From owner-freebsd-security@FreeBSD.ORG Sun Apr 29 05:45:19 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A7D616A401 for ; Sun, 29 Apr 2007 05:45:19 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.freebsd.org (Postfix) with ESMTP id B326D13C468 for ; Sun, 29 Apr 2007 05:45:18 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id l3T5PLcv099898 for ; Sun, 29 Apr 2007 13:25:21 +0800 (KRAST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id l3T5PJ6j099896 for freebsd-security@freebsd.org; Sun, 29 Apr 2007 13:25:19 +0800 (KRAST) (envelope-from eugen) Date: Sun, 29 Apr 2007 13:25:19 +0800 From: Eugene Grosbein To: freebsd-security@freebsd.org Message-ID: <20070429052519.GB99449@svzserv.kemerovo.su> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4633BDE9.7080103@yahoo.com> User-Agent: Mutt/1.4.2.1i Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2007 05:45:19 -0000 On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > Umm maybe its just but I fail to see why this is a security advisory > (initially caught this on the OBSD list). You are following the RFC .. > if you don't like "evil" packets, then drop them at the firewall or > router layer ... don't see the need for an OS fix. Design flow in the RFC still may be security vulnerability, doesn't it? Eugene Grosbein From owner-freebsd-security@FreeBSD.ORG Sun Apr 29 18:14:21 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 15CE616A402 for ; Sun, 29 Apr 2007 18:14:21 +0000 (UTC) (envelope-from robert@ml.erje.net) Received: from smtpout-2.iphouse.net (smtpout-2.iphouse.net [216.250.188.191]) by mx1.freebsd.org (Postfix) with ESMTP id D26E713C448 for ; Sun, 29 Apr 2007 18:14:20 +0000 (UTC) (envelope-from robert@ml.erje.net) Received: from smtpout-2.iphouse.net (localhost [127.0.0.1]) by outbound-clamsmtpd.iphouse.net (Postfix) with ESMTP id 71DF62AC57F for ; Sun, 29 Apr 2007 12:55:04 -0500 (CDT) Received: from ziemel.erje.net (erje.net [213.84.32.196]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpout-2.iphouse.net (Postfix) with ESMTP id 1DFD62AC48E for ; Sun, 29 Apr 2007 12:55:04 -0500 (CDT) Received: from ismet.erje.net (ismet.erje.net [IPv6:2001:888:1f33::8e45:7e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ziemel.erje.net (PostFix 2.4.0) with ESMTP id 2077D1287B1 for ; Sun, 29 Apr 2007 19:48:46 +0200 (CEST) Received: from ismet.erje.net (localhost [127.0.0.1]) by ismet.erje.net (8.13.6/8.13.3) with ESMTP id l3THmjKo020429 for ; Sun, 29 Apr 2007 19:48:45 +0200 (CEST) (envelope-from robert@ml.erje.net) Received: (from robert@localhost) by ismet.erje.net (8.13.6/8.13.3/Submit) id l3THmiKH020428 for freebsd-security@freebsd.org; Sun, 29 Apr 2007 19:48:44 +0200 (CEST) (envelope-from robert@ml.erje.net) X-Authentication-Warning: ismet.erje.net: robert set sender to robert@ml.erje.net using -f Date: Sun, 29 Apr 2007 19:48:44 +0200 From: Robert Joosten To: freebsd-security@freebsd.org Message-ID: <20070429174844.GA20008@iphouse.com> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200704262349.l3QNnmro085350@freefall.freebsd.org> X-ICQ: 13643672 X-geek-code-v3.1: G!>CS@O dx>--@ s: a31(32) C+++ UBL++++$ P++ L-@+++$ !E W(+) N+++(*) o-- K- w- O- M- V- PS+@ PE- Y+ PGP++ t- 5- X- R* !tv b++@ DI++ D G-- e@ h*(+) r>+@ z+c X-FreeBSD: 026746 X-Mobile/GSM/cell: +3162526777 X-msn: BlixKater X-No-rights-can-be-derived: Indeed X-pgp-key: http://members.iphouse.com/robertj/gpgpublickeyrobertjiphousecom.asc X-pgp-fingerprint: 37A1 0951 3C89 5E62 96FA 8369 3AA2 B355 5F39 721A x-smime-certificate: http://members.iphouse.com/robertj/RobertjIphouseCom.crt X-Face: 0[uRd; X4=_; G; $DL6Wm=\]R/TWu1f+t|,Li1Q-maBcUyCJsAw(Nmj-(aDA!Kk#hLr#njX9T@U-rQm?Z53"_]SBYab3-NCkCN/{1-#0T4U1Ry"TPY~dtpzfxs$9"BrXKPylt/#5QQb/y+|LF}; User-Agent: Mutt/1.5.14 (2007-02-12) X-ziemel.erje.net-MailScanner: Ok, found to be clean X-Spam-Status: No X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2007 18:14:21 -0000 Hi, > Affects: All FreeBSD releases. > Corrected: 2007-04-24 11:42:42 UTC (RELENG_6, 6.2-STABLE) > 2007-04-26 23:42:23 UTC (RELENG_6_2, 6.2-RELEASE-p4) > 2007-04-26 23:41:59 UTC (RELENG_6_1, 6.1-RELEASE-p16) > 2007-04-24 11:44:23 UTC (RELENG_5, 5.5-STABLE) > 2007-04-26 23:41:27 UTC (RELENG_5_5, 5.5-RELEASE-p12) > CVE Name: CVE-2007-2242 For those running releng_4_11, I observed this message: http://leaf.dragonflybsd.org/mailarchive/commits/2007-04/msg00178.html from our neighbors at dragonfly. It seems to apply cleanly (I did the patch by hand) and the kernel at leasts compiles. Unable to verify it runs ok or solves this issue due to time constraints atm :-/ Hth. Robert From owner-freebsd-security@FreeBSD.ORG Tue May 1 00:27:06 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D9EB016A403 for ; Tue, 1 May 2007 00:27:06 +0000 (UTC) (envelope-from lofi@freebsd.org) Received: from mail-in-06.arcor-online.net (mail-in-06.arcor-online.net [151.189.21.46]) by mx1.freebsd.org (Postfix) with ESMTP id 6083913C4B0 for ; Tue, 1 May 2007 00:27:06 +0000 (UTC) (envelope-from lofi@freebsd.org) Received: from mail-in-01-z2.arcor-online.net (mail-in-11-z2.arcor-online.net [151.189.8.28]) by mail-in-06.arcor-online.net (Postfix) with ESMTP id 675BF31EE30 for ; Mon, 30 Apr 2007 21:15:52 +0200 (CEST) Received: from mail-in-04.arcor-online.net (mail-in-04.arcor-online.net [151.189.21.44]) by mail-in-01-z2.arcor-online.net (Postfix) with ESMTP id 5ADE3346AC4 for ; Mon, 30 Apr 2007 21:15:52 +0200 (CEST) Received: from lofi.dyndns.org (dslb-084-062-203-060.pools.arcor-ip.net [84.62.203.60]) by mail-in-04.arcor-online.net (Postfix) with ESMTP id 2841F1C72A8 for ; Mon, 30 Apr 2007 21:15:52 +0200 (CEST) Received: from kiste.my.domain (root@kiste.my.domain [192.168.8.2]) by lofi.dyndns.org (8.13.8/8.13.3) with ESMTP id l3UJFpU0009001 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 30 Apr 2007 21:15:51 +0200 (CEST) (envelope-from lofi@freebsd.org) Received: from kiste.my.domain (lofi@localhost [127.0.0.1]) by kiste.my.domain (8.13.6/8.13.4) with ESMTP id l3UJFoa0066092 for ; Mon, 30 Apr 2007 21:15:50 +0200 (CEST) (envelope-from lofi@freebsd.org) Received: from localhost (localhost [[UNIX: localhost]]) by kiste.my.domain (8.13.6/8.13.4/Submit) id l3UJFou9066082 for freebsd-security@freebsd.org; Mon, 30 Apr 2007 21:15:50 +0200 (CEST) (envelope-from lofi@freebsd.org) X-Authentication-Warning: kiste.my.domain: lofi set sender to lofi@freebsd.org using -f From: Michael Nottebrock To: freebsd-security@freebsd.org Date: Mon, 30 Apr 2007 21:15:42 +0200 User-Agent: KMail/1.9.6 References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> <20070429052519.GB99449@svzserv.kemerovo.su> In-Reply-To: <20070429052519.GB99449@svzserv.kemerovo.su> X-Face: g:jG2\O{-yqD1x?DG2lU1)(v%xffR"p8Nz(w/*)YEUO\Hn%mGi&-!+rq$&r64,=?utf-8?q?fuP=7E=3Bbw=5C=0A=09=5EQdX?=@v~HEAi?NaE8SU]}.oeYSjN84Fe{M(ahZ.(i+lxyP; pr)2[%mGbkY'RmM>=?utf-8?q?+mg3Y=24ip=0A=091?=@Z>[EUaE7tjJ=1DRs~:!uSd""d~:/Er3rpQA%ze|bp>S MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3660441.g4SKycOeRV"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200704302115.49754.lofi@freebsd.org> X-Virus-Scanned: by amavisd-new Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2007 00:27:06 -0000 --nextPart3660441.g4SKycOeRV Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday, 29. April 2007, Eugene Grosbein wrote: > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > > Umm maybe its just but I fail to see why this is a security advisory > > (initially caught this on the OBSD list). You are following the RFC .. > > if you don't like "evil" packets, then drop them at the firewall or > > router layer ... don't see the need for an OS fix. > > Design flow in the RFC still may be security vulnerability, doesn't it? The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable=20 IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effect= s=20 in a number of applications. Will this change have similar effects? I've=20 gathered by now that in OpenBSD there is little concern for such things. =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --nextPart3660441.g4SKycOeRV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGNkBfXhc68WspdLARAno7AJ4pkybUoYLRxAcTiH0K4KuOIkR0SwCfUHtS oJaRPPqw1CRvahVwvUUG+YA= =nSFo -----END PGP SIGNATURE----- --nextPart3660441.g4SKycOeRV-- From owner-freebsd-security@FreeBSD.ORG Tue May 1 00:48:45 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 50A6516A401; Tue, 1 May 2007 00:48:45 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 3EF8B13C448; Tue, 1 May 2007 00:48:45 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id E4BD21A4DBA; Mon, 30 Apr 2007 17:49:16 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6F1C4513AD; Mon, 30 Apr 2007 20:48:44 -0400 (EDT) Date: Mon, 30 Apr 2007 20:48:44 -0400 From: Kris Kennaway To: Michael Nottebrock Message-ID: <20070501004843.GA70515@xor.obsecurity.org> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> <20070429052519.GB99449@svzserv.kemerovo.su> <200704302115.49754.lofi@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200704302115.49754.lofi@freebsd.org> User-Agent: Mutt/1.4.2.2i Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2007 00:48:45 -0000 On Mon, Apr 30, 2007 at 09:15:42PM +0200, Michael Nottebrock wrote: > On Sunday, 29. April 2007, Eugene Grosbein wrote: > > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > > > Umm maybe its just but I fail to see why this is a security advisory > > > (initially caught this on the OBSD list). You are following the RFC .. > > > if you don't like "evil" packets, then drop them at the firewall or > > > router layer ... don't see the need for an OS fix. > > > > Design flow in the RFC still may be security vulnerability, doesn't it? > > The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable > IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effects > in a number of applications. Will this change have similar effects? I've > gathered by now that in OpenBSD there is little concern for such things. This functionality required by RFC 2460 appears to be completely unused by any RFC. Kris