From owner-freebsd-questions Tue Dec 14 8:49:43 1999 Delivered-To: freebsd-questions@freebsd.org Received: from gate.hsag.com (gate.hsag.com [209.180.144.14]) by hub.freebsd.org (Postfix) with SMTP id 77F411515A for ; Tue, 14 Dec 1999 08:49:40 -0800 (PST) (envelope-from SWorthington@hsag.com) Received: (qmail 2109 invoked from network); 14 Dec 1999 16:34:48 -0000 Received: from unknown (HELO internal.hsag.com) (192.168.83.9) by 192.168.83.5 with SMTP; 14 Dec 1999 16:34:48 -0000 Received: from AZPRO-Message_Server by internal.hsag.com with Novell_GroupWise; Tue, 14 Dec 1999 09:51:36 -0700 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.2.1 Date: Tue, 14 Dec 1999 09:51:04 -0700 From: "Scott Worthington" To: Subject: CERT Advisory CA-99.15 Buffer Overflows in SSH and RSAREF2 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There is a CERT advisory that indicates (and I have a question that follows the quotes below): Some versions of sshd are vulnerable to a buffer overflow that can allow an intruder to influence certain variables internal to the program. This vulnerability alone does not allow an intruder to execute code. =20 However, a vulnerability in RSAREF2, which was discovered and researched by Core SDI, can be used in conjunction with the vulnerability in sshd to allow a remote intruder to execute arbitrary code. It also indicates for FreeBSD that: FreeBSD FreeBSD 3.3R and prior releases contain packages with this problem. This problem was corrected December 2, 1999 in the ports tree. Packages built after this date with the rsaref updated should be unaffected by this vulnerabilities. Some or all of the following ports may be affected should be rebuilt: =20 p5-Penguin, p5-Penguin-Easy, jp-pgp, ja-w3m-ssl, ko-pgp, pgpsendmail, pine4-ssl, premail, ParMetis, SSLtelnet, mpich, pipsecd, tund, nntpcache, p5-Gateway, p5-News-Article, ru-pgp, bjorb, keynote, OpenSSH, openssl, p5-PGP, p5-PGP-Sign, pgp, slush, ssh, sslproxy, stunnel, apache+mod_ssl, apache+ssl, lynx-ssl, w3m-ssl, zope =20 Please see the FreeBSD Handbook for information on how to obtain a current copy of the ports tree and how to rebuild those ports which depend on rsaref. My /usr/src are cvsup'ed every evening in addition to /usr/ports. 'make world' was performed Monday, Dec 13 and kernel is 3.4-RC. I have 'make deinstall' rsaref-2.0 and attempted to=20 'make reinstall' but I get this error: =3D=3D=3D> Patching for rsaref-2.0 =3D=3D=3D> Applying FreeBSD patches for rsaref-2.0 Ignoring previously applied (or reversed) patch. 1 out of 1 hunks ignored--saving rejects to rsaref.h.rej *** Error code 1 Stop. This error was generated after an initial 4 out of 4 hunks ignored and 'make reinstall' was performed again. The error can be generated on machines that had rsaref previously installed as well as machines that never had rsaref installed. Are the patches for /usr/ports/security/rsaref broken now? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message