From owner-freebsd-security@FreeBSD.ORG Sun Apr 17 08:32:32 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C4A816A4CE for ; Sun, 17 Apr 2005 08:32:32 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id 8AB4443D2F for ; Sun, 17 Apr 2005 08:32:27 +0000 (GMT) (envelope-from mail@vickysh.wlink.com.np) Received: (qmail 92617 invoked from network); 17 Apr 2005 08:32:25 -0000 Received: from unknown (HELO qmail-scanner.wlink.com.np) (202.79.32.74) by 0 with SMTP; 17 Apr 2005 08:32:25 -0000 Received: (qmail 81132 invoked by uid 1008); 17 Apr 2005 08:32:25 -0000 Received: from mail@vickysh.wlink.com.np by qmail-scanner.wlink.com.np by uid 1002 with qmail-scanner-1.20 (clamscan: 0.70. Clear:RC:1(202.79.32.77):. Processed in 0.501207 secs); 17 Apr 2005 08:32:24 -0000 Received: from smtp2.wlink.com.np (202.79.32.77) by qmail-scanner.wlink.com.np with SMTP; 17 Apr 2005 08:32:24 -0000 Received: (qmail 31116 invoked by uid 516); 17 Apr 2005 08:32:23 -0000 Received: from [202.79.36.227] (HELO vicks.wlink.com.np) by smtp2.wlink.com.np (qmail-smtpd) with SMTP; 17 Apr 2005 08:32:23 -0000 (Sun, 17 Apr 2005 14:17:23 +0545) From: Vicky Shrestha Organization: WorldLink Communications To: freebsd-security@freebsd.org User-Agent: KMail/1.7.2 MIME-Version: 1.0 Content-Disposition: inline Date: Sun, 17 Apr 2005 14:17:17 +0545 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200504171417.18458.mail@vickysh.wlink.com.np> X-Spam-Check-By: smtp2.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status-WL: No, hits=-4.9 required=5.0 X-Spam-Debug-Wlink: -4.9 X-Mailman-Approved-At: Sun, 17 Apr 2005 12:24:50 +0000 Subject: IPSEC l2tpd and Windows shares problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mail@vickysh.wlink.com.np List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 08:32:32 -0000 Dear all, I am running IPSEC and l2tpd in FreeBSD 4.9. I am able to connect from WindowsXP to this FreeBSD box . I am also able to ping the Hosts behind the IPSEC gateway, connect to internal ftp servers, browse intranet websites etc. However I am not able to browse network shares (windows and samba both). It does prompts for Username/password when we try to access directly , but it will never show the network shares. If I connect to a linux IPSEC gateway using rp-l2tp there is no problem. /usr/local/etc/l2tp/l2tpd.conf ==================================== [global] port = 1701 [lns default] ip range = 192.168.0.129 - 192.168.0.254 local ip = 192.168.0.2 hostname = freebsdipsec name = freebsdipsec ppp debug = yes pppoptfile = /usr/local/etc/l2tp/options.l2tpd ======================================= /usr/local/etc/l2tp/options.l2tpd ======================================= noauth proxyarp lcp-echo-interval 30 lcp-echo-failure 6 ms-dns 192.168.0.3 ms-dns 192.168.0.4 ms-wins 192.168.0.6 crtscts idle 1800 mtu 1400 mru 1400 lock nodetach debug ==================================== Note: the IP address of the Private Interface is 192.168.0.1/24 -- With regards, Vicky Shrestha From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 01:06:25 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 145C016A4CE for ; Mon, 18 Apr 2005 01:06:25 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7507C43D45 for ; Mon, 18 Apr 2005 01:06:24 +0000 (GMT) (envelope-from brett@lariat.org) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.org@lariat.net [65.122.236.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id TAA08243; Sun, 17 Apr 2005 19:06:18 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050417185631.05349ee0@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Sun, 17 Apr 2005 19:05:46 -0600 To: Clifton Royston , freebsd-security@freebsd.org From: Brett Glass In-Reply-To: <20050412213328.GC1953@lava.net> References: <20050412213328.GC1953@lava.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 01:06:25 -0000 At 03:33 PM 4/12/2005, Clifton Royston wrote: > If 5.4 is expected to be an extended-life branch, I would consider >moving them up to 5.4 instead, to get a leap on current technology. >Has that decision been made yet? I have a similar dilemma. Currently, I am building all production servers with 4.11. But this means that I can't take advantage of AMD64 processors or some other things that are available in 5.x. And 5.x does some nice things, such as sandboxing BIND by default. Finally, it seems as if CPU manufacturers are rapidly moving toward multiple core processors, which need sophisticated SMP to work well. So, I'd really like to move to 5.4 when it ships. Trouble is, from the reports I'm seeing on the -STABLE list and my own experiments, I don't yet know if 5.4 is going to be as fast (especially at disk access) or stable as 4.11. (Many of the systems I am building will need very fast disk access, because they will be used as database servers and caches.) What's more, here we are at RC2, and there are still a number of open issues, as shown at http://www.freebsd.org/releases/5.4R/todo.html So, I am wondering if I should stick with 4.11, favoring fast single CPUs over multiprocessor systems, for production machines -- and then jump to 6.0 when it's released. Will security fixes be available long enough for me to do this if need be? --Brett Glass From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 01:23:21 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA25616A4CE for ; Mon, 18 Apr 2005 01:23:21 +0000 (GMT) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B2B243D53 for ; Mon, 18 Apr 2005 01:23:21 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr1so.prod.shaw.ca (pd5mr1so-qfe3.prod.shaw.ca [10.0.141.232]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IF400HL0BSEH8LR@l-daemon> for freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:21:50 -0600 (MDT) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd5mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IF400EAOBSEXM60@pd5mr1so.prod.shaw.ca> for freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:21:50 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:21:50 -0600 (MDT) Date: Sun, 17 Apr 2005 18:21:32 -0700 From: Colin Percival In-reply-to: <6.2.1.2.2.20050417185631.05349ee0@localhost> To: Brett Glass Message-id: <42630B9C.5030404@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 01:23:21 -0000 Brett Glass wrote: > So, I am wondering if I should stick with 4.11, favoring fast single > CPUs over multiprocessor systems, for production machines -- and then > jump to 6.0 when it's released. Will security fixes be available long > enough for me to do this if need be? My personal recommendation is to move to 5.x now; but to answer your question: Yes. FreeBSD 4.11 is supported until January 2007, and the latest plans (that I've heard, at least) have FreeBSD 6.0 coming out some time in late 2005. Colin Percival From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 01:31:05 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8430516A4CE for ; Mon, 18 Apr 2005 01:31:05 +0000 (GMT) Received: from smtpq3.home.nl (smtpq3.home.nl [213.51.128.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id D586343D39 for ; Mon, 18 Apr 2005 01:31:04 +0000 (GMT) (envelope-from danny@ricin.com) Received: from [213.51.128.133] (port=54261 helo=smtp2.home.nl) by smtpq3.home.nl with esmtp (Exim 4.30) id 1DNL6N-0002U8-OI for freebsd-security@freebsd.org; Mon, 18 Apr 2005 03:31:03 +0200 Received: from cp464173-a.dbsch1.nb.home.nl ([84.27.215.228]:51094 helo=desktop.homenet) by smtp2.home.nl with esmtp (Exim 4.30) id 1DNL6M-0007MF-LX for freebsd-security@freebsd.org; Mon, 18 Apr 2005 03:31:02 +0200 From: Danny Pansters To: freebsd-security@freebsd.org Date: Mon, 18 Apr 2005 03:30:37 +0200 User-Agent: KMail/1.8 References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> In-Reply-To: <6.2.1.2.2.20050417185631.05349ee0@localhost> X-Face: "0Qv=,p:+]LvuqrtS4U\z3k"qN=.1]@=?utf-8?q?=258=3F=3BPoab=23v=27F=7E=0A=09!Wm=5Fe-=24=7EL=5D=3B?=>[c*L^Qoladj)x@mH}Bqz"vLO?Zdl}[@V@=?utf-8?q?U=3Fx3=23lI=3A=0A=09=24DN=7E!Hr?=@K`-mNv"zXm MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504180330.37184.danny@ricin.com> X-AtHome-MailScanner-Information: Please contact support@home.nl for more information X-AtHome-MailScanner: Found to be clean Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 01:31:05 -0000 On Monday 18 April 2005 03:05, Brett Glass wrote: > At 03:33 PM 4/12/2005, Clifton Royston wrote: > > If 5.4 is expected to be an extended-life branch, I would consider > >moving them up to 5.4 instead, to get a leap on current technology. > >Has that decision been made yet? > > I have a similar dilemma. Currently, I am building all production > servers with 4.11. But this means that I can't take advantage of > AMD64 processors or some other things that are available in 5.x. > And 5.x does some nice things, such as sandboxing BIND by default. > Finally, it seems as if CPU manufacturers are rapidly moving toward > multiple core processors, which need sophisticated SMP to work well. > So, I'd really like to move to 5.4 when it ships. > > Trouble is, from the reports I'm seeing on the -STABLE list and > my own experiments, I don't yet know if 5.4 is going to be as > fast (especially at disk access) or stable as 4.11. (Many of the > systems I am building will need very fast disk access, because they > will be used as database servers and caches.) What's more, here we > are at RC2, and there are still a number of open issues, as shown at > > http://www.freebsd.org/releases/5.4R/todo.html > > So, I am wondering if I should stick with 4.11, favoring fast single > CPUs over multiprocessor systems, for production machines -- and then > jump to 6.0 when it's released. Will security fixes be available long > enough for me to do this if need be? Let me just boldly insert that IMHO, if 6.X is going to become stable this autumn already that indeed 5.4 or maybe 5.5 at least one of those must be long-term-supported. I'm sure one of the two will, as one of the two will reflcet ultimately the walk-of-life of 5-STABLE, won't it? FYI, as far as I have noticed 5.4 is mostly a bugfix/stabilize efford over 5.3, so yes, it should be a lot better. I'm currently testing it with a UP P4 using HTT and SMP (don't use SCHED_ULE for this ;-) and it seems to go fine. Dual/multiple core CPUs are going to be the norm. In that respect we're doing really well. I wish ULE got promoted/fixed though... Hmm, I seem to have diverged from -security but so has Brett already.. :) I think amd64 is still a bit fragile. I also am interested to see how the jump to 6-STABLE will go, but inevitably there will be some 5.X maintanance release that will go on for a long time. Does anyone really doubt that? I don't, also consider that 4.X will have to be phased out ASAP (or be prepared to support 3 system compilers, I don't think so, no one would like that for a long time). There's not much need for concern IMHO altogether. Dan From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 01:43:14 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63B1416A4CE for ; Mon, 18 Apr 2005 01:43:14 +0000 (GMT) Received: from pd3mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1702E43D53 for ; Mon, 18 Apr 2005 01:43:14 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr1so.prod.shaw.ca (pd3mr1so-qfe3.prod.shaw.ca [10.0.141.177]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IF400AUUCS1P630@l-daemon> for freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:43:13 -0600 (MDT) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd3mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IF40068OCS17870@pd3mr1so.prod.shaw.ca> for freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:43:13 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) freebsd-security@freebsd.org; Sun, 17 Apr 2005 19:43:13 -0600 (MDT) Date: Sun, 17 Apr 2005 18:42:56 -0700 From: Colin Percival In-reply-to: <200504180330.37184.danny@ricin.com> To: Danny Pansters Message-id: <426310A0.7060906@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 01:43:14 -0000 Danny Pansters wrote: > inevitably there will be some 5.X maintanance > release that will go on for a long time. Does anyone really doubt that? I > don't, also consider that 4.X will have to be phased out ASAP (or be prepared > to support 3 system compilers, I don't think so, no one would like that for a > long time). There's not much need for concern IMHO altogether. FreeBSD 4.11 will be supported until at least January 2007. The last FreeBSD 5.x release (whichever it happens to be -- that's for the release engineering team to decide) will be supported for two years from its release date. Colin Percival From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 02:27:57 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41C2916A4CE; Mon, 18 Apr 2005 02:27:57 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9557743D54; Mon, 18 Apr 2005 02:27:56 +0000 (GMT) (envelope-from brett@lariat.org) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.org@lariat.net [65.122.236.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id UAA08843; Sun, 17 Apr 2005 20:27:52 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050417202031.0490ad98@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Sun, 17 Apr 2005 20:27:34 -0600 To: Colin Percival , Danny Pansters From: Brett Glass In-Reply-To: <426310A0.7060906@freebsd.org> References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> <426310A0.7060906@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 02:27:57 -0000 At 07:42 PM 4/17/2005, Colin Percival wrote: >FreeBSD 4.11 will be supported until at least January 2007. Any chance of a 4.12, incorporating some of the last bits that have been brought into 4-STABLE... especially the security fixes? (Since this is the -security list, it seems like a good place to ask.) It'd be nice to have one last uniprocessor version of FreeBSD that's really solid and can be used for many years to come, while SMP is tinkered with and perfected in time for the mass rollout of multicore CPUs. (These CPU will really have "arrived" when they become a standard feature in wide screen multimedia laptops. I expect this to happen in 2007 or so.) --Brett From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 03:25:50 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92A2816A4CE for ; Mon, 18 Apr 2005 03:25:50 +0000 (GMT) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3707043D31 for ; Mon, 18 Apr 2005 03:25:50 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr5so.prod.shaw.ca (pd3mr5so-qfe3.prod.shaw.ca [10.0.141.12])2004))freebsd-security@freebsd.org; Sun, 17 Apr 2005 21:24:40 -0600 (MDT) Received: from pn2ml2so.prod.shaw.ca ([10.0.121.146]) by pd3mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IF400DJXHEM38A0@pd3mr5so.prod.shaw.ca> for freebsd-security@freebsd.org; Sun, 17 Apr 2005 21:23:10 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) freebsd-security@freebsd.org; Sun, 17 Apr 2005 21:23:10 -0600 (MDT) Date: Sun, 17 Apr 2005 20:22:51 -0700 From: Colin Percival In-reply-to: <6.2.1.2.2.20050417202031.0490ad98@localhost> To: Brett Glass Message-id: <4263280B.3010601@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> <426310A0.7060906@freebsd.org> <6.2.1.2.2.20050417202031.0490ad98@localhost> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 03:25:50 -0000 Brett Glass wrote: > At 07:42 PM 4/17/2005, Colin Percival wrote: >>FreeBSD 4.11 will be supported until at least January 2007. > > Any chance of a 4.12, incorporating some of the last bits > that have been brought into 4-STABLE... Unless someone wants to step forward with an offer to pay the salaries of the release engineering team for a few months, I think that a safe answer to this question is "no". > especially the > security fixes? Eh? If the important part is the security fixes, why not just install 4.11 and then apply the security fixes? Colin Percival From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 08:09:53 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B69A16A4CE; Mon, 18 Apr 2005 08:09:53 +0000 (GMT) Received: from lariat.org (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D45343D39; Mon, 18 Apr 2005 08:09:52 +0000 (GMT) (envelope-from brett@lariat.org) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.org@lariat.net [65.122.236.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id CAA10916; Mon, 18 Apr 2005 02:09:47 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <6.2.1.2.2.20050418020749.05761298@localhost> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Mon, 18 Apr 2005 02:09:32 -0600 To: Colin Percival From: Brett Glass In-Reply-To: <4263280B.3010601@freebsd.org> References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> <426310A0.7060906@freebsd.org> <6.2.1.2.2.20050417202031.0490ad98@localhost> <4263280B.3010601@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 08:09:53 -0000 At 09:22 PM 4/17/2005, Colin Percival wrote: >Unless someone wants to step forward with an offer to pay the >salaries of the release engineering team for a few months, The same way they're being paid for their work on other releases? ;-) >Eh? If the important part is the security fixes, why not just >install 4.11 and then apply the security fixes? That's fine for awhile, but there will soon be enough that this will be painful. And it may be a good idea to produce a release containing other code that's been backported from 5.x and 6.x. --Brett Glass From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 10:01:34 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B73B16A4D6; Mon, 18 Apr 2005 10:01:34 +0000 (GMT) Received: from dev.bmby.co.il (l192-114-46-204.broadband.actcom.net.il [192.114.46.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94B9043D53; Mon, 18 Apr 2005 10:01:32 +0000 (GMT) (envelope-from uzi@bmby.com) Received: from [10.0.0.3] ([10.0.0.3]) by dev.bmby.co.il (8.12.9/8.12.9) with ESMTP id j3IA1Tqx025100; Mon, 18 Apr 2005 13:01:29 +0300 Message-ID: <42639379.4010206@bmby.com> Date: Mon, 18 Apr 2005 13:01:13 +0200 From: Uzi Klein User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brett Glass References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> <426310A0.7060906@freebsd.org> <6.2.1.2.2.20050417202031.0490ad98@localhost> <4263280B.3010601@freebsd.org> <6.2.1.2.2.20050418020749.05761298@localhost> In-Reply-To: <6.2.1.2.2.20050418020749.05761298@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org cc: Colin Percival Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 10:01:34 -0000 Brett Glass wrote: > At 09:22 PM 4/17/2005, Colin Percival wrote: > > >>Unless someone wants to step forward with an offer to pay the >>salaries of the release engineering team for a few months, > > > The same way they're being paid for their work on other > releases? ;-) > ouch! > >>Eh? If the important part is the security fixes, why not just >>install 4.11 and then apply the security fixes? > That's what we usually do whenever there's a security fix... I didn't see a new release pops up for after each security fix. > > That's fine for awhile, but there will soon be enough > that this will be painful. And it may be a good idea to > produce a release containing other code that's been backported > from 5.x and 6.x. Sounds interesting, but, while you were asking about SMP, AMD64 etc. that's not backporting, That's kernel handling AFAIK. > > --Brett Glass > -- Uzi Klein B.M.B.Y Software Systems LTD. http://www.bmby.com From owner-freebsd-security@FreeBSD.ORG Mon Apr 18 15:36:04 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A29616A4CE for ; Mon, 18 Apr 2005 15:36:04 +0000 (GMT) Received: from avscan1.sentex.ca (avscan1.sentex.ca [199.212.134.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD54B43D31 for ; Mon, 18 Apr 2005 15:36:03 +0000 (GMT) (envelope-from mike@sentex.net) Received: from localhost (localhost.sentex.ca [127.0.0.1]) by avscan1.sentex.ca (8.12.11/8.12.11) with ESMTP id j3IFa3JX057387; Mon, 18 Apr 2005 11:36:03 -0400 (EDT) (envelope-from mike@sentex.net) Received: from avscan1.sentex.ca ([127.0.0.1]) by localhost (avscan1.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 57098-04; Mon, 18 Apr 2005 11:36:02 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan1.sentex.ca (8.12.11/8.12.11) with ESMTP id j3IFa14E057336; Mon, 18 Apr 2005 11:36:01 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.12.11) with ESMTP id j3IFZse2042031; Mon, 18 Apr 2005 11:35:55 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.1.2.0.20050418113225.04784f40@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Mon, 18 Apr 2005 11:34:28 -0400 To: mail@vickysh.wlink.com.np, freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <200504171417.18458.mail@vickysh.wlink.com.np> References: <200504171417.18458.mail@vickysh.wlink.com.np> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at avscan1b Subject: Re: IPSEC l2tpd and Windows shares problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 15:36:04 -0000 At 04:32 AM 17/04/2005, Vicky Shrestha wrote: >Dear all, > >I am running IPSEC and l2tpd in FreeBSD 4.9. >mtu 1400 >mru 1400 It sounds like you have the PMTU issue covered, but it also sounds like an MTU issue. Can you try and generate some large ping packets and see if they are being fragmented properly ? hping is useful for this as you can toggle the DF bit as well as send non ICMP type packets. Also, are the IPSEC polices all installed properly ? ---Mike From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 13:09:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4963E16A4CE for ; Thu, 21 Apr 2005 13:09:03 +0000 (GMT) Received: from avscan1.sentex.ca (avscan1.sentex.ca [199.212.134.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B32D43D31 for ; Thu, 21 Apr 2005 13:09:02 +0000 (GMT) (envelope-from mike@sentex.net) Received: from localhost (localhost.sentex.ca [127.0.0.1]) by avscan1.sentex.ca (8.12.11/8.12.11) with ESMTP id j3LD91Se062905 for ; Thu, 21 Apr 2005 09:09:01 -0400 (EDT) (envelope-from mike@sentex.net) Received: from avscan1.sentex.ca ([127.0.0.1]) by localhost (avscan1.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 62247-07 for ; Thu, 21 Apr 2005 09:09:01 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan1.sentex.ca (8.12.11/8.12.11) with ESMTP id j3LD91KI062890 for ; Thu, 21 Apr 2005 09:09:01 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.12.11) with ESMTP id j3LD8tUi053253 for ; Thu, 21 Apr 2005 09:08:55 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 21 Apr 2005 09:08:19 -0400 To: freebsd-security@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at avscan1b Subject: Fwd: (KAME-snap 9012) racoon in the kame project X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 13:09:03 -0000 FYI, looks like support for Racoon is ending. Does anyone have any experience with the version in ipsec-tools ? ---Mike >Racoon users, > >This is the announcement that the kame project will quit providing >a key management daemon, the racoon, and that "ipsec-tools" will become >the formal team to release the racoon. >The final release of the racoon in the kame project will be on 4/25. > >Because there were some problem for users currently, > - I did not add new feature. > - I intent to fix security holes and apply patches. > however, it could not be enough done. > - I could not reply your questions, bug reports and > useful suggestions. >I was sorry that it was not enough support for users. I was thinking >that I would not want to make trouble for users anymore. > >There is another racoon as known as "ipsec-tools" in the sourceforge. >It is being developed very actively, is stable than racoon and >implemented radical feature. But it is sometime trouble for users >that double racoons are released. It is also wasteful that development >resource is devided. I was thinking that two racoon could be merged. > >There was an oppotunity having a meeting with some of "ipsec-tools" >developers at the IETF 62th in Minneapolis. I told my thought to >the developers. They willingly agreed with my proposal. > >They told me that they could become the formal support team. So the kame >project decided to quit providing, and supporting racoon. > >If you are interesting in the "ipsec-tools", please visit thier web page, > http://ipsec-tools.sourceforge.net/ >and subscribe to the mailing list by yourself. > http://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > >Thank you up to now, and best regards, > >P.S. >Some people interested in "racoon2". It is still pre-alpha version, >not satisfied with users. I will concentrate developping "racoon2" >to be stable. It needs more than one year at least. > >//Shoichi Sakane -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 03:06:24 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B74BF16A4CE for ; Fri, 22 Apr 2005 03:06:24 +0000 (GMT) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74C7A43D2F for ; Fri, 22 Apr 2005 03:06:23 +0000 (GMT) (envelope-from jesper@hackunite.net) Received: from mail.hackunite.net ([213.112.198.142] [213.112.198.142]) by mxfep02.bredband.com with ESMTP id <20050422030622.QSZV3591.mxfep02.bredband.com@mail.hackunite.net> for ; Fri, 22 Apr 2005 05:06:22 +0200 Received: from [213.112.198.205] (c-cdc670d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.198.205]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.hackunite.net (Postfix) with ESMTP id 177ED60D7 for ; Fri, 22 Apr 2005 05:06:23 +0200 (CEST) Message-ID: <42686A29.7090900@hackunite.net> Date: Fri, 22 Apr 2005 05:06:17 +0200 From: Jesper Wallin User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.hackunite.net Subject: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jesper@hackunite.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 03:06:24 -0000 Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the backbuffer instead of printing a full screen of returns? If it does, I'm not sure how that would effect a user running "clear" on a pty (telnet, sshd, screen, etc) .. Best regards, Jesper Wallin From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 03:49:59 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A63C616A4CE for ; Fri, 22 Apr 2005 03:49:59 +0000 (GMT) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56F3D43D1D for ; Fri, 22 Apr 2005 03:49:59 +0000 (GMT) (envelope-from pergesu@gmail.com) Received: by zproxy.gmail.com with SMTP id 40so754564nzk for ; Thu, 21 Apr 2005 20:49:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d8Je2xIjJhPCRy3eB9OA6AbQppGWB9PCPSCHFIGYhSMqKHk9zMk1ebOHryUWVSz6AwRUk1jIGk84f+8Xo9EStGdPH74YbDXGJrw9LAOrSj25rN5piaiMvQ41UddHZrdAEr0O6bhW1NWIA7Rg97rpeOQXRiH1Bab1kLfV5jPrL1w= Received: by 10.36.36.13 with SMTP id j13mr251438nzj; Thu, 21 Apr 2005 20:49:58 -0700 (PDT) Received: by 10.36.48.9 with HTTP; Thu, 21 Apr 2005 20:49:58 -0700 (PDT) Message-ID: <810a540e05042120493eb79da0@mail.gmail.com> Date: Thu, 21 Apr 2005 21:49:58 -0600 From: Pat Maddox To: freebsd-security@freebsd.org In-Reply-To: <42686A29.7090900@hackunite.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42686A29.7090900@hackunite.net> Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Pat Maddox List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 03:49:59 -0000 No, it's not meant to clear the buffer. If you need to clear the buffer, just cat a really, really long file. On 4/21/05, Jesper Wallin wrote: > Hello, >=20 > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the > backbuffer instead of printing a full screen of returns? If it does, I'm > not sure how that would effect a user running "clear" on a pty (telnet, > sshd, screen, etc) .. >=20 > Best regards, > Jesper Wallin >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" > From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 04:21:57 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6983116A4CE for ; Fri, 22 Apr 2005 04:21:57 +0000 (GMT) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F49A43D41 for ; Fri, 22 Apr 2005 04:21:56 +0000 (GMT) (envelope-from jesper@hackunite.net) Received: from mail.hackunite.net ([213.112.198.142] [213.112.198.142]) by mxfep02.bredband.com with ESMTP <20050422042155.QYBR3591.mxfep02.bredband.com@mail.hackunite.net>; Fri, 22 Apr 2005 06:21:55 +0200 Received: from [213.112.198.205] (c-cdc670d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.198.205]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.hackunite.net (Postfix) with ESMTP id EDAEF60D7; Fri, 22 Apr 2005 06:21:53 +0200 (CEST) Message-ID: <42687BDD.6000008@hackunite.net> Date: Fri, 22 Apr 2005 06:21:49 +0200 From: Jesper Wallin User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Maddox References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> In-Reply-To: <810a540e05042120493eb79da0@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at mail.hackunite.net cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jesper@hackunite.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 04:21:57 -0000 Heh, that sounds more like a ugly hack than a solution if you ask me. Pat Maddox wrote: >No, it's not meant to clear the buffer. If you need to clear the >buffer, just cat a really, really long file. > > > >On 4/21/05, Jesper Wallin wrote: > > >>Hello, >> >>For some reason, I thought little about the "clear" command today.. >>Let's say a privileged user (root) logs on, edit a sensitive file (e.g, >>a file containing a password, running vipw, etc) .. then runs clear and >>logout. Then anyone can press the scroll-lock command, scroll back up >>and read the sensitive information.. Isn't "clear" ment to clear the >>backbuffer instead of printing a full screen of returns? If it does, I'm >>not sure how that would effect a user running "clear" on a pty (telnet, >>sshd, screen, etc) .. >> >>Best regards, >>Jesper Wallin >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> >> >> >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 05:14:24 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC52816A4CE for ; Fri, 22 Apr 2005 05:14:24 +0000 (GMT) Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by mx1.FreeBSD.org (Postfix) with SMTP id 61A6743D46 for ; Fri, 22 Apr 2005 05:14:24 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 33507 invoked from network); 22 Apr 2005 05:14:23 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 22 Apr 2005 05:14:23 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 22 Apr 2005 00:14:21 -0500 (CDT) From: Mike Silbersack To: Jesper Wallin In-Reply-To: <42686A29.7090900@hackunite.net> Message-ID: <20050422001054.V9404@odysseus.silby.com> References: <42686A29.7090900@hackunite.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 05:14:25 -0000 On Fri, 22 Apr 2005, Jesper Wallin wrote: > Hello, > > For some reason, I thought little about the "clear" command today.. Let's say > a privileged user (root) logs on, edit a sensitive file (e.g, a file > containing a password, running vipw, etc) .. then runs clear and logout. Then > anyone can press the scroll-lock command, scroll back up and read the > sensitive information.. Isn't "clear" ment to clear the backbuffer instead of > printing a full screen of returns? If it does, I'm not sure how that would > effect a user running "clear" on a pty (telnet, sshd, screen, etc) .. > > > Best regards, > Jesper Wallin I've often wondered the same thing when connected in via a ssh session. If there was a way to implement this functionality without uglifying the code too much, I don't see why anyone would object to it. But I don't think you're going to get someone else to code it for you. :) Mike "Silby" Silbersack From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 06:17:50 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 719DF16A4CE for ; Fri, 22 Apr 2005 06:17:50 +0000 (GMT) Received: from dfmm.org (treehorn.dfmm.org [66.180.195.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3190843D1D for ; Fri, 22 Apr 2005 06:17:50 +0000 (GMT) (envelope-from freebsd-security@dfmm.org) Received: (qmail 1717 invoked by uid 1000); 22 Apr 2005 06:17:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Apr 2005 06:17:50 -0000 Date: Thu, 21 Apr 2005 23:17:50 -0700 (PDT) From: freebsd-security@dfmm.org X-X-Sender: jason@treehorn.dfmm.org To: freebsd-security@freebsd.org In-Reply-To: <20050422001054.V9404@odysseus.silby.com> Message-ID: <20050421230714.N97728@treehorn.dfmm.org> References: <42686A29.7090900@hackunite.net> <20050422001054.V9404@odysseus.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: Jesper Wallin Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 06:17:50 -0000 > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the I've thought about this also - I think that if it's really a concern, the thing to do is to just disable the kernel-level text console scrollback completely and use screen(1) or something similar for those times when you do want scrollback. alternatively, alias clear='for i in {1..SC_HISTORY_SIZE} ; do echo "" ; done' -Jason From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 06:19:25 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC4CA16A4CE for ; Fri, 22 Apr 2005 06:19:25 +0000 (GMT) Received: from Neo-Vortex.net (203-173-19-223.dyn.iinet.net.au [203.173.19.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96DAB43D41 for ; Fri, 22 Apr 2005 06:19:24 +0000 (GMT) (envelope-from root@Neo-Vortex.net) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.net (8.13.1/8.12.10) with ESMTP id j3M6JMNg012902; Fri, 22 Apr 2005 16:19:22 +1000 (EST) (envelope-from root@Neo-Vortex.net) Date: Fri, 22 Apr 2005 16:19:22 +1000 (EST) From: Neo-Vortex To: Jesper Wallin In-Reply-To: <42686A29.7090900@hackunite.net> Message-ID: <20050422161428.X11893@Neo-Vortex.net> References: <42686A29.7090900@hackunite.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 06:19:25 -0000 i had the same thing, although i wanted it for all logouts, my hack works fairly well unless you use telnet or serial consoles, but works fine for the normal console and ssh :) edit /etc/gettytab and there should be a line that looks like this: default:\ :cb:ce:ck:lc:fd#1000:im=\ :if=/etc/issue: pretty much, change it to look like this default:\ :cb:ce:ck:lc:fd#1000:im=\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\f\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ :if=/etc/issue: (sorry if it looks ugly on some systems :P) but yeah, just fill it up with \r\n - if you use telnet or a serial console, when it shows the logon screen you have a long wait... but for the console its fine :) clears when you logout (i think you have to send signal 1 to init) or just reboot also, clear just sends a \f - or was it \l, i forgot wich clears it, it dosent send a screenful of new lines :) ~Neo-Vortex On Fri, 22 Apr 2005, Jesper Wallin wrote: > Hello, > > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the > backbuffer instead of printing a full screen of returns? If it does, I'm > not sure how that would effect a user running "clear" on a pty (telnet, > sshd, screen, etc) .. > > > Best regards, > Jesper Wallin > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 12:37:23 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CACE716A4CE for ; Fri, 22 Apr 2005 12:37:23 +0000 (GMT) Received: from mail24.sea5.speakeasy.net (mail24.sea5.speakeasy.net [69.17.117.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AC5743D31 for ; Fri, 22 Apr 2005 12:37:23 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: (qmail 7029 invoked from network); 22 Apr 2005 12:37:21 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail24.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 22 Apr 2005 12:37:21 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id B7D2854; Fri, 22 Apr 2005 08:37:20 -0400 (EDT) Sender: lowell@be-well.ilk.org To: jesper@hackunite.net References: <42686A29.7090900@hackunite.net> From: Lowell Gilbert Date: 22 Apr 2005 08:37:20 -0400 In-Reply-To: <42686A29.7090900@hackunite.net> Message-ID: <441x93vvgf.fsf@be-well.ilk.org> Lines: 16 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 12:37:23 -0000 Jesper Wallin writes: > For some reason, I thought little about the "clear" command > today.. Let's say a privileged user (root) logs on, edit a sensitive > file (e.g, a file containing a password, running vipw, etc) .. then > runs clear and logout. Then anyone can press the scroll-lock command, > scroll back up and read the sensitive information.. Isn't "clear" ment > to clear the backbuffer instead of printing a full screen of returns? That might have made sense, but it's never been the case. clear(1) is meant and documented to execute the "clear_screen" termcap sequence. If you want to clear the history buffer, just use vidcontrol(1). It has options to clear or change the size of the history buffer, and it is already specific to syscons(4), so it doesn't need to be as general as termcap(5). From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 13:56:02 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFC7716A4CE for ; Thu, 21 Apr 2005 13:56:02 +0000 (GMT) Received: from gta.com (mailgate.gta.com [199.120.225.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 5BA0C43D2D for ; Thu, 21 Apr 2005 13:56:02 +0000 (GMT) (envelope-from lab@gta.com) Received: (qmail 2719 invoked by uid 1000); 21 Apr 2005 13:56:01 -0000 Date: 21 Apr 2005 13:56:01 -0000 Message-ID: <20050421135601.2718.qmail@gta.com> From: Larry Baird To: mike@sentex.net (Mike Tancsa) In-Reply-To: <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2> X-Newsgroups: freebsd.security User-Agent: tin/1.5.9-20010723 ("Chord of Souls") (UNIX) (FreeBSD/4.10-RELEASE (i386)) X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000 cc: freebsd-security@freebsd.org Subject: Re: Fwd: (KAME-snap 9012) racoon in the kame project X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 13:56:03 -0000 In article <6.2.1.2.0.20050421090724.04cc1668@64.7.153.2> you wrote: > FYI, looks like support for Racoon is ending. Does anyone have any > experience with the version in ipsec-tools ? I have been using it with FreeBSD 4.11. The only issues I have ran into is that some of its debug messages use %zu and %zd. The %z isn't know by 4.x libc and causes a core dump. This issue is easily fixed with sed. Since 5.x know about %z, this should be a non-issue for more current versions of FreeBSD. The ipsec-tools version has support for NAT-T if the kernel has support. There exist patches for use with the IPSEC option of 4.x at ipsec-tools source forge site. Yesterday I posted updated patches to support FAST_IPSEC under 4.11. I had made patches for 5.x but accidently clobered them. The port is very straight forward. To save you some time looking for them, The FreeBSD kernel patches can be found here: http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/htdocs/ Larry -- ------------------------------------------------------------------------ Larry Baird | http://www.gta.com Global Technology Associates, Inc. | Orlando, FL Email: lab@gta.com | TEL 407-380-0220, FAX 407-380-6080 From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 04:23:32 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02E3A16A4CE for ; Fri, 22 Apr 2005 04:23:32 +0000 (GMT) Received: from deliver.epitech.net (deliver.epitech.net [163.5.255.125]) by mx1.FreeBSD.org (Postfix) with SMTP id 1DC1243D41 for ; Fri, 22 Apr 2005 04:23:31 +0000 (GMT) (envelope-from bevand_m@epita.fr) Received: from epita.fr ([163.5.255.10]) by deliver.epitech.net (SMSSMTP 4.0.0.59) with SMTP id M2005042206232608547 ; Fri, 22 Apr 2005 06:23:26 +0200 Received: from faya (faya.epita.fr [10.42.15.23]) by epita.fr id j3M4NSD24951 Fri, 22 Apr 2005 06:23:28 +0200 (CEST) Date: Fri, 22 Apr 2005 06:23:28 +0200 From: Marc Bevand To: Pat Maddox Message-ID: <20050422042328.GA10196@faya.epita.fr> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <810a540e05042120493eb79da0@mail.gmail.com> User-Agent: Mutt/1.4i X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000 cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 04:23:32 -0000 Pat Maddox wrote: | No, it's not meant to clear the buffer. If you need to clear the | buffer, just cat a really, really long file. In this case, running yes(1) is more convenient. -- Marc Bevand http://epita.fr/~bevand_m Computer Science School EPITA - System, Network and Security Dept. From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 10:20:39 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81A7F16A4E3 for ; Fri, 22 Apr 2005 10:20:39 +0000 (GMT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F25E43D58 for ; Fri, 22 Apr 2005 10:20:25 +0000 (GMT) (envelope-from dean@dragon.stack.nl) Received: from dragon.stack.nl (dragon.stack.nl [IPv6:2001:610:1108:5011:207:e9ff:fe09:230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.stack.nl (Postfix) with ESMTP id 3D4B81F31F; Fri, 22 Apr 2005 12:20:24 +0200 (CEST) Received: by dragon.stack.nl (Postfix, from userid 1600) id 160875F157; Fri, 22 Apr 2005 12:20:24 +0200 (CEST) Date: Fri, 22 Apr 2005 12:20:24 +0200 From: Dean Strik To: Jesper Wallin Message-ID: <20050422102023.GA81889@dragon.stack.nl> References: <42686A29.7090900@hackunite.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42686A29.7090900@hackunite.net> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.9i X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000 cc: freebsd-security@freebsd.org Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 10:20:39 -0000 Jesper Wallin wrote: > For some reason, I thought little about the "clear" command today.. > Let's say a privileged user (root) logs on, edit a sensitive file (e.g, > a file containing a password, running vipw, etc) .. then runs clear and > logout. Then anyone can press the scroll-lock command, scroll back up > and read the sensitive information.. Isn't "clear" ment to clear the > backbuffer instead of printing a full screen of returns? If it does, I'm > not sure how that would effect a user running "clear" on a pty (telnet, > sshd, screen, etc) .. vidcontrol -C ; clear -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 11:52:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDE2516A4CE for ; Fri, 22 Apr 2005 11:52:03 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE1C943D41 for ; Fri, 22 Apr 2005 11:52:02 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226])j3MBopZm016357; Fri, 22 Apr 2005 14:50:51 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) j3MBq01R062659; Fri, 22 Apr 2005 14:52:00 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost)j3MBq0t6062652; Fri, 22 Apr 2005 14:52:00 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Fri, 22 Apr 2005 14:52:00 +0300 From: Giorgos Keramidas To: Jesper Wallin Message-ID: <20050422115200.GA58483@orion.daedalusnetworks.priv> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> <42687BDD.6000008@hackunite.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42687BDD.6000008@hackunite.net> X-Mailman-Approved-At: Fri, 22 Apr 2005 13:45:39 +0000 cc: freebsd-security@freebsd.org cc: Pat Maddox Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 11:52:03 -0000 On 2005-04-22 06:21, Jesper Wallin wrote: >Pat Maddox wrote: >>On 4/21/05, Jesper Wallin wrote: >>>Hello, >>>For some reason, I thought little about the "clear" command today.. >>>Let's say a privileged user (root) logs on, edit a sensitive file >>>(e.g, a file containing a password, running vipw, etc) .. then runs >>>clear and logout. Then anyone can press the scroll-lock command, >>>scroll back up and read the sensitive information.. Isn't "clear" >>>ment to clear the backbuffer instead of printing a full screen of >>>returns? If it does, I'm not sure how that would effect a user >>>running "clear" on a pty (telnet, sshd, screen, etc) .. >> >>No, it's not meant to clear the buffer. If you need to clear the >>buffer, just cat a really, really long file. > > Heh, that sounds more like a ugly hack than a solution if you ask me. Who has physical access to your consoles and why? Putting "deliberate paranoia" aside for a while, you can always _force_ the syscons buffer to be cleared by toggling between a couple of different video modes: # vidcontrol 80x30 ; vidcontrol 80x25 ; clear ; logout From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 14:47:42 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD5F616A4CE; Fri, 22 Apr 2005 14:47:42 +0000 (GMT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 398EF43D69; Fri, 22 Apr 2005 14:47:42 +0000 (GMT) (envelope-from dean@dragon.stack.nl) Received: from dragon.stack.nl (dragon.stack.nl [IPv6:2001:610:1108:5011:207:e9ff:fe09:230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.stack.nl (Postfix) with ESMTP id 4AF291F3D6; Fri, 22 Apr 2005 16:47:41 +0200 (CEST) Received: by dragon.stack.nl (Postfix, from userid 1600) id 185585F157; Fri, 22 Apr 2005 16:47:41 +0200 (CEST) Date: Fri, 22 Apr 2005 16:47:41 +0200 From: Dean Strik To: Giorgos Keramidas Message-ID: <20050422144740.GB81889@dragon.stack.nl> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> <42687BDD.6000008@hackunite.net> <20050422115200.GA58483@orion.daedalusnetworks.priv> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050422115200.GA58483@orion.daedalusnetworks.priv> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.9i cc: freebsd-security@freebsd.org cc: Pat Maddox cc: Jesper Wallin Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 14:47:42 -0000 Giorgos Keramidas wrote: > Putting "deliberate paranoia" aside for a while, you can always _force_ > the syscons buffer to be cleared by toggling between a couple of > different video modes: > > # vidcontrol 80x30 ; vidcontrol 80x25 ; clear ; logout vidcontrol -C is simpler and actually works :-) Changing the videomodes doesn't generally clear the buffer. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 15:09:49 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B554816A4CE for ; Fri, 22 Apr 2005 15:09:49 +0000 (GMT) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C24343D49 for ; Fri, 22 Apr 2005 15:09:48 +0000 (GMT) (envelope-from keramida@linux.gr) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226])j3MF8amX024708; Fri, 22 Apr 2005 18:08:36 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) j3MF9kSG052300; Fri, 22 Apr 2005 18:09:46 +0300 (EEST) (envelope-from keramida@linux.gr) Received: (from keramida@localhost)j3MF9jUs052299; Fri, 22 Apr 2005 18:09:45 +0300 (EEST) (envelope-from keramida@linux.gr) Date: Fri, 22 Apr 2005 18:09:45 +0300 From: Giorgos Keramidas To: Dean Strik Message-ID: <20050422150945.GA52260@orion.daedalusnetworks.priv> References: <42686A29.7090900@hackunite.net> <810a540e05042120493eb79da0@mail.gmail.com> <42687BDD.6000008@hackunite.net> <20050422115200.GA58483@orion.daedalusnetworks.priv> <20050422144740.GB81889@dragon.stack.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050422144740.GB81889@dragon.stack.nl> cc: freebsd-security@freebsd.org cc: Pat Maddox cc: Jesper Wallin Subject: Re: Information disclosure? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 15:09:49 -0000 On 2005-04-22 16:47, Dean Strik wrote: >Giorgos Keramidas wrote: >> Putting "deliberate paranoia" aside for a while, you can always _force_ >> the syscons buffer to be cleared by toggling between a couple of >> different video modes: >> >> # vidcontrol 80x30 ; vidcontrol 80x25 ; clear ; logout > > vidcontrol -C is simpler and actually works :-) > Changing the videomodes doesn't generally clear the buffer. True. I should have checked more carefully before posting. Sorry :/ From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 18:50:00 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6874916A4D2; Fri, 22 Apr 2005 18:50:00 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B69443D5A; Fri, 22 Apr 2005 18:49:59 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3MInxIN057048; Fri, 22 Apr 2005 18:49:59 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3MInxLm057047; Fri, 22 Apr 2005 18:49:59 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 22 Apr 2005 18:49:59 GMT Message-Id: <200504221849.j3MInxLm057047@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-05:05.cvs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 18:50:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:05.cvs Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in CVS Category: contrib Module: cvs Announced: 2005-04-22 Credits: Alen Zukich Affects: All FreeBSD 4.x releases All FreeBSD 5.x releases prior to 5.4-RELEASE Corrected: 2005-04-22 18:01:04 UTC (RELENG_5, 5.4-STABLE) 2005-04-22 18:03:18 UTC (RELENG_5_4, 5.4-RELEASE) 2005-04-22 18:07:10 UTC (RELENG_5_3, 5.3-RELEASE-p10) 2005-04-22 18:13:30 UTC (RELENG_4, 4.11-STABLE) 2005-04-22 18:17:22 UTC (RELENG_4_11, 4.11-RELEASE-p4) 2005-04-22 18:16:15 UTC (RELENG_4_10, 4.10-RELEASE-p9) CVE Name: CAN-2005-0753 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Concurrent Versions System (CVS) is a version control system. It may be used to access a repository locally, or to access a `remote repository' using a number of different methods. When accessing a remote repository, the target machine runs the CVS server to fulfill client requests. II. Problem Description Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks. III. Impact CVS servers ("cvs server" or :pserver: modes) are affected by these problems. The buffer overflow may potentially be exploited to execute arbitrary code on the CVS server, either in the context of the authenticated user or in the context of the CVS server, depending on the access method used. The other errors may lead to a denial of service. IV. Workaround No workaround is available for cvs servers; cvs clients are unaffected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, and 5.3 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.10] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch.asc [FreeBSD 4.11 and 5.3] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/gnu/usr.bin/cvs # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/cvs/src/login.c 1.3.2.6 src/contrib/cvs/src/patch.c 1.1.1.7.2.7 src/contrib/cvs/src/rcs.c 1.19.2.7 RELENG_4_11 src/UPDATING 1.73.2.91.2.5 src/sys/conf/newvers.sh 1.44.2.39.2.8 src/contrib/cvs/src/login.c 1.3.2.5.2.1 src/contrib/cvs/src/patch.c 1.1.1.7.2.6.2.1 src/contrib/cvs/src/rcs.c 1.19.2.6.2.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.10 src/sys/conf/newvers.sh 1.44.2.34.2.11 src/contrib/cvs/src/login.c 1.3.2.4.6.1 src/contrib/cvs/src/patch.c 1.1.1.7.2.5.6.1 src/contrib/cvs/src/rcs.c 1.19.2.5.6.1 RELENG_5 src/contrib/cvs/src/login.c 1.8.2.1 src/contrib/cvs/src/patch.c 1.1.1.13.2.1 src/contrib/cvs/src/rcs.c 1.27.2.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.4 src/contrib/cvs/src/login.c 1.8.6.1 src/contrib/cvs/src/patch.c 1.1.1.13.6.1 src/contrib/cvs/src/rcs.c 1.27.6.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.13 src/sys/conf/newvers.sh 1.62.2.15.2.15 src/contrib/cvs/src/login.c 1.8.4.1 src/contrib/cvs/src/patch.c 1.1.1.13.4.1 src/contrib/cvs/src/rcs.c 1.27.4.1 - ------------------------------------------------------------------------- VII. References http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 http://secunia.com/advisories/14976/ http://xforce.iss.net/xforce/xfdb/20148 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCaUaaFdaIBMps37IRAvkoAJ47xsv+CGE12jJxGRMZrS8nFgx9XQCfVs5W ZqGIq4p/ylx2yUZvZTjh34o= =ldk9 -----END PGP SIGNATURE-----