From owner-freebsd-security@freebsd.org Tue Mar 7 20:29:48 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E157AD02089; Tue, 7 Mar 2017 20:29:48 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ua0-x244.google.com (mail-ua0-x244.google.com [IPv6:2607:f8b0:400c:c08::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A72B81A98; Tue, 7 Mar 2017 20:29:48 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ua0-x244.google.com with SMTP id 72so2676754uaf.1; Tue, 07 Mar 2017 12:29:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=c7V23IEUlgIt6PhlZHJt9kZ8ynZqdukuFygrFP5v0yk=; b=MlMUlTMMySclqV7c/eUrxqXstSi2Tsa93vDMR8fitNcxDCBy7nm2xa7yQEf8IOCrkT 5YQltvsRDWVYmta18ihFUslIu8k8Y/vK/ZJXf7uXzRiALlYkfX7ipbS7g8uVjJbI0jal koWIS2uz4Guw2i+lsPCzDFyxsNVFRpA6zXcwtZOklf0w82EEeExhWnQcbRWgH1gh57L7 a0NV9ceCWedSxjqQAioXAEXejh2doo/n8XSWLM7VvpBAmt0Tg/6VRnS674HwLOfE/5/O Tm2mgSfijCYtG68xtdGm5WaumRdVjsC7PCJU14e4tlmz2mcKajNT0iwl/M5Dper60q1/ 2JAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=c7V23IEUlgIt6PhlZHJt9kZ8ynZqdukuFygrFP5v0yk=; b=so0FuFe4XjEBJVGx4mSuTZzBYEUzgbM4z8iXXm6fhio/ebVn3kWZ+EMcMKxCa7lI8s m5pmdWi5/iqlrr+HtHc0cxW4zszgipBjXp61H082GtJaFUipvgvjQBWij3/rEG2ZyAc4 CwEa+DEujPA9EBtniFFaO7T97U4TWM3ns8WBiFJF3DsqeUvv36FmQ1R0Q5njV9xLBR/j nE+04XNAVSfUhspRPfqQ1abayVfmtub6VX9wRaUeIfUHK//cO6+jD2xrrPoCwbVYaKm1 vuD1S554SDRCbRoK61ygTyN/HXI4ipmRi9l/EVvYm9Zc7Ci4fRnOAFwrHeV/JRQYS/jz OfkA== X-Gm-Message-State: AMke39kJOA4DnlK8IQfp+flYzhRs0/X6/DlIj4crCM49ymtd2AkO+hL/amUDKkHqZpCCK/raRPqiuyKsMf7aoQ== X-Received: by 10.176.83.142 with SMTP id k14mr1259753uaa.64.1488918587627; Tue, 07 Mar 2017 12:29:47 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.143 with HTTP; Tue, 7 Mar 2017 12:29:07 -0800 (PST) From: grarpamp Date: Tue, 7 Mar 2017 15:29:07 -0500 Message-ID: Subject: WikiLeaks CIA Exploits: FreeBSD References Within To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Tue, 07 Mar 2017 20:56:43 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 20:29:49 -0000 https://search.wikileaks.org/?q=freebsd Currently returns many pages similarly named... "Shell Code Database This page includes local links to a shellcode database discovered at shell-storm.org." (And a pentest report mention from much older HBGary. Plus some other unlikely miscellaneous hits.) As this is only part 1 of a supposedly multipart release of potentially new exploits, it makes sense to establish ongoing search and review of this dataset for any as yet unfixed exploits. Included as fyi on cc: questions@ and hackers@ . Discussion is likely better moved in reply to just security@ , with reporting of any actual unfixed exploits found to the FreeBSD Bugzilla tracker. From owner-freebsd-security@freebsd.org Wed Mar 8 15:52:09 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00315D037CA; Wed, 8 Mar 2017 15:52:09 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id B493D1D86; Wed, 8 Mar 2017 15:52:08 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 59DE010BA6; Wed, 8 Mar 2017 15:52:07 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 714AA7026; Wed, 8 Mar 2017 16:52:08 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: grarpamp Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: WikiLeaks CIA Exploits: FreeBSD References Within References: Date: Wed, 08 Mar 2017 16:52:08 +0100 In-Reply-To: (grarpamp@gmail.com's message of "Tue, 7 Mar 2017 15:29:07 -0500") Message-ID: <86innjojfb.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 15:52:09 -0000 grarpamp writes: > https://search.wikileaks.org/?q=3Dfreebsd > > Currently returns many pages similarly named... > > "Shell Code Database > This page includes local links to a shellcode > database discovered at shell-storm.org." That doesn't indicate a vulnerability. Shell code is what you use to exploit a remote code execution vulnerability once you've found it. It usually needs to be tailored to the target operating system, sometimes to the exact environment and to the application used to inject it, so it makes sense that a shell code database would reference FreeBSD. > [...] it makes sense to establish ongoing search and review of this > dataset for any as yet unfixed exploits. Note to anyone thinking of getting involved in this: depending on your jurisdiction and employment situation, downloading material from the CIA dump may be illegal and / or a firing offense. Simply browsing it online may or may not be safe; get legal advice before you do. IANAL. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Thu Mar 9 10:38:46 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D655D042BA; Thu, 9 Mar 2017 10:38:46 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4888D1CB5; Thu, 9 Mar 2017 10:38:46 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ua0-x230.google.com with SMTP id u30so75868316uau.0; Thu, 09 Mar 2017 02:38:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=H3ycku3Xlb4JAuzrinsJ6FKhezaV5a30fGV6cFUNo2A=; b=IBX9cYm0EtUmEOj4Iel5sJBcqcpogFC+AYafe9bLkqtGYsaWohRXSmXbB2TFwAG11h aJVZcqmDPR3wx4aeNWg56hpGwg88khdyqy7OerJVjhS2/N1RmMetaAUOw+g+tWEtzWSj HRyu4R7kU7lU2zbxMChE+a76H7xezTexuEbH0tLoY2+iKdmM35RFj3emoNRe51BhnTVj i5ALXtsxqo7WlRcX/32bXrWoUYMY/EulUJXeM/2vpjJu37FvqBznSTkrT/9mnn5VaDD2 MNzxQ9N1CGX6vE7/Z8NrCQkT5+WFv7qD2UGWKw4/bWrPl2lHMTavBzCb5VKhlLXy3dJZ yvUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=H3ycku3Xlb4JAuzrinsJ6FKhezaV5a30fGV6cFUNo2A=; b=nwD8Q/+UpPsDhfoMwzkPuJSRK2kHkbzVB22vaaEzAcdUW0LvgHAdgntgF1zaVrbeqg 6qyzQ79trYoGqabr8bIlqi6BVA7pSkdZFynO24yhTBeUYx8fG53N8DhZagm/Z2fmXHId hqb2M8epSSQKcoGqaPwQaY1JvB0IbWdA8OALfQci8lvSNYh+tO+ZOpBXTH+CbUSZmmPi nkyUdyY9qyWDwZ0adSJM4X6rXZzwmQgmCJyTZq1J6QI5uaQd3OUTy9IrSZtONObyUE4m g4s4jf8wVI510cTmoHiSW9Ct9Apu1ynoGYHNkt3f754mWVyyHa2tEorxkZeivJI5dgpX DXxA== X-Gm-Message-State: AMke39nPVT4Nwiz9/nqS5EmYgo6TwbMYdZuUWY0E/WoOVBtIjgaIMCWP3p6XW8GByjMcI3pHc8W9XOGbzDXpyA== X-Received: by 10.31.137.75 with SMTP id l72mr6722253vkd.138.1489055925238; Thu, 09 Mar 2017 02:38:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.48.143 with HTTP; Thu, 9 Mar 2017 02:38:04 -0800 (PST) In-Reply-To: <86innjojfb.fsf@desk.des.no> References: <86innjojfb.fsf@desk.des.no> From: grarpamp Date: Thu, 9 Mar 2017 05:38:04 -0500 Message-ID: Subject: Re: WikiLeaks CIA Exploits: FreeBSD References Within To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 09 Mar 2017 12:18:04 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 10:38:46 -0000 On Wed, Mar 8, 2017 at 10:52 AM, Dag-Erling Sm=C3=B8rgrav wrot= e: > grarpamp writes: >> https://search.wikileaks.org/?q=3Dfreebsd > That doesn't indicate a vulnerability. Shell code is what you use to Yep, sec folks are aware of the difference between sample and exploit code, and vulnerabilities. https://www.freebsd.org/security/advisories.html http://shell-storm.org/shellcode/ The post wasn't meant to "indicate a vulnerability". But as a heads up that maybe some might end up being published there. On the other hand, there are countless eyes on it, so OS vendors will find out in time, even if they aren't eyeballing it themselves. > legal advice Let us all get legal advice before living, as it might entail risks ;) Lots of sites offer a variety of advice for those facing risks. Here are some related to employers, browsing, and law... https://intelexit.org/ https://www.youtube.com/watch?v=3DfklxuoBXXqw https://www.torproject.org/ https://geti2p.net/ https://www.eff.org/ IANAGPA, but they do exist. (Btw, the pentest turned out to be old Nessus and Metasploit stuff.)