From owner-freebsd-security@freebsd.org Tue Sep 5 19:15:59 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEBA1E19F4E for ; Tue, 5 Sep 2017 19:15:59 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [IPv6:2607:f3e0:80:80::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 60597703D5 for ; Tue, 5 Sep 2017 19:15:59 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (lava.sentex.ca [IPv6:2607:f3e0:0:5::11]) by smarthost2.sentex.ca (8.15.2/8.15.2) with ESMTPS id v85JFvd8049130 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 5 Sep 2017 15:15:57 -0400 (EDT) (envelope-from mike@sentex.net) Received: from [192.168.43.26] (saphire3.sentex.ca [192.168.43.26]) by lava.sentex.ca (8.15.2/8.15.2) with ESMTP id v85JFtXL025093 for ; Tue, 5 Sep 2017 15:15:55 -0400 (EDT) (envelope-from mike@sentex.net) To: "freebsd-security@freebsd.org" From: Mike Tancsa Subject: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc Organization: Sentex Communications Message-ID: <101d5767-d781-d8ec-5512-f3ae4cc0db77@sentex.net> Date: Tue, 5 Sep 2017 15:15:55 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 19:16:00 -0000 I have been testing a box against the qualys PCI scanner. For whatever reason, RELENG 10 comes up vulnerable still to CVE-2004-0230 Any idea why this might show as being an issue still ? Is it an issue or just a false positive ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-security@freebsd.org Wed Sep 6 15:02:29 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2717E06D19 for ; Wed, 6 Sep 2017 15:02:29 +0000 (UTC) (envelope-from dan@obluda.cz) Received: from smtp1.ms.mff.cuni.cz (smtp1.ms.mff.cuni.cz [IPv6:2001:718:1e03:801::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3035E70EDB for ; Wed, 6 Sep 2017 15:02:28 +0000 (UTC) (envelope-from dan@obluda.cz) X-SubmittedBy: id 100000045929 subject /DC=org/DC=terena/DC=tcs/C=CZ/O=Charles+20University/CN=Dan+20Lukes+20100000045929 issued by /C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA+20eScience+20Personal+20CA+203 auth type TLS.MFF Received: from [172.20.1.28] (fw.ax.cz [77.240.102.126]) (authenticated) by smtp1.ms.mff.cuni.cz (8.15.2/8.15.2) with ESMTPS id v86F2M3d087199 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 6 Sep 2017 17:02:24 +0200 (CEST) (envelope-from dan@obluda.cz) Subject: Re: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc To: Mike Tancsa References: <101d5767-d781-d8ec-5512-f3ae4cc0db77@sentex.net> Cc: "freebsd-security@freebsd.org" From: Dan Lukes Message-ID: <58aff9de-a0fa-6d0d-e075-adcfc21610b2@obluda.cz> Date: Wed, 6 Sep 2017 17:02:21 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 SeaMonkey/2.48 MIME-Version: 1.0 In-Reply-To: <101d5767-d781-d8ec-5512-f3ae4cc0db77@sentex.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Sep 2017 15:02:29 -0000 Mike Tancsa wrote: > I have been testing a box against the qualys PCI scanner. For whatever > reason, RELENG 10 comes up vulnerable still to > CVE-2004-0230 > > Any idea why this might show as being an issue still ? Is it an issue or just a false positive ? I can't judge it as I know neither details of particular test nor why Qualys consider it failing. You should contact Qualys for details. All I can tell is - the Commodo's PCI DSS scanner doesn't claim latest 10.3-RELEASE vulnerable to CVE-2004-0230. No specific configuration has been necessary for such result. Dan