From owner-freebsd-security@FreeBSD.ORG Fri Mar 12 08:07:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CEC116A4CE; Fri, 12 Mar 2004 08:07:10 -0800 (PST) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6E0943D39; Fri, 12 Mar 2004 08:07:09 -0800 (PST) (envelope-from trhodes@FreeBSD.org) Received: from localhost (acs-24-154-235-164.zoominternet.net [24.154.235.164]) (authenticated bits=0) by pittgoth.com (8.12.11/8.12.11) with ESMTP id i2CG7828052795 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 12 Mar 2004 11:07:08 -0500 (EST) (envelope-from trhodes@FreeBSD.org) Date: Fri, 12 Mar 2004 11:07:25 -0500 From: Tom Rhodes To: Ruslan Ermilov Message-Id: <20040312110725.698ebe20@localhost> In-Reply-To: <20040312154600.GC2235@ip.net.ua> References: <200403120922.i2C9M0jC002510@stud326.idi.ntnu.no> <20040312104914.GA52099@ip.net.ua> <20040312105730.GA99925@stud326.idi.ntnu.no> <20040312110657.GB52099@ip.net.ua> <20040312111526.GA14260@stack.nl> <20040312125820.GA8574@lum.celabo.org> <20040312154600.GC2235@ip.net.ua> X-Mailer: Sylpheed version 0.9.9claws (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 15 Mar 2004 04:15:25 -0800 cc: "Jacques A. Vidrine" cc: security@FreeBSD.org Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2004 16:07:10 -0000 On Fri, 12 Mar 2004 17:46:00 +0200 Ruslan Ermilov wrote: > On Fri, Mar 12, 2004 at 06:58:20AM -0600, Jacques A. Vidrine wrote: > > On Fri, Mar 12, 2004 at 12:15:26PM +0100, Marc Olzheim wrote: > > > On Fri, Mar 12, 2004 at 01:06:57PM +0200, Ruslan Ermilov wrote: > > > > And the fact that optind is initially set to 1. I wonder what > > > > could be the implications for setuid programs. There could be > > > > quite unpredictable results, as the "argv" pointer is incorrectly > > > > advanced in this case, and at least several setuid programs that > > > > I've glanced at are vulnerable to this attack. > > > > > > See also: http://www.freebsd.org/cgi/query-pr.cgi?pr=33738 > > > > Thanks Ruslan, Marc, > > > > I think kern/33738 is on the money. I do not see any immediate > > ramifications, but for peace of mind I believe that exec should fail if > > the argument array pointer is NULL. > > > > I believe this would be consistent with the relevant standards: POSIX > > already requires (a) that the first argument ``should point to a > > filename that is associated with the process being started'' and (b) > > ``the last member of this array is a null pointer''--- i.e. the array > > pointer cannot be NULL. > > > As Garrett already pointed out in the PR log, have you considered this? > > http://www.opengroup.org/onlinepubs/007904975/functions/execve.html#tag_03_130_08 > > I'm happy with changing our behavior to Strictly Conforming for the > goods of security, and you? Will it 'break' anything? -- Tom Rhodes From owner-freebsd-security@FreeBSD.ORG Fri Mar 12 11:29:56 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 449C716A4CE for ; Fri, 12 Mar 2004 11:29:56 -0800 (PST) Received: from deliver.epitech.net (deliver.epitech.net [163.5.0.25]) by mx1.FreeBSD.org (Postfix) with SMTP id 79CD643D39 for ; Fri, 12 Mar 2004 11:29:53 -0800 (PST) (envelope-from bevand_m@epita.fr) Received: from epita.fr ([10.42.1.60]) by deliver.epitech.net (SAVSMTP 3.1.2.35) with SMTP id M2004031220271102340 for ; Fri, 12 Mar 2004 20:27:11 +0100 Received: from nash (nash.epita.fr [10.42.120.94]) by epita.fr id i2CJTou03087 for security@freebsd.org EPITA Paris France Fri, 12 Mar 2004 20:29:50 +0100 (CET) Date: Fri, 12 Mar 2004 20:29:52 +0100 From: Marc Bevand To: security@freebsd.org Message-ID: <20040312192952.GA23211@nash.epita.fr> References: <200403120922.i2C9M0jC002510@stud326.idi.ntnu.no> <20040312104914.GA52099@ip.net.ua> <20040312105730.GA99925@stud326.idi.ntnu.no> <20040312110657.GB52099@ip.net.ua> <20040312111526.GA14260@stack.nl> <20040312125820.GA8574@lum.celabo.org> <20040312154600.GC2235@ip.net.ua> <20040312110725.698ebe20@localhost> <20040312161049.GA2872@ip.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040312161049.GA2872@ip.net.ua> User-Agent: Mutt/1.4i X-Mailman-Approved-At: Mon, 15 Mar 2004 04:15:25 -0800 Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2004 19:29:56 -0000 On 12 Mar 2004, Ruslan Ermilov wrote: | On Fri, Mar 12, 2004 at 11:07:25AM -0500, Tom Rhodes wrote: | > | > Will it 'break' anything? | | Sure it will, the question is should we care about something that's | already broken. ;) It will break almost all shellcodes trying to be the shorter ones (as they pass NULL for argv and envp). So we can view it as a small security improvement (just kidding). -- Marc Bevand http://www.epita.fr/~bevand_m Computer Science School EPITA - System, Network and Security Dept. From owner-freebsd-security@FreeBSD.ORG Mon Mar 15 04:25:04 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D2516A4CE for ; Mon, 15 Mar 2004 04:25:04 -0800 (PST) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79CB543D41 for ; Mon, 15 Mar 2004 04:25:03 -0800 (PST) (envelope-from marcolz@stack.nl) Received: from hammer.stack.nl (hammer.stack.nl [2001:610:1108:5010::153]) by mailhost.stack.nl (Postfix) with ESMTP id 4055A09E#62A9D1F00A; Mon, 15 Mar 2004 13:25:02 +0100 (CET) Received: by hammer.stack.nl (Postfix, from userid 333) id 34D7F6160; Mon, 15 Mar 2004 13:25:05 +0100 (CET) Date: Mon, 15 Mar 2004 13:25:05 +0100 From: Marc Olzheim To: Marc Bevand Message-ID: <20040315122505.GA686@stack.nl> References: <200403120922.i2C9M0jC002510@stud326.idi.ntnu.no> <20040312104914.GA52099@ip.net.ua> <20040312105730.GA99925@stud326.idi.ntnu.no> <20040312110657.GB52099@ip.net.ua> <20040312111526.GA14260@stack.nl> <20040312125820.GA8574@lum.celabo.org> <20040312154600.GC2235@ip.net.ua> <20040312110725.698ebe20@localhost> <20040312161049.GA2872@ip.net.ua> <20040312192952.GA23211@nash.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040312192952.GA23211@nash.epita.fr> X-Operating-System: FreeBSD hammer.stack.nl 5.2-CURRENT FreeBSD 5.2-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.6i cc: security@freebsd.org Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 12:25:04 -0000 On Fri, Mar 12, 2004 at 08:29:52PM +0100, Marc Bevand wrote: > On 12 Mar 2004, Ruslan Ermilov wrote: > | On Fri, Mar 12, 2004 at 11:07:25AM -0500, Tom Rhodes wrote: > | > > | > Will it 'break' anything? > | > | Sure it will, the question is should we care about something that's > | already broken. ;) > > It will break almost all shellcodes trying to be the shorter ones > (as they pass NULL for argv and envp). So we can view it as a small > security improvement (just kidding). When I tested my patches (over 2 years ago), I didn't trigger any compilation, nor any runtime problems... Marc From owner-freebsd-security@FreeBSD.ORG Mon Mar 15 12:23:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 549B116A4CE for ; Mon, 15 Mar 2004 12:23:15 -0800 (PST) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFA5C43D1F for ; Mon, 15 Mar 2004 12:23:13 -0800 (PST) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.10/8.12.9) with ESMTP id i2FKRRee025487 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Mar 2004 22:27:28 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i2FKNCTN072412; Mon, 15 Mar 2004 22:23:12 +0200 (EET) (envelope-from ru) Date: Mon, 15 Mar 2004 22:23:12 +0200 From: Ruslan Ermilov To: Marc Olzheim Message-ID: <20040315202311.GB72326@ip.net.ua> References: <20040312104914.GA52099@ip.net.ua> <20040312105730.GA99925@stud326.idi.ntnu.no> <20040312110657.GB52099@ip.net.ua> <20040312111526.GA14260@stack.nl> <20040312125820.GA8574@lum.celabo.org> <20040312154600.GC2235@ip.net.ua> <20040312110725.698ebe20@localhost> <20040312161049.GA2872@ip.net.ua> <20040312192952.GA23211@nash.epita.fr> <20040315122505.GA686@stack.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx" Content-Disposition: inline In-Reply-To: <20040315122505.GA686@stack.nl> User-Agent: Mutt/1.5.6i X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: Marc Bevand cc: security@freebsd.org Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 20:23:15 -0000 --aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 15, 2004 at 01:25:05PM +0100, Marc Olzheim wrote: > On Fri, Mar 12, 2004 at 08:29:52PM +0100, Marc Bevand wrote: > > On 12 Mar 2004, Ruslan Ermilov wrote: > > | On Fri, Mar 12, 2004 at 11:07:25AM -0500, Tom Rhodes wrote: > > | >=20 > > | > Will it 'break' anything? > > | > > | Sure it will, the question is should we care about something that's > > | already broken. ;) > >=20 > > It will break almost all shellcodes trying to be the shorter ones > > (as they pass NULL for argv and envp). So we can view it as a small > > security improvement (just kidding). >=20 > When I tested my patches (over 2 years ago), I didn't trigger any > compilation, nor any runtime problems... >=20 You didn't try any shellcodes lurking out there, did you? ;) Cheers, --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAVhCvUkv4P6juNwoRAvq5AJ9a/q+dW277IHFKU/Z6CXD9RShnqgCcC+Y2 ZWwrHaPMbRL2vM96+KVYl6M= =soGK -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx-- From owner-freebsd-security@FreeBSD.ORG Mon Mar 15 12:29:59 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73B9B16A4CE; Mon, 15 Mar 2004 12:29:59 -0800 (PST) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEF8043D41; Mon, 15 Mar 2004 12:29:58 -0800 (PST) (envelope-from marcolz@stack.nl) Received: from hammer.stack.nl (hammer.stack.nl [2001:610:1108:5010::153]) by mailhost.stack.nl (Postfix) with ESMTP id 40561245#735A51F00A; Mon, 15 Mar 2004 21:29:57 +0100 (CET) Received: by hammer.stack.nl (Postfix, from userid 333) id 504ED61B0; Mon, 15 Mar 2004 21:30:00 +0100 (CET) Date: Mon, 15 Mar 2004 21:30:00 +0100 From: Marc Olzheim To: Ruslan Ermilov Message-ID: <20040315203000.GA42542@stack.nl> References: <20040312105730.GA99925@stud326.idi.ntnu.no> <20040312110657.GB52099@ip.net.ua> <20040312111526.GA14260@stack.nl> <20040312125820.GA8574@lum.celabo.org> <20040312154600.GC2235@ip.net.ua> <20040312110725.698ebe20@localhost> <20040312161049.GA2872@ip.net.ua> <20040312192952.GA23211@nash.epita.fr> <20040315122505.GA686@stack.nl> <20040315202311.GB72326@ip.net.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040315202311.GB72326@ip.net.ua> X-Operating-System: FreeBSD hammer.stack.nl 5.2-CURRENT FreeBSD 5.2-CURRENT X-URL: http://www.stack.nl/~marcolz/ User-Agent: Mutt/1.5.6i cc: Marc Olzheim cc: Marc Bevand cc: security@freebsd.org Subject: Re: bin/64150: [PATCH] ls(1) coredumps when started via execve(2) with no argv. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 20:29:59 -0000 On Mon, Mar 15, 2004 at 10:23:12PM +0200, Ruslan Ermilov wrote: > > When I tested my patches (over 2 years ago), I didn't trigger any > > compilation, nor any runtime problems... > > > You didn't try any shellcodes lurking out there, did you? ;) Not with the hope of succeeding, no... :-P Marc From owner-freebsd-security@FreeBSD.ORG Tue Mar 16 23:00:53 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3339A16A4CE for ; Tue, 16 Mar 2004 23:00:53 -0800 (PST) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id A86E643D31 for ; Tue, 16 Mar 2004 23:00:52 -0800 (PST) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 92167 invoked by uid 1001); 17 Mar 2004 07:00:51 -0000 Date: Wed, 17 Mar 2004 02:00:51 -0500 From: "Peter C. Lai" To: freebsd-security@freebsd.org Message-ID: <20040317070051.GC716@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 07:00:53 -0000 Any reason why portaudit and its associated infrastructure was not announced to this list or security-notifications? I recently discovered it, and discovered the feature was added to bsd.port.mk in the beginning of feburary. Seeing as the security officer apparently (without announcement) no longer issues security notices (SNs) for ports, I am assuming that portaudit has replaced SNs entirely, and that we should rely on that for ports operational security? I'm not subscribed to -ports, -questions, or -current, which were apparently where the portaudit introduction discussions took place. -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 06:23:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF86A16A4CE for ; Wed, 17 Mar 2004 06:23:32 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 686CA43D1D for ; Wed, 17 Mar 2004 06:23:32 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 70E0D5482B; Wed, 17 Mar 2004 08:23:31 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 0B1806D465; Wed, 17 Mar 2004 08:23:31 -0600 (CST) Date: Wed, 17 Mar 2004 08:23:30 -0600 From: "Jacques A. Vidrine" To: "Peter C. Lai" Message-ID: <20040317142330.GA21961@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , "Peter C. Lai" , freebsd-security@freebsd.org References: <20040317070051.GC716@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040317070051.GC716@cowbert.2y.net> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 14:23:32 -0000 On Wed, Mar 17, 2004 at 02:00:51AM -0500, Peter C. Lai wrote: > Any reason why portaudit and its associated infrastructure was not announced to > this list or security-notifications? I recently discovered it, and discovered > the feature was added to bsd.port.mk in the beginning of feburary. Seeing as > the security officer apparently (without announcement) no longer issues > security notices (SNs) for ports, I am assuming that portaudit has replaced > SNs entirely, and that we should rely on that for ports operational security? > I'm not subscribed to -ports, -questions, or -current, which were apparently > where the portaudit introduction discussions took place. VuXML is the new mechanism for documenting security issues in ports. It has not been `announced' because it is still at an experimental stage. portaudit is one tool that reads the FreeBSD VuXML document, and is well- suited for automated checking. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 08:48:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6B1216A4CE; Wed, 17 Mar 2004 08:48:32 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A48D543D2D; Wed, 17 Mar 2004 08:48:32 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (nectar@localhost [127.0.0.1]) i2HGmWbv015136; Wed, 17 Mar 2004 08:48:32 -0800 (PST) (envelope-from security-advisories@freebsd.org) Received: (from nectar@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i2HGmWeH015134; Wed, 17 Mar 2004 08:48:32 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Wed, 17 Mar 2004 08:48:32 -0800 (PST) Message-Id: <200403171648.i2HGmWeH015134@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-04:05.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 16:48:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:05.openssl Security Advisory The FreeBSD Project Topic: Denial-of-service vulnerability in OpenSSL Category: crypto Module: openssl Announced: 2004-03-17 Credits: OpenSSL Project Codenomicon Ltd Affects: All FreeBSD 4.x and 5.x releases Corrected: 2004-03-17 12:23:51 UTC (RELENG_4, 4.9-STABLE) 2004-03-17 12:14:12 UTC (RELENG_5_2, 5.2.1-RELEASE-p3) 2004-03-17 12:14:56 UTC (RELENG_5_1, 5.1-RELEASE-p16) 2004-03-17 12:17:13 UTC (RELENG_4_9, 4.9-RELEASE-p4) 2004-03-17 12:18:23 UTC (RELENG_4_8, 4.8-RELEASE-p17) CVE Name: CAN-2004-0079 FreeBSD only: NO For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial- grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to check that a new cipher has been previously negotiated. This may result in a null pointer dereference. III. Impact A remote attacker could perform a specially crafted SSL/TLS handshake with an application that utilizes OpenSSL, triggering the null pointer dereference and causing the application to crash. Depending upon the specifics of the application, this may result in an effective denial-of-service. IV. Workaround No workaround is known. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.8, 4.9, 5.1, and 5.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in . Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. All affected applications must be restarted for them to use the corrected library. Though not required, rebooting may be the easiest way to accomplish this. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.9 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.7 RELENG_5_2 src/UPDATING 1.282.2.11 src/crypto/openssl/crypto/opensslv.h 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.8.4.1 src/sys/conf/newvers.sh 1.56.2.10 RELENG_5_1 src/UPDATING 1.251.2.18 src/crypto/openssl/crypto/opensslv.h 1.1.1.13.2.1 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.8.2.1 src/sys/conf/newvers.sh 1.50.2.18 RELENG_4_9 src/UPDATING 1.73.2.89.2.5 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.8.2.1 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.6.4.1 src/sys/conf/newvers.sh 1.44.2.32.2.5 RELENG_4_8 src/UPDATING 1.73.2.80.2.20 src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.7.2.1 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.6.2.1 src/sys/conf/newvers.sh 1.44.2.29.2.18 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAWH8nFdaIBMps37IRAgsZAKCPXaoTb16c8JGJL+Uz7eOX8/864ACbB059 AIfN8fbeiGJ3fdG0pKAMwMw= =2f24 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 10:02:22 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A459116A4CF for ; Wed, 17 Mar 2004 10:02:22 -0800 (PST) Received: from probsd.org (rrcs-midsouth-24-199-182-230.biz.rr.com [24.199.182.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E5B443D41 for ; Wed, 17 Mar 2004 10:02:22 -0800 (PST) (envelope-from dana@coastal-law.org) Received: from probsd.org (probsd.org [192.168.1.4]) by probsd.org (Postfix) with SMTP id A4E8B4648B for ; Wed, 17 Mar 2004 13:02:49 -0500 (EST) Received: from 192.168.1.1 (SquirrelMail authenticated user dgolden) by probsd.org with HTTP; Wed, 17 Mar 2004 13:02:49 -0500 (EST) Message-ID: <1700.192.168.1.1.1079546569.squirrel@probsd.org> Date: Wed, 17 Mar 2004 13:02:49 -0500 (EST) From: "D Golden" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: FreeBSD Security Advisories ( openssl ) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 18:02:22 -0000 Am I correct in assuming that if I do a: make OPENSSL_OVERWRITE_BASE=yes install clean in /usr/ports/security/openssl ( after updating my ports tree ) that the port will overwrite the base openssl, thus not requiring the subsequent patch and recompile of the OS to patch this Vulnerability? Dana From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 10:13:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D38E416A4CE for ; Wed, 17 Mar 2004 10:13:13 -0800 (PST) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4779943D39 for ; Wed, 17 Mar 2004 10:13:13 -0800 (PST) (envelope-from patpro@patpro.net) Received: from [192.168.0.1] (cassandre [192.168.0.1]) by boleskine.patpro.net (Postfix) with ESMTP id A76A215; Wed, 17 Mar 2004 19:13:12 +0100 (CET) In-Reply-To: <1700.192.168.1.1.1079546569.squirrel@probsd.org> References: <1700.192.168.1.1.1079546569.squirrel@probsd.org> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Patrick Proniewski Date: Wed, 17 Mar 2004 19:13:10 +0100 To: "D Golden" X-Mailer: Apple Mail (2.613) cc: Liste FreeBSD-security Subject: Re: FreeBSD Security Advisories ( openssl ) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 18:13:13 -0000 On 17 mars 2004, at 19:02, D Golden wrote: > Am I correct in assuming that if I do a: > > make OPENSSL_OVERWRITE_BASE=yes install clean > > in /usr/ports/security/openssl ( after updating my ports tree ) that > the > port will overwrite the base openssl, thus not requiring the subsequent > patch and recompile of the OS to patch this Vulnerability? You'll still have to recompile any program that is statically linked to OpenSSH patpro -- je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 10:52:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A50F516A4CE for ; Wed, 17 Mar 2004 10:52:54 -0800 (PST) Received: from postman.arcor.de (postman4.arcor-online.net [151.189.0.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 160F043D2F for ; Wed, 17 Mar 2004 10:52:54 -0800 (PST) (envelope-from eikemeier@fillmore-labs.com) Received: from fillmore.dyndns.org (port-212-202-51-138.reverse.qsc.de [212.202.51.138]) (authenticated bits=0)i2HIqoD2011918 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 17 Mar 2004 19:52:51 +0100 (MET) Received: from [172.16.0.2] (helo=fillmore-labs.com) by fillmore.dyndns.org with esmtp (Exim 4.30; FreeBSD) id 1B3g9b-000Ihe-Se; Wed, 17 Mar 2004 19:52:35 +0100 Message-ID: <40589E73.80209@fillmore-labs.com> Date: Wed, 17 Mar 2004 19:52:35 +0100 From: Oliver Eikemeier Organization: Fillmore Labs GmbH - http://www.fillmore-labs.com/ MIME-Version: 1.0 To: "Peter C. Lai" References: <20040317070051.GC716@cowbert.2y.net> In-Reply-To: <20040317070051.GC716@cowbert.2y.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit User-Agent: KMail/1.5.9 cc: freebsd-security@freebsd.org Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 18:52:54 -0000 Peter C. Lai wrote: > Any reason why portaudit and its associated infrastructure was not announced to > this list or security-notifications? Sorry, I wasn't subscribed to security@ until recently, so I didn't though of announcing portaudit on this list. > I recently discovered it, and discovered > the feature was added to bsd.port.mk in the beginning of feburary. Seeing as > the security officer apparently (without announcement) no longer issues > security notices (SNs) for ports, I am assuming that portaudit has replaced > SNs entirely, and that we should rely on that for ports operational security? > [...] I'm sorry there has been so much confusion about portaudit. portaudit is fully functional, so it should be pretty realiable if used on your systems, but here are still some issues I want to straighten out before having an 1.0 release and doing an official announcement: - documented proxy handling - more tunable parameters - a start script for workstations which do not run periodic(8) scripts - maybe add some auditing code to pkg_add I hope to finish these Real Soon Now(tm), and will post an announcement then. Thanks for you heads-up Oliver From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 10:55:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA0AF16A4CE for ; Wed, 17 Mar 2004 10:55:44 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E01543D1F for ; Wed, 17 Mar 2004 10:55:44 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id BF4F45486E; Wed, 17 Mar 2004 12:55:43 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 7BFA46D465; Wed, 17 Mar 2004 12:55:43 -0600 (CST) Date: Wed, 17 Mar 2004 12:55:43 -0600 From: "Jacques A. Vidrine" To: D Golden Message-ID: <20040317185543.GD37165@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , D Golden , freebsd-security@freebsd.org References: <1700.192.168.1.1.1079546569.squirrel@probsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1700.192.168.1.1.1079546569.squirrel@probsd.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisories ( openssl ) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 18:55:45 -0000 On Wed, Mar 17, 2004 at 01:02:49PM -0500, D Golden wrote: > Am I correct in assuming that if I do a: > > make OPENSSL_OVERWRITE_BASE=yes install clean > > in /usr/ports/security/openssl ( after updating my ports tree ) that the > port will overwrite the base openssl, thus not requiring the subsequent > patch and recompile of the OS to patch this Vulnerability? No. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 16:45:00 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C24A116A4CE for ; Wed, 17 Mar 2004 16:45:00 -0800 (PST) Received: from web14811.mail.yahoo.com (web14811.mail.yahoo.com [66.163.172.95]) by mx1.FreeBSD.org (Postfix) with SMTP id B631C43D1F for ; Wed, 17 Mar 2004 16:45:00 -0800 (PST) (envelope-from rosti_bsd@yahoo.com) Message-ID: <20040318004500.39746.qmail@web14811.mail.yahoo.com> Received: from [192.117.108.59] by web14811.mail.yahoo.com via HTTP; Wed, 17 Mar 2004 16:45:00 PST Date: Wed, 17 Mar 2004 16:45:00 -0800 (PST) From: Rostislav Krasny To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 00:45:00 -0000 Hello there. The FreeBSD-SA-04:05.openssl Security Advisory announced a "null-pointer assignment during SSL handshake" DoS vulnerability. However, the OpenSSH Security Advisory of 17 March 2004 announced the same vulnerability with one more vulnerability. Look at http://www.openssl.org/news/secadv_20040317.txt Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects Kerberos ciphersuites" security problem? Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 16:57:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 034A616A4CE for ; Wed, 17 Mar 2004 16:57:10 -0800 (PST) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDED243D48 for ; Wed, 17 Mar 2004 16:57:09 -0800 (PST) (envelope-from des@des.no) Received: by smtp.des.no (Pony Express, from userid 666) id 5A819530E; Thu, 18 Mar 2004 01:57:08 +0100 (CET) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 30FC2530A; Thu, 18 Mar 2004 01:57:03 +0100 (CET) Received: by dwp.des.no (Postfix, from userid 2602) id B689833CA7; Thu, 18 Mar 2004 01:57:02 +0100 (CET) To: Rostislav Krasny References: <20040318004500.39746.qmail@web14811.mail.yahoo.com> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Thu, 18 Mar 2004 01:57:02 +0100 In-Reply-To: <20040318004500.39746.qmail@web14811.mail.yahoo.com> (Rostislav Krasny's message of "Wed, 17 Mar 2004 16:45:00 -0800 (PST)") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63 cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 00:57:10 -0000 Rostislav Krasny writes: > Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects > Kerberos ciphersuites" security problem? >From the URL you mentioned: "Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected." DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 18:20:26 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BA4A16A4CE for ; Wed, 17 Mar 2004 18:20:26 -0800 (PST) Received: from web14804.mail.yahoo.com (web14804.mail.yahoo.com [216.136.224.220]) by mx1.FreeBSD.org (Postfix) with SMTP id 5A96A43D39 for ; Wed, 17 Mar 2004 18:20:26 -0800 (PST) (envelope-from rosti_bsd@yahoo.com) Message-ID: <20040318022009.52877.qmail@web14804.mail.yahoo.com> Received: from [192.117.108.59] by web14804.mail.yahoo.com via HTTP; Wed, 17 Mar 2004 18:20:09 PST Date: Wed, 17 Mar 2004 18:20:09 -0800 (PST) From: Rostislav Krasny To: Dag-Erling "Smørgrav" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 02:20:26 -0000 --- Dag-Erling Smørgrav wrote: > Rostislav Krasny writes: > > Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects > > Kerberos ciphersuites" security problem? > > From the URL you mentioned: "Most applications have no ability to use > Kerberos ciphersuites and will therefore be unaffected." Do you imply that applications with ability to use Kerberos ciphersuites are impossible to be implemented for current versions of FreeBSD? __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 18:55:40 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A093116A4CE for ; Wed, 17 Mar 2004 18:55:40 -0800 (PST) Received: from vista.netmemetic.com (bb-203-125-43-250.singnet.com.sg [203.125.43.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F5F843D55 for ; Wed, 17 Mar 2004 18:55:40 -0800 (PST) (envelope-from ngps@netmemetic.com) Received: by vista.netmemetic.com (Postfix, from userid 100) id D1E7294D; Thu, 18 Mar 2004 10:54:34 +0800 (SGT) Date: Thu, 18 Mar 2004 10:54:34 +0800 From: Ng Pheng Siong To: Rostislav Krasny Message-ID: <20040318025434.GB875@vista.netmemetic.com> References: <20040318022009.52877.qmail@web14804.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040318022009.52877.qmail@web14804.mail.yahoo.com> User-Agent: Mutt/1.4.1i cc: Dag-Erling =?unknown-8bit?Q?Sm=F8rgrav?= cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 02:55:40 -0000 On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > --- Dag-Erling Sm?rgrav wrote: > > From the URL you mentioned: "Most applications have no ability to use > > Kerberos ciphersuites and will therefore be unaffected." > > Do you imply that applications with ability to use Kerberos > ciphersuites are impossible to be implemented for current versions of FreeBSD? The text before the above quoted "Most applications have no ability..." read A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites [...] Instead of asking about impossibility in the abstract, ask if you do run servers that support Kerberos cipthersuites and, if yes, how to configure your software to not use them. Cheers. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Firewall Change Management & Version Control http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL From owner-freebsd-security@FreeBSD.ORG Wed Mar 17 20:03:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F37B16A4CE for ; Wed, 17 Mar 2004 20:03:54 -0800 (PST) Received: from web14802.mail.yahoo.com (web14802.mail.yahoo.com [216.136.224.218]) by mx1.FreeBSD.org (Postfix) with SMTP id 5CB4243D2F for ; Wed, 17 Mar 2004 20:03:54 -0800 (PST) (envelope-from rosti_bsd@yahoo.com) Message-ID: <20040318040353.28031.qmail@web14802.mail.yahoo.com> Received: from [192.117.108.59] by web14802.mail.yahoo.com via HTTP; Wed, 17 Mar 2004 20:03:53 PST Date: Wed, 17 Mar 2004 20:03:53 -0800 (PST) From: Rostislav Krasny To: Ng Pheng Siong In-Reply-To: <20040318025434.GB875@vista.netmemetic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: Dag-Erling Smørgrav cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 04:03:54 -0000 --- Ng Pheng Siong wrote: > On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > > --- Dag-Erling Sm?rgrav wrote: > > > From the URL you mentioned: "Most applications have no ability to > > > use Kerberos ciphersuites and will therefore be unaffected." > > > > Do you imply that applications with ability to use Kerberos > > ciphersuites are impossible to be implemented for current versions > > of FreeBSD? > > The text before the above quoted "Most applications have no > ability..." > read > > A remote attacker could perform a carefully crafted SSL/TLS > handshake against a server configured to use Kerberos ciphersuites > [...] > > Instead of asking about impossibility in the abstract, ask if you do > run servers that support Kerberos cipthersuites and, if yes, how to > configure your software to not use them. My original question was about specified vulnerability of OpenSSL, not about applicaion that use it. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 00:28:22 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5077216A4CE for ; Thu, 18 Mar 2004 00:28:22 -0800 (PST) Received: from mailhub01.unibe.ch (mailhub01.unibe.ch [130.92.9.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBE6243D1F for ; Thu, 18 Mar 2004 00:28:21 -0800 (PST) (envelope-from roth@speedy.unibe.ch) Received: from localhost (scanhub02-eth0.unibe.ch [130.92.254.66]) by mailhub01.unibe.ch (Postfix) with ESMTP id 5AF0B25BA23; Thu, 18 Mar 2004 09:28:20 +0100 (MET) Received: from mailhub01.unibe.ch ([130.92.9.52]) by localhost (scanhub02 [130.92.254.66]) (amavisd-new, port 10024) with LMTP id 05080-03-5; Thu, 18 Mar 2004 09:28:14 +0100 (CET) Received: from asterix.unibe.ch (asterix.unibe.ch [130.92.64.4]) by mailhub01.unibe.ch (Postfix) with ESMTP id AB4B925BA10; Thu, 18 Mar 2004 09:28:12 +0100 (MET) Received: from speedy.unibe.ch (speedy [130.92.64.35]) by asterix.unibe.ch (8.11.7p1+Sun/8.11.7) with ESMTP id i2I8SCb18375; Thu, 18 Mar 2004 09:28:12 +0100 (MET) Received: (from roth@localhost) by speedy.unibe.ch (8.12.10+Sun/8.12.9/Submit) id i2I8SAuf021678; Thu, 18 Mar 2004 09:28:10 +0100 (MET) Date: Thu, 18 Mar 2004 09:28:10 +0100 From: Tobias Roth To: "Peter C. Lai" Message-ID: <20040318082810.GA21089@speedy.unibe.ch> References: <20040317070051.GC716@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040317070051.GC716@cowbert.2y.net> User-Agent: Mutt/1.4i X-message-flag: Warning! Using Outlook is insecure and promotes virus distribution. Please use a different email client. X-Virus-checked: by University of Berne cc: security@freebsd.org Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 08:28:22 -0000 On Wed, Mar 17, 2004 at 02:00:51AM -0500, Peter C. Lai wrote: > Seeing as > the security officer apparently (without announcement) no longer issues > security notices (SNs) for ports is this true? no more advisories concerning ports? thx, t. From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 06:00:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C86516A4CE for ; Thu, 18 Mar 2004 06:00:44 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBB4543D31 for ; Thu, 18 Mar 2004 06:00:43 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 697625482B; Thu, 18 Mar 2004 08:00:43 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 49629-05; Thu, 18 Mar 2004 08:00:32 -0600 (CST) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 9E78A54846; Thu, 18 Mar 2004 08:00:32 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id 2B24D1699BD; Thu, 18 Mar 2004 07:59:58 -0600 (CST) Date: Thu, 18 Mar 2004 07:59:57 -0600 From: "Jacques A. Vidrine" To: Tobias Roth Message-ID: <20040318135957.GC11791@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Tobias Roth , "Peter C. Lai" , security@freebsd.org References: <20040317070051.GC716@cowbert.2y.net> <20040318082810.GA21089@speedy.unibe.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040318082810.GA21089@speedy.unibe.ch> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: security@freebsd.org Subject: Re: portaudit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 14:00:44 -0000 On Thu, Mar 18, 2004 at 09:28:10AM +0100, Tobias Roth wrote: > On Wed, Mar 17, 2004 at 02:00:51AM -0500, Peter C. Lai wrote: > > > > Seeing as > > the security officer apparently (without announcement) no longer issues > > security notices (SNs) for ports > > > is this true? no more advisories concerning ports? Advisories concerning ports have not been published for about two years. Most ports issues were very minor, and we wished to reserve advisories for issues affecting all FreeBSD systems--- i.e., software in the base system. The Security Notices were experimentally published to help keep users informed about non-FreeBSD vulnerabilities in packages in the Ports Collection. However, I am sorry to say, that the experiment failed: there were few contributions to security notices, and I was not able to effectively produce them on my own. Thus, I recently created the Vulnerabilities and eXposures Markup Language (VuXML), a format for documenting the vulnerabilities in a software collection such as the FreeBSD Ports Collection. Any ports committer may create entries; any FreeBSD contributor may send-pr entries. Over time, it is expected that ports maintainers will be primarily responsible for tracking security issues in their ports, although the security officer will always act as `Editor' and often add entries also. In this fashion, we should be able to keep users informed of issues in all of our 10,000+ ports. There is still some tweaking going on, but VuXML (and any tools using it, like `portaudit') will be featured in an `official' announcement within a few weeks. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 06:00:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAA6516A4CE for ; Thu, 18 Mar 2004 06:00:54 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82D7A43D39 for ; Thu, 18 Mar 2004 06:00:54 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 1AAFF5487E; Thu, 18 Mar 2004 08:00:54 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 49629-06; Thu, 18 Mar 2004 08:00:43 -0600 (CST) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id E7F015486E; Thu, 18 Mar 2004 08:00:32 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id EE347169969; Thu, 18 Mar 2004 07:38:37 -0600 (CST) Date: Thu, 18 Mar 2004 07:38:37 -0600 From: "Jacques A. Vidrine" To: Rostislav Krasny Message-ID: <20040318133837.GB11791@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Rostislav Krasny , Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , freebsd-security@freebsd.org References: <20040318022009.52877.qmail@web14804.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040318022009.52877.qmail@web14804.mail.yahoo.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 14:00:54 -0000 On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > Do you imply that applications with ability to use Kerberos > ciphersuites are impossible to be implemented for current versions of FreeBSD? The base system OpenSSL has no support for implementing the Kerberos ciphersuites (the OpenSSL code is extremely MIT Kerberos specific). The ports system OpenSSL appears to have no support, either. If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* enables the Kerberos options, *and* has all ciphersuites (or at least the Kerberos ciphersuites) specified in your application's configuration, then you might be affected. But that has nothing to do with FreeBSD. Thus, answering your question again: Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects Kerberos ciphersuites" security problem? No, FreeBSD is not. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 12:17:32 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A86116A4CE for ; Thu, 18 Mar 2004 12:17:32 -0800 (PST) Received: from mail.dgap.mipt.ru (dgap-gw.mipt.ru [194.85.81.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id E054443D2D for ; Thu, 18 Mar 2004 12:17:31 -0800 (PST) (envelope-from andrew@nas.dgap.mipt.ru) Received: (qmail 30555 invoked from network); 18 Mar 2004 20:17:27 -0000 Received: from unknown (HELO nas.dgap.mipt.ru) ([194.85.81.203]) (envelope-sender ) by dgap-gw.mipt.ru (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 18 Mar 2004 20:17:27 -0000 Received: from nas.dgap.mipt.ru (localhost [127.0.0.1]) by nas.dgap.mipt.ru (8.12.8p2/8.12.8) with ESMTP id i2IKHREf014861 for ; Thu, 18 Mar 2004 23:17:27 +0300 (MSK) (envelope-from andrew@nas.dgap.mipt.ru) Received: (from andrew@localhost) by nas.dgap.mipt.ru (8.12.8p2/8.12.8/Submit) id i2IKHRPW014860 for freebsd-security@freebsd.org; Thu, 18 Mar 2004 23:17:27 +0300 (MSK) Date: Thu, 18 Mar 2004 23:17:27 +0300 From: "Andrew L. Neporada" To: freebsd-security@freebsd.org Message-ID: <20040318201727.GA14840@nas.dgap.mipt.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: latest openssl vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 20:17:32 -0000 Is it true that (dynamic) binaries are vulnerable if and only if they are linked with libssl.so.3, not with libcrypt or libcrypto? Thanks for your help. Andrew. From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 12:32:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0791516A4CE for ; Thu, 18 Mar 2004 12:32:54 -0800 (PST) Received: from web14803.mail.yahoo.com (web14803.mail.yahoo.com [216.136.224.219]) by mx1.FreeBSD.org (Postfix) with SMTP id D81D343D31 for ; Thu, 18 Mar 2004 12:32:53 -0800 (PST) (envelope-from rosti_bsd@yahoo.com) Message-ID: <20040318203253.27206.qmail@web14803.mail.yahoo.com> Received: from [192.117.108.59] by web14803.mail.yahoo.com via HTTP; Thu, 18 Mar 2004 12:32:53 PST Date: Thu, 18 Mar 2004 12:32:53 -0800 (PST) From: Rostislav Krasny To: "Jacques A. Vidrine" In-Reply-To: <20040318133837.GB11791@lum.celabo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 20:32:54 -0000 --- "Jacques A. Vidrine" wrote: > On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > > Do you imply that applications with ability to use Kerberos > > ciphersuites are impossible to be implemented for current versions > > of FreeBSD? > > The base system OpenSSL has no support for implementing the Kerberos > ciphersuites (the OpenSSL code is extremely MIT Kerberos specific). > > The ports system OpenSSL appears to have no support, either. Finally someone gave a good explanation to my question. This explanation is quite enough to understand that FreeBSD is not vulnerable to mentioned OpenSSL flaw. Thank you! > If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* > enables the Kerberos options, *and* has all ciphersuites (or at least > the Kerberos ciphersuites) specified in your application's > configuration, then you might be affected. But that has nothing to > do with FreeBSD. > Thus, answering your question again: > > Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects > Kerberos ciphersuites" security problem? > > No, FreeBSD is not. Thank you again for solely correct answer. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 12:33:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3631116A4D1 for ; Thu, 18 Mar 2004 12:33:13 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id D670A43D1F for ; Thu, 18 Mar 2004 12:33:12 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 883F75482B; Thu, 18 Mar 2004 14:33:10 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 3AD626D455; Thu, 18 Mar 2004 14:33:10 -0600 (CST) Date: Thu, 18 Mar 2004 14:33:10 -0600 From: "Jacques A. Vidrine" To: "Andrew L. Neporada" Message-ID: <20040318203310.GA51002@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , "Andrew L. Neporada" , freebsd-security@freebsd.org References: <20040318201727.GA14840@nas.dgap.mipt.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040318201727.GA14840@nas.dgap.mipt.ru> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-security@freebsd.org Subject: Re: latest openssl vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 20:33:13 -0000 On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > Is it true that (dynamic) binaries are vulnerable if and only if they are > linked with libssl.so.3, not with libcrypt or libcrypto? Yes, the bug is in libssl. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 23:44:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE0F416A4CE for ; Thu, 18 Mar 2004 23:44:13 -0800 (PST) Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FA0843D45 for ; Thu, 18 Mar 2004 23:44:13 -0800 (PST) (envelope-from vlm@netli.com) Received: (qmail 16009 invoked by uid 84); 19 Mar 2004 07:44:12 -0000 Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.170438 secs); 19 Mar 2004 07:44:12 -0000 Received: from unknown (HELO netli.com) (172.17.1.12) by mx01-pal-lan.netli.lan with SMTP; 19 Mar 2004 07:44:12 -0000 Message-ID: <405AA511.6070805@netli.com> Date: Thu, 18 Mar 2004 23:45:21 -0800 From: Lev Walkin Organization: Netli, Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040307 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: "Jacques A. Vidrine" References: <20040318201727.GA14840@nas.dgap.mipt.ru> <20040318203310.GA51002@madman.celabo.org> In-Reply-To: <20040318203310.GA51002@madman.celabo.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org cc: "Andrew L. Neporada" Subject: Re: latest openssl vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 07:44:13 -0000 Jacques A. Vidrine wrote: > On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > >>Is it true that (dynamic) binaries are vulnerable if and only if they are >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > Yes, the bug is in libssl. No, the libssl library might as well be compiled in statically into an otherwise dynamic binary. So, if a dynamic binary is not linked with libssl.so.*, it isn't a reliable indicator of a vulnerability. -- Lev Walkin vlm@netli.com From owner-freebsd-security@FreeBSD.ORG Fri Mar 19 00:51:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 974D116A4CE for ; Fri, 19 Mar 2004 00:51:55 -0800 (PST) Received: from mail.dgap.mipt.ru (dgap-gw.mipt.ru [194.85.81.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6F9543D1D for ; Fri, 19 Mar 2004 00:51:54 -0800 (PST) (envelope-from andrew@nas.dgap.mipt.ru) Received: (qmail 22537 invoked from network); 19 Mar 2004 08:51:53 -0000 Received: from unknown (HELO nas.dgap.mipt.ru) ([194.85.81.203]) (envelope-sender ) by dgap-gw.mipt.ru (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 19 Mar 2004 08:51:53 -0000 Received: from nas.dgap.mipt.ru (localhost [127.0.0.1]) by nas.dgap.mipt.ru (8.12.8p2/8.12.8) with ESMTP id i2J8prEf017058; Fri, 19 Mar 2004 11:51:53 +0300 (MSK) (envelope-from andrew@nas.dgap.mipt.ru) Received: (from andrew@localhost) by nas.dgap.mipt.ru (8.12.8p2/8.12.8/Submit) id i2J8prVv017057; Fri, 19 Mar 2004 11:51:53 +0300 (MSK) Date: Fri, 19 Mar 2004 11:51:53 +0300 From: "Andrew L. Neporada" To: Lev Walkin Message-ID: <20040319085153.GA17005@nas.dgap.mipt.ru> References: <20040318201727.GA14840@nas.dgap.mipt.ru> <20040318203310.GA51002@madman.celabo.org> <405AA511.6070805@netli.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <405AA511.6070805@netli.com> User-Agent: Mutt/1.4i cc: freebsd-security@freebsd.org Subject: Re: latest openssl vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 08:51:55 -0000 On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote: > Jacques A. Vidrine wrote: > >On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > > > >>Is it true that (dynamic) binaries are vulnerable if and only if they are > >>linked with libssl.so.3, not with libcrypt or libcrypto? > > > > > >Yes, the bug is in libssl. > > > No, the libssl library might as well be compiled in statically into an > otherwise dynamic binary. So, if a dynamic binary is not linked with > libssl.so.*, it isn't a reliable indicator of a vulnerability. Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base install, right? > > > -- > Lev Walkin > vlm@netli.com Andrew. From owner-freebsd-security@FreeBSD.ORG Fri Mar 19 01:18:29 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB44A16A4CE for ; Fri, 19 Mar 2004 01:18:29 -0800 (PST) Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB8B843D39 for ; Fri, 19 Mar 2004 01:18:29 -0800 (PST) (envelope-from vlm@netli.com) Received: (qmail 21327 invoked by uid 84); 19 Mar 2004 09:18:29 -0000 Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.16834 secs); 19 Mar 2004 09:18:29 -0000 Received: from unknown (HELO netli.com) (172.17.1.12) by mx01-pal-lan.netli.lan with SMTP; 19 Mar 2004 09:18:29 -0000 Message-ID: <405ABB2A.8010209@netli.com> Date: Fri, 19 Mar 2004 01:19:38 -0800 From: Lev Walkin Organization: Netli, Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040307 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: "Andrew L. Neporada" References: <20040318201727.GA14840@nas.dgap.mipt.ru> <20040318203310.GA51002@madman.celabo.org> <405AA511.6070805@netli.com> <20040319085153.GA17005@nas.dgap.mipt.ru> In-Reply-To: <20040319085153.GA17005@nas.dgap.mipt.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: latest openssl vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 09:18:30 -0000 Andrew L. Neporada wrote: > On Thu, Mar 18, 2004 at 11:45:21PM -0800, Lev Walkin wrote: > >>Jacques A. Vidrine wrote: >> >>>On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: >>> >>> >>>>Is it true that (dynamic) binaries are vulnerable if and only if they are >>>>linked with libssl.so.3, not with libcrypt or libcrypto? >>> >>> >>>Yes, the bug is in libssl. >> >> >>No, the libssl library might as well be compiled in statically into an >>otherwise dynamic binary. So, if a dynamic binary is not linked with >>libssl.so.*, it isn't a reliable indicator of a vulnerability. > > > Hmm... But threre is no such dynamic libraries in FreeBSD 4.x, 5.x base > install, right? You mean, dynamically linked binaries with statically embedded OpenSSL? Who knows ;) How can you check it, besides using (nm || strings) & grep?.. -- Lev Walkin vlm@netli.com