From owner-freebsd-security Sun Mar 12 19: 9:29 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id A67F937B970; Sun, 12 Mar 2000 19:09:27 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A4A3F2E8158 for ; Sun, 12 Mar 2000 19:09:27 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sun, 12 Mar 2000 19:09:27 -0800 (PST) From: Kris Kennaway To: security@freebsd.org Subject: KDE 1.1.1 vulnerability Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It was pointed out to me that the previous version of KDE (v1.1.1) contains a local root exploit - KDE 1.1.2 has been available in ports since September 1999, but in case anyone is still running the old version in a multi-user environment then you should take steps to upgrade immediately. In general, it is sensible to upgrade fairly aggressively with large ports like KDE because with so much code involved, chances are there are lots of bug fixes - and one or two security fixes - with each upgrade. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 12 23:56:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 5BA9737B53F for ; Sun, 12 Mar 2000 23:56:31 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id SAA07381; Mon, 13 Mar 2000 18:57:01 +1100 (EST) From: Darren Reed Message-Id: <200003130757.SAA07381@cairo.anu.edu.au> Subject: Re: More ipf fun.. To: bens_lists@mailandnews.com (Ben H) Date: Mon, 13 Mar 2000 18:57:01 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20000311144931.A1531@lust.poo.pants> from "Ben H" at Mar 11, 2000 02:49:31 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Ben H, sie said: > > Thanks to all those who helped me get ipfilter in the kernel, now all i > gotta do is figure why it doesnt work (: > > im wondering could it be because the kernel is 3.4 and teh ipf binaries are > 3.3? if so how would i upgrade them? best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and download 3.3.11 and upgrade the lot. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 13 1:15:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from security.za.net (security.za.net [209.212.100.194]) by hub.freebsd.org (Postfix) with ESMTP id 3DC4937B9A1 for ; Mon, 13 Mar 2000 01:15:21 -0800 (PST) (envelope-from jus@security.za.net) Received: from localhost (jus@localhost) by security.za.net (8.9.3/8.9.3) with ESMTP id LAA58948 for ; Mon, 13 Mar 2000 11:18:31 +0200 (SAST) (envelope-from jus@security.za.net) Date: Mon, 13 Mar 2000 11:18:31 +0200 (SAST) From: Justin Stanford To: freebsd-security@freebsd.org Subject: IRCII-4.4 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, folks Can anyone confirm the supposed vulnerability in ircII-4.4? Is it necesary to upgrade to 4.4M, and have ports got this lined up? Regards, jus -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 13 2: 9:24 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id A50ED37B558; Mon, 13 Mar 2000 02:09:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A2A9E2E8159; Mon, 13 Mar 2000 02:09:21 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Mon, 13 Mar 2000 02:09:21 -0800 (PST) From: Kris Kennaway To: Justin Stanford Cc: freebsd-security@freebsd.org Subject: Re: IRCII-4.4 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 13 Mar 2000, Justin Stanford wrote: > Hi, folks > > Can anyone confirm the supposed vulnerability in ircII-4.4? Is it necesary > to upgrade to 4.4M, and have ports got this lined up? > I was a bit too late to get the fixed port in time for 4.0, but Satoshi did mark it forbidden which is better than shipping an insecure port. In the meantime, there's an upgrade at: http:://www.freebsd.org/~kris/ircII.patch which upgrades to 4.4M Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 14 8:27:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from qabbani.tarjema.com (tarjema.com [209.221.173.34]) by hub.freebsd.org (Postfix) with ESMTP id 9078937B9D3 for ; Tue, 14 Mar 2000 08:27:40 -0800 (PST) (envelope-from tgregory@tarjema.com) Received: from tarjema.com (gatekeeper.semaphore.net [209.221.173.65]) by qabbani.tarjema.com (8.9.3/8.9.3) with ESMTP id IAA35944 for ; Tue, 14 Mar 2000 08:27:24 -0800 (PST) (envelope-from tgregory@tarjema.com) Message-ID: <38CE684F.39657A28@tarjema.com> Date: Tue, 14 Mar 2000 08:26:55 -0800 From: "Timothy A. Gregory" Reply-To: tgregory@tarjema.com Organization: Tarjema X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: InterScan Virus Wall for Linux Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone had any luck getting InterScan VirusWall for Linux running on FreeBSD? I've gotten the package installed, the RedHat 6.1 packages but when I try to run the 'scanning' daemons (their sendmail, ishttpd, isftpd etc) I get seg faults... Thanks for any help! -- ---------------------------------------------------------------- Timothy A. Gregory Systems Administrator Semaphore Corporation http://www.semaphore.com 206.905.5000 tgregory@semaphore.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 14 19:46:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2629137B803; Tue, 14 Mar 2000 19:46:22 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA60703; Tue, 14 Mar 2000 19:46:21 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 14 Mar 2000 19:46:21 -0800 (PST) From: Kris Kennaway To: Darren Reed Cc: Ben H , freebsd-security@FreeBSD.ORG Subject: Re: More ipf fun.. In-Reply-To: <200003130757.SAA07381@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 13 Mar 2000, Darren Reed wrote: > best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and > download 3.3.11 and upgrade the lot. Or you could import this into FreeBSD yourself..that is what your commit bit is for, remember :-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 14 20: 7:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id D2DEA37B5C7; Tue, 14 Mar 2000 20:07:08 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id PAA06437; Wed, 15 Mar 2000 15:07:32 +1100 (EST) From: Darren Reed Message-Id: <200003150407.PAA06437@cairo.anu.edu.au> Subject: ubje To: kris@FreeBSD.ORG (Kris Kennaway) Date: Wed, 15 Mar 2000 15:07:32 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Kris Kennaway" at Mar 14, 2000 07:46:21 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Kris Kennaway, sie said: > > On Mon, 13 Mar 2000, Darren Reed wrote: > > > best way is to goto http://coombs.anu.edu.au/~avalon/ip-filter.html and > > download 3.3.11 and upgrade the lot. > > Or you could import this into FreeBSD yourself..that is what your commit > bit is for, remember :-) Now that the freeze is lifted, yes...but I'll wait for 3.4 Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 9:33:16 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id C8D9737BADE; Wed, 15 Mar 2000 09:33:08 -0800 (PST) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000315173308.C8D9737BADE@hub.freebsd.org> Date: Wed, 15 Mar 2000 09:33:08 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:07 Security Advisory FreeBSD, Inc. Topic: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports allow remote execution of binary code Category: ports Module: mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: [See below for a more complete description] All versions fixed in 4.0-RELEASE. mh: 2000-03-04 nmh: 2000-02-29 ja-mh: 2000-03-11 exmh: 2000-03-05 exmh2: 2000-03-05 ja-exmh2: 2000-03-11 FreeBSD only: NO I. Background MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are TCL/TK-based front-ends to the MH system. There are also Japanese-language versions of the MH and EXMH2 ports. II. Problem Description The mhshow command used for viewing MIME attachments contains a buffer overflow which can be exploited by a specially-crafted email attachment, which will allow the execution of arbitrary code as the local user when the attachment is opened. The *MH ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to this problem. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact An attacker who can convince a user to open a hostile MIME attachment sent as part of an email message can execute arbitrary binary code running with the privileges of that user. If you have not chosen to install any of the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports/packages, then your system is not vulnerable. IV. Workaround 1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will prevent the viewing of MIME attachments from within *mh. 2) Remove the mh/nmh/ja-mh/exmh/exmh2/ja-exmh2 ports, if you you have installed them. V. Solution The English language version of the MH software is no longer actively developed, and no fix is currently available. It is unknown whether a fix to the problem will be forthcoming - consider upgrading to use NMH instead, which is the designated successor of the MH software. EXMH and EXMH2 can both be compiled to use NMH instead (this is now the default behaviour). It is not necessary to recompile EXMH/EXMH2 after reinstalling NMH. The Japanese-language version of MH is being actively developed and has been patched to fix the problem. SOLUTION: Remove any old versions of the mail/mh, mail/nmh or japanese/mh ports and perform one of the following: 1) Upgrade your entire ports collection and rebuild the mail/nmh port, or the japanese/mh port. 2) Reinstall a new package obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/ja-mh-6.8.4.3.03 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/ja-mh-6.8.4.3.03 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/ja-mh-6.8.4.3.03 3) download a new port skeleton for the nmh/ja-mh port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/I9lUuHi5z0oilAQFCRgP/ZQNoWGqJN7M9M8cp4TD0F+8h1eUsROPs nIQ0n1nG+Ii68M4b8ZZYNOgGZQU8RrUGqoq4uKd8qPj0ORX0B1t0yaMvNU8W/ci+ f8nyqHAf3pkuh1SLmM3Gwd7W+8fCX/+D3zV8ZY3uPL0edrpO7wBGFReY6QmjzGmo m8pP6qMUUAA= =7cV0 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 9:34:51 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id F231737BA56; Wed, 15 Mar 2000 09:34:43 -0800 (PST) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000315173443.F231737BA56@hub.freebsd.org> Date: Wed, 15 Mar 2000 09:34:43 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:08 Security Advisory FreeBSD, Inc. Topic: Lynx ports contain numerous buffer overflows Category: ports Module: lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: See below. FreeBSD only: NO I. Background Lynx is a popular text-mode WWW browser, available in several versions including SSL support and Japanese language localization. II. Problem Description The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities (publicized on the BugTraq mailing list) exploitable by a malicious server. The lynx ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. If you have not chosen to install any of the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then your system is not vulnerable. IV. Workaround Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you you have installed them. V. Solution Unfortunately, there is no simple fix to the security problems with the lynx code: it will require a full review by the lynx development team and recoding of the affected sections with a more security-conscious attitude. In the meantime, there are two other text-mode WWW browsers available in FreeBSD ports: www/w3m (also available in www/w3m-ssl for an SSL-enabled version, and japanese/w3m for Japanese-localization) and www/links. Note that the FreeBSD Security Officer does not make any recommendation about the security of these two browsers - in particular, they both appear to contain potential security risks, and a full audit has not been performed, but at present no proven security holes are known. User beware - please watch for future security advisories which will publicize any such vulnerabilities discovered in these ports. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/JklUuHi5z0oilAQEbzQP+K5HbTRk40fmb+pKOcUDD/r4ofcrkWtXn Ya7PT/ALXvUnohm/jqKofNk9cXK1EspbgHb9N1OJZEzcYUAy378WpQgWh4uxKQa7 +541CwFPPIbWfJQJCOaUODN2qwnXdqXMj6noCKRMN0c3tBRG6R2zEfVaM1vMNS1+ +vcp5WAqDu4= =dtMU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 9:36:34 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 120F537C0AF; Wed, 15 Mar 2000 09:36:26 -0800 (PST) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:09.mtr Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000315173626.120F537C0AF@hub.freebsd.org> Date: Wed, 15 Mar 2000 09:36:26 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:09 Security Advisory FreeBSD, Inc. Topic: mtr port contains a local root exploit. Category: ports Module: mtr Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: 2000-03-07 (included in FreeBSD 4.0-RELEASE) FreeBSD only: NO I. Background mtr ("Multi Traceroute") combines the functionality of the "traceroute" and "ping" programs into a single network diagnostic tool. II. Problem Description The mtr program (versions 0.41 and below) fails to correctly drop setuid root privileges during operation, allowing a local root compromise. The mtr port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to this problem. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A local user can exploit the security hole to obtain root privileges. If you have not chosen to install the mtr port/package, then your system is not vulnerable. IV. Workaround 1) Remove the mtr port if you have installed it. 2) Disable the setuid bit - run the following command as root: chmod u-s /usr/local/sbin/mtr This will mean non-root users cannot make use of the program, since it requires root privileges to properly run. V. Solution 1) Upgrade your entire ports collection and rebuild the mtr port. 2) Reinstall a new package obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz Note: it may be several days before the updated packages are available. 3) download a new port skeleton for the mtr port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/J3FUuHi5z0oilAQFdjQP+MCxSn1WYvRehaxky8xnOLP8sAOiLvxLf DG3emT6hgG7IFKTHNQ/KvHE5M9Y4/frk1tJGKVb/RKEbpbDDF3mmN0eq6S2B2Qda TB4YjbaLVAnFKVhFcbZjVfc4YTtutNgl7xd/4bvXennki77oQiO5T3VRNnIXkjD1 NUk4XQDyTQ4= =Rrxf -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 9:38: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 8949337BEBE; Wed, 15 Mar 2000 09:37:57 -0800 (PST) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:10.orville-write Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000315173757.8949337BEBE@hub.freebsd.org> Date: Wed, 15 Mar 2000 09:37:57 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:10 Security Advisory FreeBSD, Inc. Topic: orville-write port contains local root compromise. Category: ports Module: orville-write Announced: 2000-03-15 Affects: Ports collection before the correction date. Corrected: 2000-03-09 FreeBSD only: Yes I. Background Orville-write is a replacement for the write(1) command, which provides improved control over message delivery and other features. II. Problem Description One of the commands installed by the port is incorrectly installed with setuid root permissions. The 'huh' command should not have any special privileges since it is intended to be run by the local user to view his saved messages. The orville-write port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to this problem. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A local user can exploit a buffer overflow in the 'huh' utility to obtain root privileges. If you have not chosen to install the orville-write port/package, then your system is not vulnerable. IV. Workaround Remove the orville-write port if you have installed it. V. Solution Remove the setuid bit from the huh utility, by executing the following command as root: chmod u-s /usr/local/bin/huh It is not necessary to reinstall the orville-write port, although this can be done in one of the following ways if desired: 1) Upgrade your entire ports collection and rebuild the orville-write port. 2) Reinstall a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz Note: it may be several days before the updated packages are available. 3) download a new port skeleton for the orville-write port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf 8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV 9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr YTNtkrInpV0= =c84W -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 11:30: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.fns.matrix.com.br (smtp.matrix.com.br [200.202.17.7]) by hub.freebsd.org (Postfix) with ESMTP id 1F44437C0D3 for ; Wed, 15 Mar 2000 11:29:55 -0800 (PST) (envelope-from camposr@MATRIX.COM.BR) Received: from speed.matrix.com.br (speed.matrix.com.br [200.196.0.241]) by smtp.fns.matrix.com.br (Postfix) with ESMTP id 286B15A563 for ; Wed, 15 Mar 2000 16:31:06 -0300 (EST) Date: Wed, 15 Mar 2000 16:29:48 -0300 (EST) From: Rodrigo Campos X-Sender: speed@speed.matrix.com.br To: freebsd-security@FreeBSD.ORG Subject: wrapping sshd Message-ID: Organization: Matrix Network MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In the /etc/hosts.allow file there's a comment saying that "is not normally a good idea" to wrapp sshd(8), I'm just asking myself why wouldn't be a good idea to do it since it seems to me that openssh has options to restrict access to it except compiling it with LIBWRAP support. Any ideas ? -- ________________________ Rodrigo Albani de Campos Matrix Internet - NOC http://www.br-unix.org/users/campos/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 12:14:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 6153537BB16 for ; Wed, 15 Mar 2000 12:14:47 -0800 (PST) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12VKBU-000FQu-00; Wed, 15 Mar 2000 22:14:24 +0200 From: Sheldon Hearn To: Rodrigo Campos Cc: freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd In-reply-to: Your message of "Wed, 15 Mar 2000 16:29:48 -0300." Date: Wed, 15 Mar 2000 22:14:24 +0200 Message-ID: <59327.953151264@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote: > In the /etc/hosts.allow file there's a comment saying that "is not > normally a good idea" to wrapp sshd(8) The answer has nothing to do with secrurity, although you couldn't have known that without reading the sshd(8) manual page. :-) Look for the first occurance of the word inetd in the sshd(8) manual page. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 12:36: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.fns.matrix.com.br (smtp.matrix.com.br [200.202.17.7]) by hub.freebsd.org (Postfix) with ESMTP id 45FD037BA4A for ; Wed, 15 Mar 2000 12:35:40 -0800 (PST) (envelope-from camposr@MATRIX.COM.BR) Received: from speed.matrix.com.br (speed.matrix.com.br [200.196.0.241]) by smtp.fns.matrix.com.br (Postfix) with ESMTP id 112495A572; Wed, 15 Mar 2000 17:36:51 -0300 (EST) Date: Wed, 15 Mar 2000 17:35:33 -0300 (EST) From: Rodrigo Campos X-Sender: speed@speed.matrix.com.br To: Sheldon Hearn Cc: freebsd-security@freebsd.org Subject: Re: wrapping sshd In-Reply-To: <59327.953151264@axl.ops.uunet.co.za> Message-ID: Organization: Matrix Network MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Mar 2000, Sheldon Hearn wrote: > > > On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote: > > > In the /etc/hosts.allow file there's a comment saying that "is not > > normally a good idea" to wrapp sshd(8) > > The answer has nothing to do with secrurity, although you couldn't have > known that without reading the sshd(8) manual page. :-) > > Look for the first occurance of the word inetd in the sshd(8) manual > page. But my question has nothing to do with inetd, by "wrapping sshd" I mean compiling it with support to libwrap, wich would make it read the /etc/hosts.allow file in order to grant or deny access based on the client hostname or ip address, even when it's running as a daemon. -- ________________________ Rodrigo Albani de Campos Matrix Internet - NOC http://www.br-unix.org/users/campos/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 12:40:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 6CA8737BAB5 for ; Wed, 15 Mar 2000 12:39:16 -0800 (PST) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12VKZN-000FXY-00; Wed, 15 Mar 2000 22:39:05 +0200 From: Sheldon Hearn To: Rodrigo Campos Cc: freebsd-security@freebsd.org Subject: Re: wrapping sshd In-reply-to: Your message of "Wed, 15 Mar 2000 17:35:33 -0300." Date: Wed, 15 Mar 2000 22:39:05 +0200 Message-ID: <59739.953152745@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Mar 2000 17:35:33 -0300, Rodrigo Campos wrote: > But my question has nothing to do with inetd, by "wrapping sshd" I mean > compiling it with support to libwrap, wich would make it read the > /etc/hosts.allow file in order to grant or deny access based on the > client hostname or ip address, even when it's running as a daemon. Well, I thought the inetd issue is exactly why that comment is there. Chat to the guy who wrote the file (markm@FreeBSD.org) for confirmation and let me know if I'm wrong. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 14: 5:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66]) by hub.freebsd.org (Postfix) with ESMTP id 4E31837C269 for ; Wed, 15 Mar 2000 14:04:49 -0800 (PST) (envelope-from larry@interactivate.com) Received: from interactivate.com ([24.15.133.36]) by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000315220448.KYDS14303.mail.rdc1.sdca.home.com@interactivate.com>; Wed, 15 Mar 2000 14:04:48 -0800 Message-ID: <38D00906.389A9A28@interactivate.com> Date: Wed, 15 Mar 2000 14:04:54 -0800 From: Lawrence Sica Organization: Interactivate, Inc X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Rodrigo Campos Cc: freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: Content-Type: multipart/mixed; boundary="------------F37E95190F171FB493FFD703" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------F37E95190F171FB493FFD703 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Rodrigo Campos wrote: > On Wed, 15 Mar 2000, Sheldon Hearn wrote: > > > > > > > On Wed, 15 Mar 2000 16:29:48 -0300, Rodrigo Campos wrote: > > > > > In the /etc/hosts.allow file there's a comment saying that "is not > > > normally a good idea" to wrapp sshd(8) > > > > The answer has nothing to do with secrurity, although you couldn't have > > known that without reading the sshd(8) manual page. :-) > > > > Look for the first occurance of the word inetd in the sshd(8) manual > > page. > > But my question has nothing to do with inetd, by "wrapping sshd" I mean > compiling it with support to libwrap, wich would make it read the > /etc/hosts.allow file in order to grant or deny access based on the > client hostname or ip address, even when it's running as a daemon. > sshd can do this within it's own config file already. The reasons for not running it in inetd are pretty much the same for not wrapping it. --Larry > > -- > ________________________ > Rodrigo Albani de Campos > Matrix Internet - NOC > http://www.br-unix.org/users/campos/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --------------F37E95190F171FB493FFD703 Content-Type: text/x-vcard; charset=us-ascii; name="larry.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Lawrence Sica Content-Disposition: attachment; filename="larry.vcf" begin:vcard n:Sica;Lawrence tel;fax:858-793-4069 tel;work:858-793-4060 x-mozilla-html:FALSE url:http://www.interactivate.com org:Interactivate, Inc. adr:;;2244b Carmel Valley Rd;Del Mar;CA;92014;USA version:2.1 email;internet:larry@interactivate.com title:Systems Adminstrator fn:Lawrence Sica end:vcard --------------F37E95190F171FB493FFD703-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 14:15:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 44D6437C1CA for ; Wed, 15 Mar 2000 14:15:11 -0800 (PST) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id OAA02191; Wed, 15 Mar 2000 14:14:57 -0800 (PST) (envelope-from Doug@gorean.org) Date: Wed, 15 Mar 2000 14:14:57 -0800 (PST) From: Doug Barton X-Sender: doug@dt051n0b.san.rr.com To: Rodrigo Campos Cc: freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 15 Mar 2000, Rodrigo Campos wrote: > In the /etc/hosts.allow file there's a comment saying that "is not > normally a good idea" to wrapp sshd(8), I'm just asking myself why > wouldn't be a good idea to do it since it seems to me that openssh has > options to restrict access to it except compiling it with LIBWRAP support. This is really more of a -questions question, for future reference. To answer, I have always wondered about that warning myself, but I've never let it slow me down. :) I have never not wrapped sshd, and it's always worked for me. Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 22:14: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 766D537BA56 for ; Wed, 15 Mar 2000 22:14:00 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA07374; Wed, 15 Mar 2000 22:13:45 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38D07B98.53CBA3E@gorean.org> Date: Wed, 15 Mar 2000 22:13:44 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0313 i386) X-Accept-Language: en MIME-Version: 1.0 To: Lawrence Sica Cc: Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lawrence Sica wrote: > sshd can do this within it's own config file already. True, but I've always found it more convenient to have all of my system access limits in the same file. (Well, two files, hosts.allow and rc.firewall, so I really don't want a third...) > The reasons for not > running it in inetd are pretty much the same for not wrapping it. No, not running it out of inetd is a whole different issue. The theory is that sshd is more reliable than inetd, and you always want to be able to get into your system. I have always thought that the sshd authors were a bit grandiose on that topic.. :) Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 22:15:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.sdca.home.com (ha1.rdc1.sdca.home.com [24.0.3.66]) by hub.freebsd.org (Postfix) with ESMTP id 1639337BD8E for ; Wed, 15 Mar 2000 22:15:28 -0800 (PST) (envelope-from larry@interactivate.com) Received: from interactivate.com ([24.15.133.36]) by mail.rdc1.sdca.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <20000316061527.XGDV14303.mail.rdc1.sdca.home.com@interactivate.com>; Wed, 15 Mar 2000 22:15:27 -0800 Message-ID: <38D07C08.28FB5CF7@interactivate.com> Date: Wed, 15 Mar 2000 22:15:36 -0800 From: Lawrence Sica Organization: Interactivate, Inc X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Doug Barton Cc: Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Doug Barton wrote: > Lawrence Sica wrote: > > > sshd can do this within it's own config file already. > > True, but I've always found it more convenient to have all of my system > access limits in the same file. (Well, two files, hosts.allow and > rc.firewall, so I really don't want a third...) > > > The reasons for not > > running it in inetd are pretty much the same for not wrapping it. > > No, not running it out of inetd is a whole different issue. The theory > is that sshd is more reliable than inetd, and you always want to be able > to get into your system. I have always thought that the sshd authors > were a bit grandiose on that topic.. :) > Ahh i was led to believe it was due to the fact it needs to generate a key and all the fun stuff associated with it. Didn;t know that the big ego theory applied there heh. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 15 23:40:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 1E64637BA56 for ; Wed, 15 Mar 2000 23:40:51 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id XAA07558; Wed, 15 Mar 2000 23:40:41 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38D08FF9.D7247ACB@gorean.org> Date: Wed, 15 Mar 2000 23:40:41 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0313 i386) X-Accept-Language: en MIME-Version: 1.0 To: Lawrence Sica Cc: Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> <38D07C08.28FB5CF7@interactivate.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lawrence Sica wrote: > > Doug Barton wrote: > > > Lawrence Sica wrote: > > > > > sshd can do this within it's own config file already. > > > > True, but I've always found it more convenient to have all of my system > > access limits in the same file. (Well, two files, hosts.allow and > > rc.firewall, so I really don't want a third...) > > > > > The reasons for not > > > running it in inetd are pretty much the same for not wrapping it. > > > > No, not running it out of inetd is a whole different issue. The theory > > is that sshd is more reliable than inetd, and you always want to be able > > to get into your system. I have always thought that the sshd authors > > were a bit grandiose on that topic.. :) > > > > Ahh i was led to believe it was due to the fact it needs to generate a key and all > the fun stuff associated with it. Didn;t know that the big ego theory applied > there heh. Well, it does take a bit longer to start the connection run out of inetd. The difference is _very_ hard to notice on a modern (fast) machine though. That warning applied mostly to the "old days" when generating the key was a more substantial delay. I used to run sshd out of inetd on a system that ran mostly unattended, needed every spare cpu cycle, and had alternate means of access "just in case." In all my years of running freebsd I've never seen inetd crash on any system. In either case, if you absolutely positively have to have remote access it's easy to write a little sh script to be run out of cron every N minutes which checks to see if sshd/inetd is up and running, and starts it if it's not. Even easier (though less elegant) is to just run the command (sshd, inetd, whatever). The worst thing that could happen is that your logs get full of "can't start because that port is already bound" messages. HTH, Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 0:21:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id EBE4437BEE0; Thu, 16 Mar 2000 00:20:44 -0800 (PST) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id DAA05055; Thu, 16 Mar 2000 03:20:44 -0500 Date: Thu, 16 Mar 2000 03:20:44 -0500 (EST) From: Mike Nowlin To: freebsd-ports@freebsd.org Cc: freebsd-security@freebsd.org Subject: gated 3.5.11 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Due to ports/net/gated being marked as "forbidden", my requirement for it, and a quick search of the mailing lists, .... hawk:/usr/ports/net/gated# make ===> gated-3.5.11 is forbidden: Security hole (buffer overflow possibly yielding root). hawk:/usr/ports/net/gated# There was a message ~Dec 1 about a wheel-exploitable bug in gdc... Seems to me that the only risk is for people that get wheel group access (or so.... a wee bit too much brain-numbing beverage at this point in time. :) )... If I'm willing to take this risk, is there some other reason why this port is marked as forbidden? Or is there something else I can't find pointing to a "possibly yielding root" bug (my understanding being that "yielding root" means there's a bug in there allowing some inside or outside joker to get root privs...) If you need a valid account to start with, that's not a problem - telnetd & friends probably won't be running on this machine to start with -- just a serial console... thanks - mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 0:30:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from rins.st.ryukoku.ac.jp (rins.st.ryukoku.ac.jp [133.83.4.1]) by hub.freebsd.org (Postfix) with ESMTP id 3E19C37BC4A for ; Thu, 16 Mar 2000 00:30:22 -0800 (PST) (envelope-from kjm@ideon.st.ryukoku.ac.jp) Received: from ideon.st.ryukoku.ac.jp (ideon.st.ryukoku.ac.jp [133.83.36.5]) by rins.st.ryukoku.ac.jp (8.9.3+3.2W/3.7W/RINS-1.9.6-NOSPAM) with ESMTP id RAA00482 for ; Thu, 16 Mar 2000 17:30:20 +0900 (JST) Received: from ideon.st.ryukoku.ac.jp (kjm@localhost [127.0.0.1]) by ideon.st.ryukoku.ac.jp (8.9.3/3.7W/kjm-19990628) with ESMTP id RAA92794 for ; Thu, 16 Mar 2000 17:30:20 +0900 (JST) From: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx In-reply-to: Your message of "Wed, 15 Mar 2000 09:34:43 PST" References: <20000315173443.F231737BA56@hub.freebsd.org> Date: Thu, 16 Mar 2000 17:30:19 +0900 Message-ID: <92790.953195419@ideon.st.ryukoku.ac.jp> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In <20000315173443.F231737BA56@hub.freebsd.org>, FreeBSD Security Officer wrote: | FreeBSD-SA-00:08 Security Advisory ... | Topic: Lynx ports contain numerous buffer overflows ... | II. Problem Description | | The lynx software is written in a very insecure style and contains numerous | potential and several proven security vulnerabilities (publicized on the | BugTraq mailing list) exploitable by a malicious server. | | The lynx ports are not installed by default, nor are they "part of FreeBSD" | as such: they are part of the FreeBSD ports collection, which contains over | 3100 third-party applications in a ready-to-install format. But, /stand/sysinstall still use lynx as default text browser. If you want to read HTML documents in sysinstall, /stand/sysinstall will go to install lynx package automatically (and it will fail in 4.0-RELEASE). ---- from release/sysinstall/install.c revision 1.268: variable_set2(VAR_BROWSER_PACKAGE, "lynx", 0); variable_set2(VAR_BROWSER_BINARY, "/usr/local/bin/lynx", 0); ---- ---- KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan [Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 1:45:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 5315D37C064 for ; Thu, 16 Mar 2000 01:45:54 -0800 (PST) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12VWqb-0000xq-00; Thu, 16 Mar 2000 11:45:41 +0200 From: Sheldon Hearn To: kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx In-reply-to: Your message of "Thu, 16 Mar 2000 17:30:19 +0900." <92790.953195419@ideon.st.ryukoku.ac.jp> Date: Thu, 16 Mar 2000 11:45:41 +0200 Message-ID: <3709.953199941@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote: > But, /stand/sysinstall still use lynx as default text browser. > If you want to read HTML documents in sysinstall, /stand/sysinstall > will go to install lynx package automatically (and it will fail in > 4.0-RELEASE). I don't think this is a problem, since any host from which it is likely to read documentation is quite unlikely to be malicious. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 1:58:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (Postfix) with ESMTP id 1510137BF28 for ; Thu, 16 Mar 2000 01:58:07 -0800 (PST) (envelope-from narvi@haldjas.folklore.ee) Received: from localhost (narvi@localhost) by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id LAA62348; Thu, 16 Mar 2000 11:57:45 +0200 (EET) (envelope-from narvi@haldjas.folklore.ee) Date: Thu, 16 Mar 2000 11:57:45 +0200 (EET) From: Narvi To: Sheldon Hearn Cc: KOJIMA Hajime , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx In-Reply-To: <3709.953199941@axl.ops.uunet.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 16 Mar 2000, Sheldon Hearn wrote: > > > On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote: > > > But, /stand/sysinstall still use lynx as default text browser. > > If you want to read HTML documents in sysinstall, /stand/sysinstall > > will go to install lynx package automatically (and it will fail in > > 4.0-RELEASE). > > I don't think this is a problem, since any host from which it is likely > to read documentation is quite unlikely to be malicious. > A better way to put it is - if the host you install from is malicious, lynx is the least of the problems. > Ciao, > Sheldon. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 3: 3:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 623B837B785 for ; Thu, 16 Mar 2000 03:03:40 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id MAA80160; Thu, 16 Mar 2000 12:03:34 +0100 (CET) (envelope-from des@flood.ping.uio.no) To: Doug Barton Cc: Lawrence Sica , Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd References: <38D00906.389A9A28@interactivate.com> <38D07B98.53CBA3E@gorean.org> <38D07C08.28FB5CF7@interactivate.com> <38D08FF9.D7247ACB@gorean.org> From: Dag-Erling Smorgrav Date: 16 Mar 2000 12:03:33 +0100 In-Reply-To: Doug Barton's message of "Wed, 15 Mar 2000 23:40:41 -0800" Message-ID: Lines: 10 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Doug Barton writes: > In all my years of running freebsd I've never seen inetd crash on any > system. Weird, because inetd has historically been plagued with various problems such as the infamous "junk pointer" bug. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 4:37: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 4BF9C37C0FF for ; Thu, 16 Mar 2000 04:37:00 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id HAA71092; Thu, 16 Mar 2000 07:36:54 -0500 (EST) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id HAA09497; Thu, 16 Mar 2000 07:36:48 -0500 (EST) Message-Id: <4.2.2.20000316072948.03762588@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 16 Mar 2000 07:36:15 -0500 To: Mike Nowlin From: Mike Tancsa Subject: Re: gated 3.5.11 Cc: freebsd-security@FreeBSD.ORG In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:20 AM 3/16/2000 -0500, Mike Nowlin wrote: >There was a message ~Dec 1 about a wheel-exploitable bug in gdc... Seems >to me that the only risk is for people that get wheel group access (or Have a search through the archives of this list and bugtraq. If I recall correctly there were a couple of holes. ospf_mon was problematic as well gdc. I not certain, but if you chmod 700 /usr/local/bin/ospf_monitor and chmod 700 /usr/local/bin/gdc you should be OK. But search through the archives for the original postings to be certain. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 4:39:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from eltex.ru (eltex-gw2.nw.ru [195.19.203.86]) by hub.freebsd.org (Postfix) with ESMTP id 52AF437C0DA for ; Thu, 16 Mar 2000 04:39:45 -0800 (PST) (envelope-from ark@eltex.ru) Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2]) by eltex.ru (8.9.3/8.9.3) with SMTP id PAA18625; Thu, 16 Mar 2000 15:39:35 +0300 (MSK) Received: by yaksha.eltex.ru (ssmtp TIS-0.6alpha, 19 Jan 2000); Thu, 16 Mar 2000 15:37:53 +0300 Received: from undisclosed-intranet-sender id xma009671; Thu, 16 Mar 00 15:37:45 +0300 Date: Thu, 16 Mar 2000 15:38:14 +0300 Message-Id: <200003161238.PAA18026@paranoid.eltex.spb.ru> In-Reply-To: <38D08FF9.D7247ACB@gorean.org> from "Doug Barton " From: ark@eltex.ru Organization: "Klingon Imperial Intelligence Service" Subject: Re: wrapping sshd To: Doug@gorean.org Cc: larry@interactivate.com, , freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Have you ever tried portscanning them agressively? Doug Barton said : > In all my years of running freebsd I've never seen inetd crash on any > system. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBONDVsqH/mIJW9LeBAQHivgP/fYSNw/bkB46NP9cQnE+WqQxq3wxVjgMZ z4XV4MZc9xI/Xp0kK2WzLb9dqnlbx1Utyta3Eeqenl3cmfmfoEFCADF28YzfzeKz rFqATNpN2+t3cHhOPvx2coOtEXSzEAdipUK6EyT6G9SDlDa1ABmFbEoEKfKoLPT7 2GlIq8NoErs= =kLUo -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 4:47:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from wicket.ci.net.ua (noc-hole-gw.ci.net.ua [212.86.98.85]) by hub.freebsd.org (Postfix) with ESMTP id 8E1F937C096 for ; Thu, 16 Mar 2000 04:47:13 -0800 (PST) (envelope-from acid@cn.ua) Received: from localhost (acid@localhost) by wicket.ci.net.ua (8.9.3/8.9.3) with ESMTP id OAA02183; Thu, 16 Mar 2000 14:46:23 +0200 (EET) Date: Thu, 16 Mar 2000 14:46:23 +0200 (EET) From: "Michael I. Vasilenko" X-Sender: acid@wicket.ci.net.ua To: ark@eltex.ru Cc: freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd In-Reply-To: <200003161238.PAA18026@paranoid.eltex.spb.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 16 Mar 2000 ark@eltex.ru wrote: > Have you ever tried portscanning them agressively? > Doug Barton said : > > > > In all my years of running freebsd I've never seen inetd crash on any > > system. Try to add TCP_RESTRICT_RST to your kernel config and tcp_restrict_rst="YES" to rc.conf -- Michael Vasilenko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 7:29:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3]) by hub.freebsd.org (Postfix) with SMTP id 56AF637BFAD for ; Thu, 16 Mar 2000 07:29:09 -0800 (PST) (envelope-from wwoods@cybcon.com) Received: (qmail 74129 invoked by alias); 16 Mar 2000 15:28:07 -0000 Delivered-To: fixup-freebsd-security@freebsd.org@fixme Received: (qmail 74119 invoked by uid 0); 16 Mar 2000 15:28:06 -0000 Received: from unknown (HELO laptop.cybcon.com) (63.163.56.141) by pop.ptld.uswest.net with SMTP; 16 Mar 2000 15:28:06 -0000 Content-Length: 599 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Thu, 16 Mar 2000 07:26:03 -0800 (PST) Reply-To: bwoods2@uswest.net From: William Woods To: freebsd-security@freebsd.org Subject: IPFW Logging... Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a set of firewall rules I load and would like to be able to log attempts from the blocked domains.....this is an example of one of the rules.... ipfw add 001 deny all from aol.com to any How would I make that rule log to /var/log/messages? ---------------------------------- E-Mail: bwoods2@uswest.net Date: 16-Mar-00 Time: 07:25:19l ---------------------------------- NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, and all unsolicited commercial e-mail sent to this address is subject to a download and archival fee in the amount of $500 US To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 8:50:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from daemon.sofiaonline.com (daemon.sofiaonline.com [212.5.144.1]) by hub.freebsd.org (Postfix) with SMTP id 3A17A37BBF1 for ; Thu, 16 Mar 2000 08:49:27 -0800 (PST) (envelope-from zethix@sofiaonline.com) Received: (qmail 67983 invoked from network); 16 Mar 2000 16:44:03 -0000 Received: from carnivoro.sofiaonline.com (212.5.144.5) by daemon.sofiaonline.com with SMTP; 16 Mar 2000 16:44:03 -0000 Content-Length: 875 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Thu, 16 Mar 2000 18:09:19 +0200 (EET) From: Dungeonkeeper To: William Woods Subject: RE: IPFW Logging... Cc: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 16-Mar-00 William Woods wrote: > I have a set of firewall rules I load and would like to be able to log > attempts > from the blocked domains.....this is an example of one of the rules.... > > ipfw add 001 deny all from aol.com to any > > How would I make that rule log to /var/log/messages? Just add the log option. Say: ipfw add 001 deny log all from aol.com to any > > ---------------------------------- > E-Mail: bwoods2@uswest.net > Date: 16-Mar-00 > Time: 07:25:19l > ---------------------------------- > > NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, > Subchapter II, 227, and all unsolicited commercial e-mail sent to this > address is subject to a download and archival fee in the amount of $500 US > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 9:32:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 58FA437BF60 for ; Thu, 16 Mar 2000 09:32:43 -0800 (PST) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id MAA36280; Thu, 16 Mar 2000 12:32:40 -0500 (EST) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000316123010.02483780@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 16 Mar 2000 12:30:10 -0500 To: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: IPFW Logging... In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:26 AM 3/16/00 -0800, William Woods wrote: >I have a set of firewall rules I load and would like to be able to log attempts >from the blocked domains.....this is an example of one of the rules.... > >ipfw add 001 deny all from aol.com to any > >How would I make that rule log to /var/log/messages? Depending on what version you are running, adjust your syslog.conf entry so that it gets logged to your file of choice. security.* /var/log/security Also, add the log command. e.g. ipfw add 1000 deny log ip from xxx.xxx.xxx.xxx to any ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 9:34:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4E81D37BF60 for ; Thu, 16 Mar 2000 09:34:18 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id MAA249970; Thu, 16 Mar 2000 12:33:46 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <3709.953199941@axl.ops.uunet.co.za> References: <3709.953199941@axl.ops.uunet.co.za> Date: Thu, 16 Mar 2000 12:34:14 -0500 To: Sheldon Hearn , kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) From: Garance A Drosihn Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx Cc: freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:45 AM +0200 3/16/00, Sheldon Hearn wrote: >On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote: > > > But, /stand/sysinstall still use lynx as default text browser. > > If you want to read HTML documents in sysinstall, /stand/sysinstall > > will go to install lynx package automatically (and it will fail in > > 4.0-RELEASE). > >I don't think this is a problem, since any host from which it is likely >to read documentation is quite unlikely to be malicious. I would think it's a problem if sysinstall expects to use lynx, it thus goes to install lynx, and that installation *FAILS*. If I'm reading that right, you're then left with sysinstall trying to use a package that does not exist. (true?) --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 9:50:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from ab-bg.net (ab-bg.net [212.56.11.129]) by hub.freebsd.org (Postfix) with SMTP id 2149837C0BE for ; Thu, 16 Mar 2000 09:50:34 -0800 (PST) (envelope-from v0rbiz@ab-bg.net) Received: (qmail 27237 invoked by uid 1000); 16 Mar 2000 17:52:54 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 Mar 2000 17:52:54 -0000 Date: Thu, 16 Mar 2000 19:52:54 +0200 (EET) From: Victor Ivanov To: freebsd-security@FreeBSD.ORG Subject: Re: IPFW Logging... In-Reply-To: <3.0.5.32.20000316123010.02483780@marble.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At 07:26 AM 3/16/00 -0800, William Woods wrote: > >I have a set of firewall rules I load and would like to be able to log > attempts > >from the blocked domains.....this is an example of one of the rules.... > > > >ipfw add 001 deny all from aol.com to any > > > >How would I make that rule log to /var/log/messages? > > > Depending on what version you are running, adjust your syslog.conf entry so > that it gets logged to your file of choice. > security.* /var/log/security > > Also, add the log command. e.g. ipfw add 1000 deny log ip from > xxx.xxx.xxx.xxx to any or: !ipfw *.* /var/log/ipfw-log (rtfm) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 9:58:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 56A8537BC44 for ; Thu, 16 Mar 2000 09:58:51 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id JAA04198; Thu, 16 Mar 2000 09:59:14 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: Garance A Drosihn Cc: Sheldon Hearn , kjm@rins.ryukoku.ac.jp (KOJIMA Hajime), freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx In-reply-to: Your message of "Thu, 16 Mar 2000 12:34:14 EST." Date: Thu, 16 Mar 2000 09:59:14 -0800 Message-ID: <4195.953229554@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The installation does not fail if lynx is missing. > At 11:45 AM +0200 3/16/00, Sheldon Hearn wrote: > >On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote: > > > > > But, /stand/sysinstall still use lynx as default text browser. > > > If you want to read HTML documents in sysinstall, /stand/sysinstall > > > will go to install lynx package automatically (and it will fail in > > > 4.0-RELEASE). > > > >I don't think this is a problem, since any host from which it is likely > >to read documentation is quite unlikely to be malicious. > > I would think it's a problem if sysinstall expects to use lynx, > it thus goes to install lynx, and that installation *FAILS*. If > I'm reading that right, you're then left with sysinstall trying > to use a package that does not exist. > > (true?) > > > --- > Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > Senior Systems Programmer or drosih@rpi.edu > Rensselaer Polytechnic Institute > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 11:15:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail-s01.websys.aol.com (mail-s01.websys.aol.com [205.188.148.242]) by hub.freebsd.org (Postfix) with ESMTP id 641D037C127 for ; Thu, 16 Mar 2000 11:15:27 -0800 (PST) (envelope-from mirab@icq-s11.websys.aol.com) Received: from icq-s11.websys.aol.com (icq-s11.websys.aol.com [205.188.252.87]) by mail-s01.websys.aol.com (8.9.3/8.9.3) with ESMTP id OAA18980 for ; Thu, 16 Mar 2000 14:15:22 -0500 (EST) Received: (from mirab@localhost) by icq-s11.websys.aol.com (8.9.3+Sun/8.9.1) id OAA15233 for freebsd-security@freebsd.org; Thu, 16 Mar 2000 14:15:22 -0500 (EST) Date: Thu, 16 Mar 2000 14:15:22 -0500 (EST) Message-Id: <200003161915.OAA15233@icq-s11.websys.aol.com> From: Joanne Smith To: freebsd-security@freebsd.org Subject: An ICQ Greeting from Joanne Smith Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You have a greeting from Joanne Smith waiting for you at: http://icq.americangreetings.com/cgi-bin/greetings/read.pl5?msg=422106&id=1007 Be creative! Create your own ICQ Greetings at http://www.icq.com/greetings/ If you don't have ICQ you can download it at http://www.icq.com For more greetings visit here: http://www.icq.com/redirect/partner/ag/gallery/email.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 11:37:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3]) by hub.freebsd.org (Postfix) with SMTP id 3935437C0BE for ; Thu, 16 Mar 2000 11:37:21 -0800 (PST) (envelope-from wwoods@cybcon.com) Received: (qmail 31834 invoked by alias); 16 Mar 2000 19:36:19 -0000 Delivered-To: fixup-freebsd-security@freebsd.org@fixme Received: (qmail 31814 invoked by uid 0); 16 Mar 2000 19:36:17 -0000 Received: from unknown (HELO laptop.cybcon.com) (63.163.56.87) by pop.ptld.uswest.net with SMTP; 16 Mar 2000 19:36:17 -0000 Content-Length: 535 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Thu, 16 Mar 2000 11:34:14 -0800 (PST) Reply-To: bwoods2@uswest.net From: William Woods To: freebsd-security@freebsd.org Subject: IPFW...1 more question..... Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This firewall rule, ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com am I correct in assuming that this will block ALL traffic from aol.com to alpha.cybcon.com and log it? ---------------------------------- E-Mail: bwoods2@uswest.net Date: 16-Mar-00 Time: 11:32:22l ---------------------------------- NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, and all unsolicited commercial e-mail sent to this address is subject to a download and archival fee in the amount of $500 US To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 11:44:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 1EBC237C3E6 for ; Thu, 16 Mar 2000 11:44:49 -0800 (PST) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id OAA76048; Thu, 16 Mar 2000 14:44:46 -0500 (EST) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 16 Mar 2000 14:42:16 -0500 To: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: IPFW...1 more question..... In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:34 AM 3/16/00 -0800, William Woods wrote: >This firewall rule, > >ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com > >am I correct in assuming that this will block ALL traffic from aol.com to >alpha.cybcon.com and log it? No. You need to specify IP ranges for ipfw to work. Putting in aol.com will just block whatever A record comes up for the host aol.com. It sounds like using libwrap (aka tcp_wrapper) might get what you want, or even things like .htaccess if you want to block website access. However, this will not always work either, as some of AOL's outsourced dialup might have PTR records of the outsourcing company, and not aol.com. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 12: 0:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 675A237BCBE for ; Thu, 16 Mar 2000 12:00:47 -0800 (PST) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id MAA16673; Thu, 16 Mar 2000 12:00:26 -0800 (PST) (envelope-from Doug@gorean.org) Date: Thu, 16 Mar 2000 12:00:26 -0800 (PST) From: Doug Barton X-Sender: doug@dt051n0b.san.rr.com To: Dag-Erling Smorgrav Cc: Lawrence Sica , Rodrigo Campos , freebsd-security@FreeBSD.ORG Subject: Re: wrapping sshd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 16 Mar 2000, Dag-Erling Smorgrav wrote: > Doug Barton writes: > > In all my years of running freebsd I've never seen inetd crash on any > > system. > > Weird, because inetd has historically been plagued with various > problems such as the infamous "junk pointer" bug. In all likelihood I've been very lucky on that count since I don't run much out of inetd, or run it at all if I can help it. The last two years or so I have been running more stuff out of inetd on my home systems (heavily firewalled, wrapped, etc.) more so to learn about utilities and such than anything else. On production systems I tend to use ssh exclusively. Currently at work however I'm installing more and more freebsd systems with inetd stuff open (once again, firewalled, wrapped, etc.) because in a mixed-platform, mixed-other-factors-too environment it has been deemed "necessary." I'm hoping I won't have to eat my words about not having it crash on me.... :) Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 12:15:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3]) by hub.freebsd.org (Postfix) with SMTP id 5B1A737BCDD for ; Thu, 16 Mar 2000 12:15:39 -0800 (PST) (envelope-from wwoods@cybcon.com) Received: (qmail 56090 invoked by alias); 16 Mar 2000 20:14:33 -0000 Delivered-To: fixup-freebsd-security@FreeBSD.ORG@fixme Received: (qmail 56072 invoked by uid 0); 16 Mar 2000 20:14:32 -0000 Received: from unknown (HELO laptop.cybcon.com) (63.163.56.238) by pop.ptld.uswest.net with SMTP; 16 Mar 2000 20:14:32 -0000 Content-Length: 1605 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> Date: Thu, 16 Mar 2000 12:12:28 -0800 (PST) Reply-To: bwoods2@uswest.net From: William Woods To: Mike Tancsa Subject: Re: IPFW...1 more question..... Cc: freebsd-security@FreeBSD.ORG, bwoods2@uswest.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hmmmm, well, I have a list of .com's that I want to block access totally, what would be the most effective way then, .htaccess would just block web, and I want a bit more totality than that. On 16-Mar-00 Mike Tancsa wrote: > At 11:34 AM 3/16/00 -0800, William Woods wrote: >>This firewall rule, >> >>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com >> >>am I correct in assuming that this will block ALL traffic from aol.com to >>alpha.cybcon.com and log it? > > No. You need to specify IP ranges for ipfw to work. Putting in aol.com > will just block whatever A record comes up for the host aol.com. It sounds > like using libwrap (aka tcp_wrapper) might get what you want, or even > things like .htaccess if you want to block website access. However, this > will not always work either, as some of AOL's outsourced dialup might have > PTR records of the outsourcing company, and not aol.com. > > ---Mike > > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada ---------------------------------- E-Mail: bwoods2@uswest.net Date: 16-Mar-00 Time: 12:10:41l ---------------------------------- NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, and all unsolicited commercial e-mail sent to this address is subject to a download and archival fee in the amount of $500 US To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 12:20:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 2A0BC37C1B2 for ; Thu, 16 Mar 2000 12:20:14 -0800 (PST) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id PAA82567; Thu, 16 Mar 2000 15:20:11 -0500 (EST) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000316151740.0217d280@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 16 Mar 2000 15:17:40 -0500 To: bwoods2@uswest.net From: Mike Tancsa Subject: Re: IPFW...1 more question..... Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:12 PM 3/16/00 -0800, William Woods wrote: >Hmmmm, well, I have a list of .com's that I want to block access totally, what >would be the most effective way then, .htaccess would just block web, and I >want a bit more totality than that. With .htaccess for apache, and all the services in /etc/hosts.allow that can be wrapped, what is missing for you ? ---Mike > >On 16-Mar-00 Mike Tancsa wrote: >> At 11:34 AM 3/16/00 -0800, William Woods wrote: >>>This firewall rule, >>> >>>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com >>> >>>am I correct in assuming that this will block ALL traffic from aol.com to >>>alpha.cybcon.com and log it? >> >> No. You need to specify IP ranges for ipfw to work. Putting in aol.com >> will just block whatever A record comes up for the host aol.com. It sounds >> like using libwrap (aka tcp_wrapper) might get what you want, or even >> things like .htaccess if you want to block website access. However, this >> will not always work either, as some of AOL's outsourced dialup might have >> PTR records of the outsourcing company, and not aol.com. >> >> ---Mike >> >> ------------------------------------------------------------------------ >> Mike Tancsa, tel +1 519 651 3400 >> Network Administrator, mike@sentex.net >> Sentex Communications www.sentex.net >> Cambridge, Ontario Canada > > >---------------------------------- >E-Mail: bwoods2@uswest.net >Date: 16-Mar-00 >Time: 12:10:41l >---------------------------------- > >NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, >Subchapter II, 227, and all unsolicited commercial e-mail sent to this >address is subject to a download and archival fee in the amount of $500 US > > > ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 14:28:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 42D7637BC40; Thu, 16 Mar 2000 14:28:19 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA93428; Thu, 16 Mar 2000 14:28:18 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 16 Mar 2000 14:28:17 -0800 (PST) From: Kris Kennaway To: bwoods2@uswest.net Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: IPFW...1 more question..... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 16 Mar 2000, William Woods wrote: > Hmmmm, well, I have a list of .com's that I want to block access totally, what > would be the most effective way then, .htaccess would just block web, and I > want a bit more totality than that. Blocking based on DNS source address is quite unreliable, since if e.g. aol control their DNS servers they could just assign their machine another reverse DNS name (e.g. happy.friendly.com), and pass your access restrictions. Further, your ipfw example wouldn't even block based on the DNS names, but would block based on whatever IP address aol.com happened to resolve to at the time. DNS is also an insecure protocol. The bottom line is that you should always do access control based on IP addresses, not DNS addresses. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 16 14:30:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from www.kpi.com.au (www.kpi.com.au [203.31.83.86]) by hub.freebsd.org (Postfix) with ESMTP id 64FC737BDF1 for ; Thu, 16 Mar 2000 14:30:15 -0800 (PST) (envelope-from johnsa@kpi.com.au) Received: from sleek (admin.hazellbros.com.au [203.39.132.98]) by www.kpi.com.au (8.9.3/8.9.3) with SMTP id JAA08003; Fri, 17 Mar 2000 09:29:42 +1100 (EST) (envelope-from johnsa@kpi.com.au) Message-ID: <00eb01bf8f97$24e84a20$625aa8c0@hazellbros.com.au> From: "Andrew Johns" To: Cc: References: <38CE684F.39657A28@tarjema.com> Subject: Re: InterScan Virus Wall for Linux Date: Fri, 17 Mar 2000 09:29:11 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No, but you could try uvscan (Un*x VScan) from McAfee - they *even* have a native FreeBSD version - check out their website. We even have government deptartments using it here Regards -- Andrew Johns BSc. KPI Logistics P/L ----- Original Message ----- From: "Timothy A. Gregory" To: Sent: Wednesday, March 15, 2000 3:26 AM Subject: InterScan Virus Wall for Linux > Has anyone had any luck getting InterScan VirusWall for Linux running on > FreeBSD? > > I've gotten the package installed, the RedHat 6.1 packages but when I > try to run the 'scanning' daemons (their sendmail, ishttpd, isftpd etc) > I get seg faults... > > Thanks for any help! > -- > ------------------------------------------------------------ ---- > Timothy A. Gregory Systems Administrator > Semaphore Corporation http://www.semaphore.com > 206.905.5000 tgregory@semaphore.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 17 4:56:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [212.74.0.25]) by hub.freebsd.org (Postfix) with ESMTP id CF4E537BD43 for ; Fri, 17 Mar 2000 04:56:41 -0800 (PST) (envelope-from support@m-p.co.uk) Received: from voyager (dynamic-57.max4-du-ws.dialnetwork.pavilion.co.uk [212.74.9.185]) by florence.pavilion.net (8.9.3/8.8.8) with SMTP id MAA79748 for ; Fri, 17 Mar 2000 12:55:18 GMT (envelope-from support@m-p.co.uk) Message-ID: <000701bf9012$8da253a0$37000064@voyager> From: "M + P International" To: Subject: Send mail help Date: Fri, 17 Mar 2000 13:13:11 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01BF9012.8BB3F120" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0004_01BF9012.8BB3F120 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I seem to be having trouble connecting from endoura on my win 95machine = to my unix server, every time I attempt it I get the message conection = refused. However I am able to connect to the server and send mail to it = can you help me ? If you could I would be very greatfull Alex support@m-p.co.uk=20 ------=_NextPart_000_0004_01BF9012.8BB3F120 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I seem to be having trouble = connecting from=20 endoura on my win 95machine to my unix server, every time I attempt it I = get the=20 message conection refused. However I am able to connect to the server = and send=20 mail to it can you help me ? If you could I would be very = greatfull
Alex
support@m-p.co.uk=20
------=_NextPart_000_0004_01BF9012.8BB3F120-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 17 13: 9:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from usc.edu (usc.edu [128.125.253.136]) by hub.freebsd.org (Postfix) with ESMTP id C6BB737BBB1 for ; Fri, 17 Mar 2000 13:09:43 -0800 (PST) (envelope-from walker@usc.edu) Received: from skat.usc.edu (walker@skat.usc.edu [128.125.253.131]) by usc.edu (8.9.3.1/8.9.3/usc) with ESMTP id NAA08293; Fri, 17 Mar 2000 13:09:43 -0800 (PST) Received: from localhost (walker@localhost) by skat.usc.edu (8.9.3.1/8.9.3/usc) with ESMTP id NAA29344; Fri, 17 Mar 2000 13:09:42 -0800 (PST) Date: Fri, 17 Mar 2000 13:09:42 -0800 (PST) From: Mike Walker To: M + P International Cc: freebsd-security@FreeBSD.ORG Subject: Re: Send mail help In-Reply-To: <000701bf9012$8da253a0$37000064@voyager> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Definitely does not belong in security. Sending goes to sendmail. Eudora uses POP3 to read mail. Check that POP3 is configured in /etc/inetd.conf pop3 stream tcp nowait root /usr/local/libexec/popper popper On Fri, 17 Mar 2000, M + P International wrote: > I seem to be having trouble connecting from endoura on my win > 95machine to my unix server, every time I attempt it I get the > message conection refused. However I am able to connect to the > server and send mail to it can you help me ? If you could I would be > very greatfull > Alex > support@m-p.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 17 13:40:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from www.exitexchange.com (www.exitexchange.com [206.58.218.91]) by hub.freebsd.org (Postfix) with ESMTP id 478C237B760; Fri, 17 Mar 2000 13:40:50 -0800 (PST) (envelope-from reg@exitexchange.com) Received: from exitexchange.com ([206.58.218.112]) by www.exitexchange.com (8.9.3/8.9.3) with SMTP id FAA20631; Tue, 14 Mar 2000 05:51:16 -0800 Message-Id: <200003141351.FAA20631@www.exitexchange.com> Received: from reg@exitexchange.com by (8.8.5/8.6.5) with SMTP id GAA07521 for ; Tue, 14 Mar 2000 05:00:35 -0600 (EST) Date: Tue, 14 Mar 00 05:00:35 EST From: "Registration Information" To: reg@exitexchange.com Subject: Re: Registration of domain with ExitExchange.com Reply-To: reg@exitexchange.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here's how to register. ExitExchange is the fastest way to grow your website. Every time someone leaves your website ExitExchange sends you new traffic. More effective than banners, ExitExchange actually brings real traffic right to your front door. Whether you're a large corporation or just a single homepage, there has never been an easier way to promote your website. Experience the explosive growth you've been dreaming of for your website. Put the power of the ExitExchange Orbit Network™ to work for you and start counting the hits immediately. Ohhh... and did we mention it's absolutely FREE! Sign up is simple and takes just a few minutes (literally). Come take our Quick Tour and see for yourself how easy it is to Get Big, Real Big, Really Fast with ExitExchange.com http://www.exitexchange.com Sincerely, ExitExchange Registration Services "Never Say Goodbye To Your Traffic Again" /////////////////////////////////////////////////////////////// One time mailing, no need for removal. ////////////////////////////////////////////////////////////// To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 18 21: 1: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from c017.sfo.cp.net (c017-h014.c017.sfo.cp.net [209.228.12.228]) by hub.freebsd.org (Postfix) with SMTP id E073137BC07 for ; Sat, 18 Mar 2000 21:01:00 -0800 (PST) (envelope-from billy@tweakers.com) Received: (cpmta 23492 invoked from network); 18 Mar 2000 19:45:34 -0800 Received: from unknown (HELO tweakers.com) (63.88.237.8) by smtp.tweakers.com with SMTP; 18 Mar 2000 19:45:34 -0800 X-Sent: 19 Mar 2000 03:45:34 GMT From: billy@tweakers.com Reply-To: billy@tweakers.com To: billy@tweakers.com Subject: worth a look? Message-Id: <20000319050100.E073137BC07@hub.freebsd.org> Date: Sat, 18 Mar 2000 21:01:00 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://www.radiofreecash.com/home.asp?ref=drpaul This is a one time mailing there is no need to remove yourself To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message