From owner-freebsd-security Mon Jan 1 11:31:10 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA04040 for security-outgoing; Mon, 1 Jan 1996 11:31:10 -0800 (PST) Received: from flinch.io.org (flinch.io.org [198.133.36.153]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id LAA04021 Mon, 1 Jan 1996 11:31:04 -0800 (PST) Received: (from taob@localhost) by flinch.io.org (8.6.12/8.6.12) id OAA05094; Mon, 1 Jan 1996 14:28:18 -0500 Date: Mon, 1 Jan 1996 14:28:18 -0500 (EST) From: Brian Tao X-Sender: taob@flinch To: Dmitry Valdov cc: freebsd-bugs@freebsd.org, FREEBSD-SECURITY-L Subject: Re: secure finger is not enought secure In-Reply-To: <199510141928.WAA22224@xkis.nnov.su> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Sat, 14 Oct 1995, Dmitry Valdov wrote: > > ok. Try to telnet finger_port_number > after connect, type '-l' (without quotes). And u'll see finger information > of all users currently logged in. Just to bring this one up again... this behavior is still here with 2.1.0-RELEASE: zap% telnet zip finger Trying 198.133.36.80... Connected to zip.io.org. Escape character is '^]'. -l Login: bo Name: John Ericson Directory: /u/bo/bo Shell: /bin/tcsh On since Mon Jan 1 14:08 (EST) on ttypk (messages off) from wink No Mail. No Plan. [etc]. Both zip and zap are 2.1.0-RELEASE systems: FreeBSD zip.io.org 2.1.0-RELEASE FreeBSD 2.1.0-RELEASE #0: Sat Dec 30 14:19:27 EST 1995 taob@flinch.io.org:/src/2.1.0-RELEASE/sys/compile/ZIP i386 -- Brian Tao (BT300, taob@io.org) Systems Administrator, Internex Online Inc. "Though this be madness, yet there is method in't" From owner-freebsd-security Mon Jan 1 23:21:51 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA04543 for security-outgoing; Mon, 1 Jan 1996 23:21:51 -0800 (PST) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA04515 Mon, 1 Jan 1996 23:21:40 -0800 (PST) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id IAA16547; Tue, 2 Jan 1996 08:21:37 +0100 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id IAA28914; Tue, 2 Jan 1996 08:21:35 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.7.3/8.6.9) id IAA14757; Tue, 2 Jan 1996 08:10:16 +0100 (MET) From: J Wunsch Message-Id: <199601020710.IAA14757@uriah.heep.sax.de> Subject: Re: secure finger is not enought secure To: taob@io.org (Brian Tao) Date: Tue, 2 Jan 1996 08:10:16 +0100 (MET) Cc: dv@xkis.nnov.su, freebsd-bugs@FreeBSD.org, freebsd-security@FreeBSD.org Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: from "Brian Tao" at Jan 1, 96 02:28:18 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-security@FreeBSD.org Precedence: bulk As Brian Tao wrote: > > Just to bring this one up again... this behavior is still here > with 2.1.0-RELEASE: The patch is sitting in my queue. It was too late for 2.1 anyway. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) From owner-freebsd-security Thu Jan 4 17:45:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id RAA12130 for security-outgoing; Thu, 4 Jan 1996 17:45:42 -0800 (PST) Received: from Aspen.Woc.Atinc.COM (aspen.woc.atinc.com [198.138.38.205]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA12095 Thu, 4 Jan 1996 17:45:33 -0800 (PST) Received: (from jmb@localhost) by Aspen.Woc.Atinc.COM (8.6.12/8.6.9) id UAA09411; Thu, 4 Jan 1996 20:45:20 -0500 Date: Thu, 4 Jan 1996 20:45:19 -0500 (EST) From: "Jonathan M. Bresler" X-Sender: jmb@Aspen.Woc.Atinc.COM To: security@FreeBSD.ORG cc: questions@FreeBSD.ORG Subject: PASV, FreeBSD does! sunos fails. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG Precedence: bulk my new employer is a large sun shop. sparcs and ncd's everywhere. we also have a firewall to pass through. NONE of the suns have an ftp client that supports PASV. FreeBSD 2.1R does. ;) tomorrow i will be recompiling FreeBSD 2.1R ftp code on sunos 4.1.3 and porting it to sunos 5.4 score two points, gentlemen. i believe that a one line message will appear everytime the 'new' ftp is run. "This application ported from FreeBSD 2.1" jmb ps what is PASV?? ftp uses two tcp connections, one for commands and one for data transfers (files and ls output for instance). the ftp client (some high port) connects to the server (port 21) to create the command connection. the server (port 20) connects to the client (high port) to return the data. some firewalls filter out incoming tcp connections (ip flags has SYN set, ACK not set). so ftp does not work. enter PASV. the client creates both the command and the data connections to the server. all packets from the server have both SYN and ACK set. Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG play go. ride bike. hack FreeBSD.--ah the good life i am moving to a new job. PLEASE USE: jmb@FreeBSD.ORG