 Date: Fri, 21 Mar 2003 14:10:17 +0300 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A. Kritsky" X-Priority: 3 (Normal) Message-ID: <103856076392.20030321141017@internethelp.ru> To: freebsd-security@FreeBSD.ORG Subject: (OT) Sendmail exploit? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, freebds-security. Sorry for possible off-topic. Today I have found something new in my daily.local mail: ;-----------Clipboard starts here------------------------------- Checking for rejected mail hosts: 3 <><><><><>'. Sendmail is patched, all systems are (apparently) working fine, just curious. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 5:22:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD2D037B401 for ; Fri, 21 Mar 2003 05:22:17 -0800 (PST) Received: from kurush.osdn.org.ua (external.osdn.org.ua [212.40.34.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00B1E43FA3 for ; Fri, 21 Mar 2003 05:22:02 -0800 (PST) (envelope-from never@kurush.osdn.org.ua) Received: from kurush.osdn.org.ua (never@localhost [127.0.0.1]) by kurush.osdn.org.ua (8.12.6/8.12.6) with ESMTP id h2LDKtDE046739; Fri, 21 Mar 2003 15:21:50 +0200 (EET) (envelope-from never@kurush.osdn.org.ua) Received: (from never@localhost) by kurush.osdn.org.ua (8.12.6/8.12.6/Submit) id h2LDKs4T046738; Fri, 21 Mar 2003 15:20:54 +0200 (EET) Date: Fri, 21 Mar 2003 15:20:53 +0200 From: Alexandr Kovalenko To: Mark Murray Cc: security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. Message-ID: <20030321132053.GA46437@nevermind.kiev.ua> References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Mark Murray! On Thu, Mar 20, 2003 at 08:24:56PM +0000, you wrote: > In the past, a heartening number of you offered up help in getting > security-related documentation going. Some of you submitted stuff, > and I asked some to hold off for a while until I could organise > things. > > Now is the time. > > Please reply to this mail if you are (still) interested in this job. > I'm looking for a _small_ team, not an individual. :-) Could you, please, describe little bit precise what will be task of that team? I think we have here some experienced people in uafug, which would like to help. -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 5:29:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C725437B401 for ; Fri, 21 Mar 2003 05:29:21 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD91F43F75 for ; Fri, 21 Mar 2003 05:29:20 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id E4E921675DA; Fri, 21 Mar 2003 13:27:43 +0100 (CET) Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6/8.12.6) with ESMTP id h2LDT5be025945 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 21 Mar 2003 14:29:18 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: budsz , FreeBSD-Security Subject: Re: About *.asc Date: Fri, 21 Mar 2003 14:29:00 +0100 User-Agent: KMail/1.5 References: <20030321081451.GA13163@kumprang.or.id> In-Reply-To: <20030321081451.GA13163@kumprang.or.id> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_gOxe+5FOwC+6QaN"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200303211429.04872.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Boundary-02=_gOxe+5FOwC+6QaN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 21 March 2003 09:14, budsz wrote: > Hi, > > I was search in web resource about this problem, mailing list etc, today > I get some advisory from FreeBSD security about trouble, so I try to veri= fy > the *asc: > > $ gpg --verify xdr-5.patch.asc > > $ gpg --verify xdr-5.patch.asc > gpg: Signature made Thu Mar 20 08:10:01 2003 WIT using DSA key ID > CA6CDFB2 > gpg: Good signature from "FreeBSD Security Officer > " gpg: WARNING: This key is not certified > with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C > DFB2 > > What happen about warning message, Would you give me some clue pls. The warning message simply indicates that neither you nor anyone who you tr= ust=20 to make reliable signatures has signed (your local copy of) the key. If you= =20 want to trust this key, i.e. you believe that this key really belongs to th= e=20 real freebsd security officer, you need to sign or locally sign (lsign) it.= =20 Read all about the secrets of gnupg and pgp at=20 http://www.gnupg.org/documentation/guides.html. =2D-=20 Regards, Michael Nottebrock --Boundary-02=_gOxe+5FOwC+6QaN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+exOgXhc68WspdLARAgakAJ9tTzxyHrWBIb9Ab8wts2rnLxStIwCfWx73 tyu7FXt82YdPItKsT8nAy7o= =zu6y -----END PGP SIGNATURE----- --Boundary-02=_gOxe+5FOwC+6QaN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 5:29:29 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEC6937B405 for ; Fri, 21 Mar 2003 05:29:25 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE16243F75 for ; Fri, 21 Mar 2003 05:29:23 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id 65B9F1675DE; Fri, 21 Mar 2003 13:27:47 +0100 (CET) Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6/8.12.6) with ESMTP id h2LDT5bg025945 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 21 Mar 2003 14:29:21 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: Stijn Hoop , budsz Subject: Re: About *.asc Date: Fri, 21 Mar 2003 14:29:08 +0100 User-Agent: KMail/1.5 Cc: FreeBSD-Security References: <20030321081451.GA13163@kumprang.or.id> <20030321082038.GC54854@pcwin002.win.tue.nl> In-Reply-To: <20030321082038.GC54854@pcwin002.win.tue.nl> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_lOxe+zWgnfwdyd3"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200303211429.09017.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Boundary-02=_lOxe+zWgnfwdyd3 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 21 March 2003 09:20, Stijn Hoop wrote: > To tell gpg that you trust that this is the key used by the FreeBSD > officer: > > $ gpg --edit-key security-officer@freebsd.org > > enter 'trust' and then e.g. '4'. Not quite. What you've just told gpg there is that you trust the owner of t= he=20 key to have an excellent understanding of key signing, and that his signatu= re=20 on a key would be as good as your own. The basic expression of trust in pgp is signing / locally signing a key. =2D-=20 Regards, Michael Nottebrock --Boundary-02=_lOxe+zWgnfwdyd3 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+exOlXhc68WspdLARAqFxAJ9Gtyh2T8cttXA/wfriv+GvJWd1+gCdEw9Q BjQuJWR+8ThsC/LqEQeefXI= =Ijga -----END PGP SIGNATURE----- --Boundary-02=_lOxe+zWgnfwdyd3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 9:28:58 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CE7C37B401 for ; Fri, 21 Mar 2003 09:28:56 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 581E643F85 for ; Fri, 21 Mar 2003 09:28:54 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA27664; Fri, 21 Mar 2003 10:28:47 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030321102736.04029360@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 21 Mar 2003 10:28:23 -0700 To: Mark Murray , security@FreeBSD.ORG From: Brett Glass Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:24 PM 3/20/2003, Mark Murray wrote: >Hi all > >In the past, a heartening number of you offered up help in getting >security-related documentation going. Some of you submitted stuff, >and I asked some to hold off for a while until I could organise >things. > >Now is the time. > >Please reply to this mail if you are (still) interested in this job. >I'm looking for a _small_ team, not an individual. :-) I'd be delighted to serve on such a team, since I have been opting for better security in FreeBSD for approximately 10 years. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 9:38:10 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93F7B37B401 for ; Fri, 21 Mar 2003 09:38:08 -0800 (PST) Received: from nyogtha.unknownkadath.net (nyogtha.unknownkadath.net [209.153.153.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id B735543F93 for ; Fri, 21 Mar 2003 09:38:07 -0800 (PST) (envelope-from asenchi@asenchi.com) Received: from 12-210-74-212.client.attbi.com (12-210-74-212.client.attbi.com [12.210.74.212]) by nyogtha.unknownkadath.net (8.12.8/8.12.6) with ESMTP id h2LHrMvT083072; Fri, 21 Mar 2003 12:53:22 -0500 (EST) Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. From: Asenchi To: mark@grondar.org Cc: security@FreeBSD.ORG In-Reply-To: <4.3.2.7.2.20030321102736.04029360@localhost> References: <4.3.2.7.2.20030321102736.04029360@localhost> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 21 Mar 2003 12:36:58 -0500 Message-Id: <1048268218.21183.1.camel@pale.attbi.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 2003-03-21 at 12:28, Brett Glass wrote: > At 01:24 PM 3/20/2003, Mark Murray wrote: > > >Hi all > > > >In the past, a heartening number of you offered up help in getting > >security-related documentation going. Some of you submitted stuff, > >and I asked some to hold off for a while until I could organise > >things. > > > >Now is the time. > > > >Please reply to this mail if you are (still) interested in this job. > >I'm looking for a _small_ team, not an individual. :-) > > I'd be delighted to serve on such a team, since I have been opting > for better security in FreeBSD for approximately 10 years. > > --Brett Glass > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > I would help in any way that I can. However I must add that I am only a 2 year old user of FreeBSD and might not be what you are looking for. Any way I could help though I am extremely interested in doing so. Curt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 10:20:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F67237B401 for ; Fri, 21 Mar 2003 10:20:53 -0800 (PST) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6CB043F3F for ; Fri, 21 Mar 2003 10:20:51 -0800 (PST) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.8/8.12.8) with ESMTP id h2LILe6X057920; Fri, 21 Mar 2003 18:21:40 GMT (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.8/8.12.8/Submit) id h2LILdGc057919; Fri, 21 Mar 2003 18:21:39 GMT Date: Fri, 21 Mar 2003 18:21:39 +0000 From: Jez Hancock To: security@FreeBSD.ORG Cc: Mark Murray Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. Message-ID: <20030321182139.GA57812@users.munk.nu> Mail-Followup-To: security@FreeBSD.ORG, Mark Murray References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 20, 2003 at 08:24:56PM +0000, Mark Murray wrote: > In the past, a heartening number of you offered up help in getting > security-related documentation going. Some of you submitted stuff, > and I asked some to hold off for a while until I could organise > things. > > Now is the time. > > Please reply to this mail if you are (still) interested in this job. > I'm looking for a _small_ team, not an individual. :-) I would be prepared to help out. My knowledge of freebsd security related issues is reasonable and my documentation writing skills are also reasonable. I'm also very modest... :P If there's anything I can help with please let me know. Regards, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 10:45:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DCC637B401 for ; Fri, 21 Mar 2003 10:45:16 -0800 (PST) Received: from carbon.berkeley.netdot.net (carbon.berkeley.netdot.net [216.27.190.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id B984C43F3F for ; Fri, 21 Mar 2003 10:45:15 -0800 (PST) (envelope-from nick@netdot.net) Received: by carbon.berkeley.netdot.net (Postfix, from userid 101) id 71983F80B; Fri, 21 Mar 2003 10:45:15 -0800 (PST) Date: Fri, 21 Mar 2003 10:45:15 -0800 From: Nicholas Esborn To: Mark Murray Cc: security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. Message-ID: <20030321184515.GA90741@carbon.berkeley.netdot.net> References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'd be happy to contribute. Are there existing specific needs at the moment? -nick On Thu, Mar 20, 2003 at 08:24:56PM +0000, Mark Murray wrote: > Hi all > > In the past, a heartening number of you offered up help in getting > security-related documentation going. Some of you submitted stuff, > and I asked some to hold off for a while until I could organise > things. > > Now is the time. > > Please reply to this mail if you are (still) interested in this job. > I'm looking for a _small_ team, not an individual. :-) > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Nicholas Esborn Unix Systems Administrator Berkeley, California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 11:27:15 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BAD337B401 for ; Fri, 21 Mar 2003 11:27:13 -0800 (PST) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63B6343FA3 for ; Fri, 21 Mar 2003 11:27:12 -0800 (PST) (envelope-from tillman@seekingfire.com) Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211]) by mail.seekingfire.com (Postfix) with ESMTP id 336AF745; Fri, 21 Mar 2003 13:27:11 -0600 (CST) Received: (from tillman@localhost) by blues.seekingfire.prv (8.11.6/8.11.6) id h2LJRQ024413; Fri, 21 Mar 2003 13:27:26 -0600 Date: Fri, 21 Mar 2003 13:27:26 -0600 From: Tillman To: Mark Murray Cc: security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. Message-ID: <20030321132726.T5477@seekingfire.com> References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org>; from mark@grondar.org on Thu, Mar 20, 2003 at 08:24:56PM +0000 X-Urban-Legend: There is lots of hidden information in headers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 20, 2003 at 08:24:56PM +0000, Mark Murray wrote: > Hi all > > In the past, a heartening number of you offered up help in getting > security-related documentation going. Some of you submitted stuff, > and I asked some to hold off for a while until I could organise > things. > > Now is the time. > > Please reply to this mail if you are (still) interested in this job. > I'm looking for a _small_ team, not an individual. :-) I'm still interested. I have a strong documentation background and I've been working in the IT security field for several years. Previous to that, I was the senior systems administrator for a regional ISP - that tends to give one a grounding in security via the school of hard knocks ;-) I'd be interested to see goals for security documentation, and a plan for how existing documentation will be approached. -T -- "... there is no way for me to describe to you how far off-base you are. You can't even see the base from there. You're looking around, but you can't find it. Where's the base?" - Tyco, www.penny-arcade.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 11:29:32 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32F2637B404 for ; Fri, 21 Mar 2003 11:29:29 -0800 (PST) Received: from smtp.comcast.net (smtp-out.comcast.net [24.153.64.109]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87E6B43FE3 for ; Fri, 21 Mar 2003 11:29:26 -0800 (PST) (envelope-from apeiron@comcast.net) Received: from [192.168.1.100] (pcp01380957pcs.levtwn01.pa.comcast.net [68.81.162.166]) by mtaout11.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003)) with ESMTP id <0HC40005O651GU@mtaout11.icomcast.net> for security@freebsd.org; Fri, 21 Mar 2003 14:29:26 -0500 (EST) Date: Fri, 21 Mar 2003 14:29:44 -0500 From: Christopher Nehren Subject: [Fwd: GLSA: evolution (200303-18)] To: security@freebsd.org Message-id: <1048274983.13593.29.camel@prophecy.dyndns.org> Organization: MIME-version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Content-type: multipart/signed; boundary="=-qfIE1ZQzjr+cfQQCf13v"; protocol="application/pgp-signature"; micalg=pgp-sha1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-qfIE1ZQzjr+cfQQCf13v Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Not released by the FreeBSD team, but AFAIK the version in ports is also vulnerable.=20 -----Forwarded Message----- > From: Daniel Ahlberg > To: bugtraq@securityfocus.com > Subject: GLSA: evolution (200303-18) > Date: 21 Mar 2003 17:02:15 +0100 >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > - - --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-18 > - - --------------------------------------------------------------------- >=20 > PACKAGE : evolution > SUMMARY : multiple vulnerabilities > DATE : 2003-03-21 16:02 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <1.2.3 > FIXED VERSION : >=3D1.2.3 > CVE : CAN-2003-0128 CAN-2003-0129 CAN-2003-0130 >=20 > - - --------------------------------------------------------------------- >=20 > - From advisory: >=20 > "Three vulnerabilities were found that could lead to various forms of=20 > exploitation ranging from denying to users the ability to read email,=20 > provoke system unstability, bypassing security context checks for=20 > email content and possibly execution of arbitrary commands on=20 > vulnerable systems." >=20 > Read the full advisory at: > http://www.coresecurity.com/common/showdoc.php?idx=3D309&idxseccion=3D10 >=20 > SOLUTION >=20 > It is recommended that all Gentoo Linux users who are running > net-mail/evolution upgrade to evolution-1.2.3 as follows: >=20 > emerge sync > emerge evolution > emerge clean >=20 > - - --------------------------------------------------------------------- > aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz > - - --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) >=20 > iD8DBQE+ezeDfT7nyhUpoZMRAqgFAKCMJiPWrcXzncBhgk1/lQ6F1qvdPwCff0L8 > puU/UmXZptBvDuVLe66YBNg=3D > =3D7I0C > -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+e2gnUdqurN0fljsRAu5MAKCQsCuxDiQsv/lBab6vGtcKQ7qz4QCgl5+t ViLV9ny1Ie0rkIo0ga5y4lY= =Ptgt -----END PGP SIGNATURE----- --=-qfIE1ZQzjr+cfQQCf13v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 12: 4: 6 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A6D337B401 for ; Fri, 21 Mar 2003 12:04:04 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E51F43FB1 for ; Fri, 21 Mar 2003 12:04:03 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (electron.centtech.com [204.177.173.173]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id h2LK3t56040472; Fri, 21 Mar 2003 14:03:55 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3E7B702D.6060403@centtech.com> Date: Fri, 21 Mar 2003 14:03:57 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Asenchi Cc: mark@grondar.org, security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. References: <4.3.2.7.2.20030321102736.04029360@localhost> <1048268218.21183.1.camel@pale.attbi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Asenchi wrote: [..snip..] > I would help in any way that I can. However I must add that I am only a > 2 year old user of FreeBSD and might not be what you are looking for. ^^^^^^^^^^^^^^^^^^^ WOW! Kids really are getting smarter these days.. :) Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Attitudes are contagious, is yours worth catching? ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 12:52:49 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96ECA37B407; Fri, 21 Mar 2003 12:52:36 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0EF743FAF; Fri, 21 Mar 2003 12:52:34 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (jedgar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h2LKqYNS013374; Fri, 21 Mar 2003 12:52:34 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: (from jedgar@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h2LKqYWj013371; Fri, 21 Mar 2003 12:52:34 -0800 (PST) Date: Fri, 21 Mar 2003 12:52:34 -0800 (PST) Message-Id: <200303212052.h2LKqYWj013371@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: crypto Module: openssl Announced: 2003-03-21 Credits: Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa Affects: All FreeBSD versions prior to 4.6-RELEASE-p12, 4.7-RELEASE-p9, 5.0-RELEASE-p6 Corrected: 2003-03-20 21:07:20 UTC (RELENG_4) 2003-03-21 16:12:34 UTC (RELENG_4_7) 2003-03-21 16:12:03 UTC (RELENG_4_6) 2003-03-21 16:13:06 UTC (RELENG_5_0) FreeBSD only: NO I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial- grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description This advisory addresses two separate flaws recently fixed in OpenSSL: (1) an RSA timing attack, and (2) the Klima-Pokorny-Rosa attack. - - - From the OpenSSL Project advisories (see references): (1) Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. (2) Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. III. Impact RSA timing attack: An RSA private key may be compromised. Klima-Pokorny-Rosa attack: A vulnerable server, when faced with specially made-up RSA ciphertexts, can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. IV. Workaround RSA timing attack: Disable the use of RSA or enable RSA blinding in OpenSSL using the RSA_blinding_on() function. The method of adjusting the list of acceptable ciphersuites varies from application to application. See the application's documentation for details. Klima-Pokorny-Rosa attack: Disable the use of ciphersuites which use PKCS #1 v1.5 padding in SSL or TLS. The method of adjusting the list of acceptable ciphersuites varies from application to application. See the application's documentation for details. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7 (4.7-RELEASE-p9), RELENG_4_6 (4.6-RELEASE-p12), or RELENG_5_0 (5.0-RELEASE-p6) security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.6, 4.7, and 5.0 systems which have already been patched for the issues resolved in FreeBSD-SA-03:02.openssl. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in . Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. All affected applications must be restarted for them to use the corrected library. Though not required, rebooting may be the easiest way to accomplish this. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Patch - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.6 src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.7 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.7 RELENG_4_6 src/UPDATING 1.73.2.68.2.39 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.6.3 src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.3.6.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.3 src/sys/conf/newvers.sh 1.44.2.23.2.29 RELENG_4_7 src/UPDATING 1.73.2.74.2.11 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.3.2.2 src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.4.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.5.2.1 src/sys/conf/newvers.sh 1.44.2.26.2.11 RELENG_5_0 src/UPDATING 1.229.2.11 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.8.2.2 src/crypto/openssl/crypto/rsa/rsa_lib.c 1.6.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.9.2.2 src/sys/conf/newvers.sh 1.6.2.2 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE+e3s9FdaIBMps37IRAufUAKCTht2X617uI3AB8G/RnRLNvmuFUwCffDNW wMVBJ2SE2dSq6JcNdCFT9jA= =PBbA -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 14:35:52 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EF3837B401 for ; Fri, 21 Mar 2003 14:35:50 -0800 (PST) Received: from nyogtha.unknownkadath.net (nyogtha.unknownkadath.net [209.153.153.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2201A43FA3 for ; Fri, 21 Mar 2003 14:35:47 -0800 (PST) (envelope-from asenchi@asenchi.com) Received: from 12-210-74-212.client.attbi.com (12-210-74-212.client.attbi.com [12.210.74.212]) by nyogtha.unknownkadath.net (8.12.8/8.12.6) with ESMTP id h2LMp0vT088072; Fri, 21 Mar 2003 17:51:00 -0500 (EST) Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. From: Asenchi To: Eric Anderson Cc: mark@grondar.org, security@FreeBSD.ORG In-Reply-To: <3E7B702D.6060403@centtech.com> References: <4.3.2.7.2.20030321102736.04029360@localhost> <1048268218.21183.1.camel@pale.attbi.com> <3E7B702D.6060403@centtech.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 21 Mar 2003 17:34:33 -0500 Message-Id: <1048286074.21183.7.camel@pale.attbi.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 2003-03-21 at 15:03, Eric Anderson wrote: > Asenchi wrote: > [..snip..] > > I would help in any way that I can. However I must add that I am only a > > 2 year old user of FreeBSD and might not be what you are looking for. > ^^^^^^^^^^^^^^^^^^^ > > > WOW! Kids really are getting smarter these days.. :) > > Eric Geez, what the hell was I thinking when I typed that? Call me Boy Genius! Got to go, nap time. 8-) Curt Micol To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 21 16:29:58 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7359737B401 for ; Fri, 21 Mar 2003 16:29:57 -0800 (PST) Received: from gigatrex.com (graceland.gigatrex.com [209.10.113.211]) by mx1.FreeBSD.org (Postfix) with SMTP id 429A743FD7 for ; Fri, 21 Mar 2003 16:29:54 -0800 (PST) (envelope-from piechota@argolis.org) Received: (qmail 2187 invoked from network); 22 Mar 2003 00:33:40 -0000 Received: from unknown (HELO cithaeron.argolis.org) (138.88.83.93) by graceland.gigatrex.com with SMTP; 22 Mar 2003 00:33:40 -0000 Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.8/8.12.7) with ESMTP id h2M0TqxN085904; Fri, 21 Mar 2003 19:29:52 -0500 (EST) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.8/8.12.7/Submit) with ESMTP id h2M0ToQ8085901; Fri, 21 Mar 2003 19:29:50 -0500 (EST) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Fri, 21 Mar 2003 19:29:50 -0500 (EST) From: Matt Piechota To: Asenchi Cc: Eric Anderson , mark@grondar.org, security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. In-Reply-To: <1048286074.21183.7.camel@pale.attbi.com> Message-ID: <20030321192922.K85900@cithaeron.argolis.org> References: <4.3.2.7.2.20030321102736.04029360@localhost> <1048268218.21183.1.camel@pale.attbi.com> <3E7B702D.6060403@centtech.com> <1048286074.21183.7.camel@pale.attbi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 21 Mar 2003, Asenchi wrote: > > > I would help in any way that I can. However I must add that I am only a > > > 2 year old user of FreeBSD and might not be what you are looking for. > > ^^^^^^^^^^^^^^^^^^^ > > WOW! Kids really are getting smarter these days.. :) > > Geez, what the hell was I thinking when I typed that? Call me Boy > Genius! Sonny, I've been using FreeBSD since before you were born. :) -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 4: 9:30 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D471A37B401 for ; Sat, 22 Mar 2003 04:09:27 -0800 (PST) Received: from ms.is.s.u-tokyo.ac.jp (ms.is.s.u-tokyo.ac.jp [133.11.8.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2D8C43F93 for ; Sat, 22 Mar 2003 04:09:25 -0800 (PST) (envelope-from tsuyoshi@is.s.u-tokyo.ac.jp) Received: from localhost (san.is.s.u-tokyo.ac.jp [133.11.28.66]) by ms.is.s.u-tokyo.ac.jp (8.11.6+Sun/3.7W) with ESMTP id h2MBvRL11233 for ; Sat, 22 Mar 2003 20:57:27 +0900 (JST) Date: Sat, 22 Mar 2003 21:09:23 +0900 (JST) Message-Id: <20030322.210923.71081935.tsuyoshi@is.s.u-tokyo.ac.jp> To: freebsd-security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl From: ITO Tsuyoshi In-Reply-To: <200303212052.h2LKqYWw013362@freefall.freebsd.org> References: <200303212052.h2LKqYWw013362@freefall.freebsd.org> X-Mailer: Mew version 3.2 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Will the fix for the problem (2) be included in ports/security/openssl in 4.8-RELEASE? The ports tree has been tagged RELEASE_4_8_0 already, and the fix for the problem (2) is not yet included. If it is not, people should be careful not to overwrite OpenSSL in the base with the one in the port. > (2) Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa > have come up with an extension of the "Bleichenbacher attack" on > RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. > Their attack requires the attacker to open millions of SSL/TLS > connections to the server under attack; the server's behaviour > when faced with specially made-up RSA ciphertexts can reveal > information that in effect allows the attacker to perform a single > RSA private key operation on a ciphertext of its choice using the > server's RSA key. Note that the server's RSA key is not > compromised in this attack. Best regards, Tsuyoshi --- ITO Tsuyoshi --- --- Dept. of Computer Science, University of Tokyo. --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 5:10:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 005B337B401; Sat, 22 Mar 2003 05:10:13 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id B71A943F75; Sat, 22 Mar 2003 05:10:11 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.8/8.12.8) with ESMTP id h2MDA5hG008395; Sat, 22 Mar 2003 14:10:07 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) X-Authentication-Warning: net2.dinoex.sub.org: Host dinoex@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.8/8.12.8/Submit) with BSMTP id h2MDA4sg008390; Sat, 22 Mar 2003 14:10:04 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG, portsmgr@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl Date: Sat, 22 Mar 2003 14:04:43 +0100 X-Mailer: Dinoex 1.79 References: <200303212052.h2LKqYWw013362@freefall.freebsd.org> <200303212052.h2LKqYWw013362@freefall.freebsd.org> <20030322.210923.71081935.tsuyoshi@is.s.u-tokyo.ac.jp> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20030322000000W+1@dinoex.sub.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ITO Tsuyoshi schrieb:, > Will the fix for the problem (2) be included in ports/security/openssl > in 4.8-RELEASE? The ports tree has been tagged RELEASE_4_8_0 already, > and the fix for the problem (2) is not yet included. If it is not, > people should be careful not to overwrite OpenSSL in the base with the > one in the port. port is updated, but not yet committed. I will commit it after the freeze is lifted. It is not as critical as the last advisory. Its portsmgr decision to retag. (CC with this mail) preview is at: http://people.freebsd.org/~dinoex/ports/ patch included: kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] Index: openssl/Makefile =================================================================== RCS file: /home/pcvs/ports/security/openssl/Makefile,v retrieving revision 1.79 diff -u -r1.79 Makefile --- openssl/Makefile 19 Mar 2003 06:26:52 -0000 1.79 +++ openssl/Makefile 22 Mar 2003 13:03:35 -0000 @@ -7,7 +7,7 @@ PORTNAME= openssl PORTVERSION= 0.9.7a -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/source/ \ ftp://ftp.openssl.org/source/ \ Index: openssl/files/patch-ssl-s3_srvr.c =================================================================== RCS file: openssl/files/patch-ssl-s3_srvr.c diff -N openssl/files/patch-ssl-s3_srvr.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openssl/files/patch-ssl-s3_srvr.c 22 Mar 2003 13:03:35 -0000 @@ -0,0 +1,53 @@ +--- ssl/s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 ++++ ssl/s3_srvr.c 19 Mar 2003 18:00:00 -0000 +@@ -1447,7 +1447,7 @@ + if (i != SSL_MAX_MASTER_KEY_LENGTH) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + } + + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) +@@ -1463,30 +1463,29 @@ + (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); +- goto f_err; ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ ++ ++ /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack ++ * (http://eprint.iacr.org/2003/052/) exploits the version ++ * number check as a "bad version oracle" -- an alert would ++ * reveal that the plaintext corresponding to some ciphertext ++ * made up by the adversary is properly formatted except ++ * that the version number is wrong. To avoid such attacks, ++ * we should treat this just like any other decryption error. */ ++ p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; + } + } + + if (al != -1) + { +-#if 0 +- goto f_err; +-#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding +- * (see RFC 2246, section 7.4.7.1). +- * But note that due to length and protocol version checking, the +- * attack is impractical anyway (see section 5 in D. Bleichenbacher: +- * "Chosen Ciphertext Attacks Against Protocols Based on the RSA +- * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). +- */ ++ * (see RFC 2246, section 7.4.7.1). */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +-#endif + } + + s->session->master_key_length= Index: openssl-beta/Makefile =================================================================== RCS file: /home/pcvs/ports/security/openssl-beta/Makefile,v retrieving revision 1.84 diff -u -r1.84 Makefile --- openssl-beta/Makefile 19 Mar 2003 06:28:03 -0000 1.84 +++ openssl-beta/Makefile 22 Mar 2003 13:03:39 -0000 @@ -10,7 +10,7 @@ PORTREVISION!= date -v-1d +%Y%m%d .else PORTVERSION= 0.9.7a -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= security devel .ifdef OPENSSL_SNAPSHOT Index: openssl-beta/files/patch-ssl-s3_srvr.c =================================================================== RCS file: openssl-beta/files/patch-ssl-s3_srvr.c diff -N openssl-beta/files/patch-ssl-s3_srvr.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openssl-beta/files/patch-ssl-s3_srvr.c 22 Mar 2003 13:03:39 -0000 @@ -0,0 +1,53 @@ +--- ssl/s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 ++++ ssl/s3_srvr.c 19 Mar 2003 18:00:00 -0000 +@@ -1447,7 +1447,7 @@ + if (i != SSL_MAX_MASTER_KEY_LENGTH) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + } + + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) +@@ -1463,30 +1463,29 @@ + (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); +- goto f_err; ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ ++ ++ /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack ++ * (http://eprint.iacr.org/2003/052/) exploits the version ++ * number check as a "bad version oracle" -- an alert would ++ * reveal that the plaintext corresponding to some ciphertext ++ * made up by the adversary is properly formatted except ++ * that the version number is wrong. To avoid such attacks, ++ * we should treat this just like any other decryption error. */ ++ p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; + } + } + + if (al != -1) + { +-#if 0 +- goto f_err; +-#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding +- * (see RFC 2246, section 7.4.7.1). +- * But note that due to length and protocol version checking, the +- * attack is impractical anyway (see section 5 in D. Bleichenbacher: +- * "Chosen Ciphertext Attacks Against Protocols Based on the RSA +- * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). +- */ ++ * (see RFC 2246, section 7.4.7.1). */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +-#endif + } + + s->session->master_key_length= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 5:40:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1602C37B404; Sat, 22 Mar 2003 05:40:26 -0800 (PST) Received: from ms.is.s.u-tokyo.ac.jp (ms.is.s.u-tokyo.ac.jp [133.11.8.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A266643F85; Sat, 22 Mar 2003 05:40:23 -0800 (PST) (envelope-from tsuyoshi@is.s.u-tokyo.ac.jp) Received: from localhost (san.is.s.u-tokyo.ac.jp [133.11.28.66]) by ms.is.s.u-tokyo.ac.jp (8.11.6+Sun/3.7W) with ESMTP id h2MDSPL11581; Sat, 22 Mar 2003 22:28:25 +0900 (JST) Date: Sat, 22 Mar 2003 22:40:19 +0900 (JST) Message-Id: <20030322.224019.112630843.tsuyoshi@is.s.u-tokyo.ac.jp> To: freebsd-security@FreeBSD.ORG Cc: portsmgr@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl From: ITO Tsuyoshi In-Reply-To: References: <200303212052.h2LKqYWw013362@freefall.freebsd.org> <20030322.210923.71081935.tsuyoshi@is.s.u-tokyo.ac.jp> X-Mailer: Mew version 3.2 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Date: Sat, 22 Mar 2003 14:04:43 +0100 > port is updated, but not yet committed. > I will commit it after the freeze is lifted. > > It is not as critical as the last advisory. I see. I was afraid that the patch for the problem (2) was completely forgotten for the port, because no PRs were found on http://www.jp.freebsd.org/cgi/query-pr-summary.cgi?category=ports > Its portsmgr decision to retag. (CC with this mail) Sorry, I do not understand this sentence. Maybe the portsmgr's decision is _not_ to move the RELEASE_4_8_0 tag? Anyway, I am releaved to know the patch is not forgotten. Thanks for the explanation. Best regards, Tsuyoshi --- ITO Tsuyoshi --- --- Dept. of Computer Science, University of Tokyo. --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 6: 5:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35B6B37B401 for ; Sat, 22 Mar 2003 06:05:16 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.sub.org [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75D4743FA3 for ; Sat, 22 Mar 2003 06:05:14 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.8/8.12.8) with ESMTP id h2ME56hG006781 for ; Sat, 22 Mar 2003 15:05:08 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: X-Authentication-Warning: net2.dinoex.sub.org: Host dinoex@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.8/8.12.8/Submit) with BSMTP id h2ME55Fv006773 for ; Sat, 22 Mar 2003 15:05:05 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-security@FreeBSD.ORG Message-ID: <8ODX6ZX9Sw@dmeyer.dinoex.sub.org> From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl Date: Sat, 22 Mar 2003 14:55:08 +0100 X-Mailer: Dinoex 1.79 References: <200303212052.h2LKqYWw013362@freefall.freebsd.org> <20030322.210923.71081935.tsuyoshi@is.s.u-tokyo.ac.jp> <20030322.224019.112630843.tsuyoshi@is.s.u-tokyo.ac.jp> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20030322000000W+1@dinoex.sub.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ITO Tsuyoshi schrieb:, > I see. I was afraid that the patch for the problem (2) was completely > forgotten for the port, because no PRs were found on > http://www.jp.freebsd.org/cgi/query-pr-summary.cgi?category=ports It was not recognized in time, cause the page I monitor was not modifed: http://www.openssl.org/news/ only on the top page there is an entry for this patch. http://www.openssl.org/ > > Its portsmgr decision to retag. (CC with this mail) > > Sorry, I do not understand this sentence. Maybe the portsmgr's > decision is _not_ to move the RELEASE_4_8_0 tag? yes, up to them ... They may allow the commit or not to be part of the RELEASE_4_8 kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 6:35:14 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04D8437B401 for ; Sat, 22 Mar 2003 06:35:12 -0800 (PST) Received: from ms.is.s.u-tokyo.ac.jp (ms.is.s.u-tokyo.ac.jp [133.11.8.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6619743F75 for ; Sat, 22 Mar 2003 06:35:10 -0800 (PST) (envelope-from tsuyoshi@is.s.u-tokyo.ac.jp) Received: from localhost (san.is.s.u-tokyo.ac.jp [133.11.28.66]) by ms.is.s.u-tokyo.ac.jp (8.11.6+Sun/3.7W) with ESMTP id h2MENCL11794 for ; Sat, 22 Mar 2003 23:23:12 +0900 (JST) Date: Sat, 22 Mar 2003 23:35:05 +0900 (JST) Message-Id: <20030322.233505.59647449.tsuyoshi@is.s.u-tokyo.ac.jp> To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:06.openssl From: ITO Tsuyoshi In-Reply-To: <8ODX6ZX9Sw@dmeyer.dinoex.sub.org> References: <20030322.224019.112630843.tsuyoshi@is.s.u-tokyo.ac.jp> <8ODX6ZX9Sw@dmeyer.dinoex.sub.org> X-Mailer: Mew version 3.2 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Date: Sat, 22 Mar 2003 14:55:08 +0100 > only on the top page there is an entry for this patch. > http://www.openssl.org/ I was confused by this, too. I guess that the OpenSSL team may be in a little panic after two problems were found in a row. > > > Its portsmgr decision to retag. (CC with this mail) > > > > Sorry, I do not understand this sentence. Maybe the portsmgr's > > decision is _not_ to move the RELEASE_4_8_0 tag? > > yes, up to them ... > They may allow the commit or not to be part of the RELEASE_4_8 I was misunderstanding that sentence when I wrote the previous mail, but now I know it. Thanks.... Best regards, Tsuyoshi --- ITO Tsuyoshi --- --- Dept. of Computer Science, University of Tokyo. --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 19:47:15 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D200B37B401; Sat, 22 Mar 2003 19:47:11 -0800 (PST) Received: from mta06-svc.ntlworld.com (mta06-svc.ntlworld.com [62.253.162.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id A42B143FAF; Sat, 22 Mar 2003 19:47:10 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta06-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20030323034709.TNXM20605.mta06-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Sun, 23 Mar 2003 03:47:09 +0000 Message-Id: <5.0.2.1.1.20030323034524.031e3e90@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Sun, 23 Mar 2003 03:47:07 +0000 To: security@freebsd.org, hackers@freebsd.org From: Colin Percival Subject: Binary Security Updates Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, I've decided that my binary security updates code is now release-worthy. Right now I'm only building updates for 4.7-RELEASE; as soon as 4.8-RELEASE comes out I'll start building updates for that as well. Note that this code only works properly if you performed a binary install of the -RELEASE and have not recompiled anything (ie, haven't applied any updates since October), so theoretically nobody should be using this until after 4.8 is released. Everything is at http://www.daemonology.net/freebsd-update/ including a portified version of the client and the resulting package. MD5 hashes are dac0f4bdf3d23b642bcbbac0e544821e, 12f69c9d0a2bf1f5278e49f0a4821aa7, b96bfc6bffcbfa18130250e36e6109d6, and 227819b9403a6f727566bd6ad5a79684 for server, client, client port, and client package respectively. Feedback is welcome. ;) Colin Percival PS. This is probably of interest to people reading stable@ as well, but that would apparently constitute excessive cross-posting. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 22 22:24:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE53537B401 for ; Sat, 22 Mar 2003 22:24:34 -0800 (PST) Received: from www.cotse.net (www.cotse.net [216.112.42.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14FEF43FA3 for ; Sat, 22 Mar 2003 22:24:34 -0800 (PST) (envelope-from miker@cotse.com) Received: from localhost (localhost[127.0.0.1]) (authenticated bits=0) by www.cotse.net (8.12.8/8.12.8) with ESMTP id h2N6OOQQ043396; Sun, 23 Mar 2003 01:24:26 -0500 (EST) (envelope-from miker@cotse.com) From: Michael Ray To: Mark Murray Cc: security@FreeBSD.ORG Subject: Re: Documentation people needed. FreeBSD/Security clue beneficial. Date: Sun, 23 Mar 2003 00:18:41 -0600 Organization: Cotse Reply-To: miker@cotse.com Message-ID: References: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> In-Reply-To: <200303202024.h2KKOu4j058708@grimreaper.grondar.org> X-Mailer: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 20 Mar 2003 20:24:56 +0000, you wrote: >Hi all > >In the past, a heartening number of you offered up help in getting >security-related documentation going. Some of you submitted stuff, >and I asked some to hold off for a while until I could organise >things. > >Now is the time. > >Please reply to this mail if you are (still) interested in this job. >I'm looking for a _small_ team, not an individual. :-) > >M I am willing to contribute to this. Is there an outline of what we would want to accomplish, etc? Mike -- http://www.cotse.net Privacy Services E-Mail, Remailers, Proxy, Usenet, Web-Hosting, and more. =46ull server side control over your e-mail. Your mail, your rules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message