From owner-freebsd-security Thu Jul 26 6:22:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by hub.freebsd.org (Postfix) with ESMTP id 2E14637B409; Thu, 26 Jul 2001 06:22:37 -0700 (PDT) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost) by prime.gushi.org (8.11.3/8.11.3) with ESMTP id f6QDJLL09461; Thu, 26 Jul 2001 09:19:21 -0400 (EDT) Date: Thu, 26 Jul 2001 09:19:20 -0400 (EDT) From: "Dan Mahoney, System Admin" To: security@freebsd.org Cc: security-officer@freebsd.org Subject: Mistake in security advisory. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd like to point out what I think is a slight error in the security advisory, although I may be wrong about this. Watch for my c-style comments below: # ls /usr/src/crypto/telnet/telnetd A response of ls: /usr/src/crypto/telnet/telnetd: No such file or directory indicates you do not have the sources present and should download the non-crypto-telnet patch. These patches have been verified to apply to FreeBSD 4.2-RELEASE, 4.3-RELEASE and 3.5.1-STABLE dated prior to 2001-07-20 (users of 3.5.1-RELEASE must have applied the patches from FreeBSD Security Advisory 00:69 prior to applying this patch). These patches may or may not apply to older, unsupported releases of FreeBSD. 2a) For systems with the crypto-telnet sources installed Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch.asc /* This patch applies cleanly to 3.5.1-STABLE systems, and the above directory exists. */ # cd /usr/src/ # patch -p < /path/to/patch # cd /usr/src/secure/libexec/telnetd # make depend && make all install /* This directory does NOT exist, only /usr/src/libexec/telnetd exists in 3.5.1-Stable */ 2b) For systems without the crypto-telnet sources installed Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch.asc # cd /usr/src/ # patch -p < /path/to/patch # cd /usr/src/libexec/telnetd # make depend && make all install /* Yet this command appears to build the telnet daemon with the applied patches. Can someone confirm this for me? For what it's worth, the above advisory confused me, so I simply re-cvsupped my entire source tree, and then followed the instructions immediately above. */ Perchance a correction can save someone else the same trouble. -Dan mahoney -- "Don't be so depressed dear." "I have no endorphins, what am I supposed to do?" -DM and SK, February 10th, 1999 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message