From owner-freebsd-security@FreeBSD.ORG Mon May 2 02:50:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E21F916A4CE for ; Mon, 2 May 2005 02:50:03 +0000 (GMT) Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC1B443D3F for ; Mon, 2 May 2005 02:50:03 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by cyrus.watson.org (Postfix) with ESMTP id 6339746B92 for ; Sun, 1 May 2005 22:50:03 -0400 (EDT) Date: Mon, 2 May 2005 03:53:07 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-security@FreeBSD.org Message-ID: <20050502035238.N78953@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: FYI: TrustedBSD at BSDCan (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 02:50:04 -0000 FYI for those attending BSDCan and interested in some of the security feature development going on for FreeBSD right now... Robert N M Watson ---------- Forwarded message ---------- Date: Thu, 28 Apr 2005 21:39:31 +0100 (BST) From: Robert Watson To: trustedbsd-discuss@TrustedBSD.org Subject: FYI: TrustedBSD at BSDCan Mentioned in an earlier e-mail, but here it is more specifically -- several members of the TrustedBSD team will be at BSDCan in mid-May. You can learn more about the conference at: http://www.bsdcan.org/ This is a pretty neat technical conference relating to *BSD -- very grass roots, and good content. Based on last year's experience, I can recommend it highly! We'll be presenting on two topics: - The Darwin/FreeBSD/OpenBSM audit implementation -- what it does, how it works, why you should care, etc. We'll be doing the first formal OpenBSM release shortly before the conference. - A presentation on the SEBSD work -- the port of the SELinux FLASK/TE implementation to FreeBSD, and experimental work to bring it to Darwin. This will contain some background on the TrustedBSD MAC Framework, what SEBSD does, how we adapted it for FreeBSD, and some ways you can use it. Among other people, Chris Vance, Scott Long, Tom Rhodes, Matthew Dodd, Christian Peron, and I will be there. We'll be participating in the FreeBSD developer summit, conference proceedings, BoFs, and maybe get a WIP or two in, and so on. Hope to see you there also! Robert N M Watson To Unsubscribe: send mail to majordomo@trustedbsd.org with "unsubscribe trustedbsd-discuss" in the body of the message From owner-freebsd-security@FreeBSD.ORG Mon May 2 23:24:10 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A69DA16A4CE for ; Mon, 2 May 2005 23:24:10 +0000 (GMT) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BD8B43D66 for ; Mon, 2 May 2005 23:24:07 +0000 (GMT) (envelope-from bra@fsn.hu) Received: from localhost (localhost [127.0.0.1]) by people.fsn.hu (Postfix) with ESMTP id 4DF418441F; Tue, 3 May 2005 01:24:06 +0200 (CEST) Received: from people.fsn.hu ([127.0.0.1]) by localhost (people.fsn.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 64504-03-2; Tue, 3 May 2005 01:23:59 +0200 (CEST) Received: from [172.16.129.72] (japan.axelero.com [195.228.243.99]) by people.fsn.hu (Postfix) with ESMTP id B7B0C84408; Tue, 3 May 2005 01:23:59 +0200 (CEST) Message-ID: <4276B68F.4020806@fsn.hu> Date: Tue, 03 May 2005 01:23:59 +0200 From: Attila Nagy User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050325) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Avleen Vig References: <20050412213328.GC1953@lava.net> <6.2.1.2.2.20050417185631.05349ee0@localhost> <200504180330.37184.danny@ricin.com> <20050426020924.GX29262@silverwraith.com> In-Reply-To: <20050426020924.GX29262@silverwraith.com> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at fsn.hu cc: freebsd-security@freebsd.org cc: Danny Pansters Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 23:24:10 -0000 Avleen Vig wrote: > Why don't we just skip 6 and name it "FreeBSD X" or "FreeBSD 10" ? Yeah, FreeBSD X with Sendmail X, codename: "Vaporware" :) -- Attila Nagy e-mail: Attila.Nagy@fsn.hu Adopt a directory on our free software phone @work: +361 371 3536 server! http://www.fsn.hu/?f=brick cell.: +3630 306 6758 From owner-freebsd-security@FreeBSD.ORG Tue May 3 00:40:52 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51E7516A4CE for ; Tue, 3 May 2005 00:40:52 +0000 (GMT) Received: from smtpq2.home.nl (smtpq2.home.nl [213.51.128.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8380D43D78 for ; Tue, 3 May 2005 00:40:51 +0000 (GMT) (envelope-from danny@ricin.com) Received: from [213.51.128.135] (port=46253 helo=smtp4.home.nl) by smtpq2.home.nl with esmtp (Exim 4.30) id 1DSlT0-0003Ly-A0; Tue, 03 May 2005 02:40:50 +0200 Received: from cp464173-a.dbsch1.nb.home.nl ([84.27.215.228]:53042 helo=desktop.homenet) by smtp4.home.nl with esmtp (Exim 4.30) id 1DSlSv-0004Li-Pq; Tue, 03 May 2005 02:40:45 +0200 From: Danny Pansters To: Attila Nagy Date: Tue, 3 May 2005 02:40:06 +0200 User-Agent: KMail/1.8 References: <20050412213328.GC1953@lava.net> <20050426020924.GX29262@silverwraith.com> <4276B68F.4020806@fsn.hu> In-Reply-To: <4276B68F.4020806@fsn.hu> X-Face: "0Qv=,p:+]LvuqrtS4U\z3k"qN=.1]@=?utf-8?q?=258=3F=3BPoab=23v=27F=7E=0A=09!Wm=5Fe-=24=7EL=5D=3B?=>[c*L^Qoladj)x@mH}Bqz"vLO?Zdl}[@V@=?utf-8?q?U=3Fx3=23lI=3A=0A=09=24DN=7E!Hr?=@K`-mNv"zXm MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200505030240.06714.danny@ricin.com> X-AtHome-MailScanner-Information: Please contact support@home.nl for more information X-AtHome-MailScanner: Found to be clean cc: freebsd-security@freebsd.org Subject: Re: Will 5.4 be an "Extended Life" release? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 00:40:52 -0000 On Tuesday 03 May 2005 01:23, you wrote: > Avleen Vig wrote: > > Why don't we just skip 6 and name it "FreeBSD X" or "FreeBSD 10" ? > > Yeah, FreeBSD X with Sendmail X, codename: "Vaporware" :) More like FreeBSDc^c which would mean c^c = (cc)^0.5c which are still lots of cc's for any moderate value of c. In other words, stop CCing me! :) Dan From owner-freebsd-security@FreeBSD.ORG Fri May 6 03:02:59 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24B2B16A4CF; Fri, 6 May 2005 03:02:59 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB67A43D93; Fri, 6 May 2005 03:02:58 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4632wlH089070; Fri, 6 May 2005 03:02:58 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4632wot089068; Fri, 6 May 2005 03:02:58 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 6 May 2005 03:02:58 GMT Message-Id: <200505060302.j4632wot089068@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-05:06.iir X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 03:02:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:06.iir Security Advisory The FreeBSD Project Topic: Incorrect permissions on /dev/iir Category: core Module: sys_dev Announced: 2005-05-06 Credits: Christian S.J. Peron Affects: All FreeBSD 4.x releases since 4.6-RELEASE All FreeBSD 5.x releases prior to 5.4-RELEASE Corrected: 2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE) 2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE) 2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11) 2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE) 2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5) 2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10) CVE Name: CAN-2005-1399 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The iir(4) driver provides support for the Intel Integrated RAID controllers and ICP Vortex RAID controllers. II. Problem Description The default permissions on the /dev/iir device node allow unprivileged local users to open the device and execute ioctl calls. III. Impact Unprivileged local users can send commands to the hardware supported by the iir(4) driver, allowing destruction of data and possible disclosure of data. IV. Workaround Systems without hardware supported by the iir(4) driver are not affected by this issue. On systems which are affected, as a workaround, the permissions on /dev/iir can be changed manually. As root, execute the following command: # chmod 0600 /dev/iir* On 5.x, the following commands are also needed to ensure that the correct permissions are used after rebooting. # echo 'perm iir* 0600' >> /etc/devfs.conf # echo 'devfs_enable="YES"' >> /etc/rc.conf If the administrator has created additional device nodes, or mounted additional instances of devfs(5) elsewhere in the file system name space, attention should be paid to ensure that either the iir device node is not visible in those name spaces, or is similarly protected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, and 5.3 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/dev/iir/iir_ctrl.c 1.2.2.5 RELENG_4_11 src/UPDATING 1.73.2.91.2.6 src/sys/conf/newvers.sh 1.44.2.39.2.9 src/sys/dev/iir/iir_ctrl.c 1.2.2.4.12.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.11 src/sys/conf/newvers.sh 1.44.2.34.2.12 src/sys/dev/iir/iir_ctrl.c 1.2.2.4.10.1 RELENG_5 src/sys/dev/iir/iir_ctrl.c 1.15.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.5 src/sys/dev/iir/iir_ctrl.c 1.15.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.14 src/sys/conf/newvers.sh 1.62.2.15.2.16 src/sys/dev/iir/iir_ctrl.c 1.15.4.1 - ------------------------------------------------------------------------- The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD4DBQFCetz4FdaIBMps37IRAvyMAJjeLAyi4DGQGV3J5Ay+zzt5z4awAKCQ2Z9f Hh/14bkUQqNXbUTAXEUBrw== =HFZ7 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri May 6 03:03:14 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2F9016A589; Fri, 6 May 2005 03:03:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9166843D82; Fri, 6 May 2005 03:03:13 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4633DM9089120; Fri, 6 May 2005 03:03:13 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4633DuA089117; Fri, 6 May 2005 03:03:13 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 6 May 2005 03:03:13 GMT Message-Id: <200505060303.j4633DuA089117@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-05:07.ldt X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 03:03:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:07.ldt Security Advisory The FreeBSD Project Topic: Local kernel memory disclosure in i386_get_ldt Category: core Module: sys_i386 Announced: 2005-05-06 Credits: Christer Oberg Affects: All FreeBSD/i386 4.x releases since 4.7-RELEASE All FreeBSD/i386 5.x and FreeBSD/amd64 5.x releases prior to 5.4-RELEASE Corrected: 2005-05-06 02:40:19 UTC (RELENG_5, 5.4-STABLE) 2005-05-06 02:40:49 UTC (RELENG_5_4, 5.4-RELEASE) 2005-05-06 02:40:32 UTC (RELENG_5_3, 5.3-RELEASE-p12) 2005-05-06 02:39:35 UTC (RELENG_4, 4.11-STABLE) 2005-05-06 02:40:05 UTC (RELENG_4_11, 4.11-RELEASE-p6) 2005-05-06 02:39:52 UTC (RELENG_4_10, 4.10-RELEASE-p11) CVE Name: CAN-2005-1400 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The i386_get_ldt(2) system call allows a process to request that a portion of its Local Descriptor Table be copied from the kernel into userland. II. Problem Description The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel. III. Impact Kernel memory may be disclosed to the user process. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password. IV. Workaround No workaround is known for i386 and amd64 systems; other platforms are not affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, and 5.3 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc [FreeBSD 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/i386/i386/sys_machdep.c 1.47.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.7 src/sys/conf/newvers.sh 1.44.2.39.2.10 src/sys/i386/i386/sys_machdep.c 1.47.2.3.8.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.12 src/sys/conf/newvers.sh 1.44.2.34.2.13 src/sys/i386/i386/sys_machdep.c 1.47.2.3.6.1 RELENG_5 src/sys/i386/i386/sys_machdep.c 1.92.2.3 RELENG_5_4 src/UPDATING 1.342.2.24.2.6 src/sys/i386/i386/sys_machdep.c 1.92.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.15 src/sys/conf/newvers.sh 1.62.2.15.2.17 src/sys/i386/i386/sys_machdep.c 1.92.4.1 - ------------------------------------------------------------------------- The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCetz/FdaIBMps37IRAsGyAJ0e/186b85KV2w0iqXy+eZe4aoGMwCfSlRm TqqVUL/yrYbXxlyzJZNEjPs= =/YXX -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri May 6 03:03:23 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 935FC16A4D5; Fri, 6 May 2005 03:03:23 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A1D543D2F; Fri, 6 May 2005 03:03:23 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4633NK3089162; Fri, 6 May 2005 03:03:23 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4633Nif089160; Fri, 6 May 2005 03:03:23 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 6 May 2005 03:03:23 GMT Message-Id: <200505060303.j4633Nif089160@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Subject: FreeBSD Security Advisory FreeBSD-SA-05:08.kmem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 03:03:23 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:08.kmem Security Advisory The FreeBSD Project Topic: Local kernel memory disclosure Category: core Module: sys Announced: 2005-05-06 Credits: Christian S.J. Peron Affects: All FreeBSD releases prior to 5.4-RELEASE Corrected: 2005-05-06 02:50:00 UTC (RELENG_5, 5.4-STABLE) 2005-05-06 02:51:10 UTC (RELENG_5_4, 5.4-RELEASE) 2005-05-06 02:50:35 UTC (RELENG_5_3, 5.3-RELEASE-p13) 2005-05-06 02:48:46 UTC (RELENG_4, 4.11-STABLE) 2005-05-06 02:49:35 UTC (RELENG_4_11, 4.11-RELEASE-p7) 2005-05-06 02:49:08 UTC (RELENG_4_10, 4.10-RELEASE-p12) CVE Name: CAN-2005-1406 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background In many parts of the FreeBSD kernel, names (of mount points, devices, files, etc.) are manipulated as NULL-terminated strings, but are provided to applications within fixed-length buffers. II. Problem Description In several places, variable-length strings were copied into fixed-length buffers without zeroing the unused portion of the buffer. III. Impact The previous contents of part of the fixed-length buffers will be disclosed to applications. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, and 5.3 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch.asc [FreeBSD 5.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/kern/vfs_subr.c 1.249.2.32 src/sys/net/if_mib.c 1.8.2.3 src/sys/netinet/ip_divert.c 1.42.2.8 src/sys/netinet/raw_ip.c 1.64.2.20 src/sys/netinet/udp_usrreq.c 1.64.2.20 RELENG_4_11 src/UPDATING 1.72.2.91.2.8 src/sys/conf/newvers.sh 1.44.2.39.2.11 src/sys/kern/vfs_subr.c 1.249.2.31.6.1 src/sys/net/if_mib.c 1.8.2.2.2.1 src/sys/netinet/ip_divert.c 1.42.2.7.2.1 src/sys/netinet/raw_ip.c 1.64.2.19.2.1 src/sys/netinet/udp_usrreq.c 1.64.2.19.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.13 src/sys/conf/newvers.sh 1.44.2.34.2.14 src/sys/kern/vfs_subr.c 1.249.2.31.4.1 src/sys/net/if_mib.c 1.8.2.1.16.2 src/sys/netinet/ip_divert.c 1.42.2.6.6.1 src/sys/netinet/raw_ip.c 1.64.2.18.4.1 src/sys/netinet/udp_usrreq.c 1.64.2.19.4.1 RELENG_5 src/sys/kern/subr_bus.c 1.156.2.7 src/sys/kern/vfs_subr.c 1.522.2.5 src/sys/net/if_mib.c 1.13.4.2 src/sys/netinet/ip_divert.c 1.98.2.3 src/sys/netinet/raw_ip.c 1.142.2.5 src/sys/netinet/udp_usrreq.c 1.162.2.8 RELENG_5_4 src/UPDATING 1.342.2.24.2.7 src/sys/kern/subr_bus.c 1.156.2.5.2.1 src/sys/kern/vfs_subr.c 1.522.2.4.2.1 src/sys/net/if_mib.c 1.13.4.1.2.1 src/sys/netinet/ip_divert.c 1.98.2.2.2.1 src/sys/netinet/raw_ip.c 1.142.2.4.2.1 src/sys/netinet/udp_usrreq.c 1.162.2.7.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.16 src/sys/conf/newvers.sh 1.62.2.15.2.18 src/sys/kern/subr_bus.c 1.156.2.2.2.1 src/sys/kern/vfs_subr.c 1.522.2.1.2.1 src/sys/net/if_mib.c 1.13.6.1 src/sys/netinet/ip_divert.c 1.98.4.1 src/sys/netinet/raw_ip.c 1.142.2.2.2.1 src/sys/netinet/udp_usrreq.c 1.162.2.3.2.1 - ------------------------------------------------------------------------- The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCet0HFdaIBMps37IRAvxIAJ9iM61VUlJNE8x/yNjjiSJkb3KZ3QCgnbIm SnJAg6SOw/yfRDHoxiKwRIM= =yN6p -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri May 6 09:56:26 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F02F16A4CE for ; Fri, 6 May 2005 09:56:26 +0000 (GMT) Received: from gen129.n001.c02.escapebox.net (gen129.n001.c02.escapebox.net [213.73.91.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFBD143D67 for ; Fri, 6 May 2005 09:56:25 +0000 (GMT) (envelope-from gemini@geminix.org) Message-ID: <427B3F46.8050607@geminix.org> Date: Fri, 06 May 2005 11:56:22 +0200 From: Uwe Doering Organization: Private UNIX Site User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050501 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200505060303.j4633Nif089160@freefall.freebsd.org> In-Reply-To: <200505060303.j4633Nif089160@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Received: from gemini by geminix.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50 (FreeBSD)) id 1DTzZH-000Eeq-NZ; Fri, 06 May 2005 11:56:24 +0200 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:08.kmem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 09:56:26 -0000 FreeBSD Security Advisories wrote: > [...] > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 4.x] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch.asc Among other things 'kmem4.patch' deals with zeroing a "struct xinpcb" variable, allocated on the stack, in div_pcblist(), rip_pcblist() and udp_pcblist(). Identical code in all three cases: inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ bcopy(inp, &xi.xi_inp, sizeof *inp); However, isn't there a similar case in tcp_pcblist()? Only that this time a "struct xtcpcb" variable is concerned. It isn't guaranteed to be completely initialized, either. Especially since it has the same kind of explicit alignment padding at the end as "struct xinpcb" which cannot be expected to become initialized in the course of data assignment in any case. Here's the relevant part at line 897 in 'tcp_subr.c' (RELENG_4): inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xtcpcb xt; caddr_t inp_ppcb; xt.xt_len = sizeof xt; /* XXX should avoid extra copy */ bcopy(inp, &xt.xt_inp, sizeof *inp); I'd think that the appropriate patch would therefore look like this: inp = inp_list[i]; if (inp->inp_gencnt <= gencnt) { struct xtcpcb xt; caddr_t inp_ppcb; + bzero(&xt, sizeof(xt)); xt.xt_len = sizeof xt; /* XXX should avoid extra copy */ bcopy(inp, &xt.xt_inp, sizeof *inp); If my analysis is correct the release of an additional or updated security advisory might be called for. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net From owner-freebsd-security@FreeBSD.ORG Fri May 6 20:22:47 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CDD016A4D4 for ; Fri, 6 May 2005 20:22:47 +0000 (GMT) Received: from gen129.n001.c02.escapebox.net (gen129.n001.c02.escapebox.net [213.73.91.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD06543D9B for ; Fri, 6 May 2005 20:22:46 +0000 (GMT) (envelope-from gemini@geminix.org) Message-ID: <427BD214.4070201@geminix.org> Date: Fri, 06 May 2005 22:22:44 +0200 From: Uwe Doering Organization: Private UNIX Site User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050501 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200505060303.j4633Nif089160@freefall.freebsd.org> <427B3F46.8050607@geminix.org> In-Reply-To: <427B3F46.8050607@geminix.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Received: from gemini by geminix.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50 (FreeBSD)) id 1DU9LR-0002Jh-OP; Fri, 06 May 2005 22:22:45 +0200 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:08.kmem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 20:22:47 -0000 Uwe Doering wrote: > FreeBSD Security Advisories wrote: > > [...] > However, isn't there a similar case in tcp_pcblist()? Only that this > time a "struct xtcpcb" variable is concerned. It isn't guaranteed to be > completely initialized, either. Especially since it has the same kind > of explicit alignment padding at the end as "struct xinpcb" which cannot > be expected to become initialized in the course of data assignment in > any case. > [...] Well, I'm afraid there is another one in unp_pcblist() (uipc_usrreq.c). Same story. After that I searched the whole kernel sources for '_pcblist', but it turned out that tcp_pcblist() and unp_pcblist() are the only places that had been overlooked. At least as far as functions named '*_pcblist' are concerned ... Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net From owner-freebsd-security@FreeBSD.ORG Sat May 7 05:08:55 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 293C416A4D8 for ; Sat, 7 May 2005 05:08:55 +0000 (GMT) Received: from titan.open-networks.net (dsl-202-173-176-254.qld.westnet.com.au [202.173.176.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66D5443D8C for ; Sat, 7 May 2005 05:08:54 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from [192.168.1.200] (unknown [192.168.1.1]) by titan.open-networks.net (Postfix) with ESMTP id 40205AAD for ; Sat, 7 May 2005 15:08:52 +1000 (EST) Message-ID: <427C4D63.9020106@open-networks.net> Date: Sat, 07 May 2005 15:08:51 +1000 From: Timothy Smith User-Agent: Mozilla Thunderbird 0.8 (X11/20041023) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <42686A29.7090900@hackunite.net> <441x93vvgf.fsf@be-well.ilk.org> In-Reply-To: <441x93vvgf.fsf@be-well.ilk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: kernel disclosures X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 05:08:55 -0000 a quick query http://www.securityfocus.com/bid/13527 http://www.securityfocus.com/bid/13526 are the security focus lists inaccurate? because i don't see a patch listed on the website or anything sent to this list? From owner-freebsd-security@FreeBSD.ORG Sat May 7 05:18:27 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D03116A4D8 for ; Sat, 7 May 2005 05:18:27 +0000 (GMT) Received: from outgoing.securityfocus.com (outgoing.securityfocus.com [205.206.231.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B47043D8F for ; Sat, 7 May 2005 05:18:27 +0000 (GMT) (envelope-from jmiller@securityfocus.com) Received: from outgoing.securityfocus.com by outgoing.securityfocus.com ESMTP; Fri, 6 May 2005 22:18:27 -0700 Received: from mail.securityfocus.com (mail.securityfocus.com [205.206.231.9]) by outgoing2.securityfocus.com (Postfix) with SMTP id D0B2314873A for ; Fri, 6 May 2005 23:02:20 -0600 (MDT) Received: (qmail 8908 invoked by uid 1075); 7 May 2005 04:53:14 -0000 Date: Fri, 6 May 2005 22:53:14 -0600 From: "Jason V. Miller" To: Timothy Smith Message-ID: <20050507045314.GA8786@securityfocus.com> References: <42686A29.7090900@hackunite.net> <441x93vvgf.fsf@be-well.ilk.org> <427C4D63.9020106@open-networks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Description: Message Content-Disposition: inline In-Reply-To: <427C4D63.9020106@open-networks.net> User-Agent: Mutt/1.4.2i cc: freebsd-security@freebsd.org Subject: Re: kernel disclosures X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 05:18:27 -0000 They hit this list; I think there were a total of three FreeBSD advisories yesterday. You can find the advisories on the SecurityFocus "credits" section of the vulnerability, if you didn't get them on freebsd-security. http://www.securityfocus.com/advisories/8533 http://www.securityfocus.com/advisories/8531 However, I received them just fine. J. On Sat, May 07, 2005 at 03:08:51PM +1000, Timothy Smith wrote: > a quick query > http://www.securityfocus.com/bid/13527 > http://www.securityfocus.com/bid/13526 > > are the security focus lists inaccurate? because i don't see a patch > listed on the website or anything sent to this list? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Jason V. Miller, Threat Analyst Symantec, Inc. - www.symantec.com E-Mail: jmiller@securityfocus.com From owner-freebsd-security@FreeBSD.ORG Sat May 7 08:31:24 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6320916A4D8 for ; Sat, 7 May 2005 08:31:24 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0284543D96 for ; Sat, 7 May 2005 08:31:24 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so525906rnf for ; Sat, 07 May 2005 01:31:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ATmxCFIZ2dna7CQgsR3y9yDdZJLNObssp8ZVVQvdXIpgJIdInxR0ipbyTdQW2BQNpOF4Bvm7+U7BSVX6oCPbKVBePWskZDnu8GZBRPuU4R8OJpQUP6jz0mFStJIfEeltTByuth7irKhAFmWQ0f1NgStyEqSYlHzyUHOlasicsXA= Received: by 10.38.88.50 with SMTP id l50mr493518rnb; Sat, 07 May 2005 01:31:23 -0700 (PDT) Received: by 10.38.101.1 with HTTP; Sat, 7 May 2005 01:31:23 -0700 (PDT) Message-ID: <245f0df10505070131731c5ad6@mail.gmail.com> Date: Sat, 7 May 2005 18:31:23 +1000 From: "anon:*:anon" To: freebsd-security@freebsd.org In-Reply-To: <427C4D63.9020106@open-networks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42686A29.7090900@hackunite.net> <441x93vvgf.fsf@be-well.ilk.org> <427C4D63.9020106@open-networks.net> Subject: Re: kernel disclosures X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "anon:*:anon" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 08:31:24 -0000 OK NOW i have mthis hopefully sorted , I was using an incorrect email, my apolgies, these are late patches already realy, they arrived via Secunia last night to my email :: Patches needed for 5.2.1 now :: VERIFY ADVISORY: http://secunia.com/advisories/15261/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15260/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15262/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch.asc I hope it can be of some help,Regards, Drew B. On 5/7/05, Timothy Smith wrote: > a quick query > http://www.securityfocus.com/bid/13527 > http://www.securityfocus.com/bid/13526 >=20 > are the security focus lists inaccurate? because i don't see a patch > listed on the website or anything sent to this list? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 --=20 ------------------------------------------ Signature Here ------------------------------------------ From owner-freebsd-security@FreeBSD.ORG Sat May 7 08:35:13 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2BA816A4D8 for ; Sat, 7 May 2005 08:35:13 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D1AE43D8A for ; Sat, 7 May 2005 08:35:13 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so526053rnf for ; Sat, 07 May 2005 01:35:13 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TE5baPKSnL7an+Gkema/G1Klxind9LO6AizjFNC8E/k7VpY5y4+uJAkmSp/sYvL4aCzzw5X/Z9AdvsjsMBnWQj721XcFBloI/gWsYAUmAdLf7taL2dj1QnK0IeuSdHHAfpS1ovHbarL4fbIfYLX/+cfQtp6pQXqSGT9sbQHSgyI= Received: by 10.38.104.27 with SMTP id b27mr498896rnc; Sat, 07 May 2005 01:35:13 -0700 (PDT) Received: by 10.38.101.1 with HTTP; Sat, 7 May 2005 01:35:13 -0700 (PDT) Message-ID: <245f0df105050701353c32eae1@mail.gmail.com> Date: Sat, 7 May 2005 18:35:13 +1000 From: "anon:*:anon" To: freebsd-security@freebsd.org In-Reply-To: <849814517@mail.wytheville.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <849814517@mail.wytheville.org> Subject: Re: kernel disclosures X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "anon:*:anon" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 08:35:13 -0000 Version 4.x users ,=20 ERIFY ADVISORY: http://secunia.com/advisories/15261/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15260/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15262/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4.patch.asc On 5/7/05, Ron Jude wrote: > Hello, > I'll will be out of the office until May 16, 2005, if need assistants > Please contact Steve Henley at steve@wytheville.org > = Thank You. > = Ronald Jude >=20 --=20 ------------------------------------------ Signature Here ------------------------------------------ From owner-freebsd-security@FreeBSD.ORG Sat May 7 05:49:40 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5085616A4D8 for ; Sat, 7 May 2005 05:49:40 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9EEB43D5F for ; Sat, 7 May 2005 05:49:39 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so518493rnf for ; Fri, 06 May 2005 22:49:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KBgSQUz25IYSQW3JDk51XtLVeHgROLcC9+3rLm6joy/XJMuDfO7o5/ua8Bx+bub3asgtBsbdDZxrBHyHcMKpVb16zeZj3zLE8ksZkGCqxFoNeoqNAxX63kGmWOUTE6mLpf26wnEFAwLcY1JeOlXHyIizcjTWQ/qy66GbFhujwHw= Received: by 10.38.65.13 with SMTP id n13mr105816rna; Fri, 06 May 2005 22:49:39 -0700 (PDT) Received: by 10.38.101.1 with HTTP; Fri, 6 May 2005 22:49:39 -0700 (PDT) Message-ID: <245f0df1050506224955047884@mail.gmail.com> Date: Sat, 7 May 2005 15:49:39 +1000 From: "anon:*:anon" To: freebsd-security@freebsd.org In-Reply-To: <427C4D63.9020106@open-networks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42686A29.7090900@hackunite.net> <441x93vvgf.fsf@be-well.ilk.org> <427C4D63.9020106@open-networks.net> X-Mailman-Approved-At: Sat, 07 May 2005 12:43:52 +0000 cc: timothy@open-networks.net Subject: Re: kernel disclosures X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "anon:*:anon" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2005 05:49:40 -0000 yes i have seen them on Secunia howver, here : ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5.patch.asc That is the set i was sent, via a mailing list,Regards, Drew. On 5/7/05, Timothy Smith wrote: > a quick query > http://www.securityfocus.com/bid/13527 > http://www.securityfocus.com/bid/13526 >=20 > are the security focus lists inaccurate? because i don't see a patch > listed on the website or anything sent to this list? > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 --=20 ------------------------------------------ Signature Here ------------------------------------------