From owner-freebsd-security@FreeBSD.ORG Sun Feb 15 14:56:01 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id DD48C106566B for ; Sun, 15 Feb 2009 14:56:01 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from xps.daemonology.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with SMTP id 383E614DBD7 for ; Sun, 15 Feb 2009 14:56:01 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: (qmail 51821 invoked from network); 15 Feb 2009 14:54:41 -0000 Received: from unknown (HELO xps.daemonology.net) (127.0.0.1) by localhost with SMTP; 15 Feb 2009 14:54:41 -0000 Message-ID: <49982CB1.5040502@freebsd.org> Date: Sun, 15 Feb 2009 06:54:41 -0800 From: FreeBSD Security Officer Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.17 (X11/20081002) MIME-Version: 1.0 To: freebsd security X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: HEADS UP: telnetd exploit in the wild, advisory coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2009 14:56:02 -0000 Hi all, A semi-remote root exploit for telnetd was posted to the full-disclosure list yesterday: http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html Because the FreeBSD security team didn't get any advance notice of this, we're still investigating and don't have an official advisory or patches ready yet; we're working on it. Some basic information from our investigation so far, subject to change as we investigate further: * this affects telnetd in FreeBSD 7.0-RELEASE, 7.1-RELEASE, 7-STABLE, and 8-CURRENT. * telnetd is disabled by default; if it is enabled, this is normally done via inetd(8). * dragonflybsd is vulnerable to this exploit, but for a completely different reason. Don't try to use their patch -- it won't work. * in order to exploit this, an attacker needs to put a file somewhere on the vulnerable system with a known path. For an attacker who already has non-root access, this is obviously trivial; for an attacker without an account it may be possible to do this by sending an email to a user on the system, exploiting a CGI script, uploading a file via anonymous FTP, etc. I strongly recommend disabling telnetd on all FreeBSD 7.x and 8.x systems. Check that telnetd isn't running (`ps ax | grep telnetd | grep -v grep` should return nothing) and that it isn't enabled in inetd.conf (`grep telnetd /etc/inetd.conf | grep -v ^#` should return nothing). If you absolutely must run telnetd, use a firewall to restrict access to people whom you trust with root access. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid From owner-freebsd-security@FreeBSD.ORG Mon Feb 16 22:02:33 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9854B106564A; Mon, 16 Feb 2009 22:02:33 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 82B318FC18; Mon, 16 Feb 2009 22:02:33 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1GM2XvG003827; Mon, 16 Feb 2009 22:02:33 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1GM2X4L003825; Mon, 16 Feb 2009 22:02:33 GMT (envelope-from security-advisories@freebsd.org) Date: Mon, 16 Feb 2009 22:02:33 GMT Message-Id: <200902162202.n1GM2X4L003825@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 22:02:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:05.telnetd Security Advisory The FreeBSD Project Topic: telnetd code execution vulnerability Category: core Module: contrib Announced: 2009-02-16 Affects: FreeBSD 7.x Corrected: 2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE) 2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p3) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The FreeBSD telnet daemon, telnetd(8), implements the server side of the TELNET virtual terminal protocol. It has been disabled by default in FreeBSD since August 2001, and due to the lack of cryptographic security in the TELNET protocol, it is strongly recommended that the SSH protocol be used instead. The FreeBSD telnet daemon can be enabled via the /etc/inetd.conf configuration file and the inetd(8) daemon. The TELNET protocol allows a connecting client to specify environment variables which should be set in any created login session; this is used, for example, to specify terminal settings. II. Problem Description In order to prevent environment variable based attacks, telnetd(8) "scrubs" its environment; however, recent changes in FreeBSD's environment-handling code rendered telnetd's scrubbing inoperative, thereby allowing potentially harmful environment variables to be set. III. Impact An attacker who can place a specially-constructed file onto a target system (either by legitimately logging into the system or by exploiting some other service on the system) can execute arbitrary code with the privileges of the user running the telnet daemon (usually root). IV. Workaround No workaround is available, but systems which are not running the telnet daemon are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 or RELENG_7_0 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.0 and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch # fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libtelnet # make obj && make depend && make # cd /usr/src/libexec/telnetd # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/contrib/telnet/telnetd/sys_term.c 1.18.22.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.6 src/sys/conf/newvers.sh 1.72.2.9.2.7 src/contrib/telnet/telnetd/sys_term.c 1.18.30.2 RELENG_7_0 src/UPDATING 1.507.2.3.2.14 src/sys/conf/newvers.sh 1.72.2.5.2.14 src/contrib/telnet/telnetd/sys_term.c 1.18.26.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r188699 releng/7.1/ r188699 releng/7.0/ r188699 - ------------------------------------------------------------------------- VII. References http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-09:05.telnetd.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkmZ4dwACgkQFdaIBMps37JI2gCfZsCqw/ev/qVKELwNiFxj8zra aooAn0GU4wBW7jBulFhrSyXtKVlgs18B =joA6 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Feb 17 10:20:36 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A12EE1065676 for ; Tue, 17 Feb 2009 10:20:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 486CB8FC12 for ; Tue, 17 Feb 2009 10:20:36 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2DAF8.dip.t-dialin.net [217.226.218.248]) by redbull.bpaserver.net (Postfix) with ESMTP id 9ECB52E0CA; Tue, 17 Feb 2009 11:20:29 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 5886879D35; Tue, 17 Feb 2009 11:20:24 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1234866024; bh=l8rQawuIu0Aevdn96DrSJiZgW5AJ7tDXX Bxs1yjy6I8=; h=Message-ID:Date:From:To:Cc:Subject:References: In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=3we6zDo4Ozts9AaIgKef4HTJK2MYRljRnyQly0a8320aGFoUSD7GUZi0xxlKPQN9p soiCkwkOFvwVEu2GRgivpuqn2YWx7+rkM4PVwU74rTXeS8Xb/QkA6hVCSQlbEo5t/GT UZMmNJcKAy5s/1LhZTkIhGZmVo8kmSZyDQIB9sOKkA3y9HgEsKqTy9glkKZPBWj6Rmi r05u00Q7NsFLPr7ICZZ85Tu8EvHB0gEfVZkIhyALS1pHxlMLcFGeQC5t7rhsbj/6oBn KwSU11d/sqlbAS+p2bXF0hcSXQ0mQ3Izma2f1Ws77z/HXuTJ+ofSnv9zZTExw8L1H8Q VC5tPlKOw== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n1HAKMMl008442; Tue, 17 Feb 2009 11:20:22 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from Luna.Leidinger.net (Luna.Leidinger.net [192.168.2.100]) by webmail.leidinger.net (Horde Framework) with HTTP; Tue, 17 Feb 2009 11:20:21 +0100 Message-ID: <20090217112021.140370oxweabeacc@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Tue, 17 Feb 2009 11:20:21 +0100 From: Alexander Leidinger To: Benjamin Lutz References: <200902090957.27318.mail@maxlor.com> <200902111821.53437.mail@maxlor.com> <20090212104119.45583e6fcp63gcmc@webmail.leidinger.net> <200902121113.58828.mail@maxlor.com> In-Reply-To: <200902121113.58828.mail@maxlor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.3) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: 9ECB52E0CA.373F2 X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-13.927, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, MIME_QP_LONG_LINE 1.40, RDNS_DYNAMIC 0.10, SMILEY -0.50, TW_PW 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No X-Mailman-Approved-At: Tue, 17 Feb 2009 12:28:22 +0000 Cc: freebsd-security@freebsd.org Subject: Re: OPIE considered insecure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 10:20:38 -0000 Quoting Benjamin Lutz (from Thu, 12 Feb 2009 =20 11:13:58 +0100): > Hi Alexander, Sorry for the delay, an illness is making its rounds here and I got hit too.= .. > On Thursday 12 February 2009 10:41:19 Alexander Leidinger wrote: >> - Implement something which is similar o freeauth.org, just better >> implemented and without the "not so good" stuff / design decissions. >> >> Short: they need something you know (PIN) + something you have (e.g. >> token, or mobile phone with java with some fixed key). You then enter >> your arbitrary long PIN into the phone, and it will give you a time >> limited key to login (so the time needs to be in sync to some extend). >> On the machine you login you need the cleartext version of your PIN, >> the fixed key, and ideally it saves the the PW you just used to login >> to prevent a relogin with the same PW. If you've seen the remote login >> tokens from RSA or similar, then you should get the idea what this is >> about. > > I've stumbled accross freeauth.org while researching the subject. The reas= on > I didn't consider it is because so far I've been just printing out my otps= , > and that's no longer possible with freeauth.org. And there are situations > where I can't run a Java program on my phone, for example when I'm using > the phone as a bluetooth modem. Nothing prevents you to write a program in C, perl, or whatever. This =20 way you can generate the PW on the system where you use the blutooth =20 modem (in case it is trusted). > I'm not saying that time-based pws wouldn't be nice to have, it just goes = in > a different direction than OPIE, so it's not what I'm looking for at the > moment. Also, the thought of having to write programs in J2ME again > horrifies me :) > >> I wrote down a while ago the algorithm somewhere (based upon my own >> thoughts how to do it, this was before I've seen freeauth, so it's >> independent), and also thought about the bells and whistles (some >> security pitfalls you need to think about). If you are interested in >> implementing this (ideally with a BSD license for inclusion into the >> base system) > > While I most probably won't implement freeauth.org, I'd still like to see > your notes; the security pitfalls you considered are likely there for othe= r > algorithms too. The notes are in the direction of notifying the user if the PIN can =20 hit non-volatile storage, or that the storage area of the PIN needs to =20 0ed in-place after use to prevent it to appear in (provoked) crash =20 dumps or just plain reading from memory. There are also notes about =20 the valid character set (there should be no NUL byte or newline, but =20 apart from that there should be not much restrictions (depends upon =20 the device you use to enter the PIN)), that the device which prints =20 out the PW should also have an indication for the lifetime of the PW, =20 that the server should save the valid PWs of the current valid =20 timeframe to prevent multiple logins with the same PW (also serves as =20 an indicator that someone spied out the PW in case you enter the PW =20 correctly and the timeframe is OK too). The algorithm itself is not 100% finished yet. The generic part is =20 done, but I haven't finished the details (important here is the format =20 of the date which is passed to the hash function, which hash funtion =20 to use, how long the PW can be (truncation of the hash and the =20 corresponding security implications... also in the light of user =20 convenience)). If someone really wants to put some amount of time/work =20 into this, I can put it up on the FreeBSD wiki and hand out =20 contributor access to it, but just to satisfy the curiosity of people, =20 I'm not interested to invest the necessary time to polish it and put =20 it up on the wiki. Bye, Alexander. --=20 A sect or party is an elegant incognito devised to save a man from the vexation of thinking. =09=09-- Ralph Waldo Emerson, Journals, 1831 http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-security@FreeBSD.ORG Tue Feb 17 19:08:33 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0ADB8106568E; Tue, 17 Feb 2009 19:08:33 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from eu1sys200aog114.obsmtp.com (eu1sys200aog114.obsmtp.com [207.126.144.137]) by mx1.freebsd.org (Postfix) with SMTP id C04088FC30; Tue, 17 Feb 2009 19:08:31 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from source ([63.174.175.251]) by eu1sys200aob114.postini.com ([207.126.147.11]) with SMTP ID DSNKSZsLLs3TyobePvdDRroxwZwQKeuBf0DX@postini.com; Tue, 17 Feb 2009 19:08:32 UTC Received: from [0.0.0.0] (redeye.usdmm.com [172.17.0.14]) by bbbx3.usdmm.com (Postfix) with ESMTP id 15B22FD04A; Tue, 17 Feb 2009 18:52:11 +0000 (UTC) Message-ID: <499B06ED.6030900@tomjudge.com> Date: Tue, 17 Feb 2009 12:50:21 -0600 From: Tom Judge User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200902162202.n1GM2XUX003834@freefall.freebsd.org> In-Reply-To: <200902162202.n1GM2XUX003834@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 19:08:34 -0000 Hi, It seems that you got the patch levels wrong in this announcement, should it not be: 2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE) 2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p3) 2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p10) Rather than: 2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE) 2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p3) Regards Tom Judge FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-09:05.telnetd Security Advisory > The FreeBSD Project > > Topic: telnetd code execution vulnerability > > Category: core > Module: contrib > Announced: 2009-02-16 > Affects: FreeBSD 7.x > Corrected: 2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE) > 2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p10) > 2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p3) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > The FreeBSD telnet daemon, telnetd(8), implements the server side of the > TELNET virtual terminal protocol. It has been disabled by default in > FreeBSD since August 2001, and due to the lack of cryptographic security > in the TELNET protocol, it is strongly recommended that the SSH protocol > be used instead. The FreeBSD telnet daemon can be enabled via the > /etc/inetd.conf configuration file and the inetd(8) daemon. > > The TELNET protocol allows a connecting client to specify environment > variables which should be set in any created login session; this is used, > for example, to specify terminal settings. > > II. Problem Description > > In order to prevent environment variable based attacks, telnetd(8) "scrubs" > its environment; however, recent changes in FreeBSD's environment-handling > code rendered telnetd's scrubbing inoperative, thereby allowing potentially > harmful environment variables to be set. > > III. Impact > > An attacker who can place a specially-constructed file onto a target system > (either by legitimately logging into the system or by exploiting some other > service on the system) can execute arbitrary code with the privileges of > the user running the telnet daemon (usually root). > > IV. Workaround > > No workaround is available, but systems which are not running the telnet > daemon are not vulnerable. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 or > RELENG_7_0 security branch dated after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 7.0 and 7.1 > systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch > # fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libtelnet > # make obj && make depend && make > # cd /usr/src/libexec/telnetd > # make obj && make depend && make && make install > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_7 > src/contrib/telnet/telnetd/sys_term.c 1.18.22.1 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.6 > src/sys/conf/newvers.sh 1.72.2.9.2.7 > src/contrib/telnet/telnetd/sys_term.c 1.18.30.2 > RELENG_7_0 > src/UPDATING 1.507.2.3.2.14 > src/sys/conf/newvers.sh 1.72.2.5.2.14 > src/contrib/telnet/telnetd/sys_term.c 1.18.26.1 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/7/ r188699 > releng/7.1/ r188699 > releng/7.0/ r188699 > - ------------------------------------------------------------------------- > > VII. References > > http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-09:05.telnetd.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (FreeBSD) > > iEYEARECAAYFAkmZ4dwACgkQFdaIBMps37JI2gCfZsCqw/ev/qVKELwNiFxj8zra > aooAn0GU4wBW7jBulFhrSyXtKVlgs18B > =joA6 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Tue Feb 17 19:34:02 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B76F1065670; Tue, 17 Feb 2009 19:34:02 +0000 (UTC) (envelope-from axel.scheepers@nl.clara.net) Received: from smtp-vbr9.xs4all.nl (smtp-vbr9.xs4all.nl [194.109.24.29]) by mx1.freebsd.org (Postfix) with ESMTP id BD1218FC1B; Tue, 17 Feb 2009 19:34:01 +0000 (UTC) (envelope-from axel.scheepers@nl.clara.net) Received: from [10.0.0.10] (void-ptr.xs4all.nl [80.101.221.70]) by smtp-vbr9.xs4all.nl (8.13.8/8.13.8) with ESMTP id n1HJNFVH067827; Tue, 17 Feb 2009 20:23:15 +0100 (CET) (envelope-from axel.scheepers@nl.clara.net) From: Axel Scheepers To: Tom Judge In-Reply-To: <499B06ED.6030900@tomjudge.com> References: <200902162202.n1GM2XUX003834@freefall.freebsd.org> <499B06ED.6030900@tomjudge.com> Content-Type: text/plain Organization: Claranet Benelux B.V. Date: Tue, 17 Feb 2009 20:23:14 +0100 Message-Id: <1234898594.7722.32.camel@ceridwen.thuis.net> Mime-Version: 1.0 X-Mailer: Evolution 2.24.3 (2.24.3-1.fc10) Content-Transfer-Encoding: 7bit X-Virus-Scanned: by XS4ALL Virus Scanner X-Mailman-Approved-At: Tue, 17 Feb 2009 19:50:53 +0000 Cc: FreeBSD Security Advisories , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:05.telnetd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: axel.scheepers@nl.clara.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 19:34:02 -0000 On Tue, 2009-02-17 at 12:50 -0600, Tom Judge wrote: > Hi, > > It seems that you got the patch levels wrong in this announcement, should it not be: Yep, I was wondering (and checked out to verify/build) also. Kind regards, Axel Scheepers