From owner-freebsd-security@FreeBSD.ORG Thu May 27 07:00:41 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ACC21065673 for ; Thu, 27 May 2010 07:00:41 +0000 (UTC) (envelope-from lynx.ripe@gmail.com) Received: from mail-gx0-f224.google.com (mail-gx0-f224.google.com [209.85.217.224]) by mx1.freebsd.org (Postfix) with ESMTP id 35C708FC18 for ; Thu, 27 May 2010 07:00:40 +0000 (UTC) Received: by gxk24 with SMTP id 24so4147448gxk.3 for ; Thu, 27 May 2010 00:00:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=A50BeKOadJhfdiVuEdjMTzpQ9x1s+us8CGRbysnrkxw=; b=g6/8RxEGyE103XnucsoLKfsLKwTgUI6pSz8mEIuE6YOAdqECA0nLU2HMkq5XbGESdF OU1XwFRv3g8dUB1sg4RqhDpBkKp1G2HH3kbmd35hqv2bljcbNTpcxJjWWwESnqkIKkfR GH7UhveN5DlKlZVme/7Dq1y/cOT2SH/MA517Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=ZADUKy3S2StWYN0L8uGrxiEZZQkdY3vTTTFPx1ppMMX8kur3Oo/w2yGlzZg/05/4tC QWGAqadUHLtxjY++rsWp0z7mJRanBu/dGNLxaRKjh8gN4iyN2dKYSonmySb8lsMJHu+Z 9NAmxnU3DEzk1HsoMpHQo1w5zfQKqxi59WkLg= MIME-Version: 1.0 Received: by 10.231.120.37 with SMTP id b37mr177487ibr.81.1274943579067; Wed, 26 May 2010 23:59:39 -0700 (PDT) Received: by 10.231.178.162 with HTTP; Wed, 26 May 2010 23:59:38 -0700 (PDT) In-Reply-To: <201005270325.o4R3P7Bj009279@freefall.freebsd.org> References: <201005270325.o4R3P7Bj009279@freefall.freebsd.org> Date: Thu, 27 May 2010 09:59:38 +0300 Message-ID: From: Dmitry Pryanishnikov To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: FreeBSD Security Advisory FreeBSD-SA-10:05.opie X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 07:00:41 -0000 Hello! 2010/5/27 FreeBSD Security Advisories : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-SA-10:05.opie =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 Security Advisory > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0The FreeBSD Project ... > IV. =A0Workaround > No workaround is available, but systems without OPIE capable services > running are not vulnerable. Wouldn't just commenting out all references to pam_opie* in /etc/pam.d/* create a viable workaround? > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch > # fetch http://security.FreeBSD.org/patches/SA-10-05/opie.patch.asc Apparently correct URLs are # fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch # fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch.asc --=20 Sincerely, Dmitry nic-hdl: LYNX-RIPE