From owner-freebsd-security Fri Jul 14 19:18:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from alpha.simphost.com (alpha.simphost.com [216.84.199.194]) by hub.freebsd.org (Postfix) with ESMTP id 3D2B037BA88 for ; Fri, 14 Jul 2000 19:18:23 -0700 (PDT) (envelope-from jslivko@simphost.com) Received: by alpha.simphost.com (Postfix, from userid 1004) id CAFEA3071D; Fri, 14 Jul 2000 20:18:21 -0600 (MDT) Received: from localhost (localhost [127.0.0.1]) by alpha.simphost.com (Postfix) with ESMTP id C68D22C90F; Fri, 14 Jul 2000 20:18:21 -0600 (MDT) Date: Fri, 14 Jul 2000 20:18:21 -0600 (MDT) From: "Jonathan M. Slivko" To: Dave McKay Cc: FreeBSD Security , freebsd-security@freebsd.org Subject: Re: FreeBSD User Security Advisory: FreeBSD-SA-00:BG In-Reply-To: <20000714210633.A16306@elvis.mu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I hope so. But, if he's still subscribed to this list. FreeBSD DOESN'T have the power to serve you, bitch! ________________________________________________ Jonathan M. Slivko Technical Support: Simple Hosting Solutions Website: http://www.simphost.com, check us out! "The statements I make are not the statements of my employer!" -- Jonathan M. Slivko ________________________________________________ On Fri, 14 Jul 2000, Dave McKay wrote: > Account being canceled at this moment. > > FreeBSD Security (freebsd_security@hotmail.com) wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > ============================================================================= > > FreeBSD-SA-00:BG Security Advisory > > FreeBSD, > > Inc. > > > > Topic: The Brett Glass user can DOS the FreeBSD mailing lists. > > > > Category: user > > Module: Brett Glass > > Announced: 2000-07-14 > > Affects: Mailing lists > > Corrected: 2000-07-14 > > Vendor status: Patch released > > FreeBSD only: Yes > > > > I. Background > > > > The Brett Glass user is an active participant in various FreeBSD > > mailing lists. > > > > II. Problem Description > > > > The FreeBSD mailing lists are a vital part of the FreeBSD community > > and are the primary means by which many users obtain support and > > exchange important information. > > > > A mailing list participant named Brett Glass has been in recent > > weeks posting crack smoking ideas to the lists generating a lot of > > noise and rendering the mailing lists next to useless as a means > > of obtaining support and exchanging information. In other words, > > causing a Denial Of Service. > > > > The Brett Glass user is not installed by default, nor is it "part > > of FreeBSD" as such: it is part of the FreeBSD mailing lists, which > > are a publicly available resource. > > > > FreeBSD makes no claim about the benefits of having certain users > > participate in the mailing list discussions. > > > > Note, Linux mailing lists are thought not to be vulnerable due to > > the license under which Linux is covered. The Brett Glass user > > seems to avoid software distributed under the GPL. > > > > III. Impact > > > > Posts from the Brett Glass user can cause readers to miss vital > > information contained in some posts. It also has the effect of > > driving away some of the critical participants in the mailing lists. > > > > IV. Workaround > > > > Use your mail reader, or procmail, to filter all posts from the Brett > > Glass user. > > > > V. Solution > > > > Add the following to your procmail filter: > > > > :0 > > * ^From: brett@lariat\.org > > /dev/null > > > > -----BEGIN PGP SIGNATURE----- > > Version: 2.6.2 > > > > iQCVAwUBOW+p97KP7aiUpF5FAQGy3AP/UEfoMb6C6IjUnXPe6prdSDMzOTlqcmYA > > vquAomCIfTLbGaFkWsZL64xXSE0mfs5/X8LoubBi75RhnQ/TMYvE9GTMDIuUn6As > > lI3lL0wiQoAr0TX2R6TiPMvQK7JisvcoYr9NUWkXG8BuwZ1c+RKBgzgEseVP4UU/ > > y3lsjiEL3F0= > > =daPy > > -----END PGP SIGNATURE----- > > > > ________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Dave McKay > Network Engineer - Google Inc. > dave@mu.org - dave@google.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message