From owner-freebsd-security  Sun Sep  5 19:29:10 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 0B92E1575A
	for <freebsd-security@FreeBSD.ORG>; Sun,  5 Sep 1999 19:28:59 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA33033;
	Sun, 5 Sep 1999 20:28:10 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA01416; Sun, 5 Sep 1999 20:27:13 -0600 (MDT)
Message-Id: <199909060227.UAA01416@harmony.village.org>
To: spork <spork@super-g.com>
Subject: Re: Security Alerts 
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Fri, 03 Sep 1999 13:44:42 EDT."
		<Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com> 
References: <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com>  
Date: Sun, 05 Sep 1999 20:27:13 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com> spork writes:
: I've been reading bugtraq more often that this list (2500 messages in this
: box..) and following a few FBSD exploits there (/etc/security / fts, the
: mbuf DoS) and also a few where it's unclear as to whether FBSD is affected
: (libtermcap, wu-ftpd, proftpd).

The security officer handles this.  Some advisories have been issued,
more to follow.  We don't issue advisories for problems that don't
impact us.  This means there will be no libtermcap nor cron because
FreeBSD is not vulnerable to those exploits.

: So what I'm wondering is whether the project is in need of someone to
: digest, discuss, and regurgitate some of these things into security
: advisories.  I personally can appreciate the fact that an ordinary user or
: admin might not be able to follow every bug that comes up on bugtraq or on
: this list, and the idea of a central repository on the FreeBSD webpage
: that is kept up to date and includes third-party software (esp. if it's in
: common use, like wu) seems like a good one.

Yes.  It is an excellent idea.  I'm looking for ways to help in
advising on third party software used with freebsd, like wuftpd.

: So I'm volunteering to write this stuff up, all I need is the go-ahead
: from someone...

Send me something privately and I'll let you know if you are on the
right track.

Warner
FreeBSD Security Officer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message