From owner-freebsd-security Sun Mar 2 23:42:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29B6737B401 for ; Sun, 2 Mar 2003 23:42:28 -0800 (PST) Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2030243FBD for ; Sun, 2 Mar 2003 23:42:26 -0800 (PST) (envelope-from bvi@itouchlabs.com) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 18pkbN-00094i-00 for freebsd-security@freebsd.org; Mon, 03 Mar 2003 09:43:09 +0200 Received: from devco.net ([196.15.188.2] helo=Beastie) by mx1.dev.itouchnet.net with esmtp (Exim 3.35 #1) id 18pkbM-00094Q-00; Mon, 03 Mar 2003 09:43:08 +0200 Message-ID: <005501c2e157$ec8e7a80$4508a8c0@Beastie> From: "Barry Irwin" To: "Alwyn Goodloe" , References: Subject: Re: IPSEC port filtering Date: Mon, 3 Mar 2003 09:38:46 +0200 Organization: iTouch Labs MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 34882-1046677389-47172@unconfigured version $Name: REL_2_0_4 $ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Somewhat related, I noticed this when trying to crypt only certain TCP poirts, and also when trying to exclude certain ports from being encrypted. Had the problem on 4.3, 4.4 and 4.5 Unfortunatley havent had an opportunity to follow this up in detail on a later release. When I looked round at the time, I could not find any specific reference to the problem. Baryr -- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "Alwyn Goodloe" To: Sent: Saturday, March 01, 2003 11:32 PM Subject: IPSEC port filtering > In performing the setup for an experiment I have the following command: > > setkey -c < > spdadd 192.168.4.2/32[any] 192.168.3.2/32[3322] udp -P out ipsec > esp/tunnel/192.168.5.1-192.168.7.2/require > esp/tunnel/192.168.5.1-192.168.5.2/require > > > Unfortunately, it doesn't seem to be filtering out UDP the packets heading > to that port. They just pass over the wire in the clear. Using tcpdump > I can watch them heading for 192.168.3.2.3322 > If I remove the port ([3322]) the packets are put in the tunnel. Is there > something wrong with the port filtering here. > > Alwyn Goodloe > agoodloe@gradient.cis.upenn.edu > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 7:10:39 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DFA137B401 for ; Mon, 3 Mar 2003 07:10:36 -0800 (PST) Received: from utahime.as.wakwak.ne.jp (utahime.as.wakwak.ne.jp [61.205.238.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B00843F3F for ; Mon, 3 Mar 2003 07:10:35 -0800 (PST) (envelope-from yasu@home.utahime.org) Received: from eastasia.home.utahime.org (eastasia.home.utahime.org [192.168.174.1]) by utahime.as.wakwak.ne.jp (Postfix) with ESMTP id D172433 for ; Tue, 4 Mar 2003 00:10:33 +0900 (JST) Received: from 127.0.0.1 (localhost.home.utahime.org [127.0.0.1]) by eastasia.home.utahime.org (Postfix) with SMTP id A7FF554E7; Tue, 4 Mar 2003 00:10:33 +0900 (JST) Received: from localhost (angel.home.utahime.org [192.168.174.4]) by eastasia.home.utahime.org (Postfix) with ESMTP id 7B22554DF; Tue, 4 Mar 2003 00:10:33 +0900 (JST) Date: Tue, 04 Mar 2003 00:10:24 +0900 (JST) Message-Id: <20030304.001024.110750727.yasu@utahime.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Updated OpenSSL patches From: KIMURA Yasuhiro In-Reply-To: <5.2.0.9.0.20030227093629.02a4e928@mail.tierra.net> <20030301141834.GA75133@madman.celabo.org> References: <5.2.0.9.0.20030227093629.02a4e928@mail.tierra.net> Organization: Utahime no Mori X-Mailer: Mew version 3.2.50 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> Chris Samaritoni wrote: > I'm running into the same problem. I'm getting the same rejects that you > are. I even did a fresh install of 4.7R and only applied the openssl patch > and still got the same errors. ??? > Hope this helps, you're not the only one. Thanks a lot. I was relieved to read it and didn't have to try a clean install. >>>>> "Jacques A. Vidrine" wrote: >>> You didn't write anything after that last `zcat ...' line, but I'm led >>> to believe that getting rid of the relative path in the patch file >>> resolved the problem? If that is the case, I will remove that path >>> from the existing patches and re-sign the patches. >> Yeah. Clearing that path worked. > I've done that and re-uploaded the patches. I re-downloaded the new one and successfully updated my 4.7R systems. But probably there are not a few people who don't know it and are still in trouble. So I think another revised advisory should be published. --- KIMURA Yasuhiro Mail: yasu@utahime.org WWW: http://www.utahime.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 7:28:42 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1399C37B401 for ; Mon, 3 Mar 2003 07:28:40 -0800 (PST) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8977143F93 for ; Mon, 3 Mar 2003 07:28:39 -0800 (PST) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id h23FScje002664 for ; Mon, 3 Mar 2003 09:28:38 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200303031528.h23FScje002664@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Permission Denied on passwd Date: Mon, 03 Mar 2003 09:28:38 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What might cause all users except root to get "permission denied" every time they try to change their passwords on a new system? Here's the scenario: $ passwd Changing local password for martin. Old password: passwd: Permission denied passwd: /etc/master.passwd: unchanged $ I have checked permissions on /etc/master.passwd and /etc/passwd and they agree with the corresponding files on another 4.7 system that works. $ ls -l /etc/*passwd -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd $ cd / $ ls -l |grep usr drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr $ ls -l /usr/bin/passwd -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd When I built that system, I installed from a CDROM and then overlayed some files from an older system for the user directories including mine. I thought I might have ended up with a different uid on this system, but that is not the case. I even tried pwd_mkdb /etc/master.passwd as root which worked all right, but it didn't fix or change anything. Where else might I look to figure out what I accidentally did to cause this problem? If I ssh to the system from another system and try to use a password to get in, I also get Permission denied messages. What really happens is that the first 3 prompts just say "password:" and then I see "martin's password:" and then I get denied until I run out of retries. This system is a server and is doing fine in that respect. ssh with exchange of public keys and the ability to su to root is the only way I can get in right now, but that method works normally. The password permission problem appears to be the only thing that is broken. Thank you for any constructive suggestions as I haven't found anything that looks odd yet. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 7:39:25 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEF3237B401 for ; Mon, 3 Mar 2003 07:39:22 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE32843FA3 for ; Mon, 3 Mar 2003 07:39:20 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 5987D51; Mon, 3 Mar 2003 09:39:20 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 40AD578C43; Mon, 3 Mar 2003 09:39:20 -0600 (CST) Date: Mon, 3 Mar 2003 09:39:20 -0600 From: "Jacques A. Vidrine" To: KIMURA Yasuhiro Cc: freebsd-security@FreeBSD.ORG Subject: Re: Updated OpenSSL patches Message-ID: <20030303153920.GA83757@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , KIMURA Yasuhiro , freebsd-security@FreeBSD.ORG References: <5.2.0.9.0.20030227093629.02a4e928@mail.tierra.net> <20030304.001024.110750727.yasu@utahime.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030304.001024.110750727.yasu@utahime.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 04, 2003 at 12:10:24AM +0900, KIMURA Yasuhiro wrote: > I re-downloaded the new one and successfully updated my 4.7R > systems. I'm glad that got sorted out. > But probably there are not a few people who don't know it and > are still in trouble. So I think another revised advisory should be > published. I disagree based on the traffic on this list and to . Only a handful of people encountered the trouble. If they downloaded the patch previously, they will have spoken up because it was broken. If they haven't downloaded it yet, well, they will not encounter the issue. Thanks for bringing it up, though! Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 8:19:45 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFF4037B401; Mon, 3 Mar 2003 08:19:41 -0800 (PST) Received: from eraser.transtk.ru (eraser.transtk.ru [217.150.32.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7DE443FB1; Mon, 3 Mar 2003 08:19:39 -0800 (PST) (envelope-from ers@ers.msk.ru) Received: from localhost (localhost [127.0.0.1]) by eraser.transtk.ru (8.12.6/8.12.6) with ESMTP id h23GJOIs025863; Mon, 3 Mar 2003 19:19:25 +0300 (MSK) (envelope-from ers@ers.msk.ru) Date: Mon, 3 Mar 2003 19:20:54 +0300 From: Roman Emelyanov X-Mailer: The Bat! (v1.61) Reply-To: ers X-Priority: 3 (Normal) Message-ID: <198346153953.20030303192054@ers.msk.ru> To: owner-freebsd-security@FreeBSD.ORG, Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd In-Reply-To: <200303031528.h23FScje002664@dc.cis.okstate.edu> References: <200303031528.h23FScje002664@dc.cis.okstate.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Martin, Monday, March 3, 2003, 6:28:38 PM, you wrote: MM> What might cause all users except root to get "permission denied" MM> every time they try to change their passwords on a new system? MM> Here's the scenario: MM> $ passwd MM> Changing local password for martin. MM> Old password: MM> passwd: Permission denied MM> passwd: /etc/master.passwd: unchanged MM> $ MM> I have checked permissions on /etc/master.passwd and MM> /etc/passwd and they agree with the corresponding files on MM> another 4.7 system that works. MM> $ ls -l /etc/*passwd MM> -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd MM> -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd MM> $ cd / MM> $ ls -l |grep usr MM> drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr MM> $ ls -l /usr/bin/passwd MM> -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd MM> When I built that system, I installed from a CDROM and MM> then overlayed some files from an older system for the user MM> directories including mine. I thought I might have ended up with MM> a different uid on this system, but that is not the case. MM> I even tried pwd_mkdb /etc/master.passwd as root which MM> worked all right, but it didn't fix or change anything. Where MM> else might I look to figure out what I accidentally did to cause MM> this problem? MM> If I ssh to the system from another system and try to use MM> a password to get in, I also get Permission denied messages. MM> What really happens is that the first 3 prompts just say MM> "password:" and then I see "martin's password:" and then I get MM> denied until I run out of retries. MM> This system is a server and is doing fine in that MM> respect. ssh with exchange of public keys and the ability to su MM> to root is the only way I can get in right now, but that method MM> works normally. The password permission problem appears to be MM> the only thing that is broken. MM> Thank you for any constructive suggestions as I haven't MM> found anything that looks odd yet. MM> Martin McCormick WB5AGZ Stillwater, OK MM> OSU Center for Computing and Information Services Network Operations Group MM> To Unsubscribe: send mail to majordomo@FreeBSD.org MM> with "unsubscribe freebsd-security" in the body of the message Check permissions on passwd application: -r-sr-xr-x 2 root wheel 5840 Jan 16 23:29 /usr/bin/passwd -- Best regards, Roman mailto:ers@ers.msk.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:26:27 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C20AA37B4AC for ; Mon, 3 Mar 2003 09:26:13 -0800 (PST) Received: from crimelords.org (crimelords.org [199.233.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DD91440E5 for ; Mon, 3 Mar 2003 09:21:11 -0800 (PST) (envelope-from admin@crimelords.org) Received: from crimelords.org (admin@localhost [127.0.0.1]) by crimelords.org (8.12.7/8.12.5) with ESMTP id h23HKHpm042831 for ; Mon, 3 Mar 2003 11:20:17 -0600 (CST) (envelope-from admin@crimelords.org) Received: from localhost (admin@localhost) by crimelords.org (8.12.7/8.12.6/Submit) with ESMTP id h23HKHcb042828 for ; Mon, 3 Mar 2003 11:20:17 -0600 (CST) Date: Mon, 3 Mar 2003 11:20:17 -0600 (CST) From: Emacs To: freebsd-security@FreeBSD.ORG Subject: Sendmail Vulnerability!! Message-ID: <20030303111848.K42761@crimelords.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Other than the standard 'download it from sendmail.org' just wanted to make sure people are looking at www.sendmail.org right now Sendmail 8.12.8 is available; it contains a fix for a critical security problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force for bringing this problem to our attention. Sendmail urges all users to either upgrade to sendmail 8.12.8 or apply a patch for 8.12. Patches for older versions are available. For those not running the open source version, check with your vendor for a patch. If you use the commercial version from Sendmail, Inc. then please see the download page. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:26:49 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E08337B6F0; Mon, 3 Mar 2003 09:26:34 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id C27894426C; Mon, 3 Mar 2003 09:23:13 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.7/8.12.7) with ESMTP id h23HMbpG098377; Mon, 3 Mar 2003 12:22:38 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 03 Mar 2003 12:26:56 -0500 To: security@FreeBSD.ORG From: Mike Tancsa Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Cc: stable@FreeBSD.ORG In-Reply-To: <200303031711.h23HBbax059425@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:11 AM 03/03/2003 -0800, FreeBSD Security Advisories wrote: >Module: contrib_sendmail >Announced: 2003-03-03 >Credits: Mark Dowd (ISS) >Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > FreeBSD 4-STABLE prior to the correction date >Corrected: 2003-03-03 >1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, Hi, I dont see this in the cvsup commit logs yet ? ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:43:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5517437B405 for ; Mon, 3 Mar 2003 09:43:31 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id E59A043FA3 for ; Mon, 3 Mar 2003 09:43:28 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org ([10.3.12.105]) by meitner.wh.uni-dortmund.de (8.10.2/8.10.2/SuSE Linux 8.10.0-0.3) with ESMTP id h23HhRc30067 for ; Mon, 3 Mar 2003 18:43:27 +0100 X-Authentication-Warning: meitner.wh.uni-dortmund.de: Host [10.3.12.105] claimed to be lofi.dyndns.org Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6/8.12.6) with ESMTP id h23HhQRP045325 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 3 Mar 2003 18:43:26 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: freebsd-security@freebsd.org Subject: sendmail vulnerability? Date: Mon, 3 Mar 2003 18:43:20 +0100 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_9Q5Y+RJJQd2qSuc"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200303031843.25553.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Boundary-02=_9Q5Y+RJJQd2qSuc Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline https://rhn.redhat.com/errata/RHSA-2003-073.html Excerpt: "During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root." Is FreeBSD's sendmail affected? =2D-=20 Regards, Michael Nottebrock --Boundary-02=_9Q5Y+RJJQd2qSuc Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+Y5Q9Xhc68WspdLARAr3hAJ0WrfDJSoNXmq7epZklyr4Wu53rtQCfZsY5 rB7wcfBvutekf0Z3EEqwQwM= =b/jB -----END PGP SIGNATURE----- --Boundary-02=_9Q5Y+RJJQd2qSuc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:53:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D71737B401 for ; Mon, 3 Mar 2003 09:53:31 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69DCE43F3F for ; Mon, 3 Mar 2003 09:53:30 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org ([10.3.12.105]) by meitner.wh.uni-dortmund.de (8.10.2/8.10.2/SuSE Linux 8.10.0-0.3) with ESMTP id h23HrTc30145 for ; Mon, 3 Mar 2003 18:53:29 +0100 X-Authentication-Warning: meitner.wh.uni-dortmund.de: Host [10.3.12.105] claimed to be lofi.dyndns.org Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6/8.12.6) with ESMTP id h23HrQRP045437 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 3 Mar 2003 18:53:28 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: freebsd-security@freebsd.org Subject: Re: sendmail vulnerability? Date: Mon, 3 Mar 2003 18:53:22 +0100 User-Agent: KMail/1.5 References: <200303031843.25553.michaelnottebrock@gmx.net> In-Reply-To: <200303031843.25553.michaelnottebrock@gmx.net> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_Ua5Y+klqQPNfsV2"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200303031853.24914.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Boundary-02=_Ua5Y+klqQPNfsV2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Monday 03 March 2003 18:43, Michael Nottebrock wrote: > https://rhn.redhat.com/errata/RHSA-2003-073.html [...] Heh, okay, bad timing, please disregard. =2D-=20 Regards, Michael Nottebrock --Boundary-02=_Ua5Y+klqQPNfsV2 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+Y5aUXhc68WspdLARAlBbAKCPfMVGpaeYolrHNbNuiYKS1qfhsQCgmVy0 9o+2auY5ezmjbIENMj7wJGk= =+djt -----END PGP SIGNATURE----- --Boundary-02=_Ua5Y+klqQPNfsV2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:53:52 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 857F137B401 for ; Mon, 3 Mar 2003 09:53:51 -0800 (PST) Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id D21DF43FE5 for ; Mon, 3 Mar 2003 09:53:50 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: from radix.cryptio.net (localhost [127.0.0.1]) by radix.cryptio.net (8.12.7/8.12.6) with ESMTP id h23HrkWr049865 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 3 Mar 2003 09:53:46 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: (from emechler@localhost) by radix.cryptio.net (8.12.7/8.12.6/Submit) id h23HreHb049864; Mon, 3 Mar 2003 09:53:40 -0800 (PST) Date: Mon, 3 Mar 2003 09:53:40 -0800 From: Erick Mechler To: Michael Nottebrock Cc: freebsd-security@FreeBSD.ORG Subject: Re: sendmail vulnerability? Message-ID: <20030303175340.GK17397@techometer.net> References: <200303031843.25553.michaelnottebrock@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303031843.25553.michaelnottebrock@gmx.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: Is FreeBSD's sendmail affected? Yes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 9:57:12 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56C2937B401; Mon, 3 Mar 2003 09:57:10 -0800 (PST) Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEB9A43F75; Mon, 3 Mar 2003 09:57:08 -0800 (PST) (envelope-from bmah@employees.org) Received: from bmah.dyndns.org (12-240-204-110.client.attbi.com[12.240.204.110]) by sccrmhc03.attbi.com (sccrmhc03) with ESMTP id <2003030317570700300ak5tve>; Mon, 3 Mar 2003 17:57:08 +0000 Received: from intruder.bmah.org (localhost [127.0.0.1]) by bmah.dyndns.org (8.12.7/8.12.6) with ESMTP id h23Hv6st008863; Mon, 3 Mar 2003 09:57:07 -0800 (PST) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.7/8.12.7/Submit) id h23Hv6eq008862; Mon, 3 Mar 2003 09:57:06 -0800 (PST) Date: Mon, 3 Mar 2003 09:57:06 -0800 From: "Bruce A. Mah" To: Mike Tancsa Cc: security@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Message-ID: <20030303175706.GA8807@intruder.bmah.org> References: <200303031711.h23HBbax059425@freefall.freebsd.org> <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> User-Agent: Mutt/1.4i X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-url: http://www.employees.org/~bmah/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable If memory serves me right, Mike Tancsa wrote: > At 09:11 AM 03/03/2003 -0800, FreeBSD Security Advisories wrote: > >Module: contrib_sendmail > >Announced: 2003-03-03 > >Credits: Mark Dowd (ISS) > >Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > > FreeBSD 4-STABLE prior to the correction date > >Corrected: 2003-03-03 > >1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, >=20 >=20 > Hi, > I dont see this in the cvsup commit logs yet ? Every cvsup mirror updates on a periodic schedule. The commits to the src tree (which happened about 30 minutes ago) probably haven't made it to all the mirrors yet. (You can see the changes in cvsweb, probably the cvs-all mailing list archives as well.) Bruce. --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Y5dy2MoxcVugUsMRAlSNAJ9DPsUsyswsPRmHnwUTzfAeYtds7QCZAZhF sc4wttVvmBzLaI8e1oORCwA= =qsfg -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 10: 5:20 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFB5B37B401 for ; Mon, 3 Mar 2003 10:05:17 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 278C343FE1 for ; Mon, 3 Mar 2003 10:05:14 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 5458 invoked from network); 3 Mar 2003 18:01:01 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 3 Mar 2003 18:01:01 -0000 Received: (qmail 6743 invoked by uid 1000); 3 Mar 2003 18:03:50 -0000 Date: Mon, 3 Mar 2003 20:03:50 +0200 From: Peter Pentchev To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030303180350.GA6597@straylight.oblivion.bg> Mail-Followup-To: Martin McCormick , freebsd-security@FreeBSD.ORG References: <200303031528.h23FScje002664@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline In-Reply-To: <200303031528.h23FScje002664@dc.cis.okstate.edu> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 03, 2003 at 09:28:38AM -0600, Martin McCormick wrote: > What might cause all users except root to get "permission denied" > every time they try to change their passwords on a new system? >=20 > Here's the scenario: >=20 > $ passwd > Changing local password for martin. > Old password: > passwd: Permission denied > passwd: /etc/master.passwd: unchanged > $ >=20 > I have checked permissions on /etc/master.passwd and > /etc/passwd and they agree with the corresponding files on > another 4.7 system that works. >=20 > $ ls -l /etc/*passwd > -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd > -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd > $ cd / > $ ls -l |grep usr > drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr > $ ls -l /usr/bin/passwd > -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd Just a wild guess: you have not mounted /usr with the 'nosuid' mount option, have you? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 The rest of this sentence is written in Thailand, on --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Y5kF7Ri2jRYZRVMRAkIOAKCReii8wSEfs/g2iuQpF/mmrLIXrACgniXS k/6oAViZIBOvaSCm1DYmB0o= =bjbU -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 11:11:59 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF73D37B401 for ; Mon, 3 Mar 2003 11:11:57 -0800 (PST) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F90343FE3 for ; Mon, 3 Mar 2003 11:11:57 -0800 (PST) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id h23JBuBv090161 for ; Mon, 3 Mar 2003 13:11:57 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200303031911.h23JBuBv090161@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Date: Mon, 03 Mar 2003 13:11:56 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Eilko Bos writes: >Are you very sure your password you typed is correct? Actually, my face is quite red at this time. What actually happened was that I was using the wrong password and then compounded the confusion by using the wrong password on another new account I had set up. that is why I thought all non-root users were having the same trouble. Thanks to all of you for your effort and I am sorry I wasted your time. One time, I ended up with a system on which sendmail wouldn't work for anybody but root because it complained about a certain directory being world-writable. That particular system had been set up by several different people and I finally ran a diagnostic for sendmail that produces a trace until it hits the trouble spot. Somebody had made /usr world-writable for some unknown reason. Anyway, I thought I had dome something like that and killed passwd. Yes, UNIX is my day job! Times like this are certainly humbling. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 11:38: 2 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 485C937B401 for ; Mon, 3 Mar 2003 11:37:59 -0800 (PST) Received: from mx-out.daemonmail.net (mx-out.daemonmail.net [216.104.160.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE9BA43FD7 for ; Mon, 3 Mar 2003 11:37:58 -0800 (PST) (envelope-from chris@tierra.net) Received: from mx0.emailqueue.net (localhost.daemonmail.net [127.0.0.1]) by mx-out.daemonmail.net (8.9.3/8.9.3) with SMTP id LAA39645 for ; Mon, 3 Mar 2003 11:37:58 -0800 (PST) (envelope-from chris@tierra.net) Received: from (216.104.164.101 [216.104.164.101]) by mail.tierra.net with ESMTP id g7f16Vc5 Mon, 03 Mar 2003 11:37:57 -0700 (PST) Message-Id: <5.2.0.9.0.20030303113213.034c0cc0@mail.tierra.net> X-Sender: chris@mail.tierra.net X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Mon, 03 Mar 2003 11:39:00 -0800 To: security@freebsd.org From: Chris Samaritoni Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail In-Reply-To: <200303031711.h23HBbVf059406@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories wrote: >III. Impact > >A remote attacker could create a specially crafted message that may >cause sendmail to execute arbitrary code with the privileges of the >user running sendmail, typically root. The malicious message might be >handled (and therefore the vulnerability triggered) by the initial >sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail >process. Exploiting this defect is particularly difficult, but is >believed to be possible. Question, I have a some systems that don't run any sendmail daemons, but local users that have scripts that run sendmail to send messages. I'm not familiar with how running sendmail from the command line would differ, but would this also be affected by this bug, in which case wouldn't this also make it a local compromise as well? I'm just looking for clarification. Thanks, Chris Samaritoni TierraNet Inc. chris@tierra.net ---------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 11:57:26 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E022B37B406 for ; Mon, 3 Mar 2003 11:57:22 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B10743FE0 for ; Mon, 3 Mar 2003 11:57:21 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id C5A9351; Mon, 3 Mar 2003 13:57:20 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id B38BF78C43; Mon, 3 Mar 2003 13:57:20 -0600 (CST) Date: Mon, 3 Mar 2003 13:57:20 -0600 From: "Jacques A. Vidrine" To: Chris Samaritoni Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Message-ID: <20030303195720.GA85269@madman.celabo.org> References: <200303031711.h23HBbVf059406@freefall.freebsd.org> <5.2.0.9.0.20030303113213.034c0cc0@mail.tierra.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030303113213.034c0cc0@mail.tierra.net> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 11:39:00AM -0800, Chris Samaritoni wrote: > Question, I have a some systems that don't run any sendmail daemons, but > local users that have scripts that run sendmail to send messages. I'm not > familiar with how running sendmail from the command line would differ, but > would this also be affected by this bug, in which case wouldn't this also > make it a local compromise as well? I'm just looking for clarification. Yes, upgrade. -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 13:43:32 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E1EB37B401 for ; Mon, 3 Mar 2003 13:43:30 -0800 (PST) Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A51F43FBF for ; Mon, 3 Mar 2003 13:43:29 -0800 (PST) (envelope-from jason@shalott.net) Received: (qmail 97267 invoked by uid 1000); 3 Mar 2003 21:43:29 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Mar 2003 21:43:29 -0000 Date: Mon, 3 Mar 2003 13:43:29 -0800 (PST) From: Jason Stone X-X-Sender: To: Chris Samaritoni Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail In-Reply-To: <20030303195720.GA85269@madman.celabo.org> Message-ID: <20030303132808.Q81383-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Question, I have a some systems that don't run any sendmail daemons, but > > local users that have scripts that run sendmail to send messages. I'm not > > familiar with how running sendmail from the command line would differ, but > > would this also be affected by this bug, in which case wouldn't this also > > make it a local compromise as well? I'm just looking for clarification. > > Yes, upgrade. Of course you should upgrade, but to answer your question more fully, I don't think that it's possible to gain root from the local exploit. Now I'm not very familiar with sendmail (I've run only qmail for many years, as sendmail never stops getting hacked...), but when the user runs sendmail locally, I think that the sendmail process is the only process that runs, and that it reads the message and then either drops the message into the local clientmqueue for delivery by an already running root sendmail daemon, or else delivers it itself, immediately. On a recently built -STABLE box, I see hermione/home/jason-1005: ls -l /usr/libexec/sendmail/sendmail - -r-xr-sr-x 1 root smmsp 582520 Feb 3 20:58 /usr/libexec/sendmail/sendmail which leads me to believe that exploiting the daemon would give you group smmsp priveleges and not root privelegs. This would allow a malicious local user to potentially read the outgoing mail of other users in the clientmqueue, but not take over the machine. Finally, if you are running an alternate mailer like qmail (which I cannot reccommend highly enough), it's probably a good idea to "chmod 0 /usr/libexec/sendmail/sendmail", to prevent this local exploit. Even though it's not so bad in this case, users should never be able to execute code as another user/group. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE+Y8yBswXMWWtptckRAjFYAKDISZThZPrldv28ECwjesZgdSk/DQCdE+Nf GIPFe0crVvYDp3wLmaUvlq8= =jz5U -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 14: 3:25 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FABF37B401 for ; Mon, 3 Mar 2003 14:03:24 -0800 (PST) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87F2943FCB for ; Mon, 3 Mar 2003 14:03:23 -0800 (PST) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id h23M3NBv020783 for ; Mon, 3 Mar 2003 16:03:23 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200303032203.h23M3NBv020783@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: New Patch Sendmail Date: Mon, 03 Mar 2003 16:03:23 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The advisory says, "Select the correct binary based on your FreeBSD version and whether or not you want STARTTLS support. If you want STARTTLS support, you must have the crypto distribution installed." Which version is the one that is part of the CDROM distribution? What do I get with the STARTTLS support? Martin McCormick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 14:57: 0 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB24937B401 for ; Mon, 3 Mar 2003 14:56:58 -0800 (PST) Received: from mail.digitaldeck.com (twindolphin-xo.digitaldeck.com [66.237.41.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5701E43FBD for ; Mon, 3 Mar 2003 14:56:58 -0800 (PST) (envelope-from chris@digitaldeck.com) Received: from luna (luna.office-ca1.digitaldeck.com [192.168.1.132]) by mail.digitaldeck.com (8.12.6/8.12.6) with SMTP id h23MuwL2065087 for ; Mon, 3 Mar 2003 14:56:58 -0800 (PST) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Subject: SA-03:04.sendmail Bin Update Date: Mon, 3 Mar 2003 16:59:02 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just want to verify. The binary Sendmail update is for 8.12.6 not the newly released 8.12.8 correct? Just got thrown off when after running install the logged version of Sendmail was the same. If this is correct, is there a way to verify that the currently running version is the patched version? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 15:45:50 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7D9037B401 for ; Mon, 3 Mar 2003 15:45:43 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93F5043F93 for ; Mon, 3 Mar 2003 15:45:41 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) by smtp.infracaninophile.co.uk (8.12.8/8.12.8) with ESMTP id h23NjXDA002986; Mon, 3 Mar 2003 23:45:33 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.8/8.12.8/Submit) id h23NjXQs002985; Mon, 3 Mar 2003 23:45:33 GMT Date: Mon, 3 Mar 2003 23:45:33 +0000 From: Matthew Seaman To: Chris McCluskey Cc: security@FreeBSD.ORG Subject: Re: SA-03:04.sendmail Bin Update Message-ID: <20030303234533.GB2276@happy-idiot-talk.infracaninophi> References: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.3i X-Spam-Status: No, hits=-32.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT version=2.50 X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 04:59:02PM -0800, Chris McCluskey wrote: > Just want to verify. The binary Sendmail update is for 8.12.6 not the > newly released 8.12.8 correct? Just got thrown off when after running > install the logged version of Sendmail was the same. If this is > correct, is there a way to verify that the currently running version > is the patched version? If you're tracking 4-STABLE or 5-CURRENT you should definitely have sendmail-8.12.8 if you cvsup now. Other branches may differ. You can tell what version is currently running on your system by telnet'ing to the SMTP port and looking at the banner: % telnet smtp.infracaninophile.co.uk 25 Trying 81.2.69.218... Connected to smtp.infracaninophile.co.uk. Escape character is '^]'. 220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.12.8/8.12.8; Mon, 3 Mar 2003 23:40:05 GMT Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 16:58:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D57237B401 for ; Mon, 3 Mar 2003 16:58:40 -0800 (PST) Received: from mail.digitaldeck.com (twindolphin-xo.digitaldeck.com [66.237.41.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E7F443FB1 for ; Mon, 3 Mar 2003 16:58:39 -0800 (PST) (envelope-from chris@digitaldeck.com) Received: from luna (luna.office-ca1.digitaldeck.com [192.168.1.132]) by mail.digitaldeck.com (8.12.6/8.12.6) with SMTP id h240wdL2068752 for ; Mon, 3 Mar 2003 16:58:39 -0800 (PST) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Subject: Re: SA-03:04.sendmail Bin Update Date: Mon, 3 Mar 2003 20:08:52 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok... Here's what I show: namehere# telnet namehere 25 Trying 192.x.y.z... Connected to namehere.digitaldeck.com. Escape character is '^]'. 220 namehere.digitaldeck.com ESMTP Sendmail 8.12.6/8.12.6; Mon, 3 Mar 2003 16:22:53 -0800 (PST) namehere# strings sendmail-4.7-i386-nocrypto.bin |grep 8.12 @(#)$Id: safefile.c,v 8.124 2002/05/24 20:50:15 gshapiro Exp $ 8.12.6 I have been tracking RELENG_4_7 and it looks like 4.12.6 to me. So again, I want to make sure that this version of Sendmail has been patched. What's the best verification procedure to insure that the patched version is online? > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > Matthew Seaman > Sent: Monday, March 03, 2003 3:46 PM > To: Chris McCluskey > Cc: security@FreeBSD.ORG > Subject: Re: SA-03:04.sendmail Bin Update > > > On Mon, Mar 03, 2003 at 04:59:02PM -0800, Chris McCluskey wrote: > > Just want to verify. The binary Sendmail update is for > 8.12.6 not the > > newly released 8.12.8 correct? Just got thrown off when > after running > > install the logged version of Sendmail was the same. If this is > > correct, is there a way to verify that the currently > running version > > is the patched version? > > If you're tracking 4-STABLE or 5-CURRENT you should definitely have > sendmail-8.12.8 if you cvsup now. Other branches may differ. > > You can tell what version is currently running on your system by > telnet'ing to the SMTP port and looking at the banner: > > % telnet smtp.infracaninophile.co.uk 25 > Trying 81.2.69.218... > Connected to smtp.infracaninophile.co.uk. > Escape character is '^]'. > 220 smtp.infracaninophile.co.uk ESMTP Sendmail > 8.12.8/8.12.8; Mon, 3 Mar 2003 23:40:05 GMT > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 > The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 > Bucks., SL7 1TH UK > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 18:29: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64A7B37B401 for ; Mon, 3 Mar 2003 18:29:02 -0800 (PST) Received: from web12806.mail.yahoo.com (web12806.mail.yahoo.com [216.136.174.41]) by mx1.FreeBSD.org (Postfix) with SMTP id E51A643FE3 for ; Mon, 3 Mar 2003 18:29:01 -0800 (PST) (envelope-from zaunere@yahoo.com) Message-ID: <20030304022901.70698.qmail@web12806.mail.yahoo.com> Received: from [66.114.70.134] by web12806.mail.yahoo.com via HTTP; Mon, 03 Mar 2003 18:29:01 PST Date: Mon, 3 Mar 2003 18:29:01 -0800 (PST) From: Hans Zaunere Reply-To: hans@nyphp.org Subject: Re: SA-03:04.sendmail Bin Update To: Chris McCluskey , security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Chris McCluskey wrote: > > Ok... > > Here's what I show: > > namehere# telnet namehere 25 > Trying 192.x.y.z... > Connected to namehere.digitaldeck.com. > Escape character is '^]'. > 220 namehere.digitaldeck.com ESMTP Sendmail 8.12.6/8.12.6; Mon, 3 Mar > 2003 16:22:53 -0800 (PST) > > namehere# strings sendmail-4.7-i386-nocrypto.bin |grep 8.12 > @(#)$Id: safefile.c,v 8.124 2002/05/24 20:50:15 gshapiro Exp $ > 8.12.6 > > I have been tracking RELENG_4_7 and it looks like 4.12.6 to me. So > again, I want to make sure that this version of Sendmail has been > patched. What's the best verification procedure to insure that the > patched version is online? I'm in the exact same situation. I replaced the sendmail binary but it shows the same sig as before. While I have great confidence in the FreeBSD team, is there some way I can validate everything is kosher? Hans To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 3 20: 6:56 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E5B537B401 for ; Mon, 3 Mar 2003 20:06:54 -0800 (PST) Received: from zardoc.esmtp.org (adsl-63-195-85-27.dsl.snfc21.pacbell.net [63.195.85.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABA2043F3F for ; Mon, 3 Mar 2003 20:06:53 -0800 (PST) (envelope-from ca@zardoc.esmtp.org) Received: from zardoc.esmtp.org (localhost [127.0.0.1]) by zardoc.esmtp.org (8.12.7/8.12.7.Beta1) with ESMTP id h2446xau013667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 3 Mar 2003 20:07:00 -0800 (PST) Received: (from ca@localhost) by zardoc.esmtp.org (8.12.7/8.12.0.Beta12) id h2446x6c026575 for security@FreeBSD.ORG; Mon, 3 Mar 2003 20:06:59 -0800 (PST) Date: Mon, 3 Mar 2003 20:06:59 -0800 From: Claus Assmann To: security@FreeBSD.ORG Subject: Re: SA-03:04.sendmail Bin Update Message-ID: <20030303200659.A5708@zardoc.esmtp.org> References: <20030304022901.70698.qmail@web12806.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20030304022901.70698.qmail@web12806.mail.yahoo.com>; from zaunere@yahoo.com on Mon, Mar 03, 2003 at 06:29:01PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003, Hans Zaunere wrote: > I'm in the exact same situation. I replaced the sendmail binary but it shows > the same sig as before. While I have great confidence in the FreeBSD team, > is there some way I can validate everything is kosher? strings sendmail | grep 'Dropped invalid comments from header address' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 6:36:10 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E360937B401 for ; Tue, 4 Mar 2003 06:36:06 -0800 (PST) Received: from spxgate.servplex.com (ip66-105-58-82.z58-105-66.customer.algx.net [66.105.58.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id D903C43F75 for ; Tue, 4 Mar 2003 06:36:05 -0800 (PST) (envelope-from peter@servplex.com) Received: from peter.servplex.com ([192.168.0.96]) by spxgate.servplex.com (8.12.6/8.12.6) with ESMTP id h24EkiMe063777; Tue, 4 Mar 2003 08:46:44 -0600 (CST) (envelope-from peter@servplex.com) Message-Id: <5.2.0.9.2.20030304083444.01b72bd8@mail.servplex.com> X-Sender: peter@mail.servplex.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 04 Mar 2003 08:36:18 -0600 To: hans@nyphp.org From: Peter Elsner Subject: Re: SA-03:04.sendmail Bin Update Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030304022901.70698.qmail@web12806.mail.yahoo.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Step by step instructions ftp sendmail.org login anonymously cd pub/sendmail get sendmail-8.12.8.tar.gz quit tar xvzf sendmail-8.12.8.tar.gz cd sendmail-8.12.8 ./Build ./Build install kill -1 (SIGHUP) sendmail You're now upgraded.... At 06:29 PM 3/3/2003 -0800, you wrote: >--- Chris McCluskey wrote: > > > > Ok... > > > > Here's what I show: > > > > namehere# telnet namehere 25 > > Trying 192.x.y.z... > > Connected to namehere.digitaldeck.com. > > Escape character is '^]'. > > 220 namehere.digitaldeck.com ESMTP Sendmail 8.12.6/8.12.6; Mon, 3 Mar > > 2003 16:22:53 -0800 (PST) > > > > namehere# strings sendmail-4.7-i386-nocrypto.bin |grep 8.12 > > @(#)$Id: safefile.c,v 8.124 2002/05/24 20:50:15 gshapiro Exp $ > > 8.12.6 > > > > I have been tracking RELENG_4_7 and it looks like 4.12.6 to me. So > > again, I want to make sure that this version of Sendmail has been > > patched. What's the best verification procedure to insure that the > > patched version is online? > >I'm in the exact same situation. I replaced the sendmail binary but it shows >the same sig as before. While I have great confidence in the FreeBSD team, >is there some way I can validate everything is kosher? > >Hans > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message ---------------------------------------------------------------------------------------------------------- Peter Elsner Vice President Of Customer Service (And System Administrator) 1835 S. Carrier Parkway Grand Prairie, Texas 75051 (972) 263-2080 - Voice (972) 263-2082 - Fax (972) 489-4838 - Cell Phone (425) 988-8061 - eFax I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin Unix IS user friendly... It's just selective about who its friends are. System Administration - It's a dirty job, but somebody said I had to do it. If you receive something that says 'Send this to everyone you know, pretend you don't know me. Standard $500/message proofreading fee applies for UCE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 6:59:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 222C237B401 for ; Tue, 4 Mar 2003 06:59:14 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B4DF43F85 for ; Tue, 4 Mar 2003 06:59:10 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 3665A42; Tue, 4 Mar 2003 08:59:10 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 185AD78C43; Tue, 4 Mar 2003 08:59:10 -0600 (CST) Date: Tue, 4 Mar 2003 08:59:10 -0600 From: "Jacques A. Vidrine" To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: New Patch Sendmail Message-ID: <20030304145909.GA92031@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Martin McCormick , freebsd-security@FreeBSD.ORG References: <200303032203.h23M3NBv020783@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303032203.h23M3NBv020783@dc.cis.okstate.edu> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 04:03:23PM -0600, Martin McCormick wrote: > The advisory says, > > "Select the correct binary based on your FreeBSD version and whether or > not you want STARTTLS support. If you want STARTTLS support, you must > have the crypto distribution installed." > > Which version is the one that is part of the CDROM > distribution? Most likely you have the crypto distribution, but it depends on what choices you made during installation. (Actually I think you have to be pretty explicit during installation to avoid getting the crypto bits.) If you have /usr/lib/libcrypto.so.2 and /usr/lib/libssl.so.2, then you want the `crypto' binary. > What do I get with the STARTTLS support? If you don't know what STARTTLS is: probably nothing. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 7: 6:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00FC837B401 for ; Tue, 4 Mar 2003 07:06:31 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6550E43FBF for ; Tue, 4 Mar 2003 07:06:30 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 006DCB0; Tue, 4 Mar 2003 09:06:29 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id DF6BF78C43; Tue, 4 Mar 2003 09:06:29 -0600 (CST) Date: Tue, 4 Mar 2003 09:06:29 -0600 From: "Jacques A. Vidrine" To: Chris McCluskey Cc: security@FreeBSD.ORG Subject: Re: SA-03:04.sendmail Bin Update Message-ID: <20030304150629.GB92031@madman.celabo.org> References: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 04:59:02PM -0800, Chris McCluskey wrote: > Just want to verify. The binary Sendmail update is for 8.12.6 not the > newly released 8.12.8 correct? Just got thrown off when after running > install the logged version of Sendmail was the same. If this is > correct, is there a way to verify that the currently running version > is the patched version? The sendmail binaries from SA-03:04 (on ftp.freebsd.org) are the same binaries you would get if you CVSup'd on the security branch and rebuilt. So that's correct -- the version number does not change. The patch added a new log message which you can check for. Do `strings /path/to/sendmail | grep Dropped'. % strings ./sendmail-4.6-i386-crypto.bin| grep Dropped Dropped invalid comments from header address Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 7: 7:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EA4537B401 for ; Tue, 4 Mar 2003 07:07:53 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8128443F75 for ; Tue, 4 Mar 2003 07:07:52 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 2329F42; Tue, 4 Mar 2003 09:07:52 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 1F55078C43; Tue, 4 Mar 2003 09:07:52 -0600 (CST) Date: Tue, 4 Mar 2003 09:07:52 -0600 From: "Jacques A. Vidrine" To: hans@nyphp.org Cc: Chris McCluskey , security@FreeBSD.ORG Subject: Re: SA-03:04.sendmail Bin Update Message-ID: <20030304150752.GC92031@madman.celabo.org> References: <20030304022901.70698.qmail@web12806.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030304022901.70698.qmail@web12806.mail.yahoo.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 06:29:01PM -0800, Hans Zaunere wrote: > I'm in the exact same situation. I replaced the sendmail binary but it shows > the same sig as before. While I have great confidence in the FreeBSD team, > is there some way I can validate everything is kosher? Build it yourself? -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 9:42: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9FA037B401; Tue, 4 Mar 2003 09:42:01 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D7D443F93; Tue, 4 Mar 2003 09:42:01 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.7) with ESMTP id h24HfxtB008198; Tue, 4 Mar 2003 12:42:00 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030304124221.04e55460@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 04 Mar 2003 12:46:38 -0500 To: "Jacques A. Vidrine" From: Mike Tancsa Subject: Checking for sendmail attacked (was Re: SA-03:04.sendmail Bin Update) Cc: security@FreeBSD.ORG In-Reply-To: <20030304150629.GB92031@madman.celabo.org> References: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:06 AM 04/03/2003 -0600, Jacques A. Vidrine wrote: >The patch added a new log message which you can check for. Do >`strings /path/to/sendmail | grep Dropped'. > > % strings ./sendmail-4.6-i386-crypto.bin| grep Dropped > Dropped invalid comments from header address Interesting, I am seeing this show up in my logs due to some poorly formatted spam. (LOGLevel up to 12) smtp1# grep h24HAgAi019889 maillog Mar 4 12:10:46 smtp1 sendmail[19889]: h24HAgAi019889: Milter: no active filter Mar 4 12:10:48 smtp1 sendmail[19889]: h24HAgAi019889: from=, size=2263, class=0, nrcpts=1, msgid=<200303041655.BAA17056@cgi10.interq.net>, proto=ESMTP, daemon=MTA, relay=cgi10.interq.net [210.157.1.15] Mar 4 12:10:48 smtp1 sendmail[19914]: h24HAgAi019889: SMTP outgoing connect on smtp1.sentex.ca Mar 4 12:10:55 smtp1 sendmail[19914]: h24HAgAi019889: Dropped invalid comments from header address Mar 4 12:10:57 smtp1 sendmail[19914]: h24HAgAi019889: to=, delay=00:00:10, xdelay=00:00:09, mailer=esmtp, pri=30728, relay=spamscanner.sentex.ca. [64.7.128.108], dsn=2.0.0, stat=Sent (h24HAjcM032479 Message accepted for delivery) Mar 4 12:10:57 smtp1 sendmail[19914]: h24HAgAi019889: done; delay=00:00:10, ntries=1 smtp1# Is there a more definitive way to see if someone is actively trying to exploit the issue? ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 9:57:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BA3637B401 for ; Tue, 4 Mar 2003 09:57:29 -0800 (PST) Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id E803143F93 for ; Tue, 4 Mar 2003 09:57:28 -0800 (PST) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.12.8/8.12.8) with ESMTP id h24HvRIc064513 for ; Tue, 4 Mar 2003 09:57:27 -0800 (PST) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id h24HxDr74160 for ; Tue, 4 Mar 2003 09:59:14 -0800 (PST) (envelope-from greg@thistle.bogs.org) Message-Id: <200303041759.h24HxDr74160@thistle.bogs.org> To: security@FreeBSD.ORG X-To: Peter Elsner X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: SA-03:04.sendmail Bin Update In-reply-to: Your message of "Tue, 04 Mar 2003 08:36:18 CST." <5.2.0.9.2.20030304083444.01b72bd8@mail.servplex.com> Reply-To: gkshenaut@ucdavis.edu Date: Tue, 04 Mar 2003 09:59:13 -0800 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <5.2.0.9.2.20030304083444.01b72bd8@mail.servplex.com>, Peter Elsner cleopede: >Step by step instructions > >ftp sendmail.org >login anonymously >cd pub/sendmail >get sendmail-8.12.8.tar.gz >quit >tar xvzf sendmail-8.12.8.tar.gz >cd sendmail-8.12.8 >./Build >./Build install > >kill -1 (SIGHUP) sendmail > >You're now upgraded.... I found your advice to be inspirational, and I immediately set to work to follow it. However, here are a few things I had to do (some are due to my rather old fbsd version--yes, it's past time to upgrade the kernal--but some may be general): (1) The actual name of the tar file is sendmail.8.12.8.tar.gz (note the period instead of a dash). This was especially annoying because for some reason I couldn't get a remote directory listing with the ftp(1) client. I eventually went in with a web browser & found the typo in the file name. (2) I also have to add the smmsp user & group IDs and change a bunch of directory ownerships & permissions (see the sendmail/SECURITY file in the distribution). (3) I had to copy cf/cf/generic-bsd4.4.cf in to /etc/mail/sendmail.cf . (4) I had to create a /etc/mail/local-host-names file, and mv /etc/aliases into /etc/mail, and run make in /etc/mail . (5) I had previously upgraded to a version of sendmail that put a bunch of links into /usr/local/sbin to a "sendm" program; I had to remove all these so that the new version could actually be seen. (6) NOW it seems to be working. Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 10:21:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7989437B405 for ; Tue, 4 Mar 2003 10:21:45 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DE3744146 for ; Tue, 4 Mar 2003 10:14:54 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA12935; Tue, 4 Mar 2003 11:13:06 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030304111223.00bfd9a0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 04 Mar 2003 11:13:03 -0700 To: Peter Elsner , hans@nyphp.org From: Brett Glass Subject: Re: SA-03:04.sendmail Bin Update Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <5.2.0.9.2.20030304083444.01b72bd8@mail.servplex.com> References: <20030304022901.70698.qmail@web12806.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 07:36 AM 3/4/2003, Peter Elsner wrote: >Step by step instructions > >ftp sendmail.org >login anonymously >cd pub/sendmail >get sendmail-8.12.8.tar.gz >quit >tar xvzf sendmail-8.12.8.tar.gz >cd sendmail-8.12.8 >./Build >./Build install > >kill -1 (SIGHUP) sendmail > >You're now upgraded.... What about your configuration? Especially if you were running a considerably older version? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 11: 9:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5FE937B401 for ; Tue, 4 Mar 2003 11:09:25 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03B1A43F75 for ; Tue, 4 Mar 2003 11:09:24 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.7) with ESMTP id h24J9NtB008821; Tue, 4 Mar 2003 14:09:23 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030304140532.04b305f0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Tue, 04 Mar 2003 14:13:59 -0500 To: Geoffrey From: Mike Tancsa Subject: Re: Checking for sendmail attacks (was Re: SA-03:04.sendmail Bin Update) Cc: security@freebsd.org In-Reply-To: <20030304134748.B7046-100000@iguana.reptiles.org> References: <5.2.0.9.0.20030304124221.04e55460@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 210.157.1.15 is where the spam was coming from. I checked the actual message, and its just plain old spam. Looking through past logs, we get lots of crap from that /24 Feb 27 02:30:37 smtp1 sendmail[32992]: h1R7UZqj032992: from=, size=1351, class=0, nrcpts=1, msgid=<200302270730.QAA04061@cgi05.interq.net>, proto=ESMTP, daemon=MTA, relay=cgi05.interq.net [210.157.1.6] Feb 27 02:30:40 smtp1 sendmail[32994]: h1R7UZqj032992: to=, delay=00:00:04, xdelay=00:00:03, mailer=esmtp, pri=30719, relay=spamscanner.sentex.ca. [64.7.128.115], dsn=2.0.0, stat=Sent (h1R7Ub5J048839 Message accepted for delivery) smtp1# its probably just an open relay, or a spam friendly network.... However, the way that they are formatting the spam seems to trigger the log message. At 01:53 PM 04/03/2003 -0500, Geoffrey wrote: > I've been seeing attempted traffic from 218.50.225.80 since 6 am >est to my port 25 at 3 hr intervals. Other traffic from 218.50 (139, 111) >suggests something else odd from that net is not cool. > Have you been able to pick out an originating ip? There are so many worms and people scanning, its like cosmic background radiation. In fact, if there were not hits on those other ports (139,111,161,80) against my network I would be more alarmed as I would think my network had been black-holed.... ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 11:53:26 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE16737B401 for ; Tue, 4 Mar 2003 11:53:20 -0800 (PST) Received: from blueyonder.co.uk (pcow034o.blueyonder.co.uk [195.188.53.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB4B143F75 for ; Tue, 4 Mar 2003 11:53:19 -0800 (PST) (envelope-from bbdl21548@blueyonder.co.uk) Received: from orion ([62.31.178.34]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75); Tue, 4 Mar 2003 19:55:17 +0000 Message-ID: <007801c2e287$b3075620$0200010a@orion> Reply-To: "Jasvinder S. Bahra" From: "Jasvinder S. Bahra" To: Subject: Tripwire (Cron /usr/local/sbin/tripwire --check --cfgfile /etc/tripwire/tw.cfg) Date: Tue, 4 Mar 2003 19:53:16 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Evening folks. I'm having some problems receiving my tripwire reports. I have a gateway-firewall system, running this version of FreeBSD... FreeBSD foo.bar.org 4.6.2-RELEASE-p7 FreeBSD 4.6.2-RELEASE-p7 #0 (Please note that throughout this e-mail, domain details have been = replaced with FOO.BAR.ORG - this is not the real domain info, for = obvious reasons. I should point out that the domain is just something = i've set locally. No services are open on the internet side of the = machine.) : ) Now, tripwire runs at regular intervals using cron, and the reports are = then e-mailed to me (/etc/rc.config has a 'sendmail_enable=3D"NO"' entry = so that the reports can be sent). Entry in crontab... 0 23 * * * root = /usr/local/sbin/tripwire --check --cfgfile /etc/tripwire/tw.cfg I have set root's e-mail address in /etc/mail/aliases... root: jazz,my_external_email_address@domain.com ...and run the command 'newaliases', after I updated the aliases file. = Now, as far as I understand, this setup should run a tripwire security = check at 11 in the evening, and then e-mail the report to the root = e-mail address set in the aliases file. After a fashion, this does work. The e-mail has a subject of 'Returned = mail: see transcript for details', a body displayed below, and two = attachments... ---------------------------------------------------------------8<--------= -------------------------------------------------------- The original message was received at Fri, 28 Feb 2003 23:00:28 GMT from root@localhost =20 ----- The following addresses had permanent fatal errors ----- root (reason: 553 5.1.8 ... Domain of sender = address root@foo.bar.org does not exist) (expanded from: root) =20 ----- Transcript of session follows ----- ... while talking to localhost.my.domain.: >>> MAIL From: SIZE=3D4771 <<< 553 5.1.8 ... Domain of sender address = root@foo.bar.org does not exist 501 5.6.0 Data format error ---------------------------------------------------------------8<--------= -------------------------------------------------------- The first attachment show the following... ---------------------------------------------------------------8<--------= -------------------------------------------------------- Reporting-MTA: dns; sirius.differentreality.org Arrival-Date: Sat, 1 Mar 2003 23:00:28 GMT =20 Final-Recipient: RFC822; root@foo.bar.org Action: failed Status: 5.1.8 Diagnostic-Code: SMTP; 553 5.1.8 ... Domain of = sender address root@foo.bar.org does not exist Last-Attempt-Date: Sat, 1 Mar 2003 23:06:55 GMT ---------------------------------------------------------------8<--------= -------------------------------------------------------- The second attachment is the tripwire report itself - it has a subject = of... Cron /usr/local/sbin/tripwire --check --cfgfile = /etc/tripwire/tw.cfg Now, the first attachment shows that the mail server is doing a dns = lookup when it receives the e-mail, and its because the lookup fails = that the e-mail is received in this fashion. Does anyone know a way to = get around this? The same thing is also happening for the 'foo.bar.org = daily run output'. Admittedly this is somewhat minor - the reports *are* = being received after all, but for neatness's sake, i'd like to clear it = up. *shrugs* Regards, Jazz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 12: 1:55 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2124637B401 for ; Tue, 4 Mar 2003 12:01:53 -0800 (PST) Received: from mail.digitaldeck.com (twindolphin-xo.digitaldeck.com [66.237.41.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CE9643FAF for ; Tue, 4 Mar 2003 12:01:52 -0800 (PST) (envelope-from chris@digitaldeck.com) Received: from luna (luna.office-ca1.digitaldeck.com [192.168.1.132]) by mail.digitaldeck.com (8.12.6/8.12.6) with SMTP id h24K1qA3081263 for ; Tue, 4 Mar 2003 12:01:52 -0800 (PST) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Subject: RE: SA-03:04.sendmail Bin Update (Thanks) Date: Wed, 5 Mar 2003 01:52:28 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20030304150629.GB92031@madman.celabo.org> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just wanted to say thank you to those that provided info (even to those that provided the somewhat sardonic advice). New binaries verified. Mission accomplished. > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Jacques A. > Vidrine > Sent: Tuesday, March 04, 2003 7:06 AM > To: Chris McCluskey > Cc: security@FreeBSD.ORG > Subject: Re: SA-03:04.sendmail Bin Update > > > On Mon, Mar 03, 2003 at 04:59:02PM -0800, Chris McCluskey wrote: > > Just want to verify. The binary Sendmail update is for > 8.12.6 not the > > newly released 8.12.8 correct? Just got thrown off when > after running > > install the logged version of Sendmail was the same. If this is > > correct, is there a way to verify that the currently > running version > > is the patched version? > > The sendmail binaries from SA-03:04 (on ftp.freebsd.org) > are the same > binaries you would get if you CVSup'd on the security > branch and rebuilt. > So that's correct -- the version number does not change. > > The patch added a new log message which you can check for. Do > `strings /path/to/sendmail | grep Dropped'. > > % strings ./sendmail-4.6-i386-crypto.bin| grep Dropped > Dropped invalid comments from header address > > Cheers, > -- > Jacques A. Vidrine > http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . > Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . > nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 4 12: 3:53 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B351237B401 for ; Tue, 4 Mar 2003 12:03:51 -0800 (PST) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDAD143F3F for ; Tue, 4 Mar 2003 12:03:50 -0800 (PST) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id h24K3o5b034339 for ; Tue, 4 Mar 2003 14:03:50 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200303042003.h24K3o5b034339@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: New Patch Sendmail Date: Tue, 04 Mar 2003 14:03:50 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Many thanks to each of you. I was sure I had these, but duble-checked as in find /usr/lib -name libcrypto.so.2 -print find /usr/lib -name libssl.so.2 -print They are there as I expected so I installed the crypto binary. Martin McCormick "Jacques A. Vidrine" writes: >If you have /usr/lib/libcrypto.so.2 and /usr/lib/libssl.so.2, then >you want the `crypto' binary. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 2:24:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1F2337B405 for ; Wed, 5 Mar 2003 02:24:32 -0800 (PST) Received: from relay1.ntu-kpi.kiev.ua (oberon.ntu-kpi.kiev.ua [195.245.194.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD8A443FAF for ; Wed, 5 Mar 2003 02:24:27 -0800 (PST) (envelope-from nikolay@asu.ntu-kpi.kiev.ua) Received: by relay1.ntu-kpi.kiev.ua (Postfix, from userid 426) id DB38E199D8; Mon, 3 Mar 2003 18:59:28 +0200 (EET) Received: from onyx.asu.ntu-kpi.kiev.ua (eth0.onyx.asu.ntu-kpi.kiev.ua [10.18.16.2]) by relay1.ntu-kpi.kiev.ua (Postfix) with ESMTP id 0656F198FE for ; Mon, 3 Mar 2003 18:59:27 +0200 (EET) Received: from drweb by onyx.asu.ntu-kpi.kiev.ua with drweb-scanned (Exim 4.10) id 18ptHi-000MZu-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 18:59:26 +0200 Received: from nikolay by onyx.asu.ntu-kpi.kiev.ua with local (Exim 4.10) id 18ptHi-000MZo-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 18:59:26 +0200 Date: Mon, 3 Mar 2003 18:59:26 +0200 From: "Nikolay Y. Orlyuk" To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030303165926.GK73302@asu.ntu-kpi.kiev.ua> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200303031528.h23FScje002664@dc.cis.okstate.edu> <198346153953.20030303192054@ers.msk.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <198346153953.20030303192054@ers.msk.ru> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 07:20:54PM +0300, Roman Emelyanov wrote: > Hello Martin, > > > MM> $ ls -l /usr/bin/passwd > MM> -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd > > Check permissions on passwd application: > > -r-sr-xr-x 2 root wheel 5840 Jan 16 23:29 /usr/bin/passwd I think you should look in text before replying. > > -- With best wishes Nikolay mail: nikolay@asu.ntu-kpi.kiev.ua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 3:13:46 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 727F437B401 for ; Wed, 5 Mar 2003 03:13:42 -0800 (PST) Received: from relay1.ntu-kpi.kiev.ua (oberon.ntu-kpi.kiev.ua [195.245.194.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 102A543F75 for ; Wed, 5 Mar 2003 03:13:40 -0800 (PST) (envelope-from nikolay@asu.ntu-kpi.kiev.ua) Received: by relay1.ntu-kpi.kiev.ua (Postfix, from userid 426) id 8011619910; Mon, 3 Mar 2003 17:49:32 +0200 (EET) Received: from onyx.asu.ntu-kpi.kiev.ua (eth0.onyx.asu.ntu-kpi.kiev.ua [10.18.16.2]) by relay1.ntu-kpi.kiev.ua (Postfix) with ESMTP id B82FD19905 for ; Mon, 3 Mar 2003 17:49:31 +0200 (EET) Received: from drweb by onyx.asu.ntu-kpi.kiev.ua with drweb-scanned (Exim 4.10) id 18psC3-000LmW-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 17:49:31 +0200 Received: from nikolay by onyx.asu.ntu-kpi.kiev.ua with local (Exim 4.10) id 18psC3-000LmQ-00 for freebsd-security@FreeBSD.ORG; Mon, 03 Mar 2003 17:49:31 +0200 Date: Mon, 3 Mar 2003 17:49:31 +0200 From: "Nikolay Y. Orlyuk" To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030303154931.GJ73302@asu.ntu-kpi.kiev.ua> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200303031528.h23FScje002664@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200303031528.h23FScje002664@dc.cis.okstate.edu> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 03, 2003 at 09:28:38AM -0600, Martin McCormick wrote: > What might cause all users except root to get "permission denied" > every time they try to change their passwords on a new system? > > Here's the scenario: > > $ passwd > Changing local password for martin. > Old password: > passwd: Permission denied > passwd: /etc/master.passwd: unchanged > $ > > I have checked permissions on /etc/master.passwd and > /etc/passwd and they agree with the corresponding files on > another 4.7 system that works. > > $ ls -l /etc/*passwd > -rw------- 1 root wheel 1605 Mar 3 08:12 /etc/master.passwd > -rw-r--r-- 1 root wheel 1367 Mar 3 08:12 /etc/passwd > $ cd / > $ ls -l |grep usr > drwxr-xr-x 16 root wheel 512 Nov 11 11:34 usr more interesting is /etc, because you already get /usr/bin/passwd, thats enough. etc may don't have +x for root. > $ ls -l /usr/bin/passwd > -r-sr-xr-x 2 root wheel 32504 Oct 9 07:51 /usr/bin/passwd All seems to be ok. > For most nix'es rest is not important. > > Did you check that your system understand suid bit on executables simliest way is to make this (if you sure that your system ok than you can skip it) --suidtest.c--cut-me--- #include #include #include int main() { printf("I'm a %d\n",geteuid()); return 0; } --suidtest.c-- # gcc -o suidtest suidtest.c You are root $ chown root suidtest $ chmod u+s suidtest You are not root # ./suidtest if you will got "I'm a 0" then all is ok (for kerenel side) else you will need check your kernel (especially loading of binaries or something about euid). So now you know (hope) that your system works fine. Thats problem of userspace If you have sources of passwd try to find out where it want to read/write or place files (thats important to look also where it want to place). I will look in source which I will find. P.S. Sorry about my English grammar. -- With best wishes Nikolay mail: nikolay@asu.ntu-kpi.kiev.ua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 4:11:37 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C219037B401 for ; Wed, 5 Mar 2003 04:11:35 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB02843FCB for ; Wed, 5 Mar 2003 04:11:34 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id FAA00465 for ; Wed, 5 Mar 2003 05:11:33 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305050739.03f078f0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 05:10:30 -0700 To: freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Does the patching procedure work? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org After following the patching procedure described in the revised Sendmail advisory, I found that executing strings sendmail | grep 'Dropped invalid comments from header address' (as suggested at http://www.sendmail.org/patchcr.html) does not find the string. Did the patch take? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 4:24:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D56737B401 for ; Wed, 5 Mar 2003 04:24:21 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68AA643F3F for ; Wed, 5 Mar 2003 04:24:20 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id FAA00550 for ; Wed, 5 Mar 2003 05:24:16 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305052142.03f04200@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 05:24:12 -0700 To: freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Does the patching procedure work? In-Reply-To: <4.3.2.7.2.20030305050739.03f078f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:10 AM 3/5/2003, Brett Glass wrote: >After following the patching procedure described in the revised Sendmail advisory, I found that executing > >strings sendmail | grep 'Dropped invalid comments from header address' > >(as suggested at http://www.sendmail.org/patchcr.html) does not find the string. Did the patch take? I'm answering my own message here; I've discovered that I was attempting the test from the wrong directory. The patch actually did take on the machine in question. However, I do have another question. On another 4.7 machine, I saw the following when applying the patch: ... |Index: contrib/sendmail/src/headers.c |=================================================================== |RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v |retrieving revision 1.4.2.7 |diff -u -r1.4.2.7 headers.c |--- contrib/sendmail/src/headers.c 3 Sep 2002 01:50:17 -0000 1.4.2.7 |+++ contrib/sendmail/src/headers.c 27 Feb 2003 21:42:36 -0000 -------------------------- Patching file contrib/sendmail/src/headers.c using Plan A... Hunk #1 failed at 678. Hunk #2 succeeded at 973 (offset -27 lines). Hunk #3 succeeded at 986 (offset -27 lines). Hunk #4 failed at 999. Hunk #5 failed at 1057. Hunk #6 succeeded at 1087 (offset -27 lines). Hunk #7 succeeded at 1096 (offset -27 lines). Hunk #8 succeeded at 1115 (offset -27 lines). Hunk #9 succeeded at 1133 (offset -27 lines). Hunk #10 succeeded at 1144 (offset -27 lines). Hunk #11 succeeded at 1162 (offset -27 lines). Hunk #12 failed at 1171. Hunk #13 succeeded at 1185 with fuzz 2 (offset -27 lines). Hunk #14 succeeded at 1230 (offset -27 lines). Hunk #15 succeeded at 1258 with fuzz 1 (offset -27 lines). Hunk #16 succeeded at 1308 (offset -27 lines). Hunk #17 succeeded at 1324 (offset -27 lines). Hunk #18 failed at 1332. 5 out of 18 hunks failed--saving rejects to contrib/sendmail/src/headers.c.rej ... Why did the hunks fail? Will the patch work? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 5:25:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 054E537B405 for ; Wed, 5 Mar 2003 05:25:46 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA72B43F85 for ; Wed, 5 Mar 2003 05:25:44 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 5CB4238; Wed, 5 Mar 2003 07:25:44 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 464AF78C43; Wed, 5 Mar 2003 07:25:44 -0600 (CST) Date: Wed, 5 Mar 2003 07:25:44 -0600 From: "Jacques A. Vidrine" To: Brett Glass Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305132544.GD17270@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Brett Glass , freebsd-security@FreeBSD.ORG References: <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305052142.03f04200@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 05:24:12AM -0700, Brett Glass wrote: > I'm answering my own message here; I've discovered that I was attempting the > test from the wrong directory. The patch actually did take on the machine > in question. However, I do have another question. On another 4.7 machine, > I saw > the following when applying the patch: > 5 out of 18 hunks failed--saving rejects to contrib/sendmail/src/headers.c.rej > Why did the hunks fail? I don't know. You have local modifications? That is not a RELENG_4_7 source tree? Perhaps % cd /usr/src && cvs diff -c -r RELENG_4_7_0_RELEASE contrib/sendmail will give a clue (although you must restore the `.orig' files left over from the previous patching attempt). > Will the patch work? No, I don't think you should have any confidence that things are OK. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 5:43:53 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE19C37B401 for ; Wed, 5 Mar 2003 05:43:50 -0800 (PST) Received: from www.unsam.edu.ar (ns2.unsam.edu.ar [170.210.48.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D874743FB1 for ; Wed, 5 Mar 2003 05:43:47 -0800 (PST) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: from pi.iib.unsam.edu.ar (pi.iib.unsam.edu.ar [192.168.10.11]) by www.unsam.edu.ar (8.9.3/8.9.3) with ESMTP id KAA31776 for ; Wed, 5 Mar 2003 10:43:45 -0300 (ART) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: from pi.iib.unsam.edu.ar (localhost.iib.unsam.edu.ar [127.0.0.1]) by pi.iib.unsam.edu.ar (8.12.8/8.12.7) with ESMTP id h25DhWpf019846 for ; Wed, 5 Mar 2003 10:43:33 -0300 (ART) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: (from fernan@localhost) by pi.iib.unsam.edu.ar (8.12.8/8.12.7/Submit) id h25DhWLu019845 for freebsd-security@freebsd.org; Wed, 5 Mar 2003 10:43:32 -0300 (ART) Date: Wed, 5 Mar 2003 10:43:32 -0300 From: Fernan Aguero To: FreeBSD Security Subject: is my sendmail OK? (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail [REVISED]) Message-ID: <20030305134332.GA12578@iib.unsam.edu.ar> Mail-Followup-To: FreeBSD Security References: <200303041803.h24I3RUO030333@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303041803.h24I3RUO030333@freefall.freebsd.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org +----[ (04.Mar.2003 15:19): | | 2) To patch your present system: | | The following patch has been verified to apply to FreeBSD 5.0, 4.7, | and 4.6 systems. | | a) Download the relevant patch from the location below, and verify the | detached PGP signature using your PGP utility. | | ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch | ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc | | b) Execute the following commands as root: | | # cd /usr/src | # patch < /path/to/patch I already cvsupped my sources yesterday evening (GMT-03), when trying to apply the patch, it said that: Patching file contrib/sendmail/src/daemon.c using Plan A... Reversed (or previously applied) patch detected! Assume -R? [y] So, may I assume that the source contained the patch? I then went on to the following, | # cd /usr/src/lib/libsm | # make obj && make depend && make | # cd /usr/src/lib/libsmutil | # make obj && make depend && make | # cd /usr/src/usr.sbin/sendmail | # make obj && make depend && make && make install no problems here. So i restarted sendmail, | c) Restart sendmail. Execute the following command as root. | | # /bin/sh /etc/rc.sendmail restart but then strings /usr/sbin/sendmail | grep Dropped produces no output. My system: FreeBSD pi.iib.unsam.edu.ar 4.8-RC FreeBSD 4.8-RC #0: Mon Mar 3 11:44:37 ART 2003 fernan@pi.iib.unsam.edu.ar:/usr/obj/usr/src/sys/PI i386 My sendmail (after the update): 220 pi.iib.unsam.edu.ar ESMTP Sendmail 8.12.8/8.12.7; Wed, 5 Mar 2003 10:40:00 -0300 (ART) | +----] -- F e r n a n A g u e r o http://genoma.unsam.edu.ar/~fernan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 5:50:15 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DB6437B401 for ; Wed, 5 Mar 2003 05:50:13 -0800 (PST) Received: from becile.teaser.fr (becile.teaser.fr [213.91.2.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAF0C43FCB for ; Wed, 5 Mar 2003 05:50:11 -0800 (PST) (envelope-from lfrigault@becile.teaser.fr) Received: from becile.teaser.fr (localhost [127.0.0.1]) by becile.teaser.fr (8.12.8/8.12.8/becile/lfrigault@becile.teaser.fr) with ESMTP id h25DoAPc045722 for ; Wed, 5 Mar 2003 14:50:10 +0100 (CET) (envelope-from lfrigault@becile.teaser.fr) Received: (from lfrigault@localhost) by becile.teaser.fr (8.12.8/8.12.8/Submit) id h25DoAmp045721 for freebsd-security@FreeBSD.ORG; Wed, 5 Mar 2003 14:50:10 +0100 (CET) Date: Wed, 5 Mar 2003 14:50:10 +0100 From: Laurent Frigault To: FreeBSD Security Subject: Re: is my sendmail OK? (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail [REVISED]) Message-ID: <20030305145010.A45658@becile.teaser.fr> References: <200303041803.h24I3RUO030333@freefall.freebsd.org> <20030305134332.GA12578@iib.unsam.edu.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20030305134332.GA12578@iib.unsam.edu.ar>; from fernan@iib.unsam.edu.ar on Wed, Mar 05, 2003 at 10:43:32AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 10:43:32AM -0300, Fernan Aguero wrote: > strings /usr/sbin/sendmail | grep Dropped > > produces no output. Of course, /usr/sbin/sendmail is a wrapper. Try : strings /usr/libexec/sendmail/sendmail | fgrep Dropped Lolo -- Laurent Frigault | UNIX _IS_ user friendly. It's just selective about who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 5:55: 5 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0D6037B401 for ; Wed, 5 Mar 2003 05:55:02 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA45043FDD for ; Wed, 5 Mar 2003 05:54:58 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 1590438; Wed, 5 Mar 2003 07:54:58 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id E494D78C43; Wed, 5 Mar 2003 07:54:57 -0600 (CST) Date: Wed, 5 Mar 2003 07:54:57 -0600 From: "Jacques A. Vidrine" To: Fernan Aguero Cc: FreeBSD Security Subject: Re: is my sendmail OK? (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail [REVISED]) Message-ID: <20030305135457.GA17671@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Fernan Aguero , FreeBSD Security References: <200303041803.h24I3RUO030333@freefall.freebsd.org> <20030305134332.GA12578@iib.unsam.edu.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030305134332.GA12578@iib.unsam.edu.ar> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 10:43:32AM -0300, Fernan Aguero wrote: > I already cvsupped my sources yesterday evening (GMT-03), > when trying to apply the patch, it said that: Do one or the other (CVSup or patch), not both! [...] > So, may I assume that the source contained the patch? This seems likely. You can look at the revision numbers in the advisory and compare them to what is in your source tree to be more certain. > strings /usr/sbin/sendmail | grep Dropped You aimed at the wrong file. The `real' sendmail is at /usr/libexec/sendmail/sendmail. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 5:58:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F420337B401 for ; Wed, 5 Mar 2003 05:58:21 -0800 (PST) Received: from www.unsam.edu.ar (ns2.unsam.edu.ar [170.210.48.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C2E843F75 for ; Wed, 5 Mar 2003 05:58:20 -0800 (PST) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: from pi.iib.unsam.edu.ar (pi.iib.unsam.edu.ar [192.168.10.11]) by www.unsam.edu.ar (8.9.3/8.9.3) with ESMTP id KAA32554; Wed, 5 Mar 2003 10:58:12 -0300 (ART) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: from pi.iib.unsam.edu.ar (localhost.iib.unsam.edu.ar [127.0.0.1]) by pi.iib.unsam.edu.ar (8.12.8/8.12.7) with ESMTP id h25Dw5pf019890; Wed, 5 Mar 2003 10:58:05 -0300 (ART) (envelope-from fernan@pi.iib.unsam.edu.ar) Received: (from fernan@localhost) by pi.iib.unsam.edu.ar (8.12.8/8.12.7/Submit) id h25Dw44U019889; Wed, 5 Mar 2003 10:58:04 -0300 (ART) Date: Wed, 5 Mar 2003 10:58:04 -0300 From: Fernan Aguero To: Laurent Frigault Cc: FreeBSD Security Subject: Re: is my sendmail OK? (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail [REVISED]) Message-ID: <20030305135804.GB12578@iib.unsam.edu.ar> Mail-Followup-To: Laurent Frigault , FreeBSD Security References: <200303041803.h24I3RUO030333@freefall.freebsd.org> <20030305134332.GA12578@iib.unsam.edu.ar> <20030305145010.A45658@becile.teaser.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030305145010.A45658@becile.teaser.fr> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org +----[ Laurent Frigault (05.Mar.2003 10:55): | | On Wed, Mar 05, 2003 at 10:43:32AM -0300, Fernan Aguero wrote: | > strings /usr/sbin/sendmail | grep Dropped | > | > produces no output. | | Of course, /usr/sbin/sendmail is a wrapper. | | Try : | | strings /usr/libexec/sendmail/sendmail | fgrep Dropped | +----] Thanks, that did it. Fernan -- F e r n a n A g u e r o http://genoma.unsam.edu.ar/~fernan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 6:22: 2 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DE6837B401 for ; Wed, 5 Mar 2003 06:22:00 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EED743FDF for ; Wed, 5 Mar 2003 06:21:59 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id F302A7C; Wed, 5 Mar 2003 08:21:58 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id DF46578C43; Wed, 5 Mar 2003 08:21:58 -0600 (CST) Date: Wed, 5 Mar 2003 08:21:58 -0600 From: "Jacques A. Vidrine" To: Mike Tancsa Cc: security@FreeBSD.ORG Subject: Re: Checking for sendmail attacked (was Re: SA-03:04.sendmail Bin Update) Message-ID: <20030305142158.GD17705@madman.celabo.org> References: <5.2.0.9.0.20030303122518.056f4300@marble.sentex.ca> <5.2.0.9.0.20030304124221.04e55460@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030304124221.04e55460@marble.sentex.ca> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 04, 2003 at 12:46:38PM -0500, Mike Tancsa wrote: > Is there a more definitive way to see if someone is actively trying to > exploit the issue? Somehow log the headers? Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 9:18:18 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D6D437B401; Wed, 5 Mar 2003 09:18:16 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E647843F3F; Wed, 5 Mar 2003 09:18:14 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA03091; Wed, 5 Mar 2003 10:18:08 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305100150.048518c0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 10:18:03 -0700 To: David Schultz From: Brett Glass Subject: Re: Does the patching procedure work? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030305125047.GB45405@HAL9000.homeunix.com> References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:50 AM 3/5/2003, David Schultz wrote: >It looks like you've applied a patch for the wrong version of >sendmail. (Perhaps these are pre-4.6 sources, for instance.) >The easiest way to recover is probably to fetch fresh patched >sources via anoncvs or cvsup. It turns out that it was 4.5-RELEASE-p4, just a sliver before 4.6. (The system had been patched for later problems rather than upgraded, because it's a production machine.) Quite recent. (You don't want to change point versions constantly on production machines.) I was lucky I noticed the problem. The messages just rolled by, and if I hadn't scrolled back I would not have caught them. I'll bet some folks missed this and are unprotected. (The hunks that are rejected are important, but the message about dropping the comments is in one of the hunks that's accepted, so it looks as if the patch took!) What I have done on that machine is install the 4.6 binary, which seems to run just fine on 4.5 and even 4.4 (though you may need to add the misssing group). Patches should be provided back to 4.4, IMHO. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 9:18:24 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09F7237B41B for ; Wed, 5 Mar 2003 09:18:22 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D34043FA3 for ; Wed, 5 Mar 2003 09:18:21 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA03098; Wed, 5 Mar 2003 10:18:14 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305101206.04858990@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 10:13:05 -0700 To: Igor Roshchin From: Brett Glass Subject: Re: Does the patching procedure work? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200303051655.h25GtpB24071@giganda.komkon.org> References: <4.3.2.7.2.20030305052142.03f04200@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:55 AM 3/5/2003, Igor Roshchin wrote: >I saw a similar behavior (with about the same number of offsets >and failed hunks) when I tried to patch an older (8.11.x) sendmail. >If that's indeed the case, you can download a set of patches from >www.sendmail.org directly (for the right version). >I am not sure what 4.7 was originally shipped with. >The set of patches in FreeBSD's advisory is for the latest 8.12.x (.6?) The patches on www.sendmail.org don't apply properly to /usr/src/contrib/sendmail. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 9:56: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D187337B401 for ; Wed, 5 Mar 2003 09:55:59 -0800 (PST) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 9E33F43F93 for ; Wed, 5 Mar 2003 09:55:58 -0800 (PST) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 43458 invoked by uid 1001); 5 Mar 2003 17:55:57 -0000 Date: Wed, 5 Mar 2003 12:55:57 -0500 From: "Peter C. Lai" To: Brett Glass Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305175557.GD738@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305100150.048518c0@localhost> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Patches should be provided back to 4.4, IMHO. > > --Brett > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Patches are only supported for the current release (4.7) and the previous one (4.6.2), which is consistent with FreeBSD security policy. However, some people have backported patches, notably djhawkins(sp?). I don't know the site off the top of my head but the link is archived on this mailing list. I'm pretty sure he can give you hand in disseminating or developing backports for freebsd before R-4.6. -- Peter C. Lai To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 10: 2:46 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8E4A37B401 for ; Wed, 5 Mar 2003 10:02:43 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D230A43FDF for ; Wed, 5 Mar 2003 10:02:42 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA03727; Wed, 5 Mar 2003 11:02:34 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305110002.0292a490@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 11:02:31 -0700 To: Igor Roshchin From: Brett Glass Subject: Re: Does the patching procedure work? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200303051758.h25Hw9N26013@giganda.komkon.org> References: <4.3.2.7.2.20030305101206.04858990@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:58 AM 3/5/2003, Igor Roshchin wrote: >You need to >> cd /usr/src/contrib/sendmail/src/ >and then >> patch p0 < patch.from.sendmail.org This seems to work on some versions but not others. As I mentioned, for 4.x (where 3<=x<=5), the binary replacement that was compiled for 4.6 seems to run just fine. That's what I've been using. Next upgrade will, of course, wipe the whole thing and replace it. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 10: 4: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EA2237B401 for ; Wed, 5 Mar 2003 10:04:02 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DA0643F85 for ; Wed, 5 Mar 2003 10:04:01 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA03747; Wed, 5 Mar 2003 11:03:55 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305110258.029297f0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 11:03:53 -0700 To: Igor Roshchin From: Brett Glass Subject: Re: Does the patching procedure work? Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200303051758.h25Hw9N26013@giganda.komkon.org> References: <4.3.2.7.2.20030305101206.04858990@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:58 AM 3/5/2003, Igor Roshchin wrote: >While I'd be glad to see the FreeBSD team (or somebody else) providing >me with patches for all old version of the system and all programs >I have installed on old systems (btw, a cup of coffee and a jar of jam would >be good too!), I wish it were possible. I think that a time horizon of one year would be reasonable. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 10:53:25 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23B4B37B401 for ; Wed, 5 Mar 2003 10:53:23 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96BE743F3F for ; Wed, 5 Mar 2003 10:53:21 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA04237; Wed, 5 Mar 2003 11:52:19 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305115030.0499f7b0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 11:52:14 -0700 To: Kris Kennaway From: Brett Glass Subject: Re: Does the patching procedure work? Cc: Igor Roshchin , freebsd-security@FreeBSD.ORG In-Reply-To: <20030305183028.GC701@rot13.obsecurity.org> References: <4.3.2.7.2.20030305110258.029297f0@localhost> <4.3.2.7.2.20030305101206.04858990@localhost> <4.3.2.7.2.20030305110258.029297f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:30 AM 3/5/2003, Kris Kennaway wrote: >Each branch is supported by the Security Officer for a limited time >only, typically through 12 months after the release. In that case, the published binary patches and diffs should go back farther than 4.6-RELEASE. I know large numbers of admins with 4.4 and 4.5 machines. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:10: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38ACE37B401; Wed, 5 Mar 2003 11:09:58 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B5B043F93; Wed, 5 Mar 2003 11:09:56 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id B273538; Wed, 5 Mar 2003 13:09:55 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 96FEF78C43; Wed, 5 Mar 2003 13:09:55 -0600 (CST) Date: Wed, 5 Mar 2003 13:09:55 -0600 From: "Jacques A. Vidrine" To: Brett Glass Cc: David Schultz , freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305190955.GA17065@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Brett Glass , David Schultz , freebsd-security@FreeBSD.ORG References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305100150.048518c0@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > It turns out that it was 4.5-RELEASE-p4, just a sliver before > 4.6. (The system had been patched for later problems rather > than upgraded, because it's a production machine.) Quite recent. > (You don't want to change point versions constantly on > production machines.) If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or more recent, or had the previous sendmail bug patched), then the patch would probably have worked out. > I was lucky I noticed the problem. The messages just rolled > by, and if I hadn't scrolled back I would not have caught > them. I'll bet some folks missed this and are unprotected. > (The hunks that are rejected are important, but the message > about dropping the comments is in one of the hunks that's > accepted, so it looks as if the patch took!) Lucky? Hrmpf, a system administrator has to be careful. Actually examining the output of any given command that one runs is pretty much a requirement if you want to know if it succeeded or not... as is checking the exit code. But here's a tip to make that easier: use the `-s' and `-C' flags with patch. See the man page. > What I have done on that machine is install the 4.6 binary, > which seems to run just fine on 4.5 and even 4.4 (though > you may need to add the misssing group). Cool. > Patches should be provided back to 4.4, IMHO. Um, in this case, they were provided all the way back to 3.x. However, in general, the table at is what you can count on. I will gladly extend the lifetime of one branch one extra year for each US$25,000 I receive. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:10:45 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14C9837B401 for ; Wed, 5 Mar 2003 11:10:43 -0800 (PST) Received: from cirb503493.alcatel.com.au (c18609.belrs1.nsw.optusnet.com.au [210.49.80.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B77243F85 for ; Wed, 5 Mar 2003 11:10:41 -0800 (PST) (envelope-from peterjeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.5/8.12.5) with ESMTP id h25JAdLZ093297; Thu, 6 Mar 2003 06:10:39 +1100 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.6/8.12.5/Submit) id h25JAcEX093296; Thu, 6 Mar 2003 06:10:38 +1100 (EST) Date: Thu, 6 Mar 2003 06:10:38 +1100 From: Peter Jeremy To: Brett Glass Cc: Igor Roshchin , freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305191038.GA93251@cirb503493.alcatel.com.au> References: <4.3.2.7.2.20030305101206.04858990@localhost> <4.3.2.7.2.20030305110258.029297f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305110258.029297f0@localhost> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 11:03:53AM -0700, Brett Glass wrote: >At 10:58 AM 3/5/2003, Igor Roshchin wrote: > >>While I'd be glad to see the FreeBSD team (or somebody else) providing >>me with patches for all old version of the system and all programs >>I have installed on old systems (btw, a cup of coffee and a jar of jam would >>be good too!), I wish it were possible. > >I think that a time horizon of one year would be reasonable. This is already available. See http://www.freebsd.org/commercial/consulting.html for a list of people/companies that provide this service. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:17:38 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5123C37B401; Wed, 5 Mar 2003 11:17:35 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1590143F75; Wed, 5 Mar 2003 11:17:34 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA04569; Wed, 5 Mar 2003 12:17:28 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305121248.02c5e720@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 12:17:25 -0700 To: "Jacques A. Vidrine" From: Brett Glass Subject: Re: Does the patching procedure work? Cc: David Schultz , freebsd-security@FreeBSD.org In-Reply-To: <20030305190955.GA17065@madman.celabo.org> References: <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:09 PM 3/5/2003, Jacques A. Vidrine wrote: >If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or >more recent, or had the previous sendmail bug patched), then the patch >would probably have worked out. It did have periodic patches as needed. >Lucky? Hrmpf, a system administrator has to be careful. Call it what you will. I suspect that it has slipped by others. >> What I have done on that machine is install the 4.6 binary, >> which seems to run just fine on 4.5 and even 4.4 (though >> you may need to add the misssing group). > >Cool. You may want to mention this in the advisory. >> Patches should be provided back to 4.4, IMHO. > >Um, in this case, they were provided all the way back to 3.x. Nope. The revised advisory published to -announce provided only one patch, at ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch and it failed to apply completely. No other patch was offered. There were replacement binaries for 5.0, 4.7, and 4.6, which does not go back a full year. There really should be support for each release for a year. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:26:40 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4AFF937B401; Wed, 5 Mar 2003 11:26:37 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AF0B43FD7; Wed, 5 Mar 2003 11:26:36 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 259B038; Wed, 5 Mar 2003 13:26:36 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 14EA178C43; Wed, 5 Mar 2003 13:26:36 -0600 (CST) Date: Wed, 5 Mar 2003 13:26:36 -0600 From: "Jacques A. Vidrine" To: Brett Glass Cc: David Schultz , freebsd-security@FreeBSD.org Subject: Re: Does the patching procedure work? Message-ID: <20030305192635.GA23113@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Brett Glass , David Schultz , freebsd-security@FreeBSD.org References: <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305121248.02c5e720@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 12:17:25PM -0700, Brett Glass wrote: > At 12:09 PM 3/5/2003, Jacques A. Vidrine wrote: > >> Patches should be provided back to 4.4, IMHO. > > > >Um, in this case, they were provided all the way back to 3.x. > > Nope. The revised advisory published to -announce provided only one patch, at > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch > > and it failed to apply completely. No other patch was offered. I see. I was referring to the security branches, of course. We don't and won't generate patch sets for no-longer-supported branches. Of course there are myriad ways that you can unerringly do so yourself for fixes that have been committed. I should also point out that in general, we do not support patching systems that have not also had all other previous patches applied first. > There > were replacement binaries for 5.0, 4.7, and 4.6, which does not go back > a full year. > > There really should be support for each release for a year. I agree. That is why approximately 2 weeks ago, I changed the policy from `the last two releases' to 12 months. Kind of a quiet change really. http://www.freebsd.org/cgi/cvsweb.cgi/www/en/security/security.sgml.diff?r1=1.124&r2=1.125 At that time, RELENG_4_5 was already `over' under both the old and new policy. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:27: 2 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5725437B401 for ; Wed, 5 Mar 2003 11:27:00 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C8AC43FB1 for ; Wed, 5 Mar 2003 11:26:59 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA04728; Wed, 5 Mar 2003 12:26:47 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305122505.02c626c0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 12:26:42 -0700 To: Peter Jeremy From: Brett Glass Subject: Re: Does the patching procedure work? Cc: Igor Roshchin , freebsd-security@FreeBSD.ORG In-Reply-To: <20030305191038.GA93251@cirb503493.alcatel.com.au> References: <4.3.2.7.2.20030305110258.029297f0@localhost> <4.3.2.7.2.20030305101206.04858990@localhost> <4.3.2.7.2.20030305110258.029297f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:10 PM 3/5/2003, Peter Jeremy wrote: >This is already available. >See http://www.freebsd.org/commercial/consulting.html for a list >of people/companies that provide this service. FreeBSD itself has an explicit policy of supporting releases with security fixes for one year. If a paid consultant is required to do this, FreeBSD loses a tremendous amount of value. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:34:49 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 15BF037B405; Wed, 5 Mar 2003 11:34:47 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E39A143FD7; Wed, 5 Mar 2003 11:34:45 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA04798; Wed, 5 Mar 2003 12:34:40 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305122841.02c8b7b0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 12:34:36 -0700 To: "Jacques A. Vidrine" From: Brett Glass Subject: Re: Does the patching procedure work? Cc: David Schultz , freebsd-security@FreeBSD.ORG In-Reply-To: <20030305192635.GA23113@madman.celabo.org> References: <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:26 PM 3/5/2003, Jacques A. Vidrine wrote: >At that time, RELENG_4_5 was already `over' under both the old and new >policy. I just checked, and it is just *barely* over that age. A lot of us installed -p2 or -p3, though, and then patched what needed to be patched on that particular server. It'd be nice to have a "diff"-style patch that worked, though the fixed binary for 4.6 does work. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:37:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ECD737B401 for ; Wed, 5 Mar 2003 11:37:25 -0800 (PST) Received: from smtp.us-south.net (smtp.us-south.net [66.147.172.25]) by mx1.FreeBSD.org (Postfix) with SMTP id 447A843F93 for ; Wed, 5 Mar 2003 11:37:22 -0800 (PST) (envelope-from jfulcher@us-south.net) Received: (qmail 60910 invoked by uid 85); 5 Mar 2003 19:15:53 -0000 Received: from mail.us-south.net (HELO ussmail1.us-south.net) (10.2.19.13) by smtp.us-south.net with SMTP; 5 Mar 2003 19:15:53 -0000 Received: from JFULCHER ([10.2.19.17]) by ussmail1.us-south.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id GJQ8D5AP; Wed, 5 Mar 2003 14:35:34 -0500 From: "John Fulcher" Cc: Subject: RE: Does the patching procedure work? Date: Wed, 5 Mar 2003 14:35:35 -0500 Message-ID: <004401c2e34e$64800160$1113020a@uss.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal In-Reply-To: <4.3.2.7.2.20030305122505.02c626c0@localhost> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Could we please not discuss this on the security list, this is to discuss security not release support. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Brett Glass Sent: Wednesday, March 05, 2003 2:27 PM To: Peter Jeremy Cc: Igor Roshchin; freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? At 12:10 PM 3/5/2003, Peter Jeremy wrote: >This is already available. >See http://www.freebsd.org/commercial/consulting.html for a list >of people/companies that provide this service. FreeBSD itself has an explicit policy of supporting releases with security fixes for one year. If a paid consultant is required to do this, FreeBSD loses a tremendous amount of value. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:40:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFD3B37B401; Wed, 5 Mar 2003 11:40:44 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE38043FB1; Wed, 5 Mar 2003 11:40:43 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h25JegdE017771; Wed, 5 Mar 2003 19:40:42 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h25Jeg90017770; Wed, 5 Mar 2003 19:40:42 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.7/8.12.7) with ESMTP id h25JeKIg068723; Wed, 5 Mar 2003 19:40:20 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200303051940.h25JeKIg068723@grimreaper.grondar.org> To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? In-Reply-To: Your message of "Wed, 05 Mar 2003 13:09:55 CST." <20030305190955.GA17065@madman.celabo.org> Date: Wed, 05 Mar 2003 19:40:20 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi This thread is going well off-topic. How to use patch(1) is a questions@ problem. Please take this off-line. The patch lifetime part is OK. M "Jacques A. Vidrine" writes: > On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > > It turns out that it was 4.5-RELEASE-p4, just a sliver before > > 4.6. (The system had been patched for later problems rather > > than upgraded, because it's a production machine.) Quite recent. > > (You don't want to change point versions constantly on > > production machines.) > > If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or > more recent, or had the previous sendmail bug patched), then the patch > would probably have worked out. > > > I was lucky I noticed the problem. The messages just rolled > > by, and if I hadn't scrolled back I would not have caught > > them. I'll bet some folks missed this and are unprotected. > > (The hunks that are rejected are important, but the message > > about dropping the comments is in one of the hunks that's > > accepted, so it looks as if the patch took!) > > Lucky? Hrmpf, a system administrator has to be careful. Actually > examining the output of any given command that one runs is pretty much > a requirement if you want to know if it succeeded or not... as is > checking the exit code. > > But here's a tip to make that easier: use the `-s' and `-C' flags with > patch. See the man page. > > > What I have done on that machine is install the 4.6 binary, > > which seems to run just fine on 4.5 and even 4.4 (though > > you may need to add the misssing group). > > Cool. > > > Patches should be provided back to 4.4, IMHO. > > Um, in this case, they were provided all the way back to 3.x. > > However, in general, the table at > > is what you can count on. > > I will gladly extend the lifetime of one branch one extra year for > each US$25,000 I receive. > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 11:48:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B12737B405; Wed, 5 Mar 2003 11:48:27 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94CF543FCB; Wed, 5 Mar 2003 11:48:25 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA04925; Wed, 5 Mar 2003 12:46:51 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030305124322.02c8f100@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 05 Mar 2003 12:46:47 -0700 To: Kris Kennaway From: Brett Glass Subject: Re: Does the patching procedure work? Cc: "Jacques A. Vidrine" , David Schultz , freebsd-security@FreeBSD.ORG In-Reply-To: <20030305194030.GA11776@rot13.obsecurity.org> References: <4.3.2.7.2.20030305122841.02c8b7b0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305122841.02c8b7b0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:40 PM 3/5/2003, Kris Kennaway wrote: >How about you give it a rest now, Brett. You've been loudly demanding >what several people have repeatedly explained to you is already the >case, I'll drop the thread, but you're missing the point. The problem is that maintaining production FreeBSD systems is still far too time-consuming and awkward. It's a security issue AND a usability issue. The project as a whole really needs to get a handle on this issue. That's all I'll say for now; feel free to flame me if you'd like. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 12: 2:51 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A4FD37B401; Wed, 5 Mar 2003 12:02:49 -0800 (PST) Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6879943F3F; Wed, 5 Mar 2003 12:02:47 -0800 (PST) (envelope-from sheldonh@starjuice.net) Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.12) id 18qf6B-0007SK-00; Wed, 05 Mar 2003 22:02:43 +0200 Date: Wed, 5 Mar 2003 22:02:43 +0200 From: Sheldon Hearn To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305200243.GP60356@starjuice.net> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <20030305190955.GA17065@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030305190955.GA17065@madman.celabo.org> User-Agent: Mutt/1.5.3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On (2003/03/05 13:09), Jacques A. Vidrine wrote: > On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > > > I was lucky I noticed the problem. > > by, and if I hadn't scrolled back I would not have caught > > them. I'll bet some folks missed this and are unprotected. > > (The hunks that are rejected are important, but the message > > about dropping the comments is in one of the hunks that's > > accepted, so it looks as if the patch took!) > > Lucky? Hrmpf, a system administrator has to be careful. Please don't feed the trolls. They're just there to look impressive. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 12: 9:58 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AA8A37B410 for ; Wed, 5 Mar 2003 12:09:55 -0800 (PST) Received: from mail.reptiles.org (mail.reptiles.org [198.96.117.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id C559F43FAF for ; Wed, 5 Mar 2003 12:09:53 -0800 (PST) (envelope-from geoffrey@reptiles.org) Received: from mail.reptiles.org([198.96.117.157]) (856 bytes) by mail.reptiles.org via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Wed, 5 Mar 2003 15:09:52 -0500 (EST) (Smail-3.2.0.115-Pre 2001-Aug-6 #2 built 2002-Nov-19) Date: Wed, 5 Mar 2003 15:09:52 -0500 (EST) From: Geoffrey Cc: Mike Tancsa , Subject: Re: Checking for sendmail attacked (was Re: SA-03:04.sendmail Bin Update) In-Reply-To: <20030305142158.GD17705@madman.celabo.org> Message-ID: <20030305150921.Y21533-100000@iguana.reptiles.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Mar 2003, Jacques A. Vidrine wrote: > On Tue, Mar 04, 2003 at 12:46:38PM -0500, Mike Tancsa wrote: > > > Is there a more definitive way to see if someone is actively trying to > > exploit the issue? > > Somehow log the headers? > Evidently snort will do this. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 12:24:49 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2A8537B401 for ; Wed, 5 Mar 2003 12:24:46 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FA8343FCB for ; Wed, 5 Mar 2003 12:24:46 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h25KOidE018695; Wed, 5 Mar 2003 20:24:44 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.7/8.12.7/Submit) with UUCP id h25KOic9018694; Wed, 5 Mar 2003 20:24:44 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.7/8.12.7) with ESMTP id h25KKTIg076906; Wed, 5 Mar 2003 20:20:30 GMT (envelope-from mark@grondar.org) Message-Id: <200303052020.h25KKTIg076906@grimreaper.grondar.org> To: "John Fulcher" Cc: freebsd-security@FreeBSD.ORG From: markm@FreeBSD.ORG Subject: Re: Does the patching procedure work? In-Reply-To: Your message of "Wed, 05 Mar 2003 14:35:35 EST." <004401c2e34e$64800160$1113020a@uss.net> Date: Wed, 05 Mar 2003 20:20:29 +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "John Fulcher" writes: > Could we please not discuss this on the security list, this is to > discuss security not release support. Indeed. This thread is past its sell-by date. Thanks John. M > > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Brett Glass > Sent: Wednesday, March 05, 2003 2:27 PM > To: Peter Jeremy > Cc: Igor Roshchin; freebsd-security@FreeBSD.ORG > Subject: Re: Does the patching procedure work? > > At 12:10 PM 3/5/2003, Peter Jeremy wrote: > > >This is already available. > >See http://www.freebsd.org/commercial/consulting.html for a list > >of people/companies that provide this service. > > FreeBSD itself has an explicit policy of supporting releases with > security fixes for one year. If a paid consultant is required to > do this, FreeBSD loses a tremendous amount of value. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 12:44:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 192C337B401 for ; Wed, 5 Mar 2003 12:44:15 -0800 (PST) Received: from hotmail.com (bay1-dav11.bay1.hotmail.com [65.54.244.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A814B43FD7 for ; Wed, 5 Mar 2003 12:44:14 -0800 (PST) (envelope-from elerrordlmilenio@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 5 Mar 2003 12:44:14 -0800 X-Originating-IP: [196.40.43.74] From: =?iso-8859-1?Q?Andr=E9s_Vargas?= To: References: <20030305150921.Y21533-100000@iguana.reptiles.org> Subject: Getting Bad Signature for sendmail patch Date: Wed, 5 Mar 2003 14:44:17 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 05 Mar 2003 20:44:14.0369 (UTC) FILETIME=[FBAA3110:01C2E357] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm getting this with the revised patch: # gpg sendmail.patch.asc gpg: Signature made Sun Mar 2 13:58:59 2003 CST using DSA key ID CA6CDFB2 gpg: BAD signature from "FreeBSD Security Officer " Am I doing something wrong? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 13: 4:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCD8137B401 for ; Wed, 5 Mar 2003 13:04:40 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FDBF43FBD for ; Wed, 5 Mar 2003 13:04:40 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 22245B0; Wed, 5 Mar 2003 15:04:39 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 147B978C43; Wed, 5 Mar 2003 15:04:39 -0600 (CST) Date: Wed, 5 Mar 2003 15:04:39 -0600 From: "Jacques A. Vidrine" To: Andrés Vargas Cc: security@FreeBSD.ORG Subject: Re: Getting Bad Signature for sendmail patch Message-ID: <20030305210439.GA86347@madman.celabo.org> References: <20030305150921.Y21533-100000@iguana.reptiles.org> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 02:44:17PM -0600, Andrés Vargas wrote: > I'm getting this with the revised patch: ^^^^^^^ The patch was not revised. > # gpg sendmail.patch.asc > gpg: Signature made Sun Mar 2 13:58:59 2003 CST using DSA key ID CA6CDFB2 > gpg: BAD signature from "FreeBSD Security Officer > " > > Am I doing something wrong? Hmm. Did you download the files in `text' mode (instead of `binary' mode)? Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 13:42:45 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A40E37B401; Wed, 5 Mar 2003 13:42:43 -0800 (PST) Received: from kobold.compt.com (TBextgw.compt.com [209.115.146.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 134E443FCB; Wed, 5 Mar 2003 13:42:42 -0800 (PST) (envelope-from klaus@kobold.compt.com) Date: Wed, 5 Mar 2003 16:42:39 -0500 From: Klaus Steden To: Brett Glass Cc: Kris Kennaway , "Jacques A. Vidrine" , David Schultz , freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305164239.A543@cthulu.compt.com> References: <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305122841.02c8b7b0@localhost> <20030305194030.GA11776@rot13.obsecurity.org> <4.3.2.7.2.20030305124322.02c8f100@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305124322.02c8f100@localhost>; from brett@lariat.org on Wed, Mar 05, 2003 at 12:46:47PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > >How about you give it a rest now, Brett. You've been loudly demanding > >what several people have repeatedly explained to you is already the > >case, > > I'll drop the thread, but you're missing the point. The problem is that > maintaining production FreeBSD systems is still far too time-consuming > and awkward. It's a security issue AND a usability issue. The project > as a whole really needs to get a handle on this issue. > You could use Windows. They force you to install security fixes and upgrades autmagically from the Internet. Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 13:43:53 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B2E5E37B401; Wed, 5 Mar 2003 13:43:50 -0800 (PST) Received: from hotmail.com (bay1-dav28.bay1.hotmail.com [65.54.244.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2356443FAF; Wed, 5 Mar 2003 13:43:50 -0800 (PST) (envelope-from elerrordlmilenio@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 5 Mar 2003 13:43:49 -0800 X-Originating-IP: [196.40.43.74] From: =?iso-8859-1?Q?Andr=E9s_Vargas?= To: "Jacques A. Vidrine" Cc: References: <20030305150921.Y21533-100000@iguana.reptiles.org> <20030305210439.GA86347@madman.celabo.org> Subject: Re: Getting Bad Signature for sendmail patch Date: Wed, 5 Mar 2003 15:43:56 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 05 Mar 2003 21:43:49.0950 (UTC) FILETIME=[4EE08DE0:01C2E360] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank you, that was the problem. ----- Original Message ----- From: "Jacques A. Vidrine" To: "Andrés Vargas" Cc: Sent: Wednesday, March 05, 2003 3:04 PM Subject: Re: Getting Bad Signature for sendmail patch > On Wed, Mar 05, 2003 at 02:44:17PM -0600, Andrés Vargas wrote: > > I'm getting this with the revised patch: > ^^^^^^^ > The patch was not revised. > > > # gpg sendmail.patch.asc > > gpg: Signature made Sun Mar 2 13:58:59 2003 CST using DSA key ID CA6CDFB2 > > gpg: BAD signature from "FreeBSD Security Officer > > " > > > > Am I doing something wrong? > > Hmm. > Did you download the files in `text' mode (instead of `binary' mode)? > > Cheers, > -- > Jacques A. Vidrine http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 16:50:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B650037B401 for ; Wed, 5 Mar 2003 16:50:21 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0799343F75 for ; Wed, 5 Mar 2003 16:50:19 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 4EEBC15227; Wed, 5 Mar 2003 16:48:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 4CA1015226 for ; Wed, 5 Mar 2003 16:48:18 -0800 (PST) Date: Wed, 5 Mar 2003 16:48:18 -0800 (PST) From: Mike Hoskins To: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? In-Reply-To: <20030305164239.A543@cthulu.compt.com> Message-ID: <20030305163452.H73788-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Mar 2003, Klaus Steden wrote: > > I'll drop the thread, but you're missing the point. The problem is that > > maintaining production FreeBSD systems is still far too time-consuming > > and awkward. It's a security issue AND a usability issue. The project > > as a whole really needs to get a handle on this issue. It's far easier than it is with most other platforms. I don't see what's so awkward about maintaining a number of BSD machines. I've done it on small LANs and large WANs, and have to admit it's one of the more pleasurable experiences in my daily routine. Updating glibc every month on 40+ production RH machines (only because IBM's JDK is developed on RH) is a much bigger PITA IMCO. > You could use Windows. They force you to install security fixes and upgrades > autmagically from the Internet. This isn't very useful... Although I've posted plenty of useless snippets in my time. As much as I hate Windoze, this is untrue. They actually force people that are too lazy to deselect a couple checkboxes and restart a service to periodically check for updates. The point is, it's configurable. The level of clue in people who don't know what services run on their Windows machines (especially if you actually use Windows machines for something "important") is about equal to that of a Unix admin who doesn't know what all that "ps stuff" is. -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 18: 3:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B48337B401 for ; Wed, 5 Mar 2003 18:03:42 -0800 (PST) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E22243FA3 for ; Wed, 5 Mar 2003 18:03:41 -0800 (PST) (envelope-from lambert@lambertfam.org) Received: from laptop.lambertfam.org (laptop.int.lambertfam.org [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id 6E6593522D for ; Wed, 5 Mar 2003 21:03:39 -0500 (EST) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 81847858A; Wed, 5 Mar 2003 17:57:27 -0500 (EST) Date: Wed, 5 Mar 2003 17:57:27 -0500 From: Scott Lambert To: freebsd-security@FreeBSD.ORG Subject: Re: Permission Denied on passwd Message-ID: <20030305225727.GA669@laptop.lambertfam.org> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200303031528.h23FScje002664@dc.cis.okstate.edu> <20030303154931.GJ73302@asu.ntu-kpi.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030303154931.GJ73302@asu.ntu-kpi.kiev.ua> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org passwd and chpass refuse if you su -m username then run passwd as that user. I haven't read the code to find out why and it is not in the man page. Probably something in the environment doesn't match the euid. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 5 19:21: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 201B537B401 for ; Wed, 5 Mar 2003 19:20:58 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE03443F75 for ; Wed, 5 Mar 2003 19:20:56 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr364-a09.otenet.gr [195.167.109.41]) by mailsrv.otenet.gr (8.12.8/8.12.8) with ESMTP id h263KqVu000532; Thu, 6 Mar 2003 05:20:54 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.8/8.12.8) with ESMTP id h263KqE9001459; Thu, 6 Mar 2003 05:20:52 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.8/8.12.8/Submit) id h263KjtT001454; Thu, 6 Mar 2003 05:20:45 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 6 Mar 2003 05:20:45 +0200 From: Giorgos Keramidas To: Brett Glass Cc: Igor Roshchin , freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030306032045.GB1008@gothmog.gr> References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305101206.04858990@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305101206.04858990@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2003-03-05 10:13, Brett Glass wrote: >At 09:55 AM 3/5/2003, Igor Roshchin wrote: >>I saw a similar behavior (with about the same number of offsets >>and failed hunks) when I tried to patch an older (8.11.x) sendmail. >>If that's indeed the case, you can download a set of patches from >>www.sendmail.org directly (for the right version). >>I am not sure what 4.7 was originally shipped with. >>The set of patches in FreeBSD's advisory is for the latest 8.12.x (.6?) > > The patches on www.sendmail.org don't apply properly to > /usr/src/contrib/sendmail. The patches have to be applied in a different directory, namely in /usr/src/contrib/sendmail/src, with `patch -p1' instead of `patch -p0' one directory above that. This is true for the patches of sendmail.org that apply to the following versions of Sendmail: = patch for sendmail 8.12 ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.security.cr.patch = patch for sendmail 8.11 ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.security.cr.patch = patch for sendmail 8.10 ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.security.cr.patch The only patch that applies in /usr/src/contrib/sendmail with `patch -p0' instead of /usr/src/contrib/sendmail/src is: = patch for sendmail 8.9 ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.3.security.cr.patch - - Giorgos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Zr6N1g+UGjGGA7YRAvPfAKCV7VV61+d3jz2ZRYLG6mngg9xkhwCdHLhb kbir9qj8mE4HSg6P5Wg6M1s= =HLzI -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 1:13:36 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A502D37B401 for ; Thu, 6 Mar 2003 01:13:34 -0800 (PST) Received: from male.aldigital.co.uk (male.aldigital.co.uk [213.129.64.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6192F43F85 for ; Thu, 6 Mar 2003 01:13:33 -0800 (PST) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk (host217-36-83-133.in-addr.btopenworld.com [217.36.83.133]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by male.aldigital.co.uk (Postfix) with ESMTP id C5BAC984A6 for ; Thu, 6 Mar 2003 09:13:31 +0000 (GMT) Message-ID: <3E67113D.2090704@algroup.co.uk> Date: Thu, 06 Mar 2003 09:13:33 +0000 From: Adam Laurie User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: cfs hanging Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi, i realise this is slightly off topic, but i figure that this is the most likely group to be using cfs... i recently cvsupped my 5.0 to the current tree and after rebuilding found that my machine was hanging when i tried to write to a cfs volume, but i can read fine. i've brought cfs up to the latest port revision, but still no joy. anyone seen anything like this? cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 The Stores http://www.thebunker.net 2 Bath Road http://www.aldigital.co.uk London W4 1LT mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 1:25:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 710B337B401 for ; Thu, 6 Mar 2003 01:25:32 -0800 (PST) Received: from MX2.estpak.ee (ld3.estpak.ee [194.126.101.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E84143F85 for ; Thu, 6 Mar 2003 01:25:31 -0800 (PST) (envelope-from kalts@estpak.ee) Received: from kevad.internal (80-235-33-134-dsl.mus.estpak.ee [80.235.33.134]) by MX2.estpak.ee (Postfix) with ESMTP id 473EC735BE; Thu, 6 Mar 2003 11:24:07 +0200 (EET) Received: (from vallo@localhost) by kevad.internal (8.12.6/8.12.6/Submit) id h269PQfr001886; Thu, 6 Mar 2003 11:25:26 +0200 (EET) (envelope-from vallo) Date: Thu, 6 Mar 2003 11:25:26 +0200 From: Vallo Kallaste To: Adam Laurie Cc: freebsd-security@freebsd.org Subject: Re: cfs hanging Message-ID: <20030306092526.GA1843@kevad.internal> Reply-To: kalts@estpak.ee References: <3E67113D.2090704@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E67113D.2090704@algroup.co.uk> User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 09:13:33AM +0000, Adam Laurie wrote: > i realise this is slightly off topic, but i figure that this is the most > likely group to be using cfs... > > i recently cvsupped my 5.0 to the current tree and after rebuilding > found that my machine was hanging when i tried to write to a cfs volume, > but i can read fine. i've brought cfs up to the latest port revision, > but still no joy. anyone seen anything like this? I have serious problems with NFS after updating -current based NFS server from Feb 5 sources to date. All my builds on -stable got stuck sooner or later, because sources are mounted over NFS. -current is having destabilizing amount of commits at the moment, don't hold your breath.. -- Vallo Kallaste To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 3:53: 6 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B48FE37B401 for ; Thu, 6 Mar 2003 03:53:04 -0800 (PST) Received: from mail.web.am (wizard.web.am [217.113.0.66]) by mx1.FreeBSD.org (Postfix) with SMTP id C8CCA43F75 for ; Thu, 6 Mar 2003 03:52:53 -0800 (PST) (envelope-from nm@web.am) Received: (qmail 91648 invoked from network); 6 Mar 2003 11:53:19 -0000 Received: from g.web.am (217.113.0.41) by wizard.web.am with SMTP; 6 Mar 2003 11:53:19 -0000 From: Gaspar Chilingarov Organization: WEB Lt.d To: Oleg Shevtsov , security@freebsd.org Subject: Re: Date: Thu, 6 Mar 2003 15:52:43 +0400 User-Agent: KMail/1.5 References: <20030120101323.GA371@interexc.com> In-Reply-To: <20030120101323.GA371@interexc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200303061552.43429.nm@web.am> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday 20 January 2003 14:13, Oleg Shevtsov wrote: > Hi, > how to give specific user FTP but no shell access? > Ftpd's manual says: > 4. The user must have a standard shell returned by > getusershell(3). > But I don't want to give shell account. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ln /sbin/nologin /sbin/ftp-nologin echo "/sbin/ftp-nologin" >> /etc/shells add user as usual, but set shell to ftp-nologin --- Gaspar Chilingarov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 3:55:17 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BF5A37B401 for ; Thu, 6 Mar 2003 03:55:13 -0800 (PST) Received: from blueyonder.co.uk (pcow057o.blueyonder.co.uk [195.188.53.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2596A43FBF for ; Thu, 6 Mar 2003 03:55:12 -0800 (PST) (envelope-from bbdl21548@blueyonder.co.uk) Received: from orion ([62.31.178.34]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75); Thu, 6 Mar 2003 11:54:35 +0000 Message-ID: <00e801c2e3d7$30dc1a40$0200010a@orion> Reply-To: "Jasvinder S. Bahra" From: "Jasvinder S. Bahra" To: References: <20030305162601.240FD1BB34B@mail.powweb.com> Subject: Re: Tripwire (Cron /usr/local/sbin/tripwire --check --cfgfile /etc/tripwire/tw.cfg) Date: Thu, 6 Mar 2003 11:54:49 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks folks! : ) Jazz ----- Original Message -----=20 From: "Charlie" To: "Jasvinder S. Bahra" ; = Sent: Wednesday, March 05, 2003 4:26 PM Subject: Re: Tripwire (Cron /usr/local/sbin/tripwire --check = --cfgfile /etc/tripwire/tw.cfg) > Don't know if this will help you or not, but I struggled for a while = with my daily security reports on a machine I have that were always = going to root@foo instead of me@domain.com that is in /etc/aliases = (tripwire seemed to work fine). Anyway I finally gave up and created a = /root/.mailrc and defined my alias for root there and that seemed to = work. Probably not the "right" solution, but it isn't a very important = machine. >=20 > Charlie >=20 > ---------- Original Message ------------- > Subject: Tripwire (Cron /usr/local/sbin/tripwire --check = --cfgfile /etc/tripwire/tw.cfg) > Date: Tue, 4 Mar 2003 19:53:16 -0000 > From: "Jasvinder S. Bahra" > To: >=20 >=20 > Evening folks. I'm having some problems receiving my tripwire reports. >=20 > I have a gateway-firewall system, running this version of FreeBSD... >=20 > FreeBSD foo.bar.org 4.6.2-RELEASE-p7 FreeBSD 4.6.2-RELEASE-p7 #0 >=20 > *snip* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 6:15:56 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0938037B401 for ; Thu, 6 Mar 2003 06:15:54 -0800 (PST) Received: from device.dyndns.org (device.net1.nerim.net [62.212.100.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0A8B43F85 for ; Thu, 6 Mar 2003 06:15:52 -0800 (PST) (envelope-from guy@device.dyndns.org) Received: (from root@localhost) by device.dyndns.org (8.12.8/8.12.5) id h26EFoAE004330 for freebsd-security@freebsd.org; Thu, 6 Mar 2003 15:15:50 +0100 (CET) (envelope-from guy@device.dyndns.org) Received: from device.dyndns.org (guy@localhost [127.0.0.1]) by device.dyndns.org (8.12.8/8.12.8) with ESMTP id h26EFl7W004318 for ; Thu, 6 Mar 2003 15:15:48 +0100 (CET) (envelope-from guy@device.dyndns.org) Received: (from guy@localhost) by device.dyndns.org (8.12.8/8.12.8/Submit) id h26EFlhD004317 for freebsd-security@freebsd.org; Thu, 6 Mar 2003 15:15:47 +0100 (CET) Date: Thu, 6 Mar 2003 15:15:47 +0100 (CET) From: Guy Poizat Message-Id: <200303061415.h26EFlhD004317@device.dyndns.org> To: freebsd-security@freebsd.org Subject: Prov. patch for the file hole ISS disclosed X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Here is my suggestion. Feel free to comment/correct me, as this is my first ever C line out of a windows system :] I tested it against RELENG_4. --- src/contrib/file/readelf.c Sun Nov 26 22:37:21 2000 +++ src/contrib/file/readelf.c.patched Thu Mar 6 15:02:44 2003 @@ -141,6 +141,9 @@ Elf32_Shdr sh32; Elf64_Shdr sh64; + if ( size > ( class == ELFCLASS32 ? sizeof(Elf32_Shdr) : sizeof(Elf64_Shdr) ) ) + return; + if (lseek(fd, off, SEEK_SET) == -1) error("lseek failed (%s).\n", strerror(errno)); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 6:32:35 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3399037B401 for ; Thu, 6 Mar 2003 06:32:33 -0800 (PST) Received: from device.dyndns.org (device.net1.nerim.net [62.212.100.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id F160643F75 for ; Thu, 6 Mar 2003 06:32:31 -0800 (PST) (envelope-from guy@device.dyndns.org) Received: (from root@localhost) by device.dyndns.org (8.12.8/8.12.5) id h26EWUEK005258 for freebsd-security@freebsd.org; Thu, 6 Mar 2003 15:32:30 +0100 (CET) (envelope-from guy@device.dyndns.org) Received: from device.dyndns.org (guy@localhost [127.0.0.1]) by device.dyndns.org (8.12.8/8.12.8) with ESMTP id h26EWR7W005248 for ; Thu, 6 Mar 2003 15:32:28 +0100 (CET) (envelope-from guy@device.dyndns.org) Received: (from guy@localhost) by device.dyndns.org (8.12.8/8.12.8/Submit) id h26EWRaN005247 for freebsd-security@freebsd.org; Thu, 6 Mar 2003 15:32:27 +0100 (CET) Date: Thu, 6 Mar 2003 15:32:27 +0100 (CET) From: Guy Poizat Message-Id: <200303061432.h26EWRaN005247@device.dyndns.org> To: freebsd-security@freebsd.org Subject: Re: Prov. patch for the file hole ISS disclosed X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hu, Sorry, said ISS where i should have told iDEFENSE... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 7:36:45 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AC2037B401 for ; Thu, 6 Mar 2003 07:36:42 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 768A443FBD for ; Thu, 6 Mar 2003 07:36:41 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h26Fae57042411 for ; Thu, 6 Mar 2003 10:36:40 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 06 Mar 2003 10:41:43 -0500 To: freebsd-security@freebsd.org From: Mike Tancsa Subject: network audit of sendmail Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I want to go through my network to a) ensure all my machines are updated and b)look for customer machines running vulnerable versions of sendmail. I put together a quick perl script, but its sequential and does not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend a tool to do this ? Essentially all I want to do is connect to port 25, grab the banner and record it next to the IP address. Nessus seems to be way overkill and I dont see a way in nmap to record the banner output. Before I spend time to figure out how to use threads (or fork off processes) in perl, am I re-inventing the wheel so to speak ? Is there a script out there to do this ? I tried looking through google but didnt find anything ---Mike #!/usr/bin/perl -w use NetAddr::IP; use Net::SMTP; my ($range, $i,$totalhosts); #give it something like scan ./smtp-scan.pl 192.168.0.0/16 $range = $ARGV[0]; print "\ntarget range is $range \n"; my $host = new NetAddr::IP($range); $i=1; $totalhosts = $host->num(); print "total hosts $totalhosts \n"; while ($i < $totalhosts) { $t="\n"; $ip = $host->addr; if ($smtp = Net::SMTP->new($ip, Helo => 'sendmail-version-check', Timeout => 10) ){ $t = $smtp->banner(); $smtp->quit; } $host=$host+1; print "$ip,\t$t"; $i++; } ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 7:41:42 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 366CF37B401; Thu, 6 Mar 2003 07:41:40 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C04E43FAF; Thu, 6 Mar 2003 07:41:39 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id C783045; Thu, 6 Mar 2003 09:41:38 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id B0FE478C43; Thu, 6 Mar 2003 09:41:38 -0600 (CST) Date: Thu, 6 Mar 2003 09:41:38 -0600 From: "Jacques A. Vidrine" To: Guy Poizat Cc: freebsd-security@freebsd.org, obrien@FreeBSD.org Subject: Re: Prov. patch for the file hole ISS disclosed Message-ID: <20030306154138.GA33430@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Guy Poizat , freebsd-security@freebsd.org, obrien@FreeBSD.org References: <200303061415.h26EFlhD004317@device.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200303061415.h26EFlhD004317@device.dyndns.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [I guess you mean iDEFENSE. Comparing the sendmail issue and this file issue gives you a pretty good idea of the difference between ISS and iDEFENSE :-) ] On Thu, Mar 06, 2003 at 03:15:47PM +0100, Guy Poizat wrote: > Here is my suggestion. Feel free to comment/correct me, > as this is my first ever C line out of a windows system :] > I tested it against RELENG_4. Thanks! However, this has already been fixed in -CURRENT (by import of FILE 3.41). I do not know whether or not David plans to MFC in time for 4.8-RELEASE. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 8:24: 4 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3516F37B401 for ; Thu, 6 Mar 2003 08:24:01 -0800 (PST) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA10143F75 for ; Thu, 6 Mar 2003 08:23:59 -0800 (PST) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.8/8.12.2) with ESMTP id h26GNwa7025770; Fri, 7 Mar 2003 05:23:58 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Fri, 7 Mar 2003 05:23:58 +1300 (NZDT) From: Andrew McNaughton To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: network audit of sendmail In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Message-ID: <20030307045418.H3185@a2.scoop.co.nz> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Randal Schwartz has a column where he presents a framework for doing this sort of thing. http://www.stonehenge.com/merlyn/LinuxMag/col15.html It's not terribly important, but in your code, you could eliminate $i and $total_hosts and loop while ($host++ != $host->broadcast). Andrew McNaughton On Thu, 6 Mar 2003, Mike Tancsa wrote: > Date: Thu, 06 Mar 2003 10:41:43 -0500 > From: Mike Tancsa > To: freebsd-security@FreeBSD.ORG > Subject: network audit of sendmail > > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Before I spend time to figure out how to use threads (or fork off > processes) in perl, am I re-inventing the wheel so to speak ? Is there a > script out there to do this ? I tried looking through google but didnt find > anything > > ---Mike > > #!/usr/bin/perl -w > use NetAddr::IP; > use Net::SMTP; > > my ($range, $i,$totalhosts); > > #give it something like scan ./smtp-scan.pl 192.168.0.0/16 > $range = $ARGV[0]; > > print "\ntarget range is $range \n"; > > my $host = new NetAddr::IP($range); > > $i=1; > $totalhosts = $host->num(); > print "total hosts $totalhosts \n"; > > while ($i < $totalhosts) { > $t="\n"; > $ip = $host->addr; > > if ($smtp = Net::SMTP->new($ip, Helo => 'sendmail-version-check', > Timeout => 10) ){ > $t = $smtp->banner(); > $smtp->quit; > } > $host=$host+1; > print "$ip,\t$t"; > $i++; > } > > ---Mike > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ------------------------------------------------------------------ Andrew McNaughton In Sydney and looking for work andrew@scoop.co.nz http://staff.scoop.co.nz/andrew/cv.doc Mobile: +61 422 753 792 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 8:34:51 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B1D737B401 for ; Thu, 6 Mar 2003 08:34:48 -0800 (PST) Received: from pol.dyndns.org (pol.net1.nerim.net [80.65.225.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA06043F75 for ; Thu, 6 Mar 2003 08:34:46 -0800 (PST) (envelope-from guy@device.dyndns.org) Received: from oemcomputer.device.dyndns.org (partserver.pol.local [172.16.10.10]) by pol.dyndns.org (8.12.6/8.12.6) with ESMTP id h26GYgfq024491 for ; Thu, 6 Mar 2003 17:34:45 +0100 (CET) Message-Id: <5.1.1.6.0.20030306172440.00a6e100@device.dyndns.org> X-Sender: guy@device.dyndns.org X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 06 Mar 2003 17:34:36 +0100 To: freebsd-security@FreeBSD.ORG From: "Guy P." Subject: Re: Prov. patch for the file hole ISS disclosed In-Reply-To: <20030306154138.GA33430@madman.celabo.org> References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 16:41 06/03/2003, Jacques A. Vidrine wrote: >[I guess you mean iDEFENSE. Comparing the sendmail issue and > this file issue gives you a pretty good idea of the difference > between ISS and iDEFENSE :-) ] > >On Thu, Mar 06, 2003 at 03:15:47PM +0100, Guy Poizat wrote: > > Here is my suggestion. Feel free to comment/correct me, > > as this is my first ever C line out of a windows system :] > > I tested it against RELENG_4. > >Thanks! However, this has already been fixed in -CURRENT (by import >of FILE 3.41). I do not know whether or not David plans to MFC in >time for 4.8-RELEASE. This, IMO, would be a good idea, as probably many third party utilities are using the file command. For instance, i decided to fix that quick because i use amavis for wiping viruses out of emails attachements, which seems to be using file during its scanning process. As the exploit looks like fairly easy to build, i can nearly imagine a new worm taking advantage of it... My idea is not to stress you, just wanted to be sure everybody understand it could be a remote compromise of some sort too :] -- Guy P. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 8:37:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 871A137B401 for ; Thu, 6 Mar 2003 08:37:31 -0800 (PST) Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EBCC43FB1 for ; Thu, 6 Mar 2003 08:37:30 -0800 (PST) (envelope-from mitch@ccmr.cornell.edu) Received: from ori.ccmr.cornell.edu (ori.ccmr.cornell.edu [128.84.231.243]) by mercury.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h26GbOTw001194; Thu, 6 Mar 2003 11:37:24 -0500 Received: from localhost (mitch@localhost) by ori.ccmr.cornell.edu (8.12.8/8.12.8) with ESMTP id h26GbOLF031989; Thu, 6 Mar 2003 11:37:24 -0500 X-Authentication-Warning: ori.ccmr.cornell.edu: mitch owned process doing -bs Date: Thu, 6 Mar 2003 11:37:23 -0500 (EST) From: Mitch Collinsworth To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: network audit of sendmail In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Message-ID: References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 6 Mar 2003, Mike Tancsa wrote: > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Before I spend time to figure out how to use threads (or fork off > processes) in perl, am I re-inventing the wheel so to speak ? Is there a > script out there to do this ? I tried looking through google but didnt find > anything Might it speed things up to go to a 2-pass setup? First nmap the whole network to see what hosts have port 25 open, then go back and collect banner info from just those hosts. For extra credit: pipe the output from the 1st pass into the input of the 2nd pass so it can start checking banners as soon as the 1st pass begins identifying candidates to check. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 9:39:25 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D51DC37B401 for ; Thu, 6 Mar 2003 09:39:22 -0800 (PST) Received: from MX2.estpak.ee (ld3.estpak.ee [194.126.101.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55D2643FDF for ; Thu, 6 Mar 2003 09:39:20 -0800 (PST) (envelope-from kalts@estpak.ee) Received: from kevad.internal (80-235-33-134-dsl.mus.estpak.ee [80.235.33.134]) by MX2.estpak.ee (Postfix) with ESMTP id D67AC73549; Thu, 6 Mar 2003 19:37:55 +0200 (EET) Received: (from vallo@localhost) by kevad.internal (8.12.6/8.12.6/Submit) id h26HdDwt004160; Thu, 6 Mar 2003 19:39:13 +0200 (EET) (envelope-from vallo) Date: Thu, 6 Mar 2003 19:39:12 +0200 From: Vallo Kallaste To: Mike Tancsa Cc: freebsd-security@freebsd.org Subject: Re: network audit of sendmail Message-ID: <20030306173912.GA4030@kevad.internal> Reply-To: kalts@estpak.ee References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> User-Agent: Mutt/1.5.1i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 10:41:43AM -0500, Mike Tancsa wrote: > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Before I spend time to figure out how to use threads (or fork off > processes) in perl, am I re-inventing the wheel so to speak ? Is there a > script out there to do this ? I tried looking through google but didnt find > anything Split the whole IP range into pieces and fork off just as many workers as you want/system resources permit. In the first time I tought of forking as something messy and over my head, but it did work out within an hour or so and I didn't have any previous knowledge at all. Threading in perl is probably more hairy, but I really haven't tried myself because of no demand, so YMMV. -- Vallo Kallaste To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 10: 9:57 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9DFF37B401; Thu, 6 Mar 2003 10:09:54 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C13C43FB1; Thu, 6 Mar 2003 10:09:53 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA16561; Thu, 6 Mar 2003 11:07:11 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030306110600.026ac140@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 06 Mar 2003 11:07:07 -0700 To: Klaus Steden From: Brett Glass Subject: Re: Does the patching procedure work? Cc: Kris Kennaway , "Jacques A. Vidrine" , David Schultz , freebsd-security@FreeBSD.ORG In-Reply-To: <20030305164239.A543@cthulu.compt.com> References: <4.3.2.7.2.20030305124322.02c8f100@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> <4.3.2.7.2.20030305121248.02c5e720@localhost> <4.3.2.7.2.20030305122841.02c8b7b0@localhost> <20030305194030.GA11776@rot13.obsecurity.org> <4.3.2.7.2.20030305124322.02c8f100@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 02:42 PM 3/5/2003, Klaus Steden wrote: >You could use Windows. They force you to install security fixes and upgrades >autmagically from the Internet. You do have the option to refuse the fixes. The good thing about FreeBSD doing something similar, though, is that FreeBSD wouldn't sneak new license "agreements" and DRM in with the updates. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 10:11:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 278B637B401 for ; Thu, 6 Mar 2003 10:11:26 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58C8343F85 for ; Thu, 6 Mar 2003 10:11:25 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA16592; Thu, 6 Mar 2003 11:10:25 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030306110849.026a8a60@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 06 Mar 2003 11:10:21 -0700 To: Giorgos Keramidas From: Brett Glass Subject: Re: Does the patching procedure work? Cc: Igor Roshchin , freebsd-security@FreeBSD.ORG In-Reply-To: <20030306032045.GB1008@gothmog.gr> References: <4.3.2.7.2.20030305101206.04858990@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305101206.04858990@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 08:20 PM 3/5/2003, Giorgos Keramidas wrote: >The patches have to be applied in a different directory, namely in >/usr/src/contrib/sendmail/src, with `patch -p1' instead of `patch -p0' >one directory above that [Snip] >The only patch that applies in /usr/src/contrib/sendmail with `patch -p0' >instead of /usr/src/contrib/sendmail/src is: > >= patch for sendmail 8.9 Gack. Why do people feel such a strong urge to mess with other folks' directory hierarchies? It makes maintenance a nightmare. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 12:36:42 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99DC637B401 for ; Thu, 6 Mar 2003 12:36:39 -0800 (PST) Received: from mail.nessus.org (mail.nessus.org [63.105.37.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08D5D43F3F for ; Thu, 6 Mar 2003 12:36:39 -0800 (PST) (envelope-from deraison@nessus.org) Received: by mail.nessus.org (Postfix, from userid 66) id B5EC813622; Thu, 6 Mar 2003 15:41:50 -0500 (EST) Received: by hope.fr.nessus.org (Postfix, from userid 502) id A1A7F2B2; Thu, 6 Mar 2003 21:37:13 +0100 (CET) Date: Thu, 6 Mar 2003 21:37:13 +0100 From: Renaud Deraison To: freebsd-security@freebsd.org Subject: Re: network audit of sendmail Message-ID: <20030306203713.GA14778@nessus.org> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 10:41:43AM -0500, Mike Tancsa wrote: > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. Nessus seems to be > way overkill and I dont see a way in nmap to record the banner > output. Why would Nessus be way overkill ? Disable every plugin except the plugin which checks for the flaw [sendmail_header.nasl] (and eventually ping_host), and here you go. -- Renaud (blatantly defending his product :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 12:52:10 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5572237B401 for ; Thu, 6 Mar 2003 12:52:07 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9687443F93 for ; Thu, 6 Mar 2003 12:52:05 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.8/8.12.5) with ESMTP id h26Kt3fv089576; Thu, 6 Mar 2003 13:55:03 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.8/8.12.5/Submit) id h26Kt3WC089575; Thu, 6 Mar 2003 13:55:03 -0700 (MST) Date: Thu, 6 Mar 2003 13:55:03 -0700 From: Duncan Patton a Campbell To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: network audit of sendmail Message-Id: <20030306135503.304f5034.campbell@neotext.ca> In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="lQfQovP8vB_=.1z?" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --lQfQovP8vB_=.1z? Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 06 Mar 2003 10:41:43 -0500 Mike Tancsa wrote: > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend My two bits werth: if you have a secure rsh, propagate a networm of your own to use those hosts you can as scanners. I also thing this is the way to propagate damage-reduction virii opposed to damaging ones across a net. Dhu --lQfQovP8vB_=.1z? Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+Z7WnXgQtJ7uBra8RApQeAKChHB8U4sExDmiZxlg82lZQj0iqUgCg04XL 2DVAur5ZCTyTrkFQdu1IP3w= =dRI/ -----END PGP SIGNATURE----- --lQfQovP8vB_=.1z?-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 13:39:36 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDEE837B405 for ; Thu, 6 Mar 2003 13:39:34 -0800 (PST) Received: from ruminary.org (chiku.ruminary.org [216.218.185.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74BEC43FAF for ; Thu, 6 Mar 2003 13:39:34 -0800 (PST) (envelope-from clark@ruminary.org) Received: by ruminary.org (Postfix, from userid 1000) id 70C6922E19; Thu, 6 Mar 2003 13:39:34 -0800 (PST) Date: Thu, 6 Mar 2003 13:39:34 -0800 From: clark shishido To: Mike Tancsa Cc: freebsd-security@freebsd.org Subject: Re: network audit of sendmail Message-ID: <20030306213934.GA435@ruminary.org> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 10:41:43AM -0500, Mike Tancsa wrote: > > I want to go through my network to a) ensure all my machines are updated > and b)look for customer machines running vulnerable versions of > sendmail. I put together a quick perl script, but its sequential and does > not scan in parallel. (this is slow for 16,000 hosts). Can anyone recommend > a tool to do this ? Essentially all I want to do is connect to port 25, > grab the banner and record it next to the IP address. take a look at /usr/ports/security/scanssh it already supports ports 22 & 80 to get server type/version number strings for ssh and http. --clark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 14:39:20 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCD9137B401 for ; Thu, 6 Mar 2003 14:39:17 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A39543F75 for ; Thu, 6 Mar 2003 14:39:17 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h26MdFQp005723; Thu, 6 Mar 2003 17:39:15 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030306173914.05e9fd28@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 06 Mar 2003 17:43:33 -0500 To: clark shishido From: Mike Tancsa Subject: Re: network audit of sendmail Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20030306213934.GA435@ruminary.org> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:39 PM 06/03/2003 -0800, clark shishido wrote: >take a look at /usr/ports/security/scanssh >it already supports ports 22 & 80 to get >server type/version number strings for ssh >and http. +++ connecter.c Thu Mar 6 17:34:17 2003 @@ -246,6 +246,9 @@ case 80: scan_http(sock, buf, size); break; + case 25: + scan_http(sock, buf, size); + break; } close(sock); needs to be added and it will work for scanning port 25. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 14:41:39 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1856137B401 for ; Thu, 6 Mar 2003 14:41:37 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 488FB43FBF for ; Thu, 6 Mar 2003 14:41:36 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h26MfZQp005775; Thu, 6 Mar 2003 17:41:35 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030306174416.05ea4650@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 06 Mar 2003 17:45:53 -0500 To: Renaud Deraison , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: network audit of sendmail In-Reply-To: <20030306203713.GA14778@nessus.org> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:37 PM 06/03/2003 +0100, Renaud Deraison wrote: >Why would Nessus be way overkill ? Disable every plugin except >the plugin which checks for the flaw [sendmail_header.nasl] (and >eventually ping_host), and here you go. > > -- Renaud (blatantly defending his product :) Its a _really great_ product and we use it for general auditing. However, the plugin does not seem to detect this particular condition very well. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 14:53:44 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 666AB37B401 for ; Thu, 6 Mar 2003 14:53:42 -0800 (PST) Received: from web10103.mail.yahoo.com (web10103.mail.yahoo.com [216.136.130.53]) by mx1.FreeBSD.org (Postfix) with SMTP id DBF3643F93 for ; Thu, 6 Mar 2003 14:53:41 -0800 (PST) (envelope-from twigles@yahoo.com) Message-ID: <20030306225341.20774.qmail@web10103.mail.yahoo.com> Received: from [68.5.49.41] by web10103.mail.yahoo.com via HTTP; Thu, 06 Mar 2003 14:53:41 PST Date: Thu, 6 Mar 2003 14:53:41 -0800 (PST) From: twig les Subject: TCPDump version in base? To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey all, maybe I'm missing something but I can't seem to find the version of tcpdump that I'm running. After searching the massive man page and doing a quick "pkg_info | grep tcpdump" to make sure no info was available before posting, I don't know if I'm vulnerable. Does anyone know how to glean the version number from tcpdump? For those who are wondering wth I'm blathering about regarding tcpdump's vulnerability, this SANS blurb should clarify: Tcpdump versions prior to 3.7.2 contain a denial of service in the decoding of ISAKMP packets. This allows a remote attacker to spoof a malicious UDP packet that, when read by a vulnerable tcpdump application, will cause tcpdump to enter an infinite loop. This vulnerability is confirmed and fixed in version 3.7.2, available from: http://www.tcpdump.org/ ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 15: 1:53 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9094B37B401 for ; Thu, 6 Mar 2003 15:01:50 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id D946643F93 for ; Thu, 6 Mar 2003 15:01:49 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h26N1mQp005895; Thu, 6 Mar 2003 18:01:48 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030306180524.06b8da20@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 06 Mar 2003 18:05:55 -0500 To: twig les , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: TCPDump version in base? In-Reply-To: <20030306225341.20774.qmail@web10103.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 02:53 PM 06/03/2003 -0800, twig les wrote: >Hey all, maybe I'm missing something but I can't seem to find >the version of tcpdump that I'm running. After searching the In the cvs logs I see, ---------------------------- fenner 2003/03/02 21:11:04 PST FreeBSD src repository Modified files: (Branch: RELENG_4) contrib/tcpdump CHANGES CREDITS FILES INSTALL README VERSION addrtoname.c config.h.in configure configure.in gmt2local.c interface.h print-802_11.c print-arcnet.c print-arp.c print-atalk.c print-beep.c print-bgp.c print-bootp.c print-dhcp6.c print-egp.c print-esp.c print-ether.c print-fddi.c print-gre.c print-icmp.c print-icmp6.c print-igmp.c print-ip.c print-isakmp.c print-isoclns.c print-l2tp.c print-mobile.c print-mpls.c print-nfs.c print-ntp.c print-null.c print-pim.c print-radius.c print-raw.c print-rx.c print-sctp.c print-sll.c print-smb.c print-snmp.c print-stp.c print-sunrpc.c print-zephyr.c smbutil.c util.c Removed files: (Branch: RELENG_4) contrib/tcpdump dhcp6.h dhcp6opt.h Log: MFC tcpdump 3.7.2 Approved by: re (jhb) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 15: 3:20 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1969B37B401 for ; Thu, 6 Mar 2003 15:03:19 -0800 (PST) Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93FD743FAF for ; Thu, 6 Mar 2003 15:03:15 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: from radix.cryptio.net (localhost [127.0.0.1]) by radix.cryptio.net (8.12.8/8.12.8) with ESMTP id h26N3F0Y058354 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Mar 2003 15:03:15 -0800 (PST) (envelope-from emechler@radix.cryptio.net) Received: (from emechler@localhost) by radix.cryptio.net (8.12.8/8.12.8/Submit) id h26N3Edh058353; Thu, 6 Mar 2003 15:03:14 -0800 (PST) Date: Thu, 6 Mar 2003 15:03:14 -0800 From: Erick Mechler To: twig les Cc: freebsd-security@FreeBSD.ORG Subject: Re: TCPDump version in base? Message-ID: <20030306230314.GQ26124@techometer.net> References: <20030306225341.20774.qmail@web10103.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030306225341.20774.qmail@web10103.mail.yahoo.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: Hey all, maybe I'm missing something but I can't seem to find :: the version of tcpdump that I'm running. $ cat /usr/src/contrib/tcpdump/VERSION 3.7.2 This is from a system dated Mon Mar 3 21:21:10 PST 2003, and according to CVSweb, it looks like it's the current version. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 17:40:38 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5A6C37B401 for ; Thu, 6 Mar 2003 17:40:35 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C30E43F3F for ; Thu, 6 Mar 2003 17:40:34 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id B001645; Thu, 6 Mar 2003 19:40:33 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 8FC2278C43; Thu, 6 Mar 2003 19:40:33 -0600 (CST) Date: Thu, 6 Mar 2003 19:40:33 -0600 From: "Jacques A. Vidrine" To: twig les Cc: freebsd-security@freebsd.org Subject: Re: TCPDump version in base? Message-ID: <20030307014033.GB83950@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , twig les , freebsd-security@freebsd.org References: <20030306225341.20774.qmail@web10103.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030306225341.20774.qmail@web10103.mail.yahoo.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 06, 2003 at 02:53:41PM -0800, twig les wrote: > Hey all, maybe I'm missing something but I can't seem to find > the version of tcpdump that I'm running. After searching the > massive man page and doing a quick "pkg_info | grep tcpdump" to > make sure no info was available before posting, I don't know if > I'm vulnerable. Does anyone know how to glean the version > number from tcpdump? % tcpdump -V tcpdump version 3.7.1+multidlt libpcap version 0.7+multidlt Usage: tcpdump [-adeflLnNOpqRStuvxX] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ -y datalinktype ] [ expression ] 3.7.2 is in -CURRENT and -STABLE as of March 2nd & 3rd, respectively. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 17:43:29 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9542537B401 for ; Thu, 6 Mar 2003 17:43:27 -0800 (PST) Received: from buzz.myvest.com (dsl092-024-162.sfo1.dsl.speakeasy.net [66.92.24.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4DA443FB1 for ; Thu, 6 Mar 2003 17:43:26 -0800 (PST) (envelope-from glen@burningman.com) Received: from [127.0.0.1] (helo=burningman.com) by buzz.myvest.com with esmtp (Exim 3.35 #1 (Debian)) id 18r6tS-0006xJ-00; Thu, 06 Mar 2003 17:43:26 -0800 Message-ID: <3E67F93D.5070402@burningman.com> Date: Thu, 06 Mar 2003 17:43:25 -0800 From: Glen Mehn User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021213 Debian/1.2.1-2.bunk X-Accept-Language: en MIME-Version: 1.0 To: twig les Cc: freebsd-security@freebsd.org Subject: Re: TCPDump version in base? References: <20030306225341.20774.qmail@web10103.mail.yahoo.com> In-Reply-To: <20030306225341.20774.qmail@web10103.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org twig les wrote: > Hey all, maybe I'm missing something but I can't seem to find > the version of tcpdump that I'm running. After searching the > massive man page and doing a quick "pkg_info | grep tcpdump" to > make sure no info was available before posting, I don't know if > I'm vulnerable. Does anyone know how to glean the version > number from tcpdump? > tcpdump -V ? glen@dogme:~$ tcpdump -V tcpdump version 3.7.2 libpcap version 0.7 Usage: tcpdump [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E algo:secret ] [ expression] ho.. hum... -- Glen Mehn glen@burningman.com "if you ever swallow the universe, remember to spit the dragon back out.xx. --swan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 6 23:32: 7 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E83A37B401 for ; Thu, 6 Mar 2003 23:32:05 -0800 (PST) Received: from flora.securenet.com.au (ns1.isecure.com.au [202.125.0.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id A053743FE1 for ; Thu, 6 Mar 2003 23:32:00 -0800 (PST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from leal.securenet.com.au (leal.isecure.com.au [202.125.0.94] (may be forged)) by flora.securenet.com.au (8.12.3/8.12.3/Debian-5) with ESMTP id h277Vxuc013023; Fri, 7 Mar 2003 18:31:59 +1100 Received: (from root@localhost) by leal.securenet.com.au (8.12.6/8.12.6) id h277VwNW029901; Fri, 7 Mar 2003 18:31:58 +1100 (EST) Received: from nodnsquery(10.11.3.10) by leal.securenet.com.au via csmap (V6.0) id srcAAAutaGz6; Fri, 7 Mar 03 18:31:58 +1100 Received: from vmail.aipo.gov.au (localhost [127.0.0.1]) by gibbons.securenet.com.au (8.12.3/8.12.3/Debian-5) with ESMTP id h277VwCI023767; Fri, 7 Mar 2003 18:31:58 +1100 Received: from stan.aipo.gov.au (wf-135.aipo.gov.au [192.168.1.135]) by vmail.aipo.gov.au (8.11.6/8.11.6) with ESMTP id h277Vvv20346; Fri, 7 Mar 2003 18:31:57 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from stan.aipo.gov.au (localhost [127.0.0.1]) by stan.aipo.gov.au (8.12.6/8.12.6) with ESMTP id h277Vu6c000294; Fri, 7 Mar 2003 18:31:56 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: (from anwsmh@localhost) by stan.aipo.gov.au (8.12.6/8.12.6/Submit) id h277VrUS000293; Fri, 7 Mar 2003 18:31:53 +1100 (EST) X-Authentication-Warning: stan.aipo.gov.au: anwsmh set sender to anwsmh@IPAustralia.Gov.AU using -f Date: Fri, 7 Mar 2003 18:31:53 +1100 From: Stanley Hopcroft To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: network audit of sendmail Message-ID: <20030307183148.A243@IPAustralia.Gov.AU> References: <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> <5.2.0.9.0.20030306094902.06e759a8@marble.sentex.ca> <20030306203713.GA14778@nessus.org> <5.2.0.9.0.20030306174416.05ea4650@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.2.0.9.0.20030306174416.05ea4650@marble.sentex.ca>; from mike@sentex.net on Thu, Mar 06, 2003 at 05:45:53PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Sir, dLUx (?)s CPAN module Parallel::ForkManager is a _neat_ way of running a lot of Perl programs in parallel. No need to wait etc since this is done by the module. From the synopsis, use Parallel::ForkManager; $pm = new Parallel::ForkManager($MAX_PROCESSES); foreach $data (@all_data) { # Forks and returns the pid for the child: my $pid = $pm->start and next; ... do some work with $data in the child process ... $pm->finish; # Terminates the child process } I use it to do a whole bunch of snmpwalks of switch bridge tables. HTH, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft ------------------------------------------------------------------------ '...No man is an island, entire of itself; every man is a piece of the continent, a part of the main. If a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friend's or of thine own were. Any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee...' from Meditation 17, J Donne. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 7 2:41: 6 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9430437B401 for ; Fri, 7 Mar 2003 02:41:05 -0800 (PST) Received: from vortex.sdf.se (vortex.sdf.se [213.115.128.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 525F443F3F for ; Fri, 7 Mar 2003 02:41:04 -0800 (PST) (envelope-from jh@sdf.se) Received: (from jh@localhost) by vortex.sdf.se (8.9.3/8.9.3) id LAA93747 for freebsd-security@freebsd.org; Fri, 7 Mar 2003 11:28:19 +0100 (CET) From: Jonas Hedqvist Message-Id: <200303071028.LAA93747@vortex.sdf.se> Subject: unsubscribe To: freebsd-security@freebsd.org Date: Fri, 7 Mar 2003 11:28:19 +0100 (CET) X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 7 8:40:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F4A237B401; Fri, 7 Mar 2003 08:40:45 -0800 (PST) Received: from pd2mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8712E43FCB; Fri, 7 Mar 2003 08:40:44 -0800 (PST) (envelope-from patrick.maloney@shaw.ca) Received: from pd3mr2so.prod.shaw.ca (pd3mr2so-ser.prod.shaw.ca [10.0.141.178]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0HBE0015B0ZVJ8@l-daemon>; Fri, 07 Mar 2003 09:40:43 -0700 (MST) Received: from shaw.ca (pd2ms1so-con.prod.shaw.ca [10.0.122.119]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0HBE003G10ZV81@l-daemon>; Fri, 07 Mar 2003 09:40:43 -0700 (MST) Received: from [10.0.142.60] by pd2ims1.prod.shaw.ca (mshttpd); Fri, 07 Mar 2003 08:40:43 -0800 Date: Fri, 07 Mar 2003 08:40:43 -0800 From: patrick.maloney@shaw.ca Subject: Re: unsubscribe To: Jonas Hedqvist Cc: freebsd-security@freebsd.org, majordomo@FreeBSD.org Message-id: <3c83f3cd3b.3cd3b3c83f@shaw.ca> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.1 HotFix 1.6 (built Oct 18 2002) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe freebsd-security My mistake! Thanks for the pointer. PM ----- Original Message ----- From: Jonas Hedqvist Date: Friday, March 7, 2003 2:28 am Subject: unsubscribe > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message