From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 00:50:37 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B02C16A4B3 for ; Sun, 5 Oct 2003 00:50:37 -0700 (PDT) Received: from buexe.b-5.de (buexe.b-5.de [80.148.32.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87FDC43F75 for ; Sun, 5 Oct 2003 00:50:35 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9])h957oXJ08027 for ; Sun, 5 Oct 2003 09:50:34 +0200 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 52962470; Sun, 5 Oct 2003 09:50:28 +0200 (CEST) Date: Sun, 5 Oct 2003 09:50:28 +0200 To: freebsd-security@freebsd.org Message-ID: <20031005075028.GA12353@lupe-christoph.de> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <200310032249.h93MnXS8047857@freefall.freebsd.org> <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20031004022801.03018158@popserver.sfu.ca> User-Agent: Mutt/1.5.4i From: lupe@lupe-christoph.de (Lupe Christoph) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 07:50:37 -0000 On Saturday, 2003-10-04 at 02:33:31 +0100, Colin Percival wrote: > At 00:06 04/10/2003 +0000, Bjoern A. Zeeb wrote: > >On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: > >> c) Recompile the operating system as described in > >> >http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > >wouldn't it be > >possible to recompile libssl/libcrypto and install only them instead of > >rebuilding the complete base system as suggested > Just to confirm the contents of my earlier email: The only binaries > affected by this in RELENG_4_7 are /usr/lib/lib(ssl|crypto)(.a|.so.2|_p.a) > -- so rebuilding those two libraries (and any statically linked ports > software) should be enough. I see that the advisory is still not linked from the website. Given the hassle involve with building and installing world, wouldn't it be a good isdea to cut down on the installation and advise to rebuild the libraries, possibly any ports statically linking them, and restart either all affected processes or the system? Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 07:25:22 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20C0D16A4B3 for ; Sun, 5 Oct 2003 07:25:22 -0700 (PDT) Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1D9943FE5 for ; Sun, 5 Oct 2003 07:25:20 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by conn.mc.mpls.visi.com (Postfix) with ESMTP id 1AF1D82B7 for ; Sun, 5 Oct 2003 09:25:20 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h95EPJJ77123 for freebsd-security@freebsd.org; Sun, 5 Oct 2003 09:25:19 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Sun, 5 Oct 2003 09:25:19 -0500 From: D J Hawkey Jr To: security at FreeBSD Message-ID: <20031005142519.GA76750@sheol.localdomain> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200310032249.h93MnXS8047857@freefall.freebsd.org> User-Agent: Mutt/1.4.1i Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 14:25:22 -0000 On Oct 03, at 03:49 PM, FreeBSD Security Advisories wrote: > > ============================================================================= > FreeBSD-SA-03:18.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL vulnerabilities in ASN.1 parsing Just an FYI, this patch applies cleanly to RELENG_4_5, given the same caveat as that for RELENG_4_6 (i.e., SA-03:02 and SA-03:06 have already been applied). Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 07:30:09 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CCBB16A4B3 for ; Sun, 5 Oct 2003 07:30:09 -0700 (PDT) Received: from conn.mc.mpls.visi.com (conn.mc.mpls.visi.com [208.42.156.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 437F843FFB for ; Sun, 5 Oct 2003 07:30:08 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by conn.mc.mpls.visi.com (Postfix) with ESMTP id 98CE28178 for ; Sun, 5 Oct 2003 09:30:07 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h95EU7e77147 for freebsd-security@FreeBSD.org; Sun, 5 Oct 2003 09:30:07 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Sun, 5 Oct 2003 09:30:07 -0500 From: D J Hawkey Jr To: freebsd-security@FreeBSD.org Message-ID: <20031005143006.GB76750@sheol.localdomain> References: <20031002170844.GA66592@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031002170844.GA66592@madman.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: HEADS UP: upcoming security advisories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 14:30:09 -0000 On Oct 02, at 12:08 PM, Jacques A. Vidrine wrote: > > Just a status on upcoming advisories. > > FreeBSD-SA-03:15.openssh > This is in final review and should be released today. Fixes > for this issue entered the tree on September 24. I apologize > for the delay in getting this one out. I see that no advisory or patch has been released yet, or has this been rolled into SA-03:18? Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 07:46:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 613BA16A4B3 for ; Sun, 5 Oct 2003 07:46:19 -0700 (PDT) Received: from tx0.oucs.ox.ac.uk (tx0.oucs.ox.ac.uk [129.67.1.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFAE54400F for ; Sun, 5 Oct 2003 07:46:17 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan0.oucs.ox.ac.uk ([129.67.1.162] helo=localhost) by tx0.oucs.ox.ac.uk with esmtp (Exim 4.20) id 1A6A9I-0007dP-Ez for freebsd-security@freebsd.org; Sun, 05 Oct 2003 15:46:16 +0100 Received: from rx0.oucs.ox.ac.uk ([129.67.1.161]) by localhost (scan0.oucs.ox.ac.uk [129.67.1.162]) (amavisd-new, port 25) with ESMTP id 29221-03 for ; Sun, 5 Oct 2003 15:46:16 +0100 (BST) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx0.oucs.ox.ac.uk with smtp (Exim 4.20) id 1A6A9I-0007dL-1c for freebsd-security@freebsd.org; Sun, 05 Oct 2003 15:46:16 +0100 Received: (qmail 26645 invoked by uid 0); 5 Oct 2003 14:46:16 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 1.055187 secs); 05 Oct 2003 14:46:16 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 1.055187 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 5 Oct 2003 14:46:15 -0000 Message-Id: <5.0.2.1.1.20031005153911.0300a028@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Sun, 05 Oct 2003 15:46:13 +0100 To: hawkeyd@visi.com, freebsd-security@freebsd.org From: Colin Percival In-Reply-To: <20031005143006.GB76750@sheol.localdomain> References: <20031002170844.GA66592@madman.celabo.org> <20031002170844.GA66592@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: HEADS UP: upcoming security advisories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 14:46:19 -0000 At 09:30 05/10/2003 -0500, D J Hawkey Jr wrote: >On Oct 02, at 12:08 PM, Jacques A. Vidrine wrote: > > FreeBSD-SA-03:15.openssh > > This is in final review and should be released today. Fixes > > for this issue entered the tree on September 24. I apologize > > for the delay in getting this one out. > >I see that no advisory or patch has been released yet, or has this been >rolled into SA-03:18? SA-03:15 deals with PAM issues, so it isn't part of SA-03:18; des commited fixes to RELENG_4_6, _4_7, _4_8, _4, _5_1, and HEAD on september 24th. I assume the advisory will come out soon -- with all these recent security issues coming up at once, it seems that fixing the bugs has taken priority over writing the associated advisories (with good reason). Colin Percival From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 09:32:54 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 230FC16A4B3 for ; Sun, 5 Oct 2003 09:32:54 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 3E7B443FD7 for ; Sun, 5 Oct 2003 09:32:53 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 46190 invoked by uid 1001); 5 Oct 2003 16:32:52 -0000 Date: Sun, 5 Oct 2003 12:32:52 -0400 From: "Peter C. Lai" To: D J Hawkey Jr Message-ID: <20031005163252.GC399@cowbert.2y.net> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031005142519.GA76750@sheol.localdomain> User-Agent: Mutt/1.4i cc: security at FreeBSD Subject: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 16:32:54 -0000 recompiling the secure and crypto subsystems on the latest RELENG_4_6 (cvsup'd 3 Oct.) will fail with one of the ssh-pam modules not being able to link with libssh (unrecognized symbols). This is uncool. I noticed that the latest RELENG_4_6 already has the ssh patches; did someone backport them and upgrade something along the way? I thought 4.6 is supposed to be unsupported? I was expecting to be able to manually patch my 4.6 sources and recompile just the crypto/secure subsystems but instead I was forced to upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should have moved to RELENG_4_7 instead. On Sun, Oct 05, 2003 at 09:25:19AM -0500, D J Hawkey Jr wrote: > On Oct 03, at 03:49 PM, FreeBSD Security Advisories wrote: > > > > ============================================================================= > > FreeBSD-SA-03:18.openssl Security Advisory > > The FreeBSD Project > > > > Topic: OpenSSL vulnerabilities in ASN.1 parsing > > Just an FYI, this patch applies cleanly to RELENG_4_5, given the same > caveat as that for RELENG_4_6 (i.e., SA-03:02 and SA-03:06 have already > been applied). > > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 10:12:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7448516A4B3 for ; Sun, 5 Oct 2003 10:12:47 -0700 (PDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id A697043FDF for ; Sun, 5 Oct 2003 10:12:46 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id C93538566; Sun, 5 Oct 2003 12:12:45 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h95HCjP82903; Sun, 5 Oct 2003 12:12:45 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Sun, 5 Oct 2003 12:12:45 -0500 From: D J Hawkey Jr To: peter.lai@uconn.edu Message-ID: <20031005171245.GA82807@sheol.localdomain> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031005163252.GC399@cowbert.2y.net> User-Agent: Mutt/1.4.1i cc: security at FreeBSD Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 17:12:47 -0000 On Oct 05, at 12:32 PM, Peter C. Lai wrote: > > recompiling the secure and crypto subsystems on the latest RELENG_4_6 (cvsup'd > 3 Oct.) will fail with one of the ssh-pam modules not being able to link with > libssh (unrecognized symbols). This is uncool. Didn't happen here on my RELENG_4_5 box. I should mention that I don't update this box with cvsup(1); I apply the SA patches myself (there have been times where RELENG_4_5 is not explicitly supported by an SA, but is applicable nonetheless). > I noticed that the latest RELENG_4_6 already has the ssh patches; did someone > backport them and upgrade something along the way? I thought 4.6 is supposed to > be unsupported? According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by SA-03:18, but I'm not certain if its CVS tree was updated (neither the HEADSUP nor the SA explicitly says so, but I'll bet it has been). I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having said that, the Security team does release patches for EOL'd releases as they see fit. > I was expecting to be able to manually patch my 4.6 sources > and recompile just the crypto/secure subsystems but instead I was forced to > upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should > have moved to RELENG_4_7 instead. I can't guess at what happened on your end. Well, I _could_, but I'd pro'lly be wrong. :-) Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 10:15:50 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07AE716A4BF; Sun, 5 Oct 2003 10:15:50 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28DF24400B; Sun, 5 Oct 2003 10:15:43 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h95HFhFY062595; Sun, 5 Oct 2003 10:15:43 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h95HFhrh062593; Sun, 5 Oct 2003 10:15:43 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Sun, 5 Oct 2003 10:15:43 -0700 (PDT) Message-Id: <200310051715.h95HFhrh062593@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-03:15.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 17:15:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:15.openssh Security Advisory The FreeBSD Project Topic: OpenSSH PAM challenge/authentication error Category: core Module: openssh Announced: 2003-10-05 Credits: The OpenSSH Project Affects: FreeBSD releases 4.6.2-RELEASE and later FreeBSD 4-STABLE prior to the correction date openssh port prior to openssh-3.6.1_4 openssh-portable port prior to openssh-portable-3.6.1p2_5 Corrected: 2003-09-24 21:06:28 UTC (RELENG_5_1, 5.1-RELEASE-p7) 2003-09-24 18:25:31 UTC (RELENG_4, 4.9-PRERELEASE) 2003-09-24 21:06:22 UTC (RELENG_4_8, 4.8-RELEASE-p9) 2003-09-24 21:06:15 UTC (RELENG_4_7, 4.7-RELEASE-p19) 2003-09-24 21:05:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p22) 2003-10-03 20:55:14 UTC (openssh-3.6.1_5) 2003-09-26 02:42:39 UTC (openssh-portable-3.6.1p2_5) FreeBSD only: NO For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The SSH protocol exists in two versions, hereafter named simply `ssh1' and `ssh2'. The ssh1 protocol is a legacy protocol for which there exists no formal specification, while the ssh2 protocol is the product of the IETF SECSH working group and is defined by a series of IETF draft standards. The ssh2 protocol supports a wide range of authentication mechanisms, including a generic challenge / response mechanism, called `keyboard-interactive' or `kbdint', which can be adapted to serve any authentication scheme in which the server and client exchange a arbitrarily long series of challenges and responses. In particular, this mechanism is used in OpenSSH to support PAM authentication. The ssh1 protocol, on the other hand, supports a much narrower range of authentication mechanisms. Its challenge / response mechanisms, called `TIS', allows for only one challenge from the server and one response from the client. OpenSSH contains interface code which allows kbdint authentication back-ends to be used for ssh1 TIS authentication, provided they only emit one challenge and expect only one response. Finally, recent versions of OpenSSH implement a mechanism called `privilege separation' in which the task of communicating with the client is delegated to an unprivileged child process, while the privileged parent process performs the actual authentication and double-checks every important decision taken by its unprivileged child. II. Problem Description 1) Insufficient checking in the ssh1 challenge / response interface code, combined with a peculiarity of the PAM kbdint back-end, causes OpenSSH to ignore a negative result from PAM (but not from any other kbdint back-end). 2) A variable used by the PAM conversation function to store challenges and the associated client responses is incorrectly interpreted as an array of pointers to structures instead of a pointer to an array of structures. 3) When challenge / response authentication is used with protocol version 1, and a legitimate user interrupts challenge / response authentication but successfully authenticates through some other mechanism (such as password authentication), the server fails to reclaim resources allocated by the challenge / response mechanism, including the child process used for PAM authentication. When a certain number of leaked processes is reached, the master server process will refuse subsequent client connections. III. Impact 1) If privilege separation is disabled, no additional checks are performed and an ssh1 client will be successfully authenticated even if its response to PAM's challenge is patently wrong. On the other hand, if privilege separation is enabled (which it is by default), the monitor process will notice the discrepancy, refuse to proceed, and kill the faulty child process. 2) If more than one challenge is issued in a single call to the PAM conversation function, stack corruption will result. The most likely outcome will be a segmentation fault leading to termination of the process, but there is a possibility that an attacker may succeed in executing arbitrary code in a privileged process. Note that none of the PAM modules provided in the FreeBSD base system ever issue more than one challenge in a single call to the conversation function; nor, to our knowledge, do any third-party modules provided in the FreeBSD ports collection. 3) Legitimate users may cause a denial-of-service condition in which the SSH server refuses client connections until it is restarted. Note that this vulnerability is not exploitable by attackers who do not have a valid account on the target system. IV. Workaround Do both of the following: 1) Make sure that privilege separation is enabled. This is the default; look for `UsePrivilegeSeparation' in /etc/ssh/sshd_config or /usr/local/etc/ssh/sshd_config as appropriate and make sure that any occurrence of that keyword is commented out and/or followed by the keyword `yes'. The stock version of this file is safe to use. 2) Make sure that the PAM configuration for OpenSSH does not reference any modules which pass more than one challenge in a single call to the conversation function. In FreeBSD 4.x, the PAM configuration for OpenSSH consists of the lines in /etc/pam.conf which begin with `sshd'; in FreeBSD 5.x, it is located in /etc/pam.d/sshd. The stock versions of these files are safe to use. The following PAM modules from the FreeBSD ports collection are known to be safe with regard to problem 2) above: - pam_mysql.so (security/pam-mysql) - pam_pgsql.so (security/pam-pgsql) - pam_alreadyloggedin.so (security/pam_alreadyloggedin) - pam_ldap.so (security/pam_ldap) - pam_pop3.so (security/pam_pop3) - pam_pwdfile.so (security/pam_pwdfile) - pam_smb.so (security/pam_smb) pam_krb5.so from ports (security/pam_krb5) is known to use multiple prompts with the conversation function if the user's password is expired in order to change the user password. 3) Disable challenge / response authentication, or disable protocol version 1. To disable challenge / response authentication, add the line: ChallengeResponseAuthentication no to sshd_config(5) and restart sshd. To disable protocol version 1, add the line Protocol 2 to sshd_config(5) and restart sshd. V. Solution Do one of the following: [For OpenSSH included in the base system] The following patches have been verified to apply to FreeBSD 4.6, 4.7, 4.8, and 5.1 systems prior to the correction date. Download the appropriate patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. [FreeBSD 4.6] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch.asc [FreeBSD 4.7] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch.asc [FreeBSD 4.8] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc [FreeBSD 5.1] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc [FreeBSD 4.8-STABLE / 4.9-PRERELEASE / 4.9-RC] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/sshd.patch # cd /usr/src/secure/usr.sbin/sshd # make obj && make depend && make all install Be sure to restart `sshd' after updating. # kill `cat /var/run/sshd.pid` # /usr/sbin/sshd or, in FreeBSD 5.x: # /etc/rc.d/sshd restart [For the OpenSSH ports] Do one of the following: 1) Upgrade your entire ports collection and rebuild the OpenSSH port. 2) Deinstall the old package and install a new package obtained from the following directory: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ [other platforms] Packages are not automatically generated for other platforms at this time due to lack of build resources. 3) Download a new port skeleton for the openssh or openssh-portable port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz Be sure to restart `sshd' after updating. # kill `cat /var/run/sshd.pid` # test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssh/auth-chall.c 1.2.2.6 src/crypto/openssh/auth.h 1.1.1.1.2.7 src/crypto/openssh/auth1.c 1.3.2.10 src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.8 src/crypto/openssh/ssh_config 1.2.2.9 src/crypto/openssh/ssh_config.5 1.4.2.5 src/crypto/openssh/sshd_config 1.4.2.13 src/crypto/openssh/sshd_config.5 1.5.2.6 src/crypto/openssh/version.h 1.1.1.1.2.13 RELENG_5_1 src/crypto/openssh/auth-chall.c 1.6.2.1 src/crypto/openssh/auth2-pam-freebsd.c 1.11.2.1 src/crypto/openssh/ssh_config 1.21.2.1 src/crypto/openssh/ssh_config.5 1.9.2.1 src/crypto/openssh/sshd_config 1.32.2.1 src/crypto/openssh/sshd_config.5 1.11.2.1 src/crypto/openssh/version.h 1.20.2.3 RELENG_4_8 src/crypto/openssh/auth-chall.c 1.2.2.4.2.2 src/crypto/openssh/auth.h 1.1.1.1.2.6.2.1 src/crypto/openssh/auth1.c 1.3.2.9.2.1 src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.5.2.2 src/crypto/openssh/ssh_config 1.2.2.8.2.1 src/crypto/openssh/ssh_config.5 1.4.2.4.2.1 src/crypto/openssh/sshd_config 1.4.2.12.2.1 src/crypto/openssh/version.h 1.1.1.1.2.10.2.3 RELENG_4_7 src/crypto/openssh/auth-chall.c 1.2.2.3.2.1 src/crypto/openssh/auth.h 1.1.1.1.2.5.2.1 src/crypto/openssh/auth1.c 1.3.2.8.2.1 src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.2.2.2 src/crypto/openssh/ssh_config 1.2.2.6.2.1 src/crypto/openssh/sshd_config 1.4.2.10.2.1 src/crypto/openssh/version.h 1.1.1.1.2.9.2.3 RELENG_4_6 src/crypto/openssh/auth-chall.c 1.2.2.2.2.2 src/crypto/openssh/auth.h 1.1.1.1.2.4.4.2 src/crypto/openssh/auth1.c 1.3.2.7.4.2 src/crypto/openssh/auth2-pam-freebsd.c 1.2.2.4 src/crypto/openssh/ssh_config 1.2.2.4.4.2 src/crypto/openssh/sshd_config 1.4.2.8.2.2 src/crypto/openssh/version.h 1.1.1.1.2.8.2.4 [Ports] ports/security/openssh/Makefile 1.125 ports/security/openssh/auth-pam.c 1.2 ports/security/openssh/auth-pam.h 1.2 ports/security/openssh/auth2-pam.c 1.2 ports/security/openssh/patch-auth-chall.c 1.1 ports/security/openssh-portable/Makefile 1.78 ports/security/openssh-portable/auth2-pam-freebsd.c 1.5 ports/security/openssh-portable/patch-auth-chall.c 1.1 ports/security/openssh-portable/patch-auth-pam.c 1.1 ports/security/openssh-portable/patch-auth-pam.h 1.1 - ------------------------------------------------------------------------- Branch Version string - ------------------------------------------------------------------------- RELENG_4 OpenSSH_3.5p1 FreeBSD-20030924 RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030924 RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030924 RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030924 RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030924 - ------------------------------------------------------------------------- To view the version string of the OpenSSH server, execute the following command: % /usr/sbin/sshd -\? or for OpenSSH from the ports collection: % /usr/local/sbin/sshd -\? The version string is also displayed when a client connects to the server. VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/gFCoFdaIBMps37IRApUWAJ9BZoW/uBY1Q0Phr3iQGBq8/I14dgCaAzvc 7gHHrB5lxeBXWIB37CXpM5s= =DC+H -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 10:26:06 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43A4916A4B3 for ; Sun, 5 Oct 2003 10:26:06 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 3FEFA44067 for ; Sun, 5 Oct 2003 10:22:56 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 46672 invoked by uid 1001); 5 Oct 2003 17:22:55 -0000 Date: Sun, 5 Oct 2003 13:22:55 -0400 From: "Peter C. Lai" To: D J Hawkey Jr Message-ID: <20031005172255.GE399@cowbert.2y.net> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031005171245.GA82807@sheol.localdomain> User-Agent: Mutt/1.4i cc: security at FreeBSD cc: peter.lai@uconn.edu Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 17:26:06 -0000 On Sun, Oct 05, 2003 at 12:12:45PM -0500, D J Hawkey Jr wrote: > On Oct 05, at 12:32 PM, Peter C. Lai wrote: > > > > recompiling the secure and crypto subsystems on the latest RELENG_4_6 (cvsup'd > > 3 Oct.) will fail with one of the ssh-pam modules not being able to link with > > libssh (unrecognized symbols). This is uncool. > > Didn't happen here on my RELENG_4_5 box. I should mention that I don't > update this box with cvsup(1); I apply the SA patches myself (there have > been times where RELENG_4_5 is not explicitly supported by an SA, but is > applicable nonetheless). > I don't keep separate branch releases; my current build boxen had 4.8 sources, so I had to get rid of them and re-cvsup the 4.6-R ones. perhaps I should keep different branches from now on. (I have production boxen which have no sources, and my devel/build boxen which do, but which also run more bleeding edge versions of things). This would require finagling with supfiles which I didn't forsee a need of doing (before now :( Thanks for the reply anyway. > > I noticed that the latest RELENG_4_6 already has the ssh patches; did someone > > backport them and upgrade something along the way? I thought 4.6 is supposed to > > be unsupported? > > According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by > SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by > SA-03:18, but I'm not certain if its CVS tree was updated (neither the > HEADSUP nor the SA explicitly says so, but I'll bet it has been). > > I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having > said that, the Security team does release patches for EOL'd releases as > they see fit. > > > I was expecting to be able to manually patch my 4.6 sources > > and recompile just the crypto/secure subsystems but instead I was forced to > > upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should > > have moved to RELENG_4_7 instead. > > I can't guess at what happened on your end. Well, I _could_, but I'd > pro'lly be wrong. :-) > > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 05:04:49 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2444E16A4BF for ; Mon, 6 Oct 2003 05:04:49 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7849743F3F for ; Mon, 6 Oct 2003 05:04:43 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 22EB354846; Mon, 6 Oct 2003 07:04:43 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id B6F226D476; Mon, 6 Oct 2003 07:04:42 -0500 (CDT) Date: Mon, 6 Oct 2003 07:04:42 -0500 From: "Jacques A. Vidrine" To: D J Hawkey Jr Message-ID: <20031006120442.GA77299@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , D J Hawkey Jr , peter.lai@uconn.edu, security at FreeBSD References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031005171245.GA82807@sheol.localdomain> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: security at FreeBSD cc: peter.lai@uconn.edu Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 12:04:49 -0000 On Sun, Oct 05, 2003 at 12:12:45PM -0500, D J Hawkey Jr wrote: > According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by > SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by > SA-03:18, but I'm not certain if its CVS tree was updated (neither the > HEADSUP nor the SA explicitly says so, but I'll bet it has been). Yes, the SA says so: Corrected: [...] 2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26) > I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having > said that, the Security team does release patches for EOL'd releases as > they see fit. No need to guess. See the table at . > > I was expecting to be able to manually patch my 4.6 sources > > and recompile just the crypto/secure subsystems but instead I was forced to Manual patching is really only recommended for gurus. Please use CVSup and report any problems. > > upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should > > have moved to RELENG_4_7 instead. RELENG_4_7 was EoL'd on September 30. Hmm, actually I think I'll extend that to October 31, considering the delay on FreeBSD 4.9-RELEASE. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 05:47:18 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1330D16A4B3 for ; Mon, 6 Oct 2003 05:47:18 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 588B944005 for ; Mon, 6 Oct 2003 05:47:16 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 10033 invoked by uid 1001); 6 Oct 2003 12:47:15 -0000 Date: Mon, 6 Oct 2003 08:47:15 -0400 From: "Peter C. Lai" To: "Jacques A. Vidrine" , D J Hawkey Jr , peter.lai@uconn.edu, security at FreeBSD Message-ID: <20031006124715.GB6660@cowbert.2y.net> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> <20031006120442.GA77299@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006120442.GA77299@madman.celabo.org> User-Agent: Mutt/1.4i Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 12:47:18 -0000 On Mon, Oct 06, 2003 at 07:04:42AM -0500, Jacques A. Vidrine wrote: > On Sun, Oct 05, 2003 at 12:12:45PM -0500, D J Hawkey Jr wrote: > > According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by > > SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by > > SA-03:18, but I'm not certain if its CVS tree was updated (neither the > > HEADSUP nor the SA explicitly says so, but I'll bet it has been). > > Yes, the SA says so: > > Corrected: [...] 2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26) > > > I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having > > said that, the Security team does release patches for EOL'd releases as > > they see fit. > > No need to guess. See the table at > . > > > > I was expecting to be able to manually patch my 4.6 sources > > > and recompile just the crypto/secure subsystems but instead I was forced to > > Manual patching is really only recommended for gurus. Please use > CVSup and report any problems. Yes, I CVSup'd to RELENG_4_6 and the secure/crypto subsystem failed to build correctly as I mentioned before (breaks on unresolved symbols during linking to libssh); DJ Hawkey didn't report any problems so I have no idea what was up :( > > > > upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should > > > have moved to RELENG_4_7 instead. > > RELENG_4_7 was EoL'd on September 30. Hmm, actually I think > I'll extend that to October 31, considering the delay on FreeBSD > 4.9-RELEASE. > > Cheers, > -- > Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal > nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 05:50:07 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B2E616A4B3 for ; Mon, 6 Oct 2003 05:50:07 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ECB743FA3 for ; Mon, 6 Oct 2003 05:50:06 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 038C25485D; Mon, 6 Oct 2003 07:50:06 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id B2C386D478; Mon, 6 Oct 2003 07:50:05 -0500 (CDT) Date: Mon, 6 Oct 2003 07:50:05 -0500 From: "Jacques A. Vidrine" To: peter.lai@uconn.edu Message-ID: <20031006125005.GB5562@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , peter.lai@uconn.edu, D J Hawkey Jr , security at FreeBSD References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> <20031006120442.GA77299@madman.celabo.org> <20031006124715.GB6660@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006124715.GB6660@cowbert.2y.net> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: security at FreeBSD Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 12:50:07 -0000 On Mon, Oct 06, 2003 at 08:47:15AM -0400, Peter C. Lai wrote: > Yes, I CVSup'd to RELENG_4_6 and the secure/crypto subsystem failed to > build correctly as I mentioned before (breaks on unresolved symbols during > linking to libssh); Do you have a report? What process did you use to rebuild your system? Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 06:53:35 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB75916A4BF; Mon, 6 Oct 2003 06:53:35 -0700 (PDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03E4F43FEC; Mon, 6 Oct 2003 06:53:34 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id 29D80837E; Mon, 6 Oct 2003 08:53:33 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h96DrW903773; Mon, 6 Oct 2003 08:53:32 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Mon, 6 Oct 2003 08:53:32 -0500 From: D J Hawkey Jr To: "Jacques A. Vidrine" , security at FreeBSD Message-ID: <20031006135332.GA3551@sheol.localdomain> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> <20031006120442.GA77299@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006120442.GA77299@madman.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 13:53:35 -0000 On Oct 06, at 07:04 AM, Jacques A. Vidrine wrote: > > On Sun, Oct 05, 2003 at 12:12:45PM -0500, D J Hawkey Jr wrote: > > According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by > > SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by > > SA-03:18, but I'm not certain if its CVS tree was updated (neither the > > HEADSUP nor the SA explicitly says so, but I'll bet it has been). > > Yes, the SA says so: > > Corrected: [...] 2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26) My bad. Thanks. > > I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having > > said that, the Security team does release patches for EOL'd releases as > > they see fit. > > No need to guess. See the table at > . OK, thanks again. I seem to remember this, somewhere in my volatile RAM. > > > I was expecting to be able to manually patch my 4.6 sources > > > and recompile just the crypto/secure subsystems but instead I was forced to > > Manual patching is really only recommended for gurus. Please use > CVSup and report any problems. Your point is well taken, and should be heeded, but I'm not sure about the "gurus" bit. I'm no guru, but I've been patching some EOL'd releases for a while now with little confusion. Having said that, I've been looking over the SA-03:15 patchfile for RELENG_4_6 to see if I must patch a RELENG_4_5 box. My observations: 1) In auth1.c, code is added to remember the last packet before getting the next, in order to free resources if the next isn't what's expected. The base OpenSSH in RELENG_4_5 doesn't allocate any such resources; that patch isn't appropriate. 2) In auth2-pam-freebsd.c, there is a sanity check to see that an alloc'd structure is properly initialized. Due to code style/structure, RELENG_4_5's auth_pam.c doesn't seem to require this, as the structure elements are explicitly set in the case clauses. 3) The default configuration is changed: RhostsRSAAuthentication -> no, StrictHostKeyChecking -> ask, Cipher -> 3des, and Ciphers -> ... . The first two explain why the SA omits RELENG_4_5. However, my corresponding question is: 3) Why the changes? Should RELENG_4_5's configuration also be changed? This is really the only question I have, as the code doesn't appear to need any attention. And an unrelated question: - What's the BSD_AUTH define for? There doesn't seem to be anything in RELENG_4_5 that activates the #ifdef'd code, and it looks as though it's removed in RELENG_4_6. Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 07:10:06 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D912C16A4C0 for ; Mon, 6 Oct 2003 07:10:06 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id B61CD43FB1 for ; Mon, 6 Oct 2003 07:10:02 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 461125485D; Mon, 6 Oct 2003 09:10:02 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 5AC936D476; Mon, 6 Oct 2003 09:10:01 -0500 (CDT) Date: Mon, 6 Oct 2003 09:10:01 -0500 From: "Jacques A. Vidrine" To: D J Hawkey Jr Message-ID: <20031006141001.GB46753@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , D J Hawkey Jr , security at FreeBSD References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> <20031006120442.GA77299@madman.celabo.org> <20031006135332.GA3551@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006135332.GA3551@sheol.localdomain> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: security at FreeBSD Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 14:10:07 -0000 On Mon, Oct 06, 2003 at 08:53:32AM -0500, D J Hawkey Jr wrote: > Your point is well taken, and should be heeded, but I'm not sure about > the "gurus" bit. I'm no guru, but I've been patching some EOL'd releases > for a while now with little confusion. I was trying to politely say, ``only by people who know what they are doing''. > Having said that, I've been looking over the SA-03:15 patchfile for > RELENG_4_6 to see if I must patch a RELENG_4_5 box. My observations: > > 1) In auth1.c, code is added to remember the last packet before getting > the next, in order to free resources if the next isn't what's expected. > The base OpenSSH in RELENG_4_5 doesn't allocate any such resources; > that patch isn't appropriate. > 2) In auth2-pam-freebsd.c, there is a sanity check to see that an alloc'd > structure is properly initialized. Due to code style/structure, > RELENG_4_5's auth_pam.c doesn't seem to require this, as the structure > elements are explicitly set in the case clauses. > 3) The default configuration is changed: RhostsRSAAuthentication -> no, > StrictHostKeyChecking -> ask, Cipher -> 3des, and Ciphers -> ... . > > The first two explain why the SA omits RELENG_4_5. Not completely. RELENG_4_5 is omitted also because it is no longer supported by the security-officer team and we ran out of resources at RELENG_4_6 (which is also no longer supported). You will note that RELENG_4_5 also did not receive fixes for the previous two OpenSSH security advisories. > However, my corresponding question is: > > 3) Why the changes? Should RELENG_4_5's configuration also be changed? > > This is really the only question I have, as the code doesn't appear to > need any attention. Check the commit logs on RELENG_4 from that period. The differences are due to normal development between the time 4.5-RELEASE and 4.6-RELEASE. > And an unrelated question: > > - What's the BSD_AUTH define for? There doesn't seem to be anything > in RELENG_4_5 that activates the #ifdef'd code, and it looks as > though it's removed in RELENG_4_6. bsdauth is an authentication mechanism preferred by OpenBSD (where they have no PAM, IIRC). Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 09:19:10 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64ED516A4BF for ; Mon, 6 Oct 2003 09:19:10 -0700 (PDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F97043FF2 for ; Mon, 6 Oct 2003 09:19:08 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id E48C38890 for ; Mon, 6 Oct 2003 11:19:07 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h96GJ6P05675 for freebsd-security@freebsd.org; Mon, 6 Oct 2003 11:19:06 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Mon, 6 Oct 2003 11:19:06 -0500 From: D J Hawkey Jr To: security at FreeBSD Message-ID: <20031006161906.GA5599@sheol.localdomain> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> <20031005171245.GA82807@sheol.localdomain> <20031006120442.GA77299@madman.celabo.org> <20031006135332.GA3551@sheol.localdomain> <20031006141001.GB46753@madman.celabo.org> <20031006145835.GA4742@sheol.localdomain> <20031006150205.GA1756@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006150205.GA1756@madman.celabo.org> User-Agent: Mutt/1.4.1i Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 16:19:10 -0000 On Oct 06, at 10:02 AM, Jacques A. Vidrine wrote: > > > > Check the commit logs on RELENG_4 from that period. The differences > > > are due to normal development between the time 4.5-RELEASE and > > > 4.6-RELEASE. > > I didn't make the changes, so I'd have to look at the CVS history to > answer specific questions myself. However, in general we change the > defaults to be `better' or `safer'. Just a coda to this sub-thread: The SSH config file changes in SA-03:15 reflect the defaults as doc'd in the RELENG_4_5 man pages, though the commented options in the default RELENG_4_5 config files do not match the documented defaults. L8r, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 14:29:23 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61C4616A4BF for ; Mon, 6 Oct 2003 14:29:23 -0700 (PDT) Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net [65.70.175.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 482D343F3F for ; Mon, 6 Oct 2003 14:29:20 -0700 (PDT) (envelope-from strgout@unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by dmz2.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id h96LpMk7000232 for ; Mon, 6 Oct 2003 16:51:22 -0500 (CDT) (envelope-from strgout@mail.unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by mail.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id h96LpMlf000229 for ; Mon, 6 Oct 2003 16:51:22 -0500 (CDT) (envelope-from strgout@mail.unixjunkie.com) Received: (from strgout@localhost) by mail.unixjunkie.com (8.12.8p2/8.12.8/Submit) id h96LpL29000228 for freebsd-security@freebsd.org; Mon, 6 Oct 2003 16:51:21 -0500 (CDT) (envelope-from strgout) Date: Mon, 6 Oct 2003 16:51:21 -0500 From: John To: freebsd-security@freebsd.org Message-ID: <20031006215121.GA208@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: vixie cron issue. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 21:29:23 -0000 Well i haven't seen anyone talk about this, so i was just wondering if FreeBSD is affected by this. http://xforce.iss.net/xforce/xfdb/6508 From owner-freebsd-security@FreeBSD.ORG Mon Oct 6 14:39:49 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46FAC16A4B3 for ; Mon, 6 Oct 2003 14:39:49 -0700 (PDT) Received: from chaos.fxp.org (chaos.fxp.org [209.251.159.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8440643F3F for ; Mon, 6 Oct 2003 14:39:46 -0700 (PDT) (envelope-from jedgar@fxp.org) Received: by chaos.fxp.org (Postfix, from userid 1000) id 5187F401; Mon, 6 Oct 2003 17:39:45 -0400 (EDT) Date: Mon, 6 Oct 2003 17:39:45 -0400 From: Chris Faulhaber To: John Message-ID: <20031006213944.GC24797@chaos.fxp.org> References: <20031006215121.GA208@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031006215121.GA208@mail.unixjunkie.com> X-Mailer: socket() X-Mailman-Approved-At: Tue, 07 Oct 2003 08:27:30 -0700 cc: freebsd-security@freebsd.org Subject: Re: vixie cron issue. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 21:39:49 -0000 On Mon, Oct 06, 2003 at 04:51:21PM -0500, John wrote: > Well i haven't seen anyone talk about this, so i was just wondering > if FreeBSD is affected by this. > > http://xforce.iss.net/xforce/xfdb/6508 It was probably discussed two or so years ago. That article has the following date: Reported: May 07 2001. which corresponds to: FreeBSD-SA-01:09.crontab ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org From owner-freebsd-security@FreeBSD.ORG Wed Oct 8 04:36:13 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7673A16A4B3 for ; Wed, 8 Oct 2003 04:36:13 -0700 (PDT) Received: from pinvest.kiev.ua (pinvest.kiev.ua [212.90.167.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFB6A43FE3 for ; Wed, 8 Oct 2003 04:36:11 -0700 (PDT) (envelope-from andrey@kiev.pinvest-ua.com) Received: from andrey.kiev.pinvest (localhost [127.0.0.1]) by pinvest.kiev.ua (8.12.9p2/8.12.9) with ESMTP id h98BjV7x079592 for ; Wed, 8 Oct 2003 14:45:31 +0300 (EEST) (envelope-from andrey@kiev.pinvest-ua.com) Date: Wed, 8 Oct 2003 14:38:25 +0300 From: "Andrey V. Luzan" X-Mailer: The Bat! (v2.00) CD5BF9353B3B7091 Organization: JSB Privatinvest X-Priority: 3 (Normal) Message-ID: <882520718.20031008143825@kiev.pinvest-ua.com> To: freebsd-security@freebsd.org In-Reply-To: <72177741062.20031008095404@kiev.pinvest-ua.com> References: <72177741062.20031008095404@kiev.pinvest-ua.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: base64 X-Spam-Status: No, hits=0.6 required=6.0 tests=BASE64_ENC_TEXT,IN_REP_TO,REFERENCES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: freebsd.org mirroring X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Andrey V. Luzan" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2003 11:36:13 -0000 SGVsbG8gYWxsLA0KDQpIZWxwIG1lIHBsZWFzZSBkbyBtaXJyb3Igb2YgZnJlZWJzZC5vcmcu DQoNCkkgZ290ICouc2dtbCB0aHJvdWdoIENWU3VwLCBpbnN0YWxsZWQgdGV4dHByb2MvZG9j cHJvai4NCg0KQnV0IHdoZW4gSSB0eXBlZCBtYWtlOg0KDQpbcm9vdEB4eHggL3d3dy9mcmVl YnNkL11tYWtlDQo9PT0+IGVuDQo9PT0+IGVuL3NlY3VyaXR5DQo9PT0+IGVuL2NvbW1lcmNp YWwNCj09PT4gZW4vZG9jcHJvag0KPT09PiBlbi9uZXdzDQo9PT0+IGVuL25ld3MvMTk5Mw0K PT09PiBlbi9uZXdzLzE5OTYNCj09PT4gZW4vbmV3cy8xOTk3DQo9PT0+IGVuL25ld3MvMTk5 OA0KPT09PiBlbi9uZXdzLzE5OTkNCj09PT4gZW4vbmV3cy8yMDAwDQo9PT0+IGVuL25ld3Mv MjAwMQ0KPT09PiBlbi9uZXdzLzIwMDINCj09PT4gZW4vbmV3cy9zdGF0dXMNCj09PT4gZW4v YWR2b2NhY3kNCj09PT4gZW4vZXZlbnRzDQo9PT0+IGVuL2V2ZW50cy8yMDAyDQo9PT0+IGVu L2V2ZW50cy8yMDAzDQo9PT0+IGVuL0ZBUQ0KPT09PiBlbi9oYW5kYm9vaw0KPT09PiBlbi9p bnRlcm5hbA0KPT09PiBlbi9qYXZhDQo9PT0+IGVuL2phdmEvZGlzdHMNCj09PT4gZW4vamF2 YS9kb2NzDQo9PT0+IGVuL2phdmEvbGlua3MNCj09PT4gZW4vY29weXJpZ2h0DQo9PT0+IGVu L3NlYXJjaA0KPT09PiBlbi9nYWxsZXJ5DQo9PT0+IGVuL3Byb2plY3RzDQo9PT0+IGVuL3By b2plY3RzL2J1c2RtYQ0KPT09PiBlbi9wcm9qZWN0cy9jOTkNCj09PT4gZW4vcHJvamVjdHMv bWlwcw0KPT09PiBlbi9wcnN0YXRzDQo9PT0+IGVuL3BsYXRmb3Jtcw0KPT09PiBlbi9wbGF0 Zm9ybXMvaWE2NA0KPT09PiBlbi9yZWxlYXNlcw0KPT09PiBlbi9yZWxlYXNlcy8xLjENCj09 PT4gZW4vcmVsZWFzZXMvMS4xLjUNCj09PT4gZW4vcmVsZWFzZXMvMi4wDQo9PT0+IGVuL3Jl bGVhc2VzLzIuMC41Ug0KPT09PiBlbi9yZWxlYXNlcy8yLjFSDQo9PT0+IGVuL3JlbGVhc2Vz LzIuMS41Ug0KPT09PiBlbi9yZWxlYXNlcy8yLjEuNlINCj09PT4gZW4vcmVsZWFzZXMvMi4x LjdSDQo9PT0+IGVuL3JlbGVhc2VzLzIuMlINCj09PT4gZW4vcmVsZWFzZXMvMi4yLjFSDQo9 PT0+IGVuL3JlbGVhc2VzLzIuMi4yUg0KPT09PiBlbi9yZWxlYXNlcy8yLjIuNVINCj09PT4g ZW4vcmVsZWFzZXMvMi4yLjZSDQo9PT0+IGVuL3JlbGVhc2VzLzIuMi43Ug0KPT09PiBlbi9y ZWxlYXNlcy8yLjIuOFINCj09PT4gZW4vcmVsZWFzZXMvMy4wUg0KPT09PiBlbi9yZWxlYXNl cy8zLjFSDQo9PT0+IGVuL3JlbGVhc2VzLzMuMlINCj09PT4gZW4vcmVsZWFzZXMvMy4zUg0K PT09PiBlbi9yZWxlYXNlcy8zLjRSDQo9PT0+IGVuL3JlbGVhc2VzLzMuNVINCj09PT4gZW4v cmVsZWFzZXMvNC4wUg0KPT09PiBlbi9yZWxlYXNlcy80LjFSDQo9PT0+IGVuL3JlbGVhc2Vz LzQuMS4xUg0KPT09PiBlbi9yZWxlYXNlcy80LjJSDQo9PT0+IGVuL3JlbGVhc2VzLzQuM1IN Cj09PT4gZW4vcmVsZWFzZXMvNC40Ug0KPT09PiBlbi9yZWxlYXNlcy80LjVSDQo9PT0+IGVu L3JlbGVhc2VzLzQuNlINCj09PT4gZW4vcmVsZWFzZXMvNC42LjJSDQo9PT0+IGVuL3JlbGVh c2VzLzQuN1INCj09PT4gZW4vcmVsZWFzZXMvNC44Ug0KPT09PiBlbi9yZWxlYXNlcy80LjlS DQo9PT0+IGVuL3JlbGVhc2VzLzUuMFINCj09PT4gZW4vcmVsZWFzZXMvNS4wUi9EUDENCj09 PT4gZW4vcmVsZWFzZXMvNS4wUi9EUDINCj09PT4gZW4vcmVsZWFzZXMvNS4xUg0KPT09PiBl bi9yZWxlYXNlcy81LjJSDQo9PT0+IGVuL3JlbGVuZw0KPT09PiBlbi9zbXANCj09PT4gZW4v a3NlDQo9PT0+IGVuL2dub21lDQovdXNyL2xvY2FsL2Jpbi94c2x0cHJvYyAgLW8gaW5kZXgu aHRtbCAgL3Vzci9sb2NhbC93d3cvZnJlZWJzZC93d3cvZW4vZ25vbWUvaW5kZXgueHNsIC91 c3IvbG9jYWwvd3d3L2ZyZWVic2Qvd3d3L2VuL2dub21lL25ld3MueG1sDQpmaWxlOi8vL3Vz ci9sb2NhbC9zaGFyZS94bWwvY2F0YWxvZzoxOiBlcnJvcjogU3RhcnQgdGFnIGV4cGVjdGVk LCAnPCcgbm90IGZvdW5kDQpDQVRBTE9HICJkdGQvY2F0YWxvZyINCl4NCi91c3IvbG9jYWwv YmluL3RpZHkgLWkgLW0gLXJhdyAtcHJlc2VydmUgLWYgL2Rldi9udWxsIC1hc3htbCAgaW5k ZXguaHRtbA0KKioqIEVycm9yIGNvZGUgMSAoaWdub3JlZCkNCj09PT4gZW4vZ25vbWUvZG9j cw0KPT09PiBlbi9nbm9tZS9pbWFnZXMNCj09PT4gZW4vZG9uYXRpb25zDQo9PT0+IGVuL3Bv cnRzDQpjZCAvdXNyL2xvY2FsL3d3dy9mcmVlYnNkL3d3dy9lbi9wb3J0czsgIG1ha2UgIC1m IC91c3IvbG9jYWwvd3d3L2ZyZWVic2Qvd3d3L2VuL3BvcnRzL01ha2VmaWxlLmluYzAgYWxs DQovdXNyL2Jpbi9zZWQgLWUgJ3MvPCFFTlRJVFkgZGF0ZVsgXHRdKiIkRnJlZVtCXVNELiAu KiBcKC4qIC4qXCkgLiogLiogJCI+LzwhRU5USVRZIGRhdGUgIkxhc3QgbW9kaWZpZWQ6IFwx Ij4vJyAgaW5kZXguc2dtbCB8ICAvdXNyL2Jpbi9lbnYgU0dNTF9DQVRBTE9HX0ZJTEVTPSAg L3Vzci9sb2NhbC9iaW4vc2dtbG5vcm0gLWQgIC1jIC91c3IvbG9jYWwvc2hhcmUvc2dtbC9o dG1sL2NhdGFsb2cgLUQgL3Vzci9sb2NhbC93d3cvZnJlZWJzZC93d3cvZW4vcG9ydHMgPiBp bmRleC5odG1sIHx8ICAoL2Jpbi9ybSAtZiBpbmRleC5odG1sICYmIGZhbHNlKQ0KL3Vzci9s b2NhbC9iaW4vc2dtbG5vcm06PE9TRkQ+MDoxNjo0OkU6IGVuZCB0YWcgZm9yICJVTCIgd2hp Y2ggaXMgbm90IGZpbmlzaGVkDQoqKiogRXJyb3IgY29kZSAxDQoNClN0b3AgaW4gL3Vzci9s b2NhbC93d3cvZnJlZWJzZC93d3cvZW4vcG9ydHMuDQoqKiogRXJyb3IgY29kZSAxDQoNClN0 b3AgaW4gL3Vzci9sb2NhbC93d3cvZnJlZWJzZC93d3cvZW4vcG9ydHMuDQoqKiogRXJyb3Ig Y29kZSAxDQoNClN0b3AgaW4gL3Vzci9sb2NhbC93d3cvZnJlZWJzZC93d3cvZW4uDQoqKiog RXJyb3IgY29kZSAxDQoNClN0b3AgaW4gL3Vzci9sb2NhbC93d3cvZnJlZWJzZC93d3cuDQoN CiAgDQpXaGF0IGRvIEkgd3JvbmcgPw0KDQotLSANCkJlc3QgcmVnYXJkcywNCiBBbmRyZXkg ICAgICAgICAgICAgICAgICAgICAgICAgIG1haWx0bzphbmRyZXlAa2lldi5waW52ZXN0LXVh LmNvbQ0KDQoNCg== From owner-freebsd-security@FreeBSD.ORG Wed Oct 8 04:40:22 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 15F8416A4B3 for ; Wed, 8 Oct 2003 04:40:22 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-169-107-253.dsl.lsan03.pacbell.net [64.169.107.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 133EE43FD7 for ; Wed, 8 Oct 2003 04:40:21 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id A1ECC66E30; Wed, 8 Oct 2003 04:40:20 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 5BC966DD; Wed, 8 Oct 2003 04:40:20 -0700 (PDT) Date: Wed, 8 Oct 2003 04:40:20 -0700 From: Kris Kennaway To: "Andrey V. Luzan" Message-ID: <20031008114019.GA63702@rot13.obsecurity.org> References: <72177741062.20031008095404@kiev.pinvest-ua.com> <882520718.20031008143825@kiev.pinvest-ua.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline In-Reply-To: <882520718.20031008143825@kiev.pinvest-ua.com> User-Agent: Mutt/1.4.1i cc: freebsd-security@freebsd.org Subject: Re: freebsd.org mirroring X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Oct 2003 11:40:22 -0000 --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 08, 2003 at 02:38:25PM +0300, Andrey V. Luzan wrote: > Hello all, >=20 > Help me please do mirror of freebsd.org. Don't post off-topic messages. Kris --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/g/ejWry0BWjoQKURAh3vAKDoTKD92ZRhD7q548CSMp+WwxV7GQCg+esV 5qWpujsJ+ELiPzbY6m+2tcU= =P2DP -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G--