From owner-freebsd-security Fri Jul 14 18:14:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f17.law10.hotmail.com [64.4.15.17]) by hub.freebsd.org (Postfix) with SMTP id 5CE6337BF60 for ; Fri, 14 Jul 2000 18:14:04 -0700 (PDT) (envelope-from freebsd_security@hotmail.com) Received: (qmail 49833 invoked by uid 0); 15 Jul 2000 01:14:00 -0000 Message-ID: <20000715011400.49832.qmail@hotmail.com> Received: from 204.120.50.1 by www.hotmail.com with HTTP; Fri, 14 Jul 2000 18:14:00 PDT X-Originating-IP: [204.120.50.1] From: "FreeBSD Security" To: freebsd-security@freebsd.org Subject: FreeBSD User Security Advisory: FreeBSD-SA-00:BG Date: Sat, 15 Jul 2000 01:14:00 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:BG Security Advisory FreeBSD, Inc. Topic: The Brett Glass user can DOS the FreeBSD mailing lists. Category: user Module: Brett Glass Announced: 2000-07-14 Affects: Mailing lists Corrected: 2000-07-14 Vendor status: Patch released FreeBSD only: Yes I. Background The Brett Glass user is an active participant in various FreeBSD mailing lists. II. Problem Description The FreeBSD mailing lists are a vital part of the FreeBSD community and are the primary means by which many users obtain support and exchange important information. A mailing list participant named Brett Glass has been in recent weeks posting crack smoking ideas to the lists generating a lot of noise and rendering the mailing lists next to useless as a means of obtaining support and exchanging information. In other words, causing a Denial Of Service. The Brett Glass user is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD mailing lists, which are a publicly available resource. FreeBSD makes no claim about the benefits of having certain users participate in the mailing list discussions. Note, Linux mailing lists are thought not to be vulnerable due to the license under which Linux is covered. The Brett Glass user seems to avoid software distributed under the GPL. III. Impact Posts from the Brett Glass user can cause readers to miss vital information contained in some posts. It also has the effect of driving away some of the critical participants in the mailing lists. IV. Workaround Use your mail reader, or procmail, to filter all posts from the Brett Glass user. V. Solution Add the following to your procmail filter: :0 * ^From: brett@lariat\.org /dev/null -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOW+p97KP7aiUpF5FAQGy3AP/UEfoMb6C6IjUnXPe6prdSDMzOTlqcmYA vquAomCIfTLbGaFkWsZL64xXSE0mfs5/X8LoubBi75RhnQ/TMYvE9GTMDIuUn6As lI3lL0wiQoAr0TX2R6TiPMvQK7JisvcoYr9NUWkXG8BuwZ1c+RKBgzgEseVP4UU/ y3lsjiEL3F0= =daPy -----END PGP SIGNATURE----- ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message