From owner-freebsd-security@FreeBSD.ORG Mon May 23 12:27:45 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C245916A41C for ; Mon, 23 May 2005 12:27:45 +0000 (GMT) (envelope-from mohanchandra_01@yahoo.co.in) Received: from web8508.mail.in.yahoo.com (web8508.mail.in.yahoo.com [202.43.219.170]) by mx1.FreeBSD.org (Postfix) with SMTP id B32A443D1F for ; Mon, 23 May 2005 12:27:44 +0000 (GMT) (envelope-from mohanchandra_01@yahoo.co.in) Received: (qmail 49624 invoked by uid 60001); 23 May 2005 12:27:42 -0000 Message-ID: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> Received: from [203.126.245.198] by web8508.mail.in.yahoo.com via HTTP; Mon, 23 May 2005 13:27:42 BST Date: Mon, 23 May 2005 13:27:42 +0100 (BST) From: mohan chandra To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 12:27:45 -0000 Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and Linux (kernel-2.4.20-8), now I am trying to estblish ipsec tunnel between these two systems.so specify the what further procedure can be done to establish the secure tunnel. Please help me to enable the connection...Any sort of suggestion will be appreciated . Thanx, with regards, Mohan. ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony From owner-freebsd-security@FreeBSD.ORG Mon May 23 16:28:02 2005 Return-Path: X-Original-To: security@freebsd.org Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD3FD16A41C for ; Mon, 23 May 2005 16:28:02 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75C0B43D48 for ; Mon, 23 May 2005 16:28:02 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) by gw.celabo.org (Postfix) with ESMTP id ED7023E2D33; Mon, 23 May 2005 11:28:01 -0500 (CDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by lum.celabo.org (Postfix) with ESMTP id AD2A9FA14C; Mon, 23 May 2005 11:28:00 -0500 (CDT) In-Reply-To: <20050519105313.GC2724@unixpages.org> References: <20050519105313.GC2724@unixpages.org> Mime-Version: 1.0 (Apple Message framework v728) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-1--1028004459" Message-Id: <97D5BFC7-D07D-4DB5-A6C2-D4C71C679CA4@FreeBSD.org> Content-Transfer-Encoding: 7bit From: Jacques Vidrine Date: Mon, 23 May 2005 11:27:12 -0500 To: Christian Brueffer X-Pgp-Agent: GPGMail 1.1 (Tiger) X-Mailer: Apple Mail (2.728) Cc: security@freebsd.org Subject: Re: TCP timestamp vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 16:28:04 -0000 --Apple-Mail-1--1028004459 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with > it. > > My guess is that he didn't notify you guys either. > > I stumbled upon this through a Heise News article at > http://www.heise.de/newsticker/meldung/59672. Sent them an update > about > the fixed branches, but they'd like to know why this wasn't > communicated > back to US-CERT yadda yadda yadda. Thanks, Christian. No, ps@ didn't point it out. It gets a little confusing too, since I see that the work was submitted by multiple folks, one of which reported another related vulnerability to us on May 18 (7 days after that commit). Now to try to untangle what is what ... -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org --Apple-Mail-1--1028004459 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCkgSPjDKM/xYG25URArAnAKCN1YwkK/jr3fGSNkU2bdPoHS0aoQCdHH5n YlN9I4ebA3qqgEFDI4eNUao= =mwFb -----END PGP SIGNATURE----- --Apple-Mail-1--1028004459-- From owner-freebsd-security@FreeBSD.ORG Mon May 23 20:39:05 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA2F816A41C for ; Mon, 23 May 2005 20:39:05 +0000 (GMT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id E048743D53 for ; Mon, 23 May 2005 20:39:02 +0000 (GMT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from localhost (localhost [127.0.0.1]) by cactus.fi.uba.ar (8.13.3/8.13.3) with ESMTP id j4NKcU1F019347; Mon, 23 May 2005 17:38:32 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 23 May 2005 17:38:30 -0300 (ART) From: Fernando Gleiser To: mohan chandra In-Reply-To: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> Message-ID: <20050523173419.U19267@cactus.fi.uba.ar> References: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Scanned-By: MIMEDefang 2.51 on 157.92.49.108 Cc: freebsd-security@freebsd.org Subject: Re: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 20:39:05 -0000 On Mon, 23 May 2005, mohan chandra wrote: > Hi, > > I am trying to setup ipsec tunnel between Freebsd > (host1) and Linux (host2) systems.And I also > interested in executing some ipsec test cases( Like > TAHI conformance test suite) on the same connection. > Please, suggest me some details regarding this setup > and Specify any materials which can be obtained from > from any locations(site).. I did it a couple of years ago to build a VPN between a company running FreeBSD in the firewall and the remote location runing Linux. It works well, although it has some minor issues. I used some pdf I've found in www.ipv6.iabg.de, but that site seems to be dead. I think I still have that pdf somewhere, email me if you're interested. > > I have enabled IPSec support for FreeBSD (4.11 > Release) and Linux (kernel-2.4.20-8), now I am trying > to estblish ipsec tunnel between these two systems.so > specify the what further procedure can be done to > establish the secure tunnel. > > Please help me to enable the connection...Any sort of > suggestion will be appreciated . > > Thanx, > > with regards, > Mohan. > > ________________________________________________________________________ > Yahoo! India Matrimony: Find your life partner online > Go to: http://yahoo.shaadi.com/india-matrimony > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon May 23 21:46:37 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5DE716A41C for ; Mon, 23 May 2005 21:46:37 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix4-1.free.fr (postfix4-1.free.fr [213.228.0.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6666443D1F for ; Mon, 23 May 2005 21:46:37 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix4-1.free.fr (Postfix) with ESMTP id 5693B120BFA; Mon, 23 May 2005 23:46:36 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id F41E7407E; Mon, 23 May 2005 23:46:36 +0200 (CEST) Date: Mon, 23 May 2005 23:46:36 +0200 From: Jeremie Le Hen To: mohan chandra Message-ID: <20050523214636.GG850@obiwan.tataz.chchile.org> References: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> User-Agent: Mutt/1.5.9i Cc: freebsd-security@freebsd.org Subject: Re: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 21:46:37 -0000 Hi Mohan, > I am trying to setup ipsec tunnel between Freebsd > (host1) and Linux (host2) systems.And I also > interested in executing some ipsec test cases( Like > TAHI conformance test suite) on the same connection. > Please, suggest me some details regarding this setup > and Specify any materials which can be obtained from > from any locations(site).. > > I have enabled IPSec support for FreeBSD (4.11 > Release) and Linux (kernel-2.4.20-8), now I am trying > to estblish ipsec tunnel between these two systems.so > specify the what further procedure can be done to > establish the secure tunnel. > > Please help me to enable the connection...Any sort of > suggestion will be appreciated . FreeBSD uses either KAME IPSec or OpenBSD IPSec (known as Fast-IPSec). As far as I can tell, they are mostly compatible. Linux have two implementation of IPSec : FreeS/WAN and USAGI. FreeS/WAN is, IMHO, a big crap, has ugly code and configuration file. On the other hand, USAGI uses the same userland tools as BSD because they used to work in tight collaboration with KAME (I can't remember the detail though). Furthermore, IIRC, USAGI has been chosen to be merged to Linux mainstream kernel, FreeS/WAN seems to have died since, their last release is dated for more than one year ago. Since the daemons and configuration tools are the same now in BSD and Linux, I think this should not bring to much pain to you to make them work together. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-security@FreeBSD.ORG Tue May 24 01:13:24 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9A8216A41F; Tue, 24 May 2005 01:13:24 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 413B743D48; Tue, 24 May 2005 01:13:24 +0000 (GMT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 9B098ACAEE; Tue, 24 May 2005 03:13:22 +0200 (CEST) Date: Tue, 24 May 2005 03:13:22 +0200 From: Pawel Jakub Dawidek To: freebsd-security@FreeBSD.org Message-ID: <20050524011322.GI837@darkness.comp.waw.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jm8b7ayRJkwjIulh" Content-Disposition: inline User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 Cc: rwatson@FreeBSD.org Subject: Jail support for mac_portacl(4). X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 01:13:25 -0000 --jm8b7ayRJkwjIulh Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. When we don't have too many IP addresses available and we want to run for example www server inside a jail, but use the same IP address as the main system, we need to actually use an internal IP address and forward http port with firewall from external IP to jail's IP. In that way we know that if somebody breaks into out jail, he cannot run sshd server (we have keys, I know) or any other not-http service inside a jail with out public IP address. This patch gives another option, so one don't need to use firewall for this purpose. It adds new idtype - 'jid'. With this patch, one can configure that jail with the given JID can use only defined ports: # sysctl security.mac.portacl.rules=3D"jid:1:tcp:80" Patch is here: http://people.freebsd.org/~pjd/patches/mac_portacl.c.patch Any objections? PS. With the above policy, processes from outside a jail can bind to port 80. We can change this behaviour to "allow port 80 to be used only inside a jail 1". This will be a warning for not jailed processes (don't use this port, because it can be used in a jail which will overwrite your service). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --jm8b7ayRJkwjIulh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFCkn+yForvXbEpPzQRAp07AJ9cuK3GZ48leBG+Kylcx8aEhspj7ACdFn0+ lkxxNwsqT9WiC5vS0BytMLs= =juqj -----END PGP SIGNATURE----- --jm8b7ayRJkwjIulh-- From owner-freebsd-security@FreeBSD.ORG Tue May 24 07:24:49 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 336F516A41C for ; Tue, 24 May 2005 07:24:49 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from kraid.nerim.net (smtp-102-tuesday.nerim.net [62.4.16.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80B7F43D49 for ; Tue, 24 May 2005 07:24:47 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by kraid.nerim.net (Postfix) with ESMTP id 9A8D440F46; Tue, 24 May 2005 09:24:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id C0034C478; Tue, 24 May 2005 09:24:51 +0200 (CEST) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43899-03; Tue, 24 May 2005 09:24:43 +0200 (CEST) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 11A97C352; Tue, 24 May 2005 09:24:43 +0200 (CEST) To: Jeremie Le Hen From: Eric Masson In-Reply-To: <20050523214636.GG850@obiwan.tataz.chchile.org> (Jeremie Le Hen's message of "Mon, 23 May 2005 23:46:36 +0200") References: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> <20050523214636.GG850@obiwan.tataz.chchile.org> X-Operating-System: FreeBSD 5.4-RELEASE i386 Date: Tue, 24 May 2005 09:24:43 +0200 Message-ID: <86oeb13x38.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-security@freebsd.org, mohan chandra Subject: Re: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 07:24:49 -0000 Jeremie Le Hen writes: > FreeBSD uses either KAME IPSec or OpenBSD IPSec (known as Fast-IPSec). > As far as I can tell, they are mostly compatible. No interop problem known here with pre shared keys. > Since the daemons and configuration tools are the same now in BSD and > Linux, I think this should not bring to much pain to you to make them > work together. >From what i've read, Kame racoon seems to be deprecated in favor of ipsec-tools racoon, Larry Baird & Yvan Vanhullebus are working on NAT-T support on FreeBSD (patches available on ipsec-tools website) and merge into HEAD seems to be on the way. Regards Éric Masson -- Par l'exemple, tester si déjà présent, le charger, le décharger... -+- Joe in: - Change pas de main -+- From owner-freebsd-security@FreeBSD.ORG Tue May 24 07:39:19 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB5CF16A41C for ; Tue, 24 May 2005 07:39:19 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 951BF43D1D for ; Tue, 24 May 2005 07:39:19 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id B6257C0D0; Tue, 24 May 2005 09:39:17 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 00B5D407E; Tue, 24 May 2005 09:39:18 +0200 (CEST) Date: Tue, 24 May 2005 09:39:18 +0200 From: Jeremie Le Hen To: Eric Masson Message-ID: <20050524073918.GO850@obiwan.tataz.chchile.org> References: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> <20050523214636.GG850@obiwan.tataz.chchile.org> <86oeb13x38.fsf@srvbsdnanssv.interne.kisoft-services.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86oeb13x38.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Mutt/1.5.9i Cc: freebsd-security@freebsd.org, mohan chandra , Jeremie Le Hen Subject: Re: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 07:39:20 -0000 Hi Eric, > > FreeBSD uses either KAME IPSec or OpenBSD IPSec (known as Fast-IPSec). > > As far as I can tell, they are mostly compatible. > > No interop problem known here with pre shared keys. > > > Since the daemons and configuration tools are the same now in BSD and > > Linux, I think this should not bring to much pain to you to make them > > work together. > > >From what i've read, Kame racoon seems to be deprecated in favor of > ipsec-tools racoon, Larry Baird & Yvan Vanhullebus are working on NAT-T > support on FreeBSD (patches available on ipsec-tools website) and merge > into H Thank you for these precisions. I checked ipsec-tools website and I can't find the NAT-T patch. Would you point me out where it is please ? Cheers, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > From owner-freebsd-security@FreeBSD.ORG Tue May 24 07:53:11 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E865A16A41C for ; Tue, 24 May 2005 07:53:11 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from mallaury.noc.nerim.net (smtp-102-tuesday.noc.nerim.net [62.4.17.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DF5943D1D for ; Tue, 24 May 2005 07:53:11 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.noc.nerim.net (Postfix) with ESMTP id 1C60E62D19; Tue, 24 May 2005 09:53:09 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id 1A832C4FA; Tue, 24 May 2005 09:53:15 +0200 (CEST) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44066-05; Tue, 24 May 2005 09:53:06 +0200 (CEST) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 833B8C478; Tue, 24 May 2005 09:53:06 +0200 (CEST) To: Jeremie Le Hen From: Eric Masson In-Reply-To: <20050524073918.GO850@obiwan.tataz.chchile.org> (Jeremie Le Hen's message of "Tue, 24 May 2005 09:39:18 +0200") References: <20050523122742.49622.qmail@web8508.mail.in.yahoo.com> <20050523214636.GG850@obiwan.tataz.chchile.org> <86oeb13x38.fsf@srvbsdnanssv.interne.kisoft-services.com> <20050524073918.GO850@obiwan.tataz.chchile.org> X-Operating-System: FreeBSD 5.4-RELEASE i386 Date: Tue, 24 May 2005 09:53:06 +0200 Message-ID: <86br713vrx.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Cc: freebsd-security@freebsd.org, mohan chandra Subject: Re: How to setup IPSec tunnel between FreeBSD and Linux systems...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 07:53:12 -0000 Jeremie Le Hen writes: Hi Jeremie, > Thank you for these precisions. I checked ipsec-tools website and I > can't find the NAT-T patch. Would you point me out where it is please ? Patch from Yvan against 5.3 (iirc) is available here : http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/freebsd_nat-t.diff?rev=1.4&view=log Larry Baird has another patch set, but I don't know if it's available for download anywhere. Éric Masson -- >Sais-tu pourquoi les bidasses n'ont pas le droit de marcher au pas >sur les ponts ? si y'en à un qui tombe, ils se suivent tous ? -+- Rom in Gnu - Un deux, un deux, un deux, un deuuuuuuuuuu... plouf-+- From owner-freebsd-security@FreeBSD.ORG Wed May 25 21:52:55 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF0D416A41C for ; Wed, 25 May 2005 21:52:55 +0000 (GMT) (envelope-from des@des.no) Received: from osl1smout1.broadpark.no (osl1smout1.broadpark.no [80.202.4.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52B1743D4C for ; Wed, 25 May 2005 21:52:55 +0000 (GMT) (envelope-from des@des.no) Received: from osl1sminn1.broadpark.no ([80.202.4.59]) by osl1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IH20052SLBKGN50@osl1smout1.broadpark.no> for freebsd-security@freebsd.org; Thu, 26 May 2005 01:59:44 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by osl1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IH20097GFMEVZ00@osl1sminn1.broadpark.no> for freebsd-security@freebsd.org; Wed, 25 May 2005 23:56:39 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id 0DB6245165; Wed, 25 May 2005 23:52:54 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 8F8DF45157; Wed, 25 May 2005 23:52:49 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 5D56233C1C; Wed, 25 May 2005 23:52:49 +0200 (CEST) Date: Wed, 25 May 2005 23:52:49 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: To: panagiotis galiotos Message-id: <86wtpnj7m6.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: Cc: freebsd-security@freebsd.org Subject: Re: Versions issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2005 21:52:56 -0000 panagiotis galiotos writes: > I'm trying to figure out which version I'm currently using. The > sysctl return the following values: > > kern.osreldate: 502101 > kern.osrelease: 5.2 - CURRENT > > Which version is that ? Is it plain 5.2 current or 5.2.1 ? Neither. It's 5-CURRENT between 2003/12/19 and 2004/01/30. A clean 5.2-RELEASE, or 5.2 with only security patches applied, would have an osreldate in the range 502000 - 502099. Your system was either upgraded manually from sources, or installed from a snapshot (if any were made in that time span), and is probably subject to a number of known security vulnerabilities. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed May 25 22:49:23 2005 Return-Path: X-Original-To: security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ED2216A41C for ; Wed, 25 May 2005 22:49:23 +0000 (GMT) (envelope-from nakaji@takamatsu-nct.ac.jp) Received: from www.heimat.gr.jp (www.heimat.gr.jp [221.186.186.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8B7643D55 for ; Wed, 25 May 2005 22:49:21 +0000 (GMT) (envelope-from nakaji@takamatsu-nct.ac.jp) Received: from ra333.heimat.gr.jp.takamatsu-nct.ac.jp ([IPv6:2001:3e0:a84:0:200:4cff:fe17:573c]) by www.heimat.gr.jp (8.13.3/8.13.1) with ESMTP id j4PMnASK056557 for ; Thu, 26 May 2005 07:49:10 +0900 (JST) (envelope-from nakaji@takamatsu-nct.ac.jp) Sender: nakaji@takamatsu-nct.ac.jp From: NAKAJI Hiroyuki To: security@FreeBSD.org References: <200505242242.j4OMglSA099193@repoman.freebsd.org> Date: Thu, 26 May 2005 07:49:10 +0900 In-Reply-To: <200505242242.j4OMglSA099193@repoman.freebsd.org> (Pav Lucistnik's message of "Tue, 24 May 2005 22:42:47 +0000 (UTC)") Message-ID: <86mzqidiqh.fsf@ra333.heimat.gr.jp> User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 26 May 2005 14:00:48 +0000 Cc: Subject: vid%203b3676be-52e1-11d9-a9e7-0001020eed82 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2005 22:49:23 -0000 Dear Security Team, Ports/japanese/samba is updated to ja-samba-2.2.12-j1.0beta1, which fixes CAN-2004-1154. Please update the portaudit database. >>>>> In <200505242242.j4OMglSA099193@repoman.freebsd.org> >>>>> Pav Lucistnik wrote: > pav 2005-05-24 22:42:47 UTC > FreeBSD ports repository > Modified files: > japanese/samba Makefile distinfo > Removed files: > japanese/samba/files patch-smbd:vfs.c > japanese/samba/scripts configure.samba > Log: > - Update to 2.2.12-ja-1.0beta1 > PR: ports/81350 > Submitted by: NAKAJI Hiroyuki (maintainer) > Security: fixes CAN-2004-1154 > Revision Changes Path > 1.48 +3 -3 ports/japanese/samba/Makefile > 1.24 +2 -2 ports/japanese/samba/distinfo > 1.2 +0 -10 ports/japanese/samba/files/patch-smbd:vfs.c (dead) > 1.4 +0 -101 ports/japanese/samba/scripts/configure.samba (dead) > _______________________________________________ > cvs-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-all > To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" -- NAKAJI Hiroyuki