From owner-freebsd-security@freebsd.org Mon Jan 22 17:47:17 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71EBEECC5E6 for ; Mon, 22 Jan 2018 17:47:17 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 66E281CCA for ; Mon, 22 Jan 2018 17:47:17 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 412E54DF18 for ; Mon, 22 Jan 2018 09:41:35 -0800 (PST) Date: Mon, 22 Jan 2018 09:41:35 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org Subject: Malicious URL ? https://[::]/ Message-ID: MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2018 17:47:17 -0000 Not necessarily BSD-related though this was discovered via a proxy server jail's process table. Source of the requests was a recently installed Firefox add-on. Not sure how to escape the pattern for search engines but nothing is found >From queries wrapped in double quotes. The absense of previous log entries or search results raises a number of questions. Is this IPv6-related? Neither the client nor the proxy have IPv6 enabled. Is it potentially malicious? If so by what mechanism? The Intel IME backdoor vector is a primary suspect for obvious reasons but am curious if anyone else has seen this? Roger Marquis From owner-freebsd-security@freebsd.org Tue Jan 23 10:42:42 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D48F9ECA3AA for ; Tue, 23 Jan 2018 10:42:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BAFD97431C for ; Tue, 23 Jan 2018 10:42:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id B03A02BCD for ; Tue, 23 Jan 2018 10:42:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NAgg6f029766 for ; Tue, 23 Jan 2018 10:42:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0NAggFN029765 for freebsd-security@FreeBSD.org; Tue, 23 Jan 2018 10:42:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: maintainer-approval requested: [Bug 225241] databases/mysql55-server: Update to 5.5.59 fixes multiple CVE : [Attachment 189991] Update to MySQL 5.5.59 - fixes multiple CVE's Date: Tue, 23 Jan 2018 10:42:42 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ale@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 23 Jan 2018 12:15:47 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 10:42:42 -0000 Dani has asked freebsd-security@FreeBSD.org for maintainer-approval: Bug 225241: databases/mysql55-server: Update to 5.5.59 fixes multiple CVE https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225241 Attachment 189991: Update to MySQL 5.5.59 - fixes multiple CVE's https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189991&action=3Dedit --- Comment #1 from Dani --- Created attachment 189991 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189991&action= =3Dedit Update to MySQL 5.5.59 - fixes multiple CVE's Update to 5.5.59 - Fixes multiple security vulnerabilities See: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html= #App endixMSQL - Changelog: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.= html From owner-freebsd-security@freebsd.org Tue Jan 23 10:42:44 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CD72ECA3B6 for ; Tue, 23 Jan 2018 10:42:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 52AB574325 for ; Tue, 23 Jan 2018 10:42:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 479F22BD3 for ; Tue, 23 Jan 2018 10:42:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NAgiTe029824 for ; Tue, 23 Jan 2018 10:42:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0NAgiMT029823 for freebsd-security@FreeBSD.org; Tue, 23 Jan 2018 10:42:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 225241] databases/mysql55-server: Update to 5.5.59 fixes multiple CVE Date: Tue, 23 Jan 2018 10:42:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: i.dani@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ale@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: cc flagtypes.name attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 23 Jan 2018 12:15:54 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 10:42:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225241 Dani changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ale@FreeBSD.org, | |freebsd-security@FreeBSD.or | |g, i.dani@outlook.com, | |ports-secteam@FreeBSD.org Attachment #189991| |maintainer-approval?(ale@Fr Flags| |eeBSD.org), | |maintainer-approval?(freebs | |d-security@FreeBSD.org), | |maintainer-approval?(ports- | |secteam@FreeBSD.org) --- Comment #1 from Dani --- Created attachment 189991 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189991&action= =3Dedit Update to MySQL 5.5.59 - fixes multiple CVE's Update to 5.5.59 - Fixes multiple security vulnerabilities See: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html= #AppendixMSQL - Changelog: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.= html --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Tue Jan 23 10:43:09 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E0980ECA449 for ; Tue, 23 Jan 2018 10:43:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C697A74368 for ; Tue, 23 Jan 2018 10:43:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id BA2972BD6 for ; Tue, 23 Jan 2018 10:43:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NAh9n4030566 for ; Tue, 23 Jan 2018 10:43:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0NAh9Gu030565 for freebsd-security@FreeBSD.org; Tue, 23 Jan 2018 10:43:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 225241] databases/mysql55-server: Update to 5.5.59 fixes multiple CVE Date: Tue, 23 Jan 2018 10:43:09 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: i.dani@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ale@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 23 Jan 2018 12:16:10 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 10:43:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225241 Dani changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |merge-quarterly? --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Tue Jan 23 14:08:50 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBACDED5B0E for ; Tue, 23 Jan 2018 14:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A18827CF40 for ; Tue, 23 Jan 2018 14:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 908544C82 for ; Tue, 23 Jan 2018 14:08:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NE8oNU042957 for ; Tue, 23 Jan 2018 14:08:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0NE8ogq042956 for freebsd-security@FreeBSD.org; Tue, 23 Jan 2018 14:08:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 225241] databases/mysql55-server: Update to 5.5.59 fixes multiple CVE Date: Tue, 23 Jan 2018 14:08:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ale@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ale@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 23 Jan 2018 15:06:17 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 14:08:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225241 Alex Dupre changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|New |Closed --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Tue Jan 23 14:08:59 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 380C9ED5B27 for ; Tue, 23 Jan 2018 14:08:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D1977D01B for ; Tue, 23 Jan 2018 14:08:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 1263D4C86 for ; Tue, 23 Jan 2018 14:08:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NE8wRG043233 for ; Tue, 23 Jan 2018 14:08:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w0NE8wtV043232 for freebsd-security@FreeBSD.org; Tue, 23 Jan 2018 14:08:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 225241] databases/mysql55-server: Update to 5.5.59 fixes multiple CVE Date: Tue, 23 Jan 2018 14:08:59 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ale@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 23 Jan 2018 15:06:23 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 14:08:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225241 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: ale Date: Tue Jan 23 14:08:45 UTC 2018 New revision: 459752 URL: https://svnweb.freebsd.org/changeset/ports/459752 Log: Update to 5.5.59 release. PR: 225241 Submitted by: Markus Kohlmeyer Changes: head/databases/mysql55-server/Makefile head/databases/mysql55-server/distinfo --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-security@freebsd.org Tue Jan 23 22:15:06 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD218ECABB8 for ; Tue, 23 Jan 2018 22:15:06 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 86F2471E4A for ; Tue, 23 Jan 2018 22:15:05 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id AB3C210349; Tue, 23 Jan 2018 22:14:59 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 2CFEE867A2; Tue, 23 Jan 2018 22:14:59 +0000 (UTC) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Roger Marquis Cc: freebsd-security@freebsd.org Subject: Re: Malicious URL ? https://[::]/ References: Date: Tue, 23 Jan 2018 23:14:58 +0100 In-Reply-To: (Roger Marquis's message of "Mon, 22 Jan 2018 09:41:35 -0800 (PST)") Message-ID: <86wp08fcil.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 22:15:06 -0000 Roger Marquis writes: > Not necessarily BSD-related though this was discovered via a proxy > server jail's process table. Basically the IPv6 equivalent of https://127.0.0.1/. =E2=80=9C[::]=E2=80= =9D is the bracketed literal representation of the IPv6 localhost address. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Tue Jan 23 22:18:31 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B954DECB084 for ; Tue, 23 Jan 2018 22:18:31 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 817C4721B5 for ; Tue, 23 Jan 2018 22:18:31 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 4777F103B0; Tue, 23 Jan 2018 22:18:30 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id D9A88867A4; Tue, 23 Jan 2018 22:18:29 +0000 (UTC) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Roger Marquis Cc: freebsd-security@freebsd.org Subject: Re: Malicious URL ? https://[::]/ References: <86wp08fcil.fsf@desk.des.no> Date: Tue, 23 Jan 2018 23:18:29 +0100 In-Reply-To: <86wp08fcil.fsf@desk.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8r?= =?utf-8?Q?grav=22's?= message of "Tue, 23 Jan 2018 23:14:58 +0100") Message-ID: <86shawfccq.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 22:18:31 -0000 Dag-Erling Sm=C3=B8rgrav writes: > Basically the IPv6 equivalent of https://127.0.0.1/. =E2=80=9C[::]=E2=80= =9D is the > bracketed literal representation of the IPv6 localhost address. Hang on a sec =E2=80=94 localhost should be [::1], not [::], which is the equivalent of 0.0.0.0. My guess is a software bug. Jails look a little weird from the inside unless you use a fully virtualized network stack. The proxy probably doesn't have sufficient error checking around getpeername() or something like that. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Wed Jan 24 20:02:55 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF921EC263E for ; Wed, 24 Jan 2018 20:02:55 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 856E4749E4 for ; Wed, 24 Jan 2018 20:02:55 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id D081D4D33F; Wed, 24 Jan 2018 12:02:47 -0800 (PST) Date: Wed, 24 Jan 2018 12:02:47 -0800 (PST) From: Roger Marquis To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= cc: freebsd-security@freebsd.org Subject: Re: Malicious URL ? https://[::]/ In-Reply-To: <86shawfccq.fsf@desk.des.no> Message-ID: References: <86wp08fcil.fsf@desk.des.no> <86shawfccq.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2018 20:02:56 -0000 Dag-Erling Sm?rgrav wrote: > Hang on a sec ? localhost should be [::1], not [::], which is the > equivalent of 0.0.0.0. My guess is a software bug. Jails look a little > weird from the inside unless you use a fully virtualized network stack. > The proxy probably doesn't have sufficient error checking around > getpeername() or something like that. Another intermediate URL-checker reports that the plugin in question (CanvasBlocker) is requesting https://[::]/ directly. If a bug this is the first I've seen of it's kind. If not the question is what threat profile [::]:443 might expose. (Other than the obvious jail vector which really should be fixed. FreeBSD Foundation where are you?) Karl's reference to RFC 4291 indicates it is a protocol violation as well. The symptom has been reported to Mozilla. Roger From owner-freebsd-security@freebsd.org Thu Jan 25 11:19:17 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B06DED0B5E for ; Thu, 25 Jan 2018 11:19:17 +0000 (UTC) (envelope-from martin@lispworks.com) Received: from lwfs1-cam.cam.lispworks.com (mail.lispworks.com [46.17.166.21]) by mx1.freebsd.org (Postfix) with ESMTP id 0A92076F45 for ; Thu, 25 Jan 2018 11:19:16 +0000 (UTC) (envelope-from martin@lispworks.com) Received: from higson.cam.lispworks.com (higson.cam.lispworks.com [192.168.1.7]) by lwfs1-cam.cam.lispworks.com (8.15.2/8.15.2) with ESMTP id w0PB8r2j099225; Thu, 25 Jan 2018 11:08:53 GMT (envelope-from martin@lispworks.com) Received: from higson.cam.lispworks.com (localhost.localdomain [127.0.0.1]) by higson.cam.lispworks.com (8.14.4) id w0PB8qFx003474; Thu, 25 Jan 2018 11:08:52 GMT Received: (from martin@localhost) by higson.cam.lispworks.com (8.14.4/8.14.4/Submit) id w0PB8q1f003471; Thu, 25 Jan 2018 11:08:52 GMT Date: Thu, 25 Jan 2018 11:08:52 GMT Message-Id: <201801251108.w0PB8q1f003471@higson.cam.lispworks.com> From: Martin Simmons To: Roger Marquis CC: des@des.no, freebsd-security@freebsd.org In-reply-to: (message from Roger Marquis on Wed, 24 Jan 2018 12:02:47 -0800 (PST)) Subject: Re: Malicious URL ? https://[::]/ References: <86wp08fcil.fsf@desk.des.no> <86shawfccq.fsf@desk.des.no> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2018 11:19:17 -0000 >>>>> On Wed, 24 Jan 2018 12:02:47 -0800 (PST), Roger Marquis said: > > Another intermediate URL-checker reports that the plugin in question > (CanvasBlocker) is requesting https://[::]/ directly. If a bug this is > the first I've seen of it's kind. If not the question is what threat > profile [::]:443 might expose. (Other than the obvious jail vector > which really should be fixed. FreeBSD Foundation where are you?) Looks like expected behaviour for CanvasBlocker: https://github.com/kkapsner/CanvasBlocker/issues/171 __Martin