From owner-freebsd-security Sun Nov 19 12:13:37 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ipass.one.net (news2.one.net [206.112.192.118])
by hub.freebsd.org (Postfix) with ESMTP id 61B1C37B479
for ; Sun, 19 Nov 2000 12:13:26 -0800 (PST)
Received: from bigfoot.com (cvg-27-180-111.cinci.rr.com [24.27.180.111])
by ipass.one.net (8.8.7/8.8.7) with ESMTP id PAA06421
for ; Sun, 19 Nov 2000 15:17:07 -0500
Message-ID: <3A1833F4.A2A25FBC@bigfoot.com>
Date: Sun, 19 Nov 2000 15:11:32 -0500
From: Sam Carleton
X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "security@FreeBSD.ORG"
Subject: Re: help setting up a filewall
References: <3A16C44B.4DEC2492@bigfoot.com> <20001118155447.K9740@149.211.6.64.reflexcom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
"Crist J . Clark" wrote:
> > * In the article, it looks like the author is allowing things like HTTP
> > and SSH to come into the firewall machine. I want those things to be
> > passed onto another internal machine.
>
> The rules may or may not change depending on where they are relative
> to the divert(4) rule. Also, see 'redirect_address' and
> 'redirect_port' in natd(8). You did not post your natd.conf, so I
> can't tell if you are already using those.
Sorry about that, this time I will including EVERYTHING :)
> > Attached you will find my modifications to the rc.firewall script and
> > relavent snips of rc.conf. If you have any thoughts on what I am doing
> > wrong, please drop me an email. Thanks!
>
> A few nitpicks about your ruleset, but nothing absolutely leaped out
> at me as a problem that would totally break everything. Since you did
> not tell us exactly what kind of problem you are having, it's hard to
> know what to look for.
Well, the problem I am currently having is with DNS. The test enviornment that I have setup is such that
there is no DNS server behind the FreeBSD firewall. The machine inside the firewall is not able to get a
DNS request out. To make things more interesting, while booting the FreeBSD firewall, the rc.firewall
script ALWAYS hangs on the two DNS lines.
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${iif} to any 53 keep-state
${fwcmd} add pass tcp from ${iif} to any 53 keep-state
The setup I am looking for is one where anyone on the inside can get to any DNS server on the outside. I
am going to have one caching DNS server on the inside, but if that is down, the clients will be configured
to goto a DNS server outside the firewall. What rules would you setup for this configuration?
This is what I have currently:
-----------rc.conf-----------
gateway_enable="YES"
hostname="orchid.miltonstreet.com"
ifconfig_ep0="DHCP"
ifconfig_xl0="inet 192.168.100.6 netmask 255.255.255.0"
inetd_enable="Yes"
moused_enable="YES"
nisdomainname="NO"
router_enable="No"
saver="fire"
sendmail_enable="NO"
sshd_enable="NO"
usbd_enable="YES"
firewall_enable="Yes"
firewall_type="Simple"
firewall_script="/etc/rc.firewall"
firewall_quite="No"
natd_program="/sbin/natd"
natd_enable="Yes"
natd_interface="ep0"
natd_flags="-f /etc/natd.conf"
-----------natd.conf-----------
dynamic yes
use_sockets yes
same_ports yes
-----------rc.firewall-----------
############
# Setup system for firewall service.
# $FreeBSD: src/etc/rc.firewall,v 1.30.2.4 2000/05/28 19:17:15 asmodai Exp $
# Suck in the configuration variables.
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
# simple - will try to protect a whole network
# closed - totally disables IP services except via lo0 interface
# UNKNOWN - disables the loading of firewall rules.
# filename - will load the rules in the given filename (full path required)
#
# For ``simple'' the entries below should be customized
# appropriately.
############
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
# Building Internet Firewalls
# Brent Chapman and Elizabeth Zwicky
#
# O'Reilly & Associates, Inc
# ISBN 1-56592-124-0
# http://www.ora.com/
#
# For a more advanced treatment of Internet Security read:
#
# Firewalls & Internet Security
# Repelling the wily hacker
# William R. Cheswick, Steven M. Bellowin
#
# Addison-Wesley
# ISBN 0-201-6337-4
# http://www.awl.com/
#
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
############
# Set quiet mode if requested
#
case ${firewall_quiet} in
[Yy][Ee][Ss])
fwcmd="/sbin/ipfw -q"
;;
*)
fwcmd="/sbin/ipfw"
;;
esac
############
# Flush out the list before we begin.
#
${fwcmd} -f flush
############
# These rules are required for using natd. All packets are passed to
# natd before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd,
# minus any divert rules (see natd(8)).
#
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
fi
;;
esac
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open. You can also
# do this as your only action by setting the firewall_type to ``open''.
#
# ${fwcmd} add 65000 pass all from any to any
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
# If you're using 'options BRIDGE', uncomment the following line to pass ARP
#${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0
# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
${fwcmd} add 65000 pass all from any to any
;;
[Ss][Ii][Mm][Pp][Ll][Ee])
############
# This is a prototype setup for a simple firewall. Configure this
# machine as a named server and ntp server, and point all the machines
# on the inside at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ep0"
# onet="192.0.2.0"
# omask="255.255.255.240"
# oip="192.0.2.1"
# set these to your inside interface network and netmask and ip
iif="xl1"
inet="192.168.100.0"
imask="255.255.255.0"
iip="192.168.100.6"
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
# ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# allow DHCP stuff
${fwcmd} add pass udp from any 67 to any 68 in via ${oif}
${fwcmd} add pass udp from any 68 to any 67 out via ${oif}
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny log all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny log all from any to 10.0.0.0/8 out via ${oif}
${fwcmd} add deny log all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny log all from any to 172.16.0.0/12 out via ${oif}
# ${fwcmd} add deny log all from 192.168.0.0/16 to any via ${oif}
# ${fwcmd} add deny log all from any to 192.168.0.0/16 out via ${oif}
# Stop draft-manning-dsua-01.txt nets on the outside interface
${fwcmd} add deny log all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny log all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny log all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny log all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny log all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny log all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny log all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny log all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny log all from 240.0.0.0/4 to any via ${oif}
${fwcmd} add deny log all from any to 240.0.0.0/4 via ${oif}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# HTTP - Allow access to our web server
${fwcmd} add pass tcp from any to any 80 setup
# SMTP - Allow access to sendmail for incoming e-mail
${fwcmd} add pass tcp from any to any 25 setup
# FTP - Allow incoming data channel for outgoing connections,
# Reject&Log all incoming control connections
${fwcmd} add pass tcp from any 20 to any 1024-65535 setup
${fwcmd} add deny log tcp from any to any 21 in via ${oif} setup
# SSH Login - Allow & Log all incoming
${fwcmd} add pass log tcp from any to any 22 in via ${oif} setup
# IDENT - Reset incoming connections
${fwcmd} add reset tcp from any to any 113 in via ${oif} setup
# Reject&Log all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any in via ${oif} setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${iif} to any 53 keep-state
${fwcmd} add pass tcp from ${iif} to any 53 keep-state
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
# Allow NTP queries out in the world
${fwcmd} add pass udp from any 123 to any 123 via ${oif}
${fwcmd} add pass udp from any 123 to any via ${iif}
${fwcmd} add pass udp from any to any 123 via ${iif}
# TRACEROUTE - Allow outgoing, but not incoming
${fwcmd} add pass udp from any to any 33434-33523 out via ${oif}
### ICMP RULES
# ICMP packets
# Allow all ICMP packets on internal interface
${fwcmd} add pass icmp from any to any via ${iif}
# Allow outgoing pings, but not incoming
${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}
# Allow Destination Unreachable, Source Quench, Time Exceeded, and Bad Head
${fwcmd} add pass icmp from any to any icmptypes 3,4,11,12 via ${oif}
# Deny the rest of them
${fwcmd} add deny icmp from any to any
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sun Nov 19 14:50:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
by hub.freebsd.org (Postfix) with ESMTP id 2FBE937B479
for ; Sun, 19 Nov 2000 14:50:46 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19);
Sun, 19 Nov 2000 14:46:53 -0800
Received: (from cjc@localhost)
by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAJMmI422933;
Sun, 19 Nov 2000 14:48:18 -0800 (PST)
(envelope-from cjc)
Date: Sun, 19 Nov 2000 14:48:17 -0800
From: "Crist J . Clark"
To: Sam Carleton
Cc: "security@FreeBSD.ORG"
Subject: Re: help setting up a filewall
Message-ID: <20001119144817.A12190@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <3A16C44B.4DEC2492@bigfoot.com> <20001118155447.K9740@149.211.6.64.reflexcom.com> <3A1833F4.A2A25FBC@bigfoot.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <3A1833F4.A2A25FBC@bigfoot.com>; from scarleton@bigfoot.com on Sun, Nov 19, 2000 at 03:11:32PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Sun, Nov 19, 2000 at 03:11:32PM -0500, Sam Carleton wrote:
> "Crist J . Clark" wrote:
[snip]
> > > Attached you will find my modifications to the rc.firewall script and
> > > relavent snips of rc.conf. If you have any thoughts on what I am doing
> > > wrong, please drop me an email. Thanks!
> >
> > A few nitpicks about your ruleset, but nothing absolutely leaped out
> > at me as a problem that would totally break everything. Since you did
> > not tell us exactly what kind of problem you are having, it's hard to
> > know what to look for.
>
> Well, the problem I am currently having is with DNS. The test enviornment that I have setup is such that
> there is no DNS server behind the FreeBSD firewall. The machine inside the firewall is not able to get a
> DNS request out. To make things more interesting, while booting the FreeBSD firewall, the rc.firewall
> script ALWAYS hangs on the two DNS lines.
>
> # Allow DNS queries out in the world
> ${fwcmd} add pass udp from ${iif} to any 53 keep-state
> ${fwcmd} add pass tcp from ${iif} to any 53 keep-state
You are using interface names where you should be using a hostname or
IP address. It is probably hanging trying to do the DNS lookup on the
hostname 'xl1.' You want,
${fwcmd} add pass udp from ${inet}:${imask} to any 53 keep-state
${fwcmd} add pass tcp from ${inet}:${imask} to any 53 keep-state
But this is not going to work unless you add a check-state rule. How
about checking right where we do the stateless pass of "established"
connections.
[snip]
> [Ss][Ii][Mm][Pp][Ll][Ee])
[snip]
# Allow established, dynamic connections
${fwcmd} add check-state
> # Allow TCP through if setup succeeded
> ${fwcmd} add pass tcp from any to any established
>
> # Allow IP fragments to pass through
> ${fwcmd} add pass all from any to any frag
[snip]
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sun Nov 19 19:52: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 0020937B479; Sun, 19 Nov 2000 19:51:46 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: New security policy for FreeBSD 3.x
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120035146.0020937B479@hub.freebsd.org>
Date: Sun, 19 Nov 2000 19:51:46 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
The FreeBSD Security Officer would like to announce a change in policy
regarding security support for the FreeBSD 3.x branch.
Due to the frequent difficulties encountered in fixing the old code
contained in FreeBSD 3.x, we will no longer be requiring security
problems to be fixed in that branch prior to the release of an
advisory that also pertains to FreeBSD 4.x. In recent months this
requirement has led to delays in the release of advisories, which
negatively impacts users of the current FreeBSD release branch
(FreeBSD 4.x).
Security fixes which are committed to FreeBSD 3.5.1-STABLE prior to
the advisory release will be included in the advisory, but the
advisory release will not be delayed awaiting a fix in the 3.x branch
when a fix is already in place in FreeBSD 4.x. Serious
vulnerabilities will result in a reissue of the advisory once the
problem is corrected in 3.5.1-STABLE. For less serious
vulnerabilities a notification will be sent to the
freebsd-security@FreeBSD.org mailing list only, to reduce overall
subscriber traffic on the freebsd-security-notifications and
freebsd-announce mailing lists.
We will continue endeavouring to ensure that applicable security fixes
are merged back to the 3.x branch by FreeBSD developers, and to work
with them to develop or merge the appropriate fix prior to the
advisory release, however as the 3.x branch is approaching end of life
we anticipate that there may be an increasing time lag between the
time of fix of a vulnerability in 4.x and when it is backported to
3.x. Given this reality, users are encouraged to consider plans to
migrate security-critical systems to the 4.x branch over the coming
months.
FreeBSD committers who are interested in providing security support
for older branches of FreeBSD should contact the Security Officer and
they will be kept informed of fixes which require merging to the older
branches.
Comments on this policy are welcomed - please reply to
security-officer@FreeBSD.org.
Regards,
Kris Kennaway
FreeBSD Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhifmlUuHi5z0oilAQHnBQP9ETb9xz1UGvU3JxbuvnKXlw6yFFQN15tN
7uwWdmA07FdoiLslK2O9zuR43pHv0HIprbdZVkXBSe4nOfBBaEgarcD/1kW+NVCr
AjOuQQGUl/OjsdyzY524gWylSOg1aI7Lkf+RsUQWOS7Epe1kNCTJzC72SMtk70DH
LMnQGgcDMpo=
=I6rL
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 5:18: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mout1.freenet.de (mout1.freenet.de [194.97.50.132])
by hub.freebsd.org (Postfix) with ESMTP
id 927B237B479; Mon, 20 Nov 2000 05:17:56 -0800 (PST)
Received: from [194.97.50.135] (helo=mx2.freenet.de)
by mout1.freenet.de with esmtp (Exim 3.16 #20)
id 13xqpW-0008CH-00; Mon, 20 Nov 2000 14:17:54 +0100
Received: from b1ada.pppool.de ([213.7.26.218] helo=Magelan.Leidinger.net)
by mx2.freenet.de with esmtp (Exim 3.16 #26)
id 13xqpW-0002zn-00; Mon, 20 Nov 2000 14:17:54 +0100
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
by Magelan.Leidinger.net (8.11.1/8.11.1) with ESMTP id eAKCe5m03807;
Mon, 20 Nov 2000 13:40:07 +0100 (CET)
(envelope-from netchild@Leidinger.net)
Message-Id: <200011201240.eAKCe5m03807@Magelan.Leidinger.net>
Date: Mon, 20 Nov 2000 13:40:03 +0100 (CET)
From: Alexander Leidinger
Subject: Re: Base system gcc patch (Re: FYI: Propolice for gcc-2.95.2)
To: kris@FreeBSD.ORG
Cc: kjm@rins.ryukoku.ac.jp, security@FreeBSD.ORG
In-Reply-To: <20001117154551.A77867@citusc17.usc.edu>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On 17 Nov, Kris Kennaway wrote:
> This was trivial to get working on FreeBSD, but here is a patch
> against the system gcc in 4.x which will compile a ProPolice-enabled
> version, so FreeBSD users can start easily making use of this. The
> patch is the same for 5.x users except you will need to replace
> "contrib/gcc" with "contrib/gcc.295" in the diff.
>
> http://www.freebsd.org/~kris/protector.patch
Do you have something similar for the bounds checking patches? I tried
it myself, but I've problems with the Makefile for libcheck and some
unresolved symbols in cc_int (but I haven't tried very hard).
Bye,
Alexander.
--
To boldly go where I surely don't belong.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 7:17:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3])
by hub.freebsd.org (Postfix) with SMTP id B1AA137B4D7
for ; Mon, 20 Nov 2000 07:17:54 -0800 (PST)
Received: (qmail 47151 invoked by uid 501); 20 Nov 2000 15:17:53 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
by localhost with SMTP; 20 Nov 2000 15:17:53 -0000
Date: Mon, 20 Nov 2000 13:17:53 -0200 (EDT)
From: Paulo Fragoso
To: freebsd-security@freebsd.org
Subject: Telnetd (TCP no PCB)
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi,
I've found two telnetd running on FreeBSD 4.1-20000907-STABLE whithout
clients and after to run lsof it has reported this:
telnetd 86351 root 0u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
telnetd 86351 root 1u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
telnetd 86351 root 2u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
telnetd 86862 root 0u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
telnetd 86862 root 1u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
telnetd 86862 root 2u IPv4 0t0 TCP no PCB,
CANTSENDMORE, CANTRCVMORE
What does mean that? Is that a security problem?
Thanks,
Paulo Fragoso.
--
__O
_-\<,_ Why drive when you can bike?
(_)/ (_)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 11:40:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP id C43DE37B479
for ; Mon, 20 Nov 2000 11:40:21 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAKJeoh83455;
Mon, 20 Nov 2000 11:40:50 -0800 (PST)
(envelope-from kris)
Date: Mon, 20 Nov 2000 11:40:50 -0800
From: Kris Kennaway
To: Alexander Leidinger
Cc: kjm@rins.ryukoku.ac.jp, security@FreeBSD.ORG
Subject: Re: Base system gcc patch (Re: FYI: Propolice for gcc-2.95.2)
Message-ID: <20001120114050.B83383@citusc17.usc.edu>
References: <20001117154551.A77867@citusc17.usc.edu> <200011201240.eAKCe5m03807@Magelan.Leidinger.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="jho1yZJdad60DJr+"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011201240.eAKCe5m03807@Magelan.Leidinger.net>; from Alexander@leidinger.net on Mon, Nov 20, 2000 at 01:40:03PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--jho1yZJdad60DJr+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 20, 2000 at 01:40:03PM +0100, Alexander Leidinger wrote:
> On 17 Nov, Kris Kennaway wrote:
> > This was trivial to get working on FreeBSD, but here is a patch
> > against the system gcc in 4.x which will compile a ProPolice-enabled
> > version, so FreeBSD users can start easily making use of this. The
> > patch is the same for 5.x users except you will need to replace
> > "contrib/gcc" with "contrib/gcc.295" in the diff.
> >=20
> > http://www.freebsd.org/~kris/protector.patch
>=20
> Do you have something similar for the bounds checking patches? I tried
> it myself, but I've problems with the Makefile for libcheck and some
> unresolved symbols in cc_int (but I haven't tried very hard).
Not yet..
Kris
--jho1yZJdad60DJr+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoZfkIACgkQWry0BWjoQKUJnQCgq/H1PSDPizI9asNiMoPj9nUW
1BYAoPBXz3JI2sZZht1VAQtccnhB9k91
=v77/
-----END PGP SIGNATURE-----
--jho1yZJdad60DJr+--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:27:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id BE24037B4CF; Mon, 20 Nov 2000 13:27:27 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:71.mgetty
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120212727.BE24037B4CF@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:27:27 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:71 Security Advisory
FreeBSD, Inc.
Topic: mgetty can create or overwrite files
Category: ports
Module: mgetty
Announced: 2000-11-20
Credits: Stan Bubrouski
Affects: Ports collection prior to the correction date.
Corrected: 2000-9-10
Vendor status: Updated version released
FreeBSD only: NO
I. Background
mgetty is a replacement for the getty utility designed for use with
data and fax modems.
II. Problem Description
The mgetty port, versions prior to 1.1.22.8.17, contains a
vulnerability that may allow local users to create or overwrite any
file on the system. This is due to the faxrunqd daemon (which usually
runs as root) following symbolic links when creating a .last_run file
in the world-writable /var/spool/fax/outgoing/ directory.
This presents a denial of service attack since the attacker can cause
critical system files to be overwritten, but it is not believed the
attacker has the ability to control the contents of the overwritten
file. Therefore the possibility of using this attack to elevate
privileges is believed to be minimal.
The mgetty port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 4100 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
contain this problem since it was discovered after the releases, but
it was corrected prior to the release of FreeBSD 4.2.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
III. Impact
Unprivileged local users may create or overwrite any file on the
system.
If you have not chosen to install the mgetty port/package, then your
system is not vulnerable to this problem.
IV. Workaround
Deinstall the mgetty port/package, if you you have installed it.
V. Solution
One of the following:
1) Upgrade your entire ports collection and rebuild the mgetty port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/comms/mgetty-1.1.22.8.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/mgetty-1.1.22.8.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/comms/mgetty-1.1.22.8.17.tgz
3) download a new port skeleton for the mgetty port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmWG1UuHi5z0oilAQE5jAP+Lj1qI76n/cHjmfR05NTckZ4EI1Fkt708
zZfEL9B4y8FCgluw9nLNhVKHYjkQFg/b0SEgBetElPu+k6ivcu9EqI2Gk4RIyT82
HJFqOOnvX2yodMgZo1NozEot3aw3DIQg8TFs0Z/w0E4e+02iCytPmZYfrE5vbWif
q1qAcFpgJWE=
=l2yv
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:29:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 458E837B4CF; Mon, 20 Nov 2000 13:28:54 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:72.curl
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120212854.458E837B4CF@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:28:54 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:72 Security Advisory
FreeBSD, Inc.
Topic: curl client-side vulnerability
Category: ports
Module: curl
Announced: 2000-11-20
Credits: Wichert Akkerman
Affects: Ports collection prior to the correction date.
Corrected: 2000-10-30
Vendor status: Updated version released
FreeBSD only: NO
I. Background
curl is a multi-protocol file retrieval tool.
II. Problem Description
The curl port, versions prior to 7.4.1, allows a client-side exploit
through a buffer overflow in the error handling code. A malicious ftp
server operator can cause arbitrary code to be executed by the user
running the curl client.
The curl port is not installed by default, nor is it "part of FreeBSD"
as such: it is part of the FreeBSD ports collection, which contains
over 4100 third-party applications in a ready-to-install format.
The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain
this problem since it was discovered after the releases, but it was
corrected prior to the release of FreeBSD 4.2.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
III. Impact
Malicious FTP server operators can execute arbitrary code on the local
system when a file is downloaded from this server.
If you have not chosen to install the curl port/package, then your
system is not vulnerable to this problem.
IV. Workaround
Deinstall the curl port/package, if you you have installed it.
V. Solution
One of the following:
1) Upgrade your entire ports collection and rebuild the curl port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/curl-7.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/curl-7.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/curl-7.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/curl-7.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/curl-7.4.1.tgz
3) download a new port skeleton for the curl port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmXtlUuHi5z0oilAQGoWwP8D4Do6NX9PMIrCaky4BU4rj37l5PO7kHn
h94zc2ISFpX5IBceUDCbVNjJJPkA8hXHhWXHZulpruu6yza/V9Oo3Uz86HrzY4Tw
7Rj3iwQ/5/wJW3Ya/BcnBozk1/NlnAxGzKluTOlHe8UCFPV8JtCrE5RPRHMQ3BP8
IN3EDVdvLzw=
=EQge
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:30:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id C4AB237B682; Mon, 20 Nov 2000 13:29:17 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:73.thttpd
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120212917.C4AB237B682@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:29:17 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:73 Security Advisory
FreeBSD, Inc.
Topic: thttpd allows remote reading of local files
Category: ports
Module: thttpd
Announced: 2000-11-20
Credits: ghandi@MINDLESS.COM
Affects: Ports collection prior to the correction date.
Corrected: 2000-10-30
Vendor status: Updated version released
FreeBSD only: NO
I. Background
thttpd is a simple, small, fast HTTP server.
II. Problem Description
The thttpd port, versions prior to 2.20, allows remote viewing of
arbitrary files on the local server. The 'ssi' cgi script does not
correctly restrict URL-encoded requests containing ".." in the path.
In addition, the cgi script does not have the same restrictions as the
web server for preventing requests outside of the web root. These two
flaws allow remote users to access any file on the system accessible
to the web server user (user 'nobody' in the default configuration).
The thttpd port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 4100 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
contain this problem since it was discovered after the releases, but
it was corrected prior to the release of FreeBSD 4.2.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
III. Impact
Remote users may access any file on the system accessible to the web
server user (user 'nobody' in the default installation).
If you have not chosen to install the thttpd port/package, then your
system is not vulnerable to this problem.
IV. Workaround
Deinstall the thttpd port/package, if you you have installed it.
V. Solution
One of the following:
1) Upgrade your entire ports collection and rebuild the thttpd port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/thttpd-2.20b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.20b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/thttpd-2.20b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.20b.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/thttpd-2.20b.tgz
3) download a new port skeleton for the thttpd port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmWNFUuHi5z0oilAQF1sQP9Fc/jBFjSNhzGIGc+bglEOiepdajSk3Ep
wtoLUQJug56qcbUtxgg6FxbDv7xW/uYZ1YKWYQsjAr0tyYv+zTSVgvxAhREY1En2
TIqrRTjTPir5yAodzsVvueTdjVhgQhWKHlrNMUKK3hfWoeLXiLhtFTDn8jam/2pO
tw8I3tWT16I=
=+HRv
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:31:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 0DFBE37B68D; Mon, 20 Nov 2000 13:29:49 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:74.php
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120212949.0DFBE37B68D@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:29:49 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:75 Security Advisory
FreeBSD, Inc.
Topic: mod_php3/mod_php4 allows remote code execution
Category: ports
Module: mod_php3/mod_php4
Announced: 2000-11-20
Credits: Jouko Pynnönen
Affects: Ports collection prior to the correction date.
Corrected: 2000-10-12 (mod_php4), 2000-10-18 (mod_php3)
Vendor status: Updated version released
FreeBSD only: NO
I. Background
php is a commonly used HTML-embedded scripting language.
II. Problem Description
The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3
(mod_php4), contain a potential vulnerablilty that may allow a
malicious remote user to execute arbitrary code as the user running
the web server, typically user 'nobody'. The vulnerability is due to
a format string vulnerability in the error logging routines.
A web server is vulnerable if error logging is enabled in php.ini.
Additionally, individual php scripts may cause the web server to be
vulnerable if the script uses the syslog() php function regardless of
error logging in php.ini.
The mod_php ports are not installed by default, nor are they "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 4100 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
contain this problem since it was discovered after the releases, but
it was corrected prior to the release of FreeBSD 4.2.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.
III. Impact
Malicious remote users can execute arbitrary code on the local system
as the user running the webserver (typically user 'nobody'). This
vulnerability requires error logging to be enabled in php.ini or by
using the syslog() php function in a script.
If you have not chosen to install the mod_php3 or mod_php4
port/package, then your system is not vulnerable to this problem.
IV. Workaround
Deinstall the mod_php3/mod_php4 port/package, if you you have
installed it.
V. Solution
One of the following:
1) Upgrade your entire ports collection and rebuild the
mod_php3/mod_php4 port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
[php3]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz
[php4]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz
3) download a new port skeleton for the mod_php3/mod_php4 port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmWdlUuHi5z0oilAQHlCQP/W+MsHrhJbBEg8JRhw5ZoGh8DI/KHD6gT
PYgaIhr72vmHYN7xtkuHDxV1C5O15YC+z7CzZseYvpdfBDVDm3qKwBQdN5EuumQg
09LHPZEwayLYlgdRmoRQiP8OGsrYER29sYFQZlKvf8ZJw4tZkwJKPmpGBO5bxvSk
+N5lbHKNdHw=
=gy7y
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:37:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id 7285337B4C5; Mon, 20 Nov 2000 13:36:45 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120213645.7285337B4C5@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:36:45 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:69 Security Advisory
FreeBSD, Inc.
Topic: telnetd allows remote system resource consumption [REVISED]
Category: core
Module: telnetd
Announced: 2000-11-14
Revised: 2000-11-20
Credits: Jouko Pynnonen
Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior
to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior
to the correction date.
Corrected: 2000-11-19 (FreeBSD 4.1.1-STABLE)
2000-11-19 (FreeBSD 3.5.1-STABLE)
FreeBSD only: NO
0. Revision History
v1.0 2000-11-14 Initial release
v1.1 2000-11-20 Corrected patch, pointed out by
Christos Zoulas
I. Background
telnetd is the server for the telnet remote login protocol.
II. Problem Description
The telnet protocol allows for UNIX environment variables to be passed
from the client to the user login session on the server. However, some
of these environment variables have special meaning to the telnetd
child process itself and may be used to affect its operation.
Of particular relevance is the ability for remote users to cause an
arbitrary file on the system to be searched for termcap data by
passing the TERMCAP environment variable. Although any file on the
local system can be read since the telnetd server runs as root, the
contents of the file will not be reported in any way to the remote
user unless it contains a valid termcap entry, in which case the
corresponding termcap sequences will be used to format the output sent
to the client. It is believed there is no risk of data disclosure
through this vulnerability.
However, an attacker who forces the server to search through a large
file or to read from a device can cause resources to be spent by the
server, including CPU cycles and disk read bandwidth, which can
increase the server load and may prevent it from servicing legitimate
user requests. Since the vulnerability occurs before the login(1)
utility is spawned, it does not require authentication to a valid
account on the server in order to exploit.
All released versions of FreeBSD prior to the correction date
including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem,
but it was fixed in the 4.1.1-STABLE branch prior to the release of
FreeBSD 4.2-RELEASE.
III. Impact
Remote users without a valid login account on the server can cause
resources such as CPU and disk read bandwidth to be consumed, causing
increased server load and possibly denying service to legitimate
users.
IV. Workaround
1) Disable the telnet service, which is usually run out of inetd:
comment out the following lines in /etc/inetd.conf, if present.
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
2) Impose access restrictions using TCP wrappers (/etc/hosts.allow),
or a network-level packet filter such as ipfw(8) or ipf(8) on the
perimeter firewall or the local machine, to limit access to the telnet
service to trusted machines.
V. Solution
One of the following:
1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
3.5.1-STABLE after the respective correction dates. Note that the
original patch was incorrect and caused telnetd to behave incorrectly
in certain situations.
2) Apply the patch below and recompile the relevant files:
Either save this advisory to a file, or download the patch and
detached PGP signature from the following locations, and verify the
signature using your PGP utility.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1.asc
Execute the following commands as root:
# cd /usr/src/libexec/telnetd
# patch -p < /path/to/patch_or_advisory
# make depend && make all install
Updated patch for vulnerable systems:
Index: ext.h
===================================================================
RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ext.h 1999/08/28 00:10:22 1.7
+++ ext.h 2000/11/19 10:01:27 1.8
@@ -87,7 +87,7 @@
#endif
extern int pty, net;
-extern char *line;
+extern char line[16];
extern int SYNCHing; /* we are in TELNET SYNCH mode */
#ifndef P
Index: sys_term.c
===================================================================
RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
retrieving revision 1.24
retrieving revision 1.26
diff -u -r1.24 -r1.26
--- sys_term.c 1999/08/28 00:10:24 1.24
+++ sys_term.c 2000/11/19 10:01:27 1.26
@@ -480,14 +480,10 @@
*
* Returns the file descriptor of the opened pty.
*/
-#ifndef __GNUC__
-char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#else
-static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-char *line = Xline;
-#endif
#ifdef CRAY
-char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char myline[16];
+#else
+char line[16];
#endif /* CRAY */
int
@@ -1799,6 +1795,13 @@
strncmp(*cpp, "_RLD_", 5) &&
strncmp(*cpp, "LIBPATH=", 8) &&
#endif
+ strncmp(*cpp, "LOCALDOMAIN=", 12) &&
+ strncmp(*cpp, "RES_OPTIONS=", 12) &&
+ strncmp(*cpp, "TERMINFO=", 9) &&
+ strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
+ strncmp(*cpp, "TERMPATH=", 9) &&
+ strncmp(*cpp, "TERMCAP=/", 9) &&
+ strncmp(*cpp, "ENV=", 4) &&
strncmp(*cpp, "IFS=", 4))
*cpp2++ = *cpp;
}
Index: telnetd.c
===================================================================
RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
retrieving revision 1.22
retrieving revision 1.24
diff -u -r1.22 -r1.24
--- telnetd.c 2000/01/25 14:52:00 1.22
+++ telnetd.c 2000/11/19 10:01:27 1.24
@@ -805,13 +805,12 @@
#else
for (;;) {
char *lp;
- extern char *line, *getpty();
if ((lp = getpty()) == NULL)
fatal(net, "Out of ptys");
if ((pty = open(lp, 2)) >= 0) {
- strcpy(line,lp);
+ strlcpy(line,lp,sizeof(line));
line[5] = 't';
break;
}
@@ -1115,7 +1114,7 @@
IM = Getstr("im", &cp);
IF = Getstr("if", &cp);
if (HN && *HN)
- (void) strcpy(host_name, HN);
+ (void) strlcpy(host_name, HN, sizeof(host_name));
if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1)
IM = 0;
if (IM == 0)
Index: utility.c
===================================================================
RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- utility.c 1999/08/28 00:10:25 1.13
+++ utility.c 2000/10/31 05:29:54 1.14
@@ -330,7 +330,7 @@
{
char buf[BUFSIZ];
- (void) sprintf(buf, "telnetd: %s.\r\n", msg);
+ (void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
(void) write(f, buf, (int)strlen(buf));
sleep(1); /*XXX*/
exit(1);
@@ -343,7 +343,7 @@
{
char buf[BUFSIZ], *strerror();
- (void) sprintf(buf, "%s: %s", msg, strerror(errno));
+ (void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
fatal(f, buf);
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmZhlUuHi5z0oilAQECjQP/RJyFP/msuoNj1ebyeE4PjXHFV99FoVIY
jeBCjheFN+9kVR2ZqGxzhF8Ds1jsHI2oURhjNwRkf+OGNzCfDKEseTa0/Aa59XG5
68O9DKP2CEZnNra3N5uWCBX7ozGI1iCfJkBstSXBhdpyeumOjhfkEF1cwvJldyWl
YMIWv/MwRWs=
=wuWd
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 13:40:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id D628E37B4D7; Mon, 20 Nov 2000 13:39:16 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:68.ncurses [REVISED]
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120213916.D628E37B4D7@hub.freebsd.org>
Date: Mon, 20 Nov 2000 13:39:16 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:68 Security Advisory
FreeBSD, Inc.
Topic: ncurses allows local privilege escalation [REVISED]
Category: core, ports
Module: ncurses
Announced: 2000-11-13
Revised: 2000-11-20
Affects: FreeBSD 5.0-CURRENT, 4.x prior to the correction date.
FreeBSD 3.x not yet fixed.
Corrected: 2000-10-11 (FreeBSD 4.1.1-STABLE)
2000-11-10 (ncurses port)
Credits: Jouko Pynnonen
FreeBSD only: NO
0. Revision History
v1.0 2000-11-13 Initial release
v1.1 2000-11-20 Corrected status of 3.x, referenced ncurses port
I. Background
ncurses is a text-mode display library used for formatting the output
of applications on a variety of terminals. It is externally
maintained, contributed code which is included in FreeBSD by default.
II. Problem Description
There exists an overflowable buffer in the libncurses library in the
processing of cursor movement capabilities. An attacker can force a
privileged application to use the attacker's termcap file containing a
specially crafted terminal entry, which will trigger the vulnerability
when the vulnerable ncurses code is called. This allows them to
execute arbitrary code on the local system with the privileges of the
exploited binary.
The systat utility included in the FreeBSD base system is known to use
vulnerable ncurses routines. It runs with increased privileges as a
member of the kmem group, which allows it to read from kernel memory
(but not write to it). A process with the ability to read from kernel
memory can monitor privileged data such as network traffic, disk
buffers and terminal activity, and may be able to leverage this to
obtain further privileges on the local system or on other systems,
including root privileges.
There may be other vulnerable applications included in the FreeBSD
base system, but no others are confirmed to be vulnerable due to the
difficulty in identifying a complete list of vulnerable ncurses
functions. However the following is a complete list of FreeBSD system
binaries which link against ncurses and run with increased
privileges. They may or may not be vulnerable to exploitation.
/usr/sbin/lpc
/usr/bin/top
/usr/bin/systat
FreeBSD 3.x and earlier versions use a very old, customized version of
ncurses which is difficult to update without breaking
backwards-compatibility. The update was made for FreeBSD 4.0, but 3.x
will not be updated to the newer version. At this stage the
vulnerability has not been fixed in FreeBSD 3.x.
The ncurses port (versions prior to 5.2) also contains this
vulnerability. It was corrected prior to the release of FreeBSD 4.2.
III. Impact
Certain setuid/setgid software (including FreeBSD base system
utilities and third party ports/packages) may be vulnerable to a local
exploit yielding privileged access.
The /usr/bin/systat utility is known to be vulnerable to this problem
in ncurses. At this time is unknown whether /usr/bin/top and
/usr/sbin/lpc are also affected.
The problems were corrected prior to the release of FreeBSD 4.2.
IV. Workaround
It is not feasible to reliably detect binaries which are vulnerable to
the ncurses vulnerability, however the provided utility will scan for
privileged binaries which use ncurses and which may potentially be
vulnerable. Some of the binaries reported may not in fact be
vulnerable, but should be recompiled anyway for maximum assurance of
security.
Statically linked binaries which are identified as potentially
vulnerable should be recompiled from source code if possible, after
patching and recompiling libc, in order to correct the vulnerability.
Dynamically linked binaries will be corrected by simply patching and
recompiling libc as described below.
As an interim measure, consider removing any identified setuid or
setgid binary, removing set[ug]id privileges from the file, or
limiting the file access permissions, as appropriate.
Of course, it is possible that some of the identified files may be
required for the correct operation of your local system, in which case
there is no clear workaround except for limiting the set of users who
may run the binaries, by an appropriate use of user groups and
removing the "o+x" file permission bit.
1) Download the 'scan_ncurses.sh' and 'test_ncurses.sh' scripts from
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
e.g. with the fetch(1) command:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
Receiving scan_ncurses.sh (381 bytes): 100%
381 bytes transferred in 0.1 seconds (7.03 kBps)
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
Receiving test_ncurses.sh (604 bytes): 100%
604 bytes transferred in 0.1 seconds (6.55 kBps)
2) Verify the md5 checksums and compare to the value below:
# md5 scan_ncurses.sh
MD5 (scan_ncurses.sh) = 597f63af701253f053581aa1821cbac1
# md5 test_ncurses.sh
MD5 (test_ncurses.sh) = 12491ceb15415df7682e3797de53223e
3) Run the scan_ncurses.sh script against your system:
# chmod a+x ./test_ncurses.sh
# sh scan_ncurses.sh ./test_ncurses.sh /
This will scan your entire system for setuid or setgid binaries which
make use of the ncurses library. Each returned binary should be
examined (e.g. with 'ls -l' and/or other tools) to determine what
security risk it poses to your local environment, e.g. whether it can
be run by arbitrary local users who may be able to exploit it to gain
privileges.
4) Remove the binaries, or reduce their file permissions, as appropriate.
V. Solution
Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the
correction date, or patch your present system source code and
rebuild. Then run the scan_ncurses.sh script as instructed in section
IV and identify any statically-linked binaries as reported by the
script. These should either be removed, recompiled, or have privileges
restricted to secure them against this vulnerability (since
statically-linked binaries will not be affected by simply recompiling
the shared libc library).
To patch your present system: download the updated ncurses code from
the below location, and execute the following commands as root:
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz.asc
Verify the detached PGP signature using your PGP utility.
cd /usr/src
tar xvfz /path/to/ncurses.tar.gz
cd /usr/src/lib/libncurses
make all
make install
In contrast to the usual practise, a simple patch fixing the security
vulnerability is not provided because the vendor did not make one
available, and the updated ncurses snapshot which fixed it contains
numerous other changes whose purpose and relation to the fix was
unclear.
[ncurses port]
If you have installed a vulnerable version of the ncurses port, one of
the following steps may be used to upgrade it:
1) Upgrade your entire ports collection and rebuild the ncurses port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/ncurses-5.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/ncurses-5.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/ncurses-5.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/ncurses-5.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/ncurses-5.2.tgz
3) download a new port skeleton for the ncurses port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmaFlUuHi5z0oilAQG5MwP9FStZoFKPCqfciIbIcFrE0wLYuEOeI24S
j9D4rSwU1ALzHB7DMpeXmju5pDRROmgUTIOGnBN9FcXZly4lDN3Y9yyIeW6Ia5UZ
wWbkhxsn573kD3P00WHAB1F1ccbbK4+SPNLkdJDgyyqAC4SdgeJEg5+z+Wcx7d3E
t/Xsv/X1ylA=
=ZiMW
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 14: 1:57 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
id D4FC437B65F; Mon, 20 Nov 2000 14:01:11 -0800 (PST)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
Reply-To: security-advisories@freebsd.org
Message-Id: <20001120220111.D4FC437B65F@hub.freebsd.org>
Date: Mon, 20 Nov 2000 14:01:11 -0800 (PST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:76 Security Advisory
FreeBSD, Inc.
Topic: tcsh/csh creates insecure temporary file
Category: core, ports
Module: tcsh, 44bsd-csh
Announced: 2000-11-20
Affects: FreeBSD 4.x, 3.x prior to the correction date.
Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE)
2000-11-05 (FreeBSD 3.5.1-STABLE)
2000-11-09 (44bsd-csh port)
2000-11-19 (tcsh port)
Credits: proton
FreeBSD only: NO
I. Background
tcsh is an updated version of the traditional BSD C Shell
(csh). Versions of csh and tcsh are included in the FreeBSD ports
collection (tcsh, 44bsd-csh) and the FreeBSD base system (csh, tcsh).
II. Problem Description
The csh and tcsh code creates temporary files when the '<<' operator
is used, however these are created insecurely and use a predictable
filename based on the process ID of the shell. An attacker can
exploit this vulnerability to overwrite an arbitrary file writable by
the user running the shell. The contents of the file are overwritten
with the text being entered using the '<<' operator, so it will
usually not be under the control of the attacker.
Therefore the likely impact of this vulnerability is a denial of
service since the attacker can cause critical files writable by the
user to be overwritten. It is unlikely, although possible depending
on the circumstances in which the '<<' operator is used, that the
attacker could exploit the vulnerability to gain privileges (this
typically requires that they have control over the contents the target
file is overwritten with).
All versions of FreeBSD prior to the correction date are vulnerable to
this problem: the /bin/csh shell included in the base system (which is
the same as /bin/tcsh in recent versions) as well as the tcsh
(versions prior to 6.09.03_1) and 44bsd-csh ports (versions prior to
44bsd-csh-20001106) in the ports collection. The problems with the
base system shells and the 44bsd-csh port were resolved prior to the
release of FreeBSD 4.2. The tcsh port was not fixed prior to the
release, but the port is disabled in FreeBSD 4.2 since the same
software exists in the base system.
III. Impact
Unprivileged local users can cause an arbitrary file writable by a
victim to be overwritten when the victim invokes the '<<' operator in
csh or tcsh (e.g. from within a shell script).
If you have not installed the tcsh or 44bsd-csh ports on your
4.1.1-STABLE system dated after the correction date, your system is
not vulnerable to this problem.
IV. Workaround
None practical.
V. Solution
Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the
correction date, or patch your present system source code and
rebuild.
To patch your present system: download the relevant patch from the
below location, and execute the following commands as root:
[FreeBSD 4.x base system]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch.asc
Verify the detached PGP signature using your PGP utility.
cd /usr/src/contrib/tcsh
patch -p < /path/to/patch
cd /usr/src/bin/csh
make depend && make all install
[FreeBSD 3.x base system]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch.asc
Verify the detached PGP signature using your PGP utility.
cd /usr/src/bin/csh
patch -p < /path/to/patch
make depend && make all install
[Ports collection]
One of the following:
1) Upgrade your entire ports collection and rebuild the tcsh/44bsd-csh
port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
[tcsh]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz
[44bsd-csh]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/44bsd-csh-20001106.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/44bsd-csh-20001106.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/44bsd-csh-20001106.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/44bsd-csh-20001106.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/44bsd-csh-20001106.tgz
3) download a new port skeleton for the tcsh/44bsd-csh port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQCVAwUBOhmfAlUuHi5z0oilAQGTBQP/fKPInKBn9a5NZSc5fWPYKdQda2gL1Mji
bMaOpF6DiYb9NqKSQdBayq+cf3SI0tqnx0MWDads+Vx6E7zZJ1Eai8zXB0vx37sO
vYULKsaK0Gp2wvPfEn0lDUN1l6tn7OQJIXg63i9qF2r/88G2stNbuxG6w++uponc
PsehE1pTGQY=
=ZAeV
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 15:20:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
by hub.freebsd.org (Postfix) with ESMTP
id CFA0C37B4C5; Mon, 20 Nov 2000 15:20:09 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
by fledge.watson.org (8.9.3/8.9.3) with SMTP id SAA40131;
Mon, 20 Nov 2000 18:20:06 -0500 (EST)
(envelope-from robert@fledge.watson.org)
Date: Mon, 20 Nov 2000 18:20:06 -0500 (EST)
From: Robert Watson
X-Sender: robert@fledge.watson.org
To: Warner Losh
Cc: core@freebsd.org, freebsd-security@freebsd.org
Subject: Re: Item
In-Reply-To: <200011202312.QAA28676@harmony.village.org>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Mon, 20 Nov 2000, Warner Losh wrote:
> I think we are done with this. I don't recall what David wanted here,
> but I would submit that the definition of the security officer's team
> should come from the security officer and therefore we're done now with
> that. Unless David wanted a statement of the powers that core has
> delegated to the SO, which isn't what I recall.
>
> Without objection, I'll go ahead and close this later in the week.
Closing it sounds great. I think David's request was that we document the
procedures and processes of the Security Officer team -- in particular,
who's on it, how they get there, and what responsibilities they may hold.
This is probably a task for the Security Officer team to come up with, and
for Core to bless after possible detail negotiation.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 19: 6:55 2000
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
by hub.freebsd.org (Postfix) with ESMTP
id 6A34637B4C5; Mon, 20 Nov 2000 19:06:51 -0800 (PST)
Received: (from root@localhost)
by giganda.komkon.org (8.9.3/8.9.3) id WAA74232;
Mon, 20 Nov 2000 22:06:45 -0500 (EST)
(envelope-from str)
Date: Mon, 20 Nov 2000 22:06:45 -0500 (EST)
From: Igor Roshchin
Message-Id: <200011210306.WAA74232@giganda.komkon.org>
To: security-officer@freebsd.org, security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
> From: FreeBSD Security Advisories
> Subject: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
> Date: Mon, 20 Nov 2000 14:01:11 -0800 (PST)
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-00:76 Security Advisory
> FreeBSD, Inc.
>
> Topic: tcsh/csh creates insecure temporary file
>
<..>
>
> 2) Deinstall the old package and install a new package dated after the
> correction date, obtained from:
>
> [tcsh]
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz
>
<..>
In 3-stable (on ftp.freebsd.org) I find:
-rw-r--r-- 1 569 207 257477 Nov 18 15:16 ../All/tcsh-6.09.03.tgz
Is it an updated version, or not ?
The date is close, but the number is different,
although the package has a date stamp when the problem was known
(and fixed in some parts of the system)
> Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE)
> 2000-11-05 (FreeBSD 3.5.1-STABLE)
> 2000-11-09 (44bsd-csh port)
> 2000-11-19 (tcsh port)
Similar situation is for 4-stable:
> dir ../All/tcsh*
-rw-r--r-- 1 569 207 1342 Nov 6 02:20 ../All/tcsh-6.09.03.tgz
/.0/FreeBSD/ports/i386/packages-4-stable/shells
freebsd>
So, it is not completely clear if the packages are updated yet, or not.
( I hope I didn't miss the phrase that the packages might not be ready yet
this time)
Igor
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 19:26:56 2000
Delivered-To: freebsd-security@freebsd.org
Received: from roble.com (mx2.roble.com [206.40.34.15])
by hub.freebsd.org (Postfix) with ESMTP id 1BE6F37B479
for ; Mon, 20 Nov 2000 19:26:54 -0800 (PST)
Received: from localhost (marquis@localhost)
by roble.com with ESMTP id eAL3Qrl98991
for ; Mon, 20 Nov 2000 19:26:53 -0800 (PST)
Date: Mon, 20 Nov 2000 19:26:53 -0800 (PST)
From: Roger Marquis
To: security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Anyone have either of these patches run successfully? Here's the
output from patch -p on a 4.1-RELEASE host.
----------------------------------------------------------------------
#patch -p < /tmp/telnetd.patch.v1.1
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: ext.h
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
|retrieving revision 1.7
|retrieving revision 1.8
|diff -u -r1.7 -r1.8
|--- ext.h 1999/08/28 00:10:22 1.7
|+++ ext.h 2000/11/19 10:01:27 1.8
--------------------------
Patching file ext.h using Plan A...
Hunk #1 failed at 87.
1 out of 1 hunks failed--saving rejects to ext.h.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: sys_term.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
|retrieving revision 1.24
|retrieving revision 1.26
|diff -u -r1.24 -r1.26
|--- sys_term.c 1999/08/28 00:10:24 1.24
|+++ sys_term.c 2000/11/19 10:01:27 1.26
--------------------------
Patching file sys_term.c using Plan A...
Hunk #1 failed at 480.
Hunk #2 failed at 1795.
2 out of 2 hunks failed--saving rejects to sys_term.c.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: telnetd.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
|retrieving revision 1.22
|retrieving revision 1.24
|diff -u -r1.22 -r1.24
|--- telnetd.c 2000/01/25 14:52:00 1.22
|+++ telnetd.c 2000/11/19 10:01:27 1.24
--------------------------
Patching file telnetd.c using Plan A...
Hunk #1 failed at 805.
Hunk #2 failed at 1114.
2 out of 2 hunks failed--saving rejects to telnetd.c.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: utility.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
|retrieving revision 1.13
|retrieving revision 1.14
|diff -u -r1.13 -r1.14
|--- utility.c 1999/08/28 00:10:25 1.13
|+++ utility.c 2000/10/31 05:29:54 1.14
--------------------------
Patching file utility.c using Plan A...
Hunk #1 failed at 330.
Hunk #2 failed at 343.
2 out of 2 hunks failed--saving rejects to utility.c.rej
Hmm... Ignoring the trailing garbage.
done
----------------------------------------------------------------------o
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 21:21:35 2000
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
by hub.freebsd.org (Postfix) with ESMTP id 7727A37B4CF
for ; Mon, 20 Nov 2000 21:21:28 -0800 (PST)
Received: (from str@localhost)
by giganda.komkon.org (8.9.3/8.9.3) id AAA77830;
Tue, 21 Nov 2000 00:21:21 -0500 (EST)
(envelope-from str)
Date: Tue, 21 Nov 2000 00:21:21 -0500 (EST)
From: Igor Roshchin
Message-Id: <200011210521.AAA77830@giganda.komkon.org>
To: marquis@roble.com, security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
In-Reply-To:
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
No problem on a 4.0-RELEASE box:
mailhost: [22:19] [121] /usr/src/libexec/telnetd#patch -p < telnetd.patch.v1.1 Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: ext.h
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
|retrieving revision 1.7
|retrieving revision 1.8
|diff -u -r1.7 -r1.8
|--- ext.h 1999/08/28 00:10:22 1.7
|+++ ext.h 2000/11/19 10:01:27 1.8
--------------------------
Patching file ext.h using Plan A...
Hunk #1 succeeded at 87.
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: sys_term.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
|retrieving revision 1.24
|retrieving revision 1.26
|diff -u -r1.24 -r1.26
|--- sys_term.c 1999/08/28 00:10:24 1.24
|+++ sys_term.c 2000/11/19 10:01:27 1.26
--------------------------
Patching file sys_term.c using Plan A...
Hunk #1 succeeded at 480.
Hunk #2 succeeded at 1795.
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: telnetd.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
|retrieving revision 1.22
|retrieving revision 1.24
|diff -u -r1.22 -r1.24
|--- telnetd.c 2000/01/25 14:52:00 1.22
|+++ telnetd.c 2000/11/19 10:01:27 1.24
--------------------------
Patching file telnetd.c using Plan A...
Hunk #1 succeeded at 805.
Hunk #2 succeeded at 1114.
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: utility.c
|===================================================================
|RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
|retrieving revision 1.13
|retrieving revision 1.14
|diff -u -r1.13 -r1.14
|--- utility.c 1999/08/28 00:10:25 1.13
|+++ utility.c 2000/10/31 05:29:54 1.14
--------------------------
Patching file utility.c using Plan A...
Hunk #1 succeeded at 330.
Hunk #2 succeeded at 343.
Hmm... Ignoring the trailing garbage.
done
Hope, that helps,
Igor
> Date: Mon, 20 Nov 2000 19:26:53 -0800 (PST)
> From: Roger Marquis
> To: security@FreeBSD.ORG
> Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
>
> Anyone have either of these patches run successfully? Here's the
> output from patch -p on a 4.1-RELEASE host.
>
> ----------------------------------------------------------------------
> #patch -p < /tmp/telnetd.patch.v1.1
> Hmm... Looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: ext.h
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
> |retrieving revision 1.7
> |retrieving revision 1.8
> |diff -u -r1.7 -r1.8
> |--- ext.h 1999/08/28 00:10:22 1.7
> |+++ ext.h 2000/11/19 10:01:27 1.8
> --------------------------
> Patching file ext.h using Plan A...
> Hunk #1 failed at 87.
> 1 out of 1 hunks failed--saving rejects to ext.h.rej
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: sys_term.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
> |retrieving revision 1.24
> |retrieving revision 1.26
> |diff -u -r1.24 -r1.26
> |--- sys_term.c 1999/08/28 00:10:24 1.24
> |+++ sys_term.c 2000/11/19 10:01:27 1.26
> --------------------------
> Patching file sys_term.c using Plan A...
> Hunk #1 failed at 480.
> Hunk #2 failed at 1795.
> 2 out of 2 hunks failed--saving rejects to sys_term.c.rej
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: telnetd.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
> |retrieving revision 1.22
> |retrieving revision 1.24
> |diff -u -r1.22 -r1.24
> |--- telnetd.c 2000/01/25 14:52:00 1.22
> |+++ telnetd.c 2000/11/19 10:01:27 1.24
> --------------------------
> Patching file telnetd.c using Plan A...
> Hunk #1 failed at 805.
> Hunk #2 failed at 1114.
> 2 out of 2 hunks failed--saving rejects to telnetd.c.rej
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: utility.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
> |retrieving revision 1.13
> |retrieving revision 1.14
> |diff -u -r1.13 -r1.14
> |--- utility.c 1999/08/28 00:10:25 1.13
> |+++ utility.c 2000/10/31 05:29:54 1.14
> --------------------------
> Patching file utility.c using Plan A...
> Hunk #1 failed at 330.
> Hunk #2 failed at 343.
> 2 out of 2 hunks failed--saving rejects to utility.c.rej
> Hmm... Ignoring the trailing garbage.
> done
> ----------------------------------------------------------------------o
>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 21:28:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rly-ip02.mx.aol.com (rly-ip02.mx.aol.com [152.163.225.160])
by hub.freebsd.org (Postfix) with ESMTP id ED6DE37B4D7
for ; Mon, 20 Nov 2000 21:28:23 -0800 (PST)
Received: from tot-wl.proxy.aol.com (tot-wl.proxy.aol.com [205.188.199.1])
by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with ESMTP id AAA28322;
Tue, 21 Nov 2000 00:28:08 -0500 (EST)
Received: from pavilion (AC8E6614.ipt.aol.com [172.142.102.20])
by tot-wl.proxy.aol.com (8.10.0/8.10.0) with SMTP id eAL5S5832069;
Tue, 21 Nov 2000 00:28:05 -0500 (EST)
Message-ID: <00e301c0537b$d221fee0$0101a8c0@pavilion>
From: "Richard Ward"
To: "Igor Roshchin" , ,
References: <200011210521.AAA77830@giganda.komkon.org>
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
Date: Tue, 21 Nov 2000 00:28:01 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
X-Apparently-From: Nis8840@aol.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
It seems to have worked fine on my 4.1.1-STABLE server, also. Hopefully you
will find an answer to your problem soon.
--
Richard Ward, Founder
Neonsky Internet Services
http://www.neonsky.net
----- Original Message -----
From: Igor Roshchin
To: ;
Sent: Tuesday, November 21, 2000 12:21 AM
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
>
>
> No problem on a 4.0-RELEASE box:
>
> mailhost: [22:19] [121] /usr/src/libexec/telnetd#patch -p <
telnetd.patch.v1.1 Hmm... Looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: ext.h
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
> |retrieving revision 1.7
> |retrieving revision 1.8
> |diff -u -r1.7 -r1.8
> |--- ext.h 1999/08/28 00:10:22 1.7
> |+++ ext.h 2000/11/19 10:01:27 1.8
> --------------------------
> Patching file ext.h using Plan A...
> Hunk #1 succeeded at 87.
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: sys_term.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
> |retrieving revision 1.24
> |retrieving revision 1.26
> |diff -u -r1.24 -r1.26
> |--- sys_term.c 1999/08/28 00:10:24 1.24
> |+++ sys_term.c 2000/11/19 10:01:27 1.26
> --------------------------
> Patching file sys_term.c using Plan A...
> Hunk #1 succeeded at 480.
> Hunk #2 succeeded at 1795.
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: telnetd.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
> |retrieving revision 1.22
> |retrieving revision 1.24
> |diff -u -r1.22 -r1.24
> |--- telnetd.c 2000/01/25 14:52:00 1.22
> |+++ telnetd.c 2000/11/19 10:01:27 1.24
> --------------------------
> Patching file telnetd.c using Plan A...
> Hunk #1 succeeded at 805.
> Hunk #2 succeeded at 1114.
> Hmm... The next patch looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |Index: utility.c
> |===================================================================
> |RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
> |retrieving revision 1.13
> |retrieving revision 1.14
> |diff -u -r1.13 -r1.14
> |--- utility.c 1999/08/28 00:10:25 1.13
> |+++ utility.c 2000/10/31 05:29:54 1.14
> --------------------------
> Patching file utility.c using Plan A...
> Hunk #1 succeeded at 330.
> Hunk #2 succeeded at 343.
> Hmm... Ignoring the trailing garbage.
> done
>
>
>
> Hope, that helps,
>
> Igor
>
>
>
> > Date: Mon, 20 Nov 2000 19:26:53 -0800 (PST)
> > From: Roger Marquis
> > To: security@FreeBSD.ORG
> > Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd
[REVISED]
> >
> > Anyone have either of these patches run successfully? Here's the
> > output from patch -p on a 4.1-RELEASE host.
> >
> > ----------------------------------------------------------------------
> > #patch -p < /tmp/telnetd.patch.v1.1
> > Hmm... Looks like a unified diff to me...
> > The text leading up to this was:
> > --------------------------
> > |Index: ext.h
> > |===================================================================
> > |RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
> > |retrieving revision 1.7
> > |retrieving revision 1.8
> > |diff -u -r1.7 -r1.8
> > |--- ext.h 1999/08/28 00:10:22 1.7
> > |+++ ext.h 2000/11/19 10:01:27 1.8
> > --------------------------
> > Patching file ext.h using Plan A...
> > Hunk #1 failed at 87.
> > 1 out of 1 hunks failed--saving rejects to ext.h.rej
> > Hmm... The next patch looks like a unified diff to me...
> > The text leading up to this was:
> > --------------------------
> > |Index: sys_term.c
> > |===================================================================
> > |RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
> > |retrieving revision 1.24
> > |retrieving revision 1.26
> > |diff -u -r1.24 -r1.26
> > |--- sys_term.c 1999/08/28 00:10:24 1.24
> > |+++ sys_term.c 2000/11/19 10:01:27 1.26
> > --------------------------
> > Patching file sys_term.c using Plan A...
> > Hunk #1 failed at 480.
> > Hunk #2 failed at 1795.
> > 2 out of 2 hunks failed--saving rejects to sys_term.c.rej
> > Hmm... The next patch looks like a unified diff to me...
> > The text leading up to this was:
> > --------------------------
> > |Index: telnetd.c
> > |===================================================================
> > |RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
> > |retrieving revision 1.22
> > |retrieving revision 1.24
> > |diff -u -r1.22 -r1.24
> > |--- telnetd.c 2000/01/25 14:52:00 1.22
> > |+++ telnetd.c 2000/11/19 10:01:27 1.24
> > --------------------------
> > Patching file telnetd.c using Plan A...
> > Hunk #1 failed at 805.
> > Hunk #2 failed at 1114.
> > 2 out of 2 hunks failed--saving rejects to telnetd.c.rej
> > Hmm... The next patch looks like a unified diff to me...
> > The text leading up to this was:
> > --------------------------
> > |Index: utility.c
> > |===================================================================
> > |RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
> > |retrieving revision 1.13
> > |retrieving revision 1.14
> > |diff -u -r1.13 -r1.14
> > |--- utility.c 1999/08/28 00:10:25 1.13
> > |+++ utility.c 2000/10/31 05:29:54 1.14
> > --------------------------
> > Patching file utility.c using Plan A...
> > Hunk #1 failed at 330.
> > Hunk #2 failed at 343.
> > 2 out of 2 hunks failed--saving rejects to utility.c.rej
> > Hmm... Ignoring the trailing garbage.
> > done
> > ----------------------------------------------------------------------o
> >
> > --
> > Roger Marquis
> > Roble Systems Consulting
> > http://www.roble.com/
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 21:48: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id 19A5037B4D7; Mon, 20 Nov 2000 21:48:01 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAL5msi92942;
Mon, 20 Nov 2000 21:48:54 -0800 (PST)
(envelope-from kris)
Date: Mon, 20 Nov 2000 21:48:53 -0800
From: Kris Kennaway
To: Igor Roshchin
Cc: security-officer@freebsd.org, security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:76.tcsh-csh
Message-ID: <20001120214853.B92862@citusc17.usc.edu>
References: <200011210306.WAA74232@giganda.komkon.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011210306.WAA74232@giganda.komkon.org>; from str@giganda.komkon.org on Mon, Nov 20, 2000 at 10:06:45PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 20, 2000 at 10:06:45PM -0500, Igor Roshchin wrote:
> In 3-stable (on ftp.freebsd.org) I find:
> -rw-r--r-- 1 569 207 257477 Nov 18 15:16 ../All/tcsh-6.09.03.tgz
>=20
> Is it an updated version, or not ?
> The date is close, but the number is different,
> although the package has a date stamp when the problem was known
> (and fixed in some parts of the system)
No, this is the old, unfixed version. The version number must match or
exceed the version number given in the advisory.
> So, it is not completely clear if the packages are updated yet, or not.
> ( I hope I didn't miss the phrase that the packages might not be ready yet
> this time)
You didn't - I forgot to put it in this time. The new package will
probably be ready in a day or two, you can compile it from the port in
the meantime.
Kris
--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoaDMUACgkQWry0BWjoQKX1swCfeYRQCo9jm53Js3ZEt02Rq+9V
r3oAoLg50ZdW3Tn2WMdnEuTvK0SnBwVn
=eLRi
-----END PGP SIGNATURE-----
--bp/iNruPH9dso1Pn--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 21:54:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP id 9F85F37B4C5
for ; Mon, 20 Nov 2000 21:54:35 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAL5tYd93076;
Mon, 20 Nov 2000 21:55:34 -0800 (PST)
(envelope-from kris)
Date: Mon, 20 Nov 2000 21:55:34 -0800
From: Kris Kennaway
To: Roger Marquis
Cc: security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd [REVISED]
Message-ID: <20001120215534.D92862@citusc17.usc.edu>
References:
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="oJ71EGRlYNjSvfq7"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from marquis@roble.com on Mon, Nov 20, 2000 at 07:26:53PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--oJ71EGRlYNjSvfq7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Nov 20, 2000 at 07:26:53PM -0800, Roger Marquis wrote:
> Anyone have either of these patches run successfully? Here's the
> output from patch -p on a 4.1-RELEASE host.
Odd. I just tested on 4.1-R sources and it patched fine. Try
refreshing your sources or something.
Kris
--oJ71EGRlYNjSvfq7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoaDlYACgkQWry0BWjoQKUK3gCdHk/vv8AYr8xHn6JrAEw09hAH
otcAn3YT1PRQR5q0vfhEwO7pnhmy+FK9
=6q+9
-----END PGP SIGNATURE-----
--oJ71EGRlYNjSvfq7--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Mon Nov 20 23:53:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
by hub.freebsd.org (Postfix) with ESMTP
id 563AB37B4D7; Mon, 20 Nov 2000 23:53:49 -0800 (PST)
Received: from localhost (trevor@localhost)
by blues.jpj.net (right/backatcha) with ESMTP id eAL7rhQ18847;
Tue, 21 Nov 2000 02:53:43 -0500 (EST)
Date: Tue, 21 Nov 2000 02:53:43 -0500 (EST)
From: Trevor Johnson
To: security-officer@FreeBSD.org, security@FreeBSD.org
Subject: Re: New security policy for FreeBSD 3.x
In-Reply-To: <20001120035146.0020937B479@hub.freebsd.org>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
> Due to the frequent difficulties encountered in fixing the old code
> contained in FreeBSD 3.x, we will no longer be requiring security
> problems to be fixed in that branch prior to the release of an
> advisory that also pertains to FreeBSD 4.x. In recent months this
> requirement has led to delays in the release of advisories, which
> negatively impacts users of the current FreeBSD release branch
> (FreeBSD 4.x).
IMO an advisory can be useful even when no fix is available, because it
alerts the sysadmin to the fact that something is unsafe. Usually some
defensive action can be taken. The problems with ncurses were reported on
Bugtraq in April (and FreeBSD was said to be vulnerable), but a fixed
version was not available until October. IMO that is too long a
wait. Therefore I suggest making this new policy of not waiting a general
one, rather than just for RELENG_3.
Does the FreeBSD Project have a 3.x box for testing?
--
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Nov 21 0:33:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id 9157637B4CF; Tue, 21 Nov 2000 00:33:10 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAL8Y7595661;
Tue, 21 Nov 2000 00:34:07 -0800 (PST)
(envelope-from kris)
Date: Tue, 21 Nov 2000 00:34:06 -0800
From: Kris Kennaway
To: Trevor Johnson
Cc: security-officer@FreeBSD.org, security@FreeBSD.org
Subject: Re: New security policy for FreeBSD 3.x
Message-ID: <20001121003406.A95525@citusc17.usc.edu>
References: <20001120035146.0020937B479@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from trevor@jpj.net on Tue, Nov 21, 2000 at 02:53:43AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 21, 2000 at 02:53:43AM -0500, Trevor Johnson wrote:
> > Due to the frequent difficulties encountered in fixing the old code
> > contained in FreeBSD 3.x, we will no longer be requiring security
> > problems to be fixed in that branch prior to the release of an
> > advisory that also pertains to FreeBSD 4.x. In recent months this
> > requirement has led to delays in the release of advisories, which
> > negatively impacts users of the current FreeBSD release branch
> > (FreeBSD 4.x).
>=20
> IMO an advisory can be useful even when no fix is available, because it
> alerts the sysadmin to the fact that something is unsafe. Usually some
> defensive action can be taken. The problems with ncurses were reported on
> Bugtraq in April (and FreeBSD was said to be vulnerable), but a fixed
> version was not available until October. IMO that is too long a
> wait. Therefore I suggest making this new policy of not waiting a general
> one, rather than just for RELENG_3.
This is untrue - we were informed by Jouko Pynonnen on 2 Oct 2000,
which is about the time it hit bugtraq, it was fixed 7 days later by
the vendor and we imported it 2 days after that. You must be referring
to some other problem. However, your general point is taken and it's
something we'll consider.
Kris
--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoaM34ACgkQWry0BWjoQKX5rQCbBV211YeOuTOehM7o5uiadBuq
R6sAnRBZuuc6zy4bW0VOKlIPfAIX6cHs
=pSVJ
-----END PGP SIGNATURE-----
--VS++wcV0S1rZb1Fb--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Nov 21 1: 2:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
by hub.freebsd.org (Postfix) with ESMTP
id E3C0537B4CF; Tue, 21 Nov 2000 01:02:14 -0800 (PST)
Received: from localhost (trevor@localhost)
by blues.jpj.net (right/backatcha) with ESMTP id eAL92EJ21702;
Tue, 21 Nov 2000 04:02:14 -0500 (EST)
Date: Tue, 21 Nov 2000 04:02:13 -0500 (EST)
From: Trevor Johnson
To: Kris Kennaway
Cc: security-officer@FreeBSD.org, security@FreeBSD.org
Subject: Re: New security policy for FreeBSD 3.x
In-Reply-To: <20001121003406.A95525@citusc17.usc.edu>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
> This is untrue - we were informed by Jouko Pynonnen on 2 Oct 2000,
> which is about the time it hit bugtraq, it was fixed 7 days later by
> the vendor and we imported it 2 days after that. You must be referring
> to some other problem.
It was only meant as an example, but: a buffer overflow bug in
libncurses, which had to do with malicious settings of the TERMCAP
environment variable, was reported in April on Bugtraq
(http://www.securityfocus.com/archive/1/56721), and FreeBSD was said to be
affected. I assumed that the recent ncurses advisory was supposed to
cover it.
> However, your general point is taken and it's something we'll
> consider.
Thank you.
--
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Nov 21 1:13:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id 838B037B4D7; Tue, 21 Nov 2000 01:13:29 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAL9EQd96460;
Tue, 21 Nov 2000 01:14:26 -0800 (PST)
(envelope-from kris)
Date: Tue, 21 Nov 2000 01:14:26 -0800
From: Kris Kennaway
To: Trevor Johnson
Cc: security-officer@FreeBSD.org, security@FreeBSD.org
Subject: Re: New security policy for FreeBSD 3.x
Message-ID: <20001121011426.A96416@citusc17.usc.edu>
References: <20001121003406.A95525@citusc17.usc.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from trevor@jpj.net on Tue, Nov 21, 2000 at 04:02:13AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 21, 2000 at 04:02:13AM -0500, Trevor Johnson wrote:
> > This is untrue - we were informed by Jouko Pynonnen on 2 Oct 2000,
> > which is about the time it hit bugtraq, it was fixed 7 days later by
> > the vendor and we imported it 2 days after that. You must be referring
> > to some other problem.
>=20
> It was only meant as an example, but: a buffer overflow bug in
> libncurses, which had to do with malicious settings of the TERMCAP
> environment variable, was reported in April on Bugtraq
> (http://www.securityfocus.com/archive/1/56721), and FreeBSD was said to be
> affected. I assumed that the recent ncurses advisory was supposed to
> cover it.
FreeBSD-SA-00:17.libmytinfo.asc
Kris
--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoaPPIACgkQWry0BWjoQKVjdQCgoDugiDxE2zpz2tGpum98ijkR
3JwAn0Q+QtpdYNllWUnbjBAW/5JVs5rm
=HWN0
-----END PGP SIGNATURE-----
--DocE+STaALJfprDB--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Nov 21 9:51:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from txemail.bankofamerica.com (txemail.bankofamerica.com [171.161.160.14])
by hub.freebsd.org (Postfix) with ESMTP id B412737B4CF
for ; Tue, 21 Nov 2000 09:51:42 -0800 (PST)
Received: from tximail.bankofamerica.com (tximail.bankofamerica.com [171.182.168.13])
by txemail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id eALHpeh03446
for ; Tue, 21 Nov 2000 11:51:41 -0600 (CST)
Received: from smtpsw01 (smtpsw01.tx.nbsi.com [159.185.89.135])
by tximail.bankofamerica.com (8.11.1/8.11.1) with ESMTP id eALHpeE27487
for ; Tue, 21 Nov 2000 11:51:40 -0600 (CST)
Date: Tue, 21 Nov 2000 11:50:19 -0600
From: mike.sellenschuetter@bankofamerica.com
Subject: rmuser
To: freebsd-security@FreeBSD.ORG
Message-id: <8625699E.0061FCDC.00@dalnsd40.bankofamerica.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
Content-transfer-encoding: 7BIT
X-Lotus-FromDomain: BANKOFAMERICA
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I apologize if this is not the right mailing list for this question. We are
running a small system which contains around 50 servers and workstations running
FreeBSD 2.2.6 (we are upgrading to 4.1 after the Christmas holidays), and we
have discovered that rmuser is not removing a user's at jobs. After removing a
user with rmuser, atq still shows the job in the queue, but with "???" as the
owner. I looked at the rmuser Perl script, and below is the "remove_at_jobs"
subroutine from this script.
sub remove_at_jobs {
local($login_name, $uid) = @_;
local($i, $owner, $found);
$found = 0;
opendir(ATDIR, $atjob_dir) || return;
while ($i = readdir(ATDIR)) {
next if $i eq '.';
next if $i eq '..';
next if $i eq '.lockfile';
$owner = (stat("$atjob_dir/$i"))[4]; # UID
if ($uid == $owner) {
if (!$found) {
print STDERR "Removing user's at jobs:";
$found = 1;
}
# Use atrm to remove the job
print STDERR " $i";
system('/usr/bin/atrm', $i);
}
}
closedir(ATDIR);
if ($found) {
print STDERR " done.\n";
}
}
The problem appears to be with the "system('/usr/bin/atrm', $i);" command. $i
is a filename, and the atrm command wants a job number, not a file name. Does
anyone know if this problem is fixed in 4.1?
Thank You
Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Tue Nov 21 13:16:22 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13])
by hub.freebsd.org (Postfix) with SMTP id 21FFC37B479
for ; Tue, 21 Nov 2000 13:16:16 -0800 (PST)
Received: (qmail 33166 invoked by uid 1000); 21 Nov 2000 18:48:36 -0000
Date: Tue, 21 Nov 2000 20:48:36 +0200
From: Peter Pentchev
To: mike.sellenschuetter@bankofamerica.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: rmuser
Message-ID: <20001121204836.F9661@ringworld.oblivion.bg>
Mail-Followup-To: mike.sellenschuetter@bankofamerica.com,
freebsd-security@FreeBSD.ORG
References: <8625699E.0061FCDC.00@dalnsd40.bankofamerica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <8625699E.0061FCDC.00@dalnsd40.bankofamerica.com>; from mike.sellenschuetter@bankofamerica.com on Tue, Nov 21, 2000 at 11:50:19AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Tue, Nov 21, 2000 at 11:50:19AM -0600, mike.sellenschuetter@bankofamerica.com wrote:
> I apologize if this is not the right mailing list for this question. We are
> running a small system which contains around 50 servers and workstations running
> FreeBSD 2.2.6 (we are upgrading to 4.1 after the Christmas holidays), and we
> have discovered that rmuser is not removing a user's at jobs. After removing a
> user with rmuser, atq still shows the job in the queue, but with "???" as the
> owner. I looked at the rmuser Perl script, and below is the "remove_at_jobs"
> subroutine from this script.
>
[snip]
>
> The problem appears to be with the "system('/usr/bin/atrm', $i);" command. $i
> is a filename, and the atrm command wants a job number, not a file name. Does
> anyone know if this problem is fixed in 4.1?
Hi Mike,
Basically what you need to do if you have filenames is parse the filenames -
at least on 4.2-STABLE they contain the queue ID and the job number.
However, if you would resort to using atrm either way, I think it might be
a better solution to use atq, too - this way you do not have to depend on
the job filenames changing silently underneath your feet (they *are* internal
structures). Attached is a Perl script, adapted from what I've been using
for some time, that calls atq once, parses its output to find the jobs
belonging to that particular user, and then calls atrm exactly once, passing
it all the jobs to be deleted.
Hope that helps :)
G'luck,
Peter
--
If you think this sentence is confusing, then change one pig.
#!/usr/bin/perl -wT
use strict;
my($path_atq, $path_atrm) = ("/usr/bin/atq", "/usr/bin/atrm");
remove_at_jobs("roam");
exit 0;
sub invoke_atq {
local *PIPE;
my($user) = (shift || "");
my(@at) = ();
my($pid, $line);
return @at if ($user eq "");
if (!defined($pid = open(PIPE, "-|"))) {
die("creating pipe to atq: $!\n");
} elsif ($pid == 0) {
exec($path_atq, $user);
}
while(defined($_ = )) {
chomp;
if (/^\d\d:\d\d:\d\d\s+\d\d\/\d\d\/\d\d\s+(\S+)\s+\S+\s+(\d+)$/) {
push(@at, $2) if ($1 eq $user);
}
}
return @at;
}
sub invoke_atrm {
local *ATRM;
my($user) = (shift || "");
my(@jobs) = @_;
my($pid);
my($txt) = "";
return "Invalid arguments" if (($user eq "") || ($#jobs == -1));
if (!defined($pid = open(ATRM, "-|"))) {
die("creating pipe to atrm: $!\n");
} elsif ($pid == 0) {
exec($path_atrm, $user, @jobs);
}
# atrm only leaks some output on error..
while(defined($_ = )) {
$txt .= $_;
}
return $txt;
}
sub remove_at_jobs {
my($user) = (shift || "");
my(@at, $atrm);
return 1 if ($user eq "");
@at = invoke_atq($user);
return 0 if ($#at == -1); # No jobs for that user
$atrm = invoke_atrm($user, @at);
if ($atrm ne "") {
print "$atrm\n";
return 1;
}
return 0;
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 4:25: 4 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12])
by hub.freebsd.org (Postfix) with ESMTP
id 0BD3B37B479; Wed, 22 Nov 2000 04:25:02 -0800 (PST)
Received: from [128.130.111.77] (taygeta [128.130.111.77])
by vexpert.dbai.tuwien.ac.at (8.9.3/8.9.3) with ESMTP id NAA29157;
Wed, 22 Nov 2000 13:24:56 +0100 (MET)
Date: Wed, 22 Nov 2000 13:24:56 +0100 (CET)
From: Gerald Pfeifer
To: ,
Subject: Security Advisories and the Announcements page
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I believe that a link to the security announcements should be added to
the "Announcements" page that is link from the top of the homepage:
http://www.freebsd.org/news/newsflash.html
as Security Advisories also consitute a kind of announcement.
Hope this helps,
Gerald
--
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 4:33:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12])
by hub.freebsd.org (Postfix) with ESMTP id 6530C37B479
for ; Wed, 22 Nov 2000 04:33:17 -0800 (PST)
Received: from [128.130.111.77] (taygeta [128.130.111.77])
by vexpert.dbai.tuwien.ac.at (8.9.3/8.9.3) with ESMTP id NAA29446
for ; Wed, 22 Nov 2000 13:33:12 +0100 (MET)
Date: Wed, 22 Nov 2000 13:33:13 +0100 (CET)
From: Gerald Pfeifer
To:
Subject: http://www.freebsd.org/security/
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
The link to "FreeBSD-SA-00:68.ncurses.asc" is broken.
Half a dozen of current security advisories (tcsh,...) are missing.
Hope this helps,
Gerald
--
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 6:38:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.gwi.net (smtp.gwi.net [207.5.128.11])
by hub.freebsd.org (Postfix) with ESMTP id 0E07337B4D7
for ; Wed, 22 Nov 2000 06:38:08 -0800 (PST)
Received: from Vinnie (csr6.suscom-maine.net [207.5.144.11])
by smtp.gwi.net (8.10.1/8.10.1) with SMTP id eAMEc2s06673
for ; Wed, 22 Nov 2000 09:38:02 -0500 (EST)
Message-ID: <001101c05492$5db56020$3798fea9@suscommaine.net>
From: "Bill Olson"
To:
References:
Subject: Unsubscribe
Date: Wed, 22 Nov 2000 09:41:57 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Unsubscribe
----- Original Message -----
From: "Gerald Pfeifer"
To:
Sent: Wednesday, November 22, 2000 7:33 AM
Subject: http://www.freebsd.org/security/
> The link to "FreeBSD-SA-00:68.ncurses.asc" is broken.
>
> Half a dozen of current security advisories (tcsh,...) are missing.
>
> Hope this helps,
> Gerald
> --
> Gerald "Jerry" pfeifer@dbai.tuwien.ac.at
http://www.dbai.tuwien.ac.at/~pfeifer/
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 6:40: 6 2000
Delivered-To: freebsd-security@freebsd.org
Received: from spammie.svbug.com (mg134-015.ricochet.net [204.179.134.15])
by hub.freebsd.org (Postfix) with ESMTP
id AEDCF37B4C5; Wed, 22 Nov 2000 06:39:56 -0800 (PST)
Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1])
by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id GAA00607;
Wed, 22 Nov 2000 06:38:20 -0800 (PST)
(envelope-from jessem@spammie.svbug.com)
Message-Id: <200011221438.GAA00607@spammie.svbug.com>
Date: Wed, 22 Nov 2000 06:38:19 -0800 (PST)
From: opentrax@email.com
Reply-To: opentrax@email.com
Subject: Re: Security Advisories and the Announcements page
To: pfeifer@dbai.tuwien.ac.at
Cc: freebsd-docs@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
In-Reply-To:
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On 22 Nov, Gerald Pfeifer wrote:
> I believe that a link to the security announcements should be added to
> the "Announcements" page that is link from the top of the homepage:
> http://www.freebsd.org/news/newsflash.html
> as Security Advisories also consitute a kind of announcement.
>
I agree. Policies, such as was released lately, show FreeBSD to
responsible in dealing with issues. As such, policies are currently
buried in mailing lists.
Perhaps, I'm incorrect on this last point (the mailing list). If so,
then I would appreciate correction. :-)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 6:40:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.gwi.net (smtp.gwi.net [207.5.128.11])
by hub.freebsd.org (Postfix) with ESMTP id E8AD437B4C5
for ; Wed, 22 Nov 2000 06:40:24 -0800 (PST)
Received: from Vinnie (csr6.suscom-maine.net [207.5.144.11])
by smtp.gwi.net (8.10.1/8.10.1) with SMTP id eAMEeOs06860
for ; Wed, 22 Nov 2000 09:40:24 -0500 (EST)
Message-ID: <004501c05492$b2681d60$3798fea9@suscommaine.net>
From: "Bill Olson"
To:
Subject: Unsubscribe
Date: Wed, 22 Nov 2000 09:44:19 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0042_01C05468.C94EF1E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
This is a multi-part message in MIME format.
------=_NextPart_000_0042_01C05468.C94EF1E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Unsubscribe
------=_NextPart_000_0042_01C05468.C94EF1E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Unsubscribe
------=_NextPart_000_0042_01C05468.C94EF1E0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 7: 7:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from spammie.svbug.com (mg134-015.ricochet.net [204.179.134.15])
by hub.freebsd.org (Postfix) with ESMTP
id DF3DF37B4D7; Wed, 22 Nov 2000 07:07:29 -0800 (PST)
Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1])
by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id HAA00642;
Wed, 22 Nov 2000 07:06:34 -0800 (PST)
(envelope-from jessem@spammie.svbug.com)
Message-Id: <200011221506.HAA00642@spammie.svbug.com>
Date: Wed, 22 Nov 2000 07:06:32 -0800 (PST)
From: opentrax@email.com
Reply-To: opentrax@email.com
Subject: Re: New security policy for FreeBSD 3.x
To: imp@village.org
Cc: security-officer@FreeBSD.ORG, arch@FreeBSD.ORG
In-Reply-To: <200011220624.XAA40393@harmony.village.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On 21 Nov, Warner Losh wrote:
> In message <200011211843.KAA00298@spammie.svbug.com> opentrax@email.com writes:
> : Please note I've cc'd to arch. Could you make your
> : comments there?
> :
> : On 19 Nov, FreeBSD Security Advisories wrote:
> : > -----BEGIN PGP SIGNED MESSAGE-----
> : >
> : > The FreeBSD Security Officer would like to announce a change in policy
> : > regarding security support for the FreeBSD 3.x branch.
> : >
> : > Due to the frequent difficulties encountered in fixing the old code
> : > contained in FreeBSD 3.x, we will no longer be requiring security
> : > problems to be fixed in that branch prior to the release of an
> : > advisory that also pertains to FreeBSD 4.x. In recent months this
> : > requirement has led to delays in the release of advisories, which
> : > negatively impacts users of the current FreeBSD release branch
> : > (FreeBSD 4.x).
> : >
> : Could you clarify exactly what you are saying? It's not clear.
> : Perhaps a chart might help.
>
> [[ included original text to give context ]]
>
> Generally speaking, fixes go into -current first, then are MFC to
> 4.x-stable and then MFC to 3.x-stable. Sometimes the MFC is easy
> (when the code is substantially identical) and sometimes it isn't. In
> the cases it isn't, we won't hold up the advisory for a 3.x fix. We
> will inform select interested and sufficiently clueful parties of
> pending advisories for which no 3.x solution is available. If they
> can get us a fix for 3.x before we release our advisory (usually a few
> days to a week depending on its severity and other factors), we will
> include it in the advisory. If not, then the advisory goes out anyway
> without a 3.x fix, with the usual room for negotiation for reasonable
> extensions.
>
> In other words, fixes for 3.x will no longer gate security
> advisories, but will be included if available.
>
Thank you for taking the time to explain this Warner.
The original advisory was not as clear. However, I still fell
a bit confused. As such, I would like to write a document that
would explain this situation. This document would include
a chart to help those that might need assitance (like me).
I beleive that such a document would prove useful and would
help the security-officer by providing a definitive
document that could be pointed to. This document could also
be included in future advisories, where needed.
Let me say lastly that my first impression of this 'advisory'
was not what you said, thereby leading to my confusion.
Since I believe it clear, I would then suggest the aforementioned
document which I am willing to collect/author/edit.
best regards,
Jessem.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 12:42:35 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP id 9451337B4C5
for ; Wed, 22 Nov 2000 12:42:33 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAMKhhG13315;
Wed, 22 Nov 2000 12:43:43 -0800 (PST)
(envelope-from kris)
Date: Wed, 22 Nov 2000 12:43:43 -0800
From: Kris Kennaway
To: Gerald Pfeifer
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: http://www.freebsd.org/security/
Message-ID: <20001122124343.B13194@citusc17.usc.edu>
References:
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="cmJC7u66zC7hs+87"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from pfeifer@dbai.tuwien.ac.at on Wed, Nov 22, 2000 at 01:33:13PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--cmJC7u66zC7hs+87
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 22, 2000 at 01:33:13PM +0100, Gerald Pfeifer wrote:
> The link to "FreeBSD-SA-00:68.ncurses.asc" is broken.
>=20
> Half a dozen of current security advisories (tcsh,...) are missing.
Fixed last night.
Kris
--cmJC7u66zC7hs+87
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjocL/4ACgkQWry0BWjoQKX29ACfWmKESvohzNF0ZdfRgHwKLjuw
zUEAoL6m9lcZkwq6Kk8I75V9RniRpTy3
=hCN9
-----END PGP SIGNATURE-----
--cmJC7u66zC7hs+87--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 16:56:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id ABDCA37B4C5; Wed, 22 Nov 2000 16:56:17 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAN0vRJ17932;
Wed, 22 Nov 2000 16:57:27 -0800 (PST)
(envelope-from kris)
Date: Wed, 22 Nov 2000 16:57:27 -0800
From: Kris Kennaway
To: Gerald Pfeifer
Cc: freebsd-docs@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Security Advisories and the Announcements page
Message-ID: <20001122165727.A17904@citusc17.usc.edu>
References:
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from pfeifer@dbai.tuwien.ac.at on Wed, Nov 22, 2000 at 01:24:56PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Wed, Nov 22, 2000 at 01:24:56PM +0100, Gerald Pfeifer wrote:
> I believe that a link to the security announcements should be added to
> the "Announcements" page that is link from the top of the homepage:
> http://www.freebsd.org/news/newsflash.html
> as Security Advisories also consitute a kind of announcement.
Can you submit a patch please?
Kris
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoca3cACgkQWry0BWjoQKVzqQCfeartWSmwb/hi0k9RLCK0qjax
KTMAn1Zvg7LbodAikXK5BzlH0OHzawT+
=quA5
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 17:39:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12])
by hub.freebsd.org (Postfix) with ESMTP
id DB7E537B4CF; Wed, 22 Nov 2000 17:39:27 -0800 (PST)
Received: from [128.130.111.2] (deneb [128.130.111.2])
by vexpert.dbai.tuwien.ac.at (8.9.3/8.9.3) with ESMTP id CAA15962;
Thu, 23 Nov 2000 02:39:26 +0100 (MET)
Date: Thu, 23 Nov 2000 02:39:25 +0100 (CET)
From: Gerald Pfeifer
To: Kris Kennaway
Cc: ,
Subject: Re: Security Advisories and the Announcements page
In-Reply-To: <20001122165727.A17904@citusc17.usc.edu>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Wed, 22 Nov 2000, Kris Kennaway wrote:
> Can you submit a patch please?
Well, it's really just one line, but here we go. The patch below is for
.
I intentionally use lower-case HTML tags, as this is what XHTML 1.0 (and
thus any forthcoming standard) demands and also added a missing full-stop
in the Java paragraph.
Gerald
--- newsflash.html.1 Tue Nov 14 07:14:14 2000
+++ newsflash.html Thu Nov 23 02:37:24 2000
@@ -26,13 +26,16 @@
subscribe to the freebsd-announce
mailing list.
+ For FreeBSD Security Advisories, please refer to the our Security Information page.
+
The FreeBSD Real-Quick (TM)
Newsletter (RQN) is a monthly (sometimes bi-weekly) newsletter
containing recent developments in the FreeBSD arena. Subscribe to
freebsd-announce
to receive this newsletter via e-mail.
- For latest news of FreeBSD Java Project please visit FreeBSD/Java NewsFlash page
+ For latest news of FreeBSD Java Project please visit FreeBSD/Java NewsFlash page.
For a detailed description of past, present, and future releases,
see the Release
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Wed Nov 22 23:29:52 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mta5-rme.xtra.co.nz (mta5-rme.xtra.co.nz [203.96.92.17])
by hub.freebsd.org (Postfix) with ESMTP
id F044E37B479; Wed, 22 Nov 2000 23:27:47 -0800 (PST)
Received: from themail.com ([210.54.197.59]) by mta5-rme.xtra.co.nz
with SMTP
id <20001123072744.OAIP60565.mta5-rme.xtra.co.nz@themail.com>;
Thu, 23 Nov 2000 20:27:44 +1300
From: "turehu"
To:
Subject: Accept credit cards on-line THE EASY WAY!
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Date: Thu, 23 Nov 2000 08:24:45 +1300
Content-Transfer-Encoding: 8bit
Message-Id: <20001123072744.OAIP60565.mta5-rme.xtra.co.nz@themail.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
No set up fees
No monthly interest
No minimum transaction fees
The only charge is a small percentage of the cost of the transaction.
You can not lose money!
You only pay fees if you sell your product.
Get in the act and launch your online bussiness which will work for you
24hrs a day,
seven days a week and it is worldwide.
Want to find out more? Go to: http://www.cyberturf.com/creditcard
If this Email has reached you by mistake, we apologize.
To remove your Email from the mailing list please send:
jennifer@nottern.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 6:42: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns.gutatelecom.ru (ns.gutatelecom.ru [195.7.161.13])
by hub.freebsd.org (Postfix) with ESMTP id 67D5D37B479
for ; Thu, 23 Nov 2000 06:41:58 -0800 (PST)
Received: from hub.all.yans.ru (unknown [10.123.0.2])
by ns.gutatelecom.ru (Postfix) with ESMTP id 532666E718
for ; Thu, 23 Nov 2000 17:41:52 +0300 (MSK)
Received: by hub.all.yans.ru (Postfix, from userid 300)
id 189AC7F8C1; Thu, 23 Nov 2000 17:42:31 +0300 (MSK)
Date: Thu, 23 Nov 2000 17:42:31 +0300
From: Ekaterina Ivannikova
To: freebsd-security@freebsd.org
Subject: How to isolate jails from the host system ?
Message-ID: <20001123174231.A4498@hub.all.yans.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi All,
what is the recommended way of isolating jails from the host system
with regard to tcp/ip connections ?
It appeares that though processes in a jail are not allowed to bind to
the host system's ip address, they are still assigned this ip address if they
try to connect to daemons running on the host system. Thus placing
filters on lo0 doesn't help as the host system cannot distinguish between
clients coming from a jail and its own processes.
I'm running 4.2-STABLE cvsuped on Nov 21 if it matters.
Regards,
Ekaterina Ivannikova
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 8:31: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11])
by hub.freebsd.org (Postfix) with ESMTP id B05B137B479
for ; Thu, 23 Nov 2000 08:30:50 -0800 (PST)
Received: from localhost (buliwyf@localhost)
by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id eANGder82406
for ; Thu, 23 Nov 2000 11:39:42 -0500 (COT)
Date: Thu, 23 Nov 2000 11:39:40 -0500 (COT)
From: Buliwyf McGraw
To: security@FreeBSD.ORG
Subject: ipf - icmp
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello... im doing some tests with ipf... i added this rules on the
system:
block in on sis0 proto icmp all
block out on sis0 proto icmp all
But, when i do a ping from another machine... the server answer the
icmp request without problems... I ask: Are the rules failing???
=======================================================================
Buliwyf McGraw
Administrador del Servidor Libertad
Centro de Servicios de Informacion
Universidad del Valle
=======================================================================
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 11:31:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from tmd.df.ru (i.am.a.sincere.pathalogical.liar.org [216.58.112.97])
by hub.freebsd.org (Postfix) with ESMTP id 8F47537B479
for ; Thu, 23 Nov 2000 11:31:27 -0800 (PST)
Received: from localhost (tmd@localhost)
by tmd.df.ru (8.11.1/8.11.1) with ESMTP id eANJa2T18378
for ; Thu, 23 Nov 2000 14:36:04 -0500 (EST)
(envelope-from tmd@tmd.df.ru)
Date: Thu, 23 Nov 2000 14:35:56 -0500 (EST)
From: Vlad
To: security@FreeBSD.ORG
Subject: Re: ipf - icmp
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Perhaps there are other rules that follow before/after
that supercede the icmp ones. Try using "quick" option.
pass in quick on sis0 proto icmp from any to any icmp-type 0
pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3
pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4
pass in quick on sis0 proto icmp from any to any icmp-type timex
pass out quick on sis0 proto icmp from any to any
these entries will allow you to ping/traceroute anyone, will prohibit
anyone from pinging/tracerouting you.
On Thu, 23 Nov 2000, Buliwyf McGraw wrote:
>
> Hello... im doing some tests with ipf... i added this rules on the
> system:
>
> block in on sis0 proto icmp all
> block out on sis0 proto icmp all
>
> But, when i do a ping from another machine... the server answer the
> icmp request without problems... I ask: Are the rules failing???
>
> =======================================================================
> Buliwyf McGraw
> Administrador del Servidor Libertad
> Centro de Servicios de Informacion
> Universidad del Valle
> =======================================================================
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 12:14:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.sonet.pt (unknown [195.8.11.18])
by hub.freebsd.org (Postfix) with SMTP id 7D10E37B4C5
for ; Thu, 23 Nov 2000 12:14:16 -0800 (PST)
Received: (qmail 16375 invoked from network); 23 Nov 2000 21:19:21 -0000
Received: from unknown (HELO angelsp) (195.8.11.26)
by 195.8.11.18 with SMTP; 23 Nov 2000 21:19:21 -0000
Message-ID: <00d001c05589$78602020$1a0b08c3@angelsp>
From: "Jorge Filipe Andrade"
To: ,
Subject: Security Advisories at FreeBSD 4.2?
Date: Thu, 23 Nov 2000 20:10:48 -0000
Organization: =?iso-8859-1?Q?SONET_-_Servi=E7os_Internet=2C_Lda?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00CD_01C05589.78462F80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
This is a multi-part message in MIME format.
------=_NextPart_000_00CD_01C05589.78462F80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
Somebody can say me, if exists Securty Advisores for FreeBSD 4.2-STABLE?
Thank you!
--
Best Regards,
Jorge Filipe Andrade
___________________________
SONET - Servi=E7os Internet, Lda
http://www.sonet.pt
------=_NextPart_000_00CD_01C05589.78462F80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
Somebody can say me, if exists Securty Advisores for =
FreeBSD=20
4.2-STABLE?
Thank you!
--
Best Regards,
Jorge Filipe =
Andrade
___________________________
SONET -=20
Servi=E7os Internet, Lda
http://www.sonet.pt <=
/HTML>
------=_NextPart_000_00CD_01C05589.78462F80--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 13:27:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id EEAF537B479; Thu, 23 Nov 2000 13:27:46 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eANLSpw36135;
Thu, 23 Nov 2000 13:28:51 -0800 (PST)
(envelope-from kris)
Date: Thu, 23 Nov 2000 13:28:51 -0800
From: Kris Kennaway
To: Jorge Filipe Andrade
Cc: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Security Advisories at FreeBSD 4.2?
Message-ID: <20001123132851.A36019@citusc17.usc.edu>
References: <00d001c05589$78602020$1a0b08c3@angelsp>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00d001c05589$78602020$1a0b08c3@angelsp>; from jfa@mail.sonet.pt on Thu, Nov 23, 2000 at 08:10:48PM -0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Nov 23, 2000 at 08:10:48PM -0000, Jorge Filipe Andrade wrote:
> Hello,
>=20
> Somebody can say me, if exists Securty Advisores for FreeBSD 4.2-STABLE?
> Thank you!
FreeBSD 4.2-RELEASE came out on Monday. There are no known outstanding
security issues against 4.2-RELEASE or later (e.g. 4.2-STABLE).
Kris
--7AUc2qLy4jB3hD7Z
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjodjBMACgkQWry0BWjoQKU9UQCg9BEcPQWeYSVWFNPF01ASG1T/
EtUAn1my1qO/7c5nuuNrSHyAOnaW+eGT
=WAtF
-----END PGP SIGNATURE-----
--7AUc2qLy4jB3hD7Z--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 14:40:57 2000
Delivered-To: freebsd-security@freebsd.org
Received: from news.IAEhv.nl (news.IAE.nl [194.151.64.4])
by hub.freebsd.org (Postfix) with ESMTP id A82BB37B479
for ; Thu, 23 Nov 2000 14:40:54 -0800 (PST)
Received: (from uucp@localhost)
by news.IAEhv.nl (8.9.1/8.9.1) with IAEhv.nl id XAA08534;
Thu, 23 Nov 2000 23:40:53 +0100 (MET)
Received: by adv.devet.org (Postfix, from userid 100)
id 3EB5A44AD; Thu, 23 Nov 2000 23:40:17 +0100 (CET)
Date: Thu, 23 Nov 2000 23:40:17 +0100
To: tmd@tmd.df.ru
Cc: security@freebsd.org
Subject: Re: ipf - icmp
Message-ID: <20001123234017.A66597@adv.devet.org>
References:
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Newsgroups: list.freebsd.security
In-Reply-To:
Organization: Eindhoven, the Netherlands
From: Arjan.deVet@adv.iae.nl (Arjan de Vet)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
In article you write:
>Perhaps there are other rules that follow before/after
>that supercede the icmp ones. Try using "quick" option.
>
>pass in quick on sis0 proto icmp from any to any icmp-type 0
>pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3
>pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4
>pass in quick on sis0 proto icmp from any to any icmp-type timex
>pass out quick on sis0 proto icmp from any to any
>
>these entries will allow you to ping/traceroute anyone, will prohibit
>anyone from pinging/tracerouting you.
The following set of rules will accomplish the same in a better way:
pass out quick on sis0 proto udp from any to any keep state keep frags
pass out quick on sis0 proto icmp from any to any keep state keep frags
The trick is to use 'keep state' on outgoing traceroute/ping udp/icmp
packets. ipfilter will match any incoming icmp packets with the state
table in an intelligent way. This means that an incoming icmp packet
will only be allowed through if it matches with a traceroute/ping that
originated from your machine. E.g., a fake icmp echo-reply will be
blocked.
I have no 'pass in' rules regarding icmp on my firewall, the ipfilter
state table handles all incoming icmp traffic automatically.
Arjan
--
Arjan de Vet, Eindhoven, The Netherlands
URL: http://www.iae.nl/users/devet/ for PGP key: finger devet@iae.nl
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 15:45:32 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hboss-bsd.powersurfr.com (hboss-bsd.powersurfr.com [24.108.165.216])
by hub.freebsd.org (Postfix) with ESMTP id 6E5AF37B4C5
for ; Thu, 23 Nov 2000 15:45:30 -0800 (PST)
Received: from localhost (akwan@localhost)
by hboss-bsd.powersurfr.com (8.11.0/8.11.0) with ESMTP id eANNkgt00945
for ; Thu, 23 Nov 2000 16:46:43 -0700 (MST)
(envelope-from akwan@hboss-bsd.powersurfr.com)
Date: Thu, 23 Nov 2000 16:46:42 -0700 (MST)
From: Al Kwan
To: security@FreeBSD.ORG
Subject: INBOX Locked
In-Reply-To: <20001123234017.A66597@adv.devet.org>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello,
I get this error upon opening pine:
"Inbox is open by another process, access is readonly"
FreeBSD V.4.1.1-Release
Pine V.4.21
I haven't got any other pine processes running, even after I reboot and
try pine right away, it says the same thing.
/var/mail - permissions are rwx for owner/group/everyone
/var/mail/akwan - permissions are rw for owner, no permissions for
group/everyone
Hope someone can help. Thx in advance,
Al
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 16: 2:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hboss-bsd.powersurfr.com (hboss-bsd.powersurfr.com [24.108.165.216])
by hub.freebsd.org (Postfix) with ESMTP id 19A7537B4CF
for ; Thu, 23 Nov 2000 16:02:11 -0800 (PST)
Received: from localhost (akwan@localhost)
by hboss-bsd.powersurfr.com (8.11.0/8.11.0) with ESMTP id eAO03Sq01062
for ; Thu, 23 Nov 2000 17:03:28 -0700 (MST)
(envelope-from akwan@hboss-bsd.powersurfr.com)
Date: Thu, 23 Nov 2000 17:03:28 -0700 (MST)
From: Al Kwan
To: security@FreeBSD.ORG
Subject: Re: INBOX Locked
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello all,
Figured it out after much frustration. Hopefully if anyone else gets this
problem you can learn from my errors..
Somehow my /tmp (/usr/tmp) directory permissions changed to:
drwxr-xr-x - so groups and everyone didn't have write access to tmp
Pine needs that to put the mailbox file in while it works on it and lets
you delete messages and so forth.
Change permission on the /usr/tmp directory to allow write access and the
INBOX stops being "readonly".
Al Kwan
On Thu, 23 Nov 2000, Al Kwan wrote:
> Hello,
>
> I get this error upon opening pine:
>
> "Inbox is open by another process, access is readonly"
>
> FreeBSD V.4.1.1-Release
> Pine V.4.21
>
> I haven't got any other pine processes running, even after I reboot and
> try pine right away, it says the same thing.
>
> /var/mail - permissions are rwx for owner/group/everyone
> /var/mail/akwan - permissions are rw for owner, no permissions for
> group/everyone
>
> Hope someone can help. Thx in advance,
>
> Al
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 18:54:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail-4.sjc.telocity.net (mail-4.sjc.telocity.net [216.227.56.44])
by hub.freebsd.org (Postfix) with ESMTP
id 411F737B4CF; Thu, 23 Nov 2000 18:54:11 -0800 (PST)
Received: from zoso (dsl-216-227-91-85.telocity.com [216.227.91.85])
by mail-4.sjc.telocity.net (8.9.3/8.9.3) with SMTP id SAA28799;
Thu, 23 Nov 2000 18:50:32 -0800 (PST)
From: "Otter"
To: "Kris Kennaway" ,
"Jorge Filipe Andrade"
Cc: ,
Subject: RE: Security Advisories at FreeBSD 4.2?
Date: Thu, 23 Nov 2000 21:57:58 -0500
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
In-Reply-To: <20001123132851.A36019@citusc17.usc.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
}On Thu, Nov 23, 2000 at 08:10:48PM -0000, Jorge Filipe Andrade wrote:
}> Hello,
}>
}> Somebody can say me, if exists Securty Advisores for
}FreeBSD 4.2-STABLE?
}> Thank you!
}
}FreeBSD 4.2-RELEASE came out on Monday. There are no known
}outstanding
}security issues against 4.2-RELEASE or later (e.g. 4.2-STABLE).
}
}Kris
}
AND...
when/if they are announced, you can find them if you read:
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/4.2-RELEASE/ERRATA.TXT
-Otter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 18:59:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
by hub.freebsd.org (Postfix) with ESMTP id C85CD37B4C5
for ; Thu, 23 Nov 2000 18:59:27 -0800 (PST)
Received: from localhost (trevor@localhost)
by blues.jpj.net (right/backatcha) with ESMTP id eAO2xH702772;
Thu, 23 Nov 2000 21:59:17 -0500 (EST)
Date: Thu, 23 Nov 2000 21:59:17 -0500 (EST)
From: Trevor Johnson
To: security@freebsd.org
Cc: toasty@dragondata.com
Subject: Joe's Own Editor File Link Vulnerability (fwd)
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8BIT
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I've gotten no response to the appended message.
I installed joe from the current ports collection, a few minutes ago, and
was able to confirm the bug.
The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released
patched versions, but I haven't looked at their patches.
Would it be all right if I marked the port forbidden (mentioning
http://www.securityfocus.com/archive/1/145305), until the maintainer
becomes available?
--
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt
---------- Forwarded message ----------
Date: Thu, 16 Nov 2000 23:57:07 -0500 (EST)
From: Trevor Johnson
To: toasty@dragondata.com
Subject: Joe's Own Editor File Link Vulnerability (fwd)
---------- Forwarded message ----------
Date: Thu, 16 Nov 2000 09:27:13 +0100
From: advisories@WKIT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Joe's Own Editor File Link Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TITLE: Joe's Own Editor File Link Vulnerability
ADVISORY ID: WSIR-00/11-01
CONTACT: Patrik Birgersson, Wkit Security AB
CLASS: File Handling Error
OBJECT: joe(1) (exec)
VENDOR: Josef H. Allen
STATUS: Vendor not reachable
REMOTE: No
LOCAL: Yes
DATE: 13/11/2000
VULNERABLE: Joe's Own Editor 2.8
Other versions/configurations not tested
VULNERABILITY DESCRIPTION
If a joe session with an unsaved file terminates abnormally, joe creates a
rescue copy of the file being edited called DEADJOE. The creation of this
rescue copy is made without checking if the file is a link. If it is a
link, joe will append the information in the unsaved file to the file that
is being linked to DEADJOE, resulting in a corrupted file.
CONDITIONS
1. The malicious user must have write permissions in the directory where
the file is being edited, in order to create a link
2. The 'victim user' must have write permissions for the 'victim file'
3. The 'victim user' joe session must terminate abnormally
4. The file being edited must not have been saved
VULNERABILITY EXAMPLE
- - Root is logged in remote
- - Malicious user (X) notices that root is editing file.txt in /tmp
(where X has write permissions)
- - X creates a link from /etc/passwd (root = write permission) to
/tmp/DEADJOE
- - Root's connection is dropped or terminated under abnormal conditions
(for example: root halts the system) before file.txt is saved, the
editor will write a rescue copy to /tmp/DEADJOE
- - The editor won't check if /tmp/DEADJOE is a link, and appends the
content of file.txt to /etc/passwd
SOLUTION/VENDOR INFORMATION/WORKAROUND
No information available.
CREDITS
This vulnerability was discovered and documented by Christer Öberg and
Patrik Birgersson of Wkit Security AB, Håverud, Sweden.
Other advisories from Wkit Security AB can be obtained from:
http://www.wkit.com/advisories/
DISCLAMER
The contents of this advisory is copyright (c) 2000 Wkit Security AB and
may be distributed freely, provided that no fee is charged and proper
credit is given. Wkit Security AB takes no credit for this discovery if
someone else has published this information in the public domain before
this advisory was released.
The information herein is intended for educational purposes, not for
malicious use. Wkit Security AB takes no responsibility whatsoever for the
use of this information.
ABOUT THE COMPANY
Wkit Security AB is an independent data security company working with
security-related services and products. Wkit Security AB plays a leading
role in the development of security thinking, regarding internal and
external data communication at companies and other organizations that
store sensitive information.
The company consists of two divisions: a service division, performing
security analysis and security reviews, and a product division. We work
together with strategic partners to bring programs and services into the
market.
Our services and products are continuously developed to optimally follow
the world demand for IT security.
30 DAY DISCLOSURE
Whenever Wkit Security AB finds any security related flaws in operating
system, or application, we will provide the vendor responsible for the
product with a detailed Incident Report. We believe that 30 days is
appropriate for the vendor to fix the problem before we publish the
incident report on our own web page and other mailing lists/websites we
find suitable for the majority of the worldwide users. If the vendor has a
reasonable cause why they can't fix the problem in 30 days we can, after
discussion, agree on a longer disclosure time.
ACKNOWLEDGEMENTS
Wkit Security AB's highest priority is for the public security, and will
never release Incidents Reports without informing the vendor and give them
reasonable (30 day) time to fix the problem. In general, Wkit Security AB
follows the guidelines for reporting security breaches we found on the
vendors homepage or similar.
We urge vendors that in the same way we follow their guidelines, that the
vendor informs us about the solution; if possible, 2 days before the
fix/solution will be presented for the majority. This gives us the chance
to prepare our web page to inform about the Incident and to present a
solution in the way the vendor suggest at the time when it is present for
the majority.
CONTACT
Wkit Security AB should be contacted through advisories@wkit.com if no
other agreement has been done. Every incident report is assigned a report
number WSIR-xx/xx-xx (Wkit Security AB Incident Report) and one
responsible contact person from Wkit Security. When communicating with
Wkit Security AB in the matter of the Incident Reports, be sure to add the
WSIR number in the email to avoid any problems.
***************************************************************************
Wkit Security AB
Upperudsvägen 4
S-464 72 Håverud
SWEDEN
http://www.wkit.com
e-mail: advisories@wkit.com
***************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
iQA/AwUBOhJlSW7fLJob6xkXEQJgpACfSP5fzZWft5antg+DdXMdYcAOVSQAoKN/
lhge4y3XCAroyWUA004N/acM
=LYU/
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 19:15:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (pop.gmx.net [194.221.183.20])
by hub.freebsd.org (Postfix) with SMTP id 0892B37B4C5
for ; Thu, 23 Nov 2000 19:15:39 -0800 (PST)
Received: (qmail 8645 invoked by uid 0); 24 Nov 2000 03:15:37 -0000
Received: from p3ee21638.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.56)
by mail.gmx.net (mail04) with SMTP; 24 Nov 2000 03:15:37 -0000
Received: (from sittig@localhost)
by speedy.gsinet (8.8.8/8.8.8) id VAA20005
for freebsd-security@freebsd.org; Thu, 23 Nov 2000 21:27:57 +0100
Date: Thu, 23 Nov 2000 21:27:57 +0100
From: Gerhard Sittig
To: freebsd-security@freebsd.org
Subject: Re: How to isolate jails from the host system ?
Message-ID: <20001123212757.W27042@speedy.gsinet>
Mail-Followup-To: freebsd-security@freebsd.org
References: <20001123174231.A4498@hub.all.yans.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20001123174231.A4498@hub.all.yans.ru>; from kate@gutatelecom.ru on Thu, Nov 23, 2000 at 05:42:31PM +0300
Organization: System Defenestrators Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, Nov 23, 2000 at 17:42 +0300, Ekaterina Ivannikova wrote:
>
> It appeares that though processes in a jail are not allowed to
> bind to the host system's ip address, they are still assigned
> this ip address if they try to connect to daemons running on
> the host system.
That's hard to believe. :) At least it contradicts the jail(2)
idea. Processes in jails can *only* bind to the IP assigned to
the jail. Not even 127.0.0.1 is available.
Although there was (is?) a bug with UDP packets mistakenly being
sent _from_ the host's address under certain circumstances. But
a fix is available, search for "jail" in the gnats database.
What you cannot defend against is processes in the host to bind
to IPs delegated into jails. But you don't run any services in
the host except for the jail(8)s, do you? There's no real need
to do so except for the administrative access sshd -- unless one
has a serial console ...
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 22:21:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mtu.ru (ns.mtu.ru [195.34.32.10])
by hub.freebsd.org (Postfix) with ESMTP
id 4C47837B4CF; Thu, 23 Nov 2000 22:21:37 -0800 (PST)
X-Recipient: freebsd-isp@FreeBSD.ORG
Received: from pentium (ppp101-137.dialup.mtu-net.ru [212.188.101.137])
by mtu.ru (Postfix) with ESMTP
id 97CBE76F9; Fri, 24 Nov 2000 09:21:33 +0300 (MSK)
(envelope-from kulakov@kudesniki.ru)
Reply-To:
From: "Vladimir I. Kulakov"
To: ,
Subject: DOS atack of hardware problem?
Date: Fri, 24 Nov 2000 09:21:32 +0300
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 7bit
Message-Id: <20001124062133.97CBE76F9@mtu.ru>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello!
Last week I noticed some strange messages in my log files:
fxp0 : device timeout
After that the ping bacame unstable, and somtimes the
server was unreachable.
Our we replugged the server from 100 Mbit/s 3com switch to
ordinary 10 Mbit/s hub. It helped. The server started to work
fine, but a few days after that the problems appeard again.
It seems the network card in our server unpedicably
swithes from 100 to 10 Mbits and from half-duplex to full duplex.
When we plugged the server to uplink port in our swith, everything
is working fine again...
Our Ethernet card - Intel Ether Express Pro 100/s
Can it be a flud or some kind of DOS-atack or it just a hardware
problem? I tried another network card (also Ehter Express 100),
but it's getting even worse - the server does not work at all.
What is the best way to solve such a problem finally?
Many thanks in advance...
-----------------------------------------------------
Vladimir I. Kulakov http://www.kudesniki.ru/
VK9-RIPN
kulakov@kudesniki.ru
2:5020/779.27@fidonet.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 22:26: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP id F164937B4CF
for ; Thu, 23 Nov 2000 22:25:59 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAO6R5j41368;
Thu, 23 Nov 2000 22:27:05 -0800 (PST)
(envelope-from kris)
Date: Thu, 23 Nov 2000 22:27:05 -0800
From: Kris Kennaway
To: Trevor Johnson
Cc: security@FreeBSD.ORG, toasty@dragondata.com
Subject: Re: Joe's Own Editor File Link Vulnerability (fwd)
Message-ID: <20001123222704.A41336@citusc17.usc.edu>
References:
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from trevor@jpj.net on Thu, Nov 23, 2000 at 09:59:17PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Nov 23, 2000 at 09:59:17PM -0500, Trevor Johnson wrote:
> I've gotten no response to the appended message.
>=20
> I installed joe from the current ports collection, a few minutes ago, and
> was able to confirm the bug.
>=20
> The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released
> patched versions, but I haven't looked at their patches.
>=20
> Would it be all right if I marked the port forbidden (mentioning
> http://www.securityfocus.com/archive/1/145305), until the maintainer
> becomes available?
Yes. If you could also patch it it would be fine by me :-)
Kris
--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoeCjgACgkQWry0BWjoQKWrfgCgyDJfOFE9Nt3d0PwbWSsoa2k5
3MAAnj33PbRbvpr1Thooi63fxZaoha0a
=9X9q
-----END PGP SIGNATURE-----
--d6Gm4EdcadzBjdND--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 22:31:22 2000
Delivered-To: freebsd-security@freebsd.org
Received: from temphost.dragondata.com (temphost.dragondata.com [63.167.131.128])
by hub.freebsd.org (Postfix) with ESMTP id BC40E37B479
for ; Thu, 23 Nov 2000 22:31:19 -0800 (PST)
Received: (from toasty@localhost)
by temphost.dragondata.com (8.9.3/8.9.3) id AAA17422;
Fri, 24 Nov 2000 00:34:36 -0600 (CST)
(envelope-from toasty)
From: Kevin Day
Message-Id: <200011240634.AAA17422@temphost.dragondata.com>
Subject: Re: Joe's Own Editor File Link Vulnerability (fwd)
To: trevor@jpj.net (Trevor Johnson)
Date: Fri, 24 Nov 2000 00:34:31 -0600 (CST)
Cc: security@freebsd.org, toasty@dragondata.com
In-Reply-To: from "Trevor Johnson" at Nov 23, 2000 09:59:17 PM
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
>
> I've gotten no response to the appended message.
>
> I installed joe from the current ports collection, a few minutes ago, and
> was able to confirm the bug.
>
> The Linux people (Red Hat, Immunix, Mandrake, and Debian) have released
> patched versions, but I haven't looked at their patches.
>
> Would it be all right if I marked the port forbidden (mentioning
> http://www.securityfocus.com/archive/1/145305), until the maintainer
> becomes available?
> --
> Trevor Johnson
> http://jpj.net/~trevor/gpgkey.txt
If you fowarded this to me before, it must have gotten lost during my many
server moves over the past couple of months, I apologize.
I'll send an e-mail to the author of Joe an e-mail about this, but from my
past experiences with him, he's quite busy with other projects and may not
have time for a complete new version immediately. I'll come up with a quick
patch for now to include, that one of you can verify for accuracy (if
desired) to include in our local port patches.
Thanks,
Kevin
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Thu Nov 23 22:42: 9 2000
Delivered-To: freebsd-security@freebsd.org
Received: from grok.example.net (cr479972-a.rct1.bc.wave.home.com [24.113.37.168])
by hub.freebsd.org (Postfix) with ESMTP
id CACFF37B4D7; Thu, 23 Nov 2000 22:42:06 -0800 (PST)
Received: by grok.example.net (Postfix, from userid 1000)
id 1F7CD212E29; Thu, 23 Nov 2000 22:42:06 -0800 (PST)
Date: Thu, 23 Nov 2000 22:42:05 -0800
From: Steve Reid
To: "Vladimir I. Kulakov"
Cc: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: DOS atack of hardware problem?
Message-ID: <20001123224205.A1105@grok>
References: <20001124062133.97CBE76F9@mtu.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <20001124062133.97CBE76F9@mtu.ru>; from Vladimir I. Kulakov on Fri, Nov 24, 2000 at 09:21:32AM +0300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Fri, Nov 24, 2000 at 09:21:32AM +0300, Vladimir I. Kulakov wrote:
> It seems the network card in our server unpedicably swithes from 100
> to 10 Mbits and from half-duplex to full duplex.
Try setting the speed and duplex manually. Like this in rc.conf, but
with your real IP and netmask of course:
ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.0 \
media 100baseTX mediaopt full-duplex"
I've seen problems with autonegotiate too. I wouldn't set up a
production box without setting this manually.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 0:15: 9 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns.gutatelecom.ru (ns.gutatelecom.ru [195.7.161.13])
by hub.freebsd.org (Postfix) with ESMTP id B8EC237B4CF
for ; Fri, 24 Nov 2000 00:15:06 -0800 (PST)
Received: from hub.all.yans.ru (unknown [10.123.0.2])
by ns.gutatelecom.ru (Postfix) with ESMTP id B84006E702
for ; Fri, 24 Nov 2000 11:15:05 +0300 (MSK)
Received: by hub.all.yans.ru (Postfix, from userid 300)
id B859A7F8C1; Fri, 24 Nov 2000 11:16:30 +0300 (MSK)
Date: Fri, 24 Nov 2000 11:16:30 +0300
From: Ekaterina Ivannikova
To: freebsd-security@freebsd.org
Subject: Re: How to isolate jails from the host system ?
Message-ID: <20001124111630.A2238@hub.all.yans.ru>
References: <20001123174231.A4498@hub.all.yans.ru> <20001123212757.W27042@speedy.gsinet>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20001123212757.W27042@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Thu, Nov 23, 2000 at 09:27:57PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, Nov 23, 2000 at 09:27:57PM +0100, Gerhard Sittig wrote:
> On Thu, Nov 23, 2000 at 17:42 +0300, Ekaterina Ivannikova wrote:
> >
> > It appeares that though processes in a jail are not allowed to
> > bind to the host system's ip address, they are still assigned
> > this ip address if they try to connect to daemons running on
> > the host system.
>
> That's hard to believe. :) At least it contradicts the jail(2)
> idea. Processes in jails can *only* bind to the IP assigned to
> the jail. Not even 127.0.0.1 is available.
>
> Although there was (is?) a bug with UDP packets mistakenly being
> sent _from_ the host's address under certain circumstances. But
> a fix is available, search for "jail" in the gnats database.
>
I triped over this one. This is bug kern/20946, status closed, but
it seems that the relevant patch did not make it into the -STABLE
source. The patch may be found at
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/udp_usrreq.c.diff?r1=1.73&r2=1.74&f=u
Thanx for your help, now it works as expected.
Regards,
Ekaterina Ivannikova
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 0:30:47 2000
Delivered-To: freebsd-security@freebsd.org
Received: from castle.dreaming.org (castle.dreaming.org [209.146.217.193])
by hub.freebsd.org (Postfix) with ESMTP
id 7E06737B479; Fri, 24 Nov 2000 00:30:41 -0800 (PST)
Received: from cr592943a (cr592943-a.bloor1.on.wave.home.com [24.156.38.199])
by castle.dreaming.org (8.11.1/8.11.1) with SMTP id eAO8Tjd82928;
Fri, 24 Nov 2000 03:29:45 -0500 (EST)
(envelope-from mit@mitayai.net)
From: "Will Mitayai Keeso Rowe"
To: "Steve Reid" ,
"Vladimir I. Kulakov"
Cc: ,
Subject: RE: DOS atack of hardware problem?
Date: Fri, 24 Nov 2000 03:30:54 -0500
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20001123224205.A1105@grok>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
has this been known to happen with xl0/3Com 3C509TX?
-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Steve Reid
Sent: Friday, November 24, 2000 1:42 AM
To: Vladimir I. Kulakov
Cc: freebsd-isp@FreeBSD.ORG; security@FreeBSD.ORG
Subject: Re: DOS atack of hardware problem?
On Fri, Nov 24, 2000 at 09:21:32AM +0300, Vladimir I. Kulakov wrote:
> It seems the network card in our server unpedicably swithes from 100
> to 10 Mbits and from half-duplex to full duplex.
Try setting the speed and duplex manually. Like this in rc.conf, but
with your real IP and netmask of course:
ifconfig_fxp0="inet 192.168.1.2 netmask 255.255.255.0 \
media 100baseTX mediaopt full-duplex"
I've seen problems with autonegotiate too. I wouldn't set up a
production box without setting this manually.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 2:57:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
by hub.freebsd.org (Postfix) with ESMTP id DCE7837B4CF
for ; Fri, 24 Nov 2000 02:57:46 -0800 (PST)
Received: (from des@localhost)
by flood.ping.uio.no (8.9.3/8.9.3) id LAA48760;
Fri, 24 Nov 2000 11:57:40 +0100 (CET)
(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
coincide with those of any organisation or company with
which I am or have been affiliated.
To: Vlad
Cc: security@FreeBSD.ORG
Subject: Re: ipf - icmp
References:
From: Dag-Erling Smorgrav
Date: 24 Nov 2000 11:57:39 +0100
In-Reply-To: Vlad's message of "Thu, 23 Nov 2000 14:35:56 -0500 (EST)"
Message-ID:
Lines: 17
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Vlad writes:
> pass in quick on sis0 proto icmp from any to any icmp-type 0
> pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3
> pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4
> pass in quick on sis0 proto icmp from any to any icmp-type timex
> pass out quick on sis0 proto icmp from any to any
>
> these entries will allow you to ping/traceroute anyone, will prohibit
> anyone from pinging/tracerouting you.
No. There is no way to completely prevent someone from tracerouting
you. You can make it slightly harder by blocking incoming UDP (which
your ruleset does not), but that's about it.
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 3:43:52 2000
Delivered-To: freebsd-security@freebsd.org
Received: from nevermind.kiev.ua (unknown [212.109.53.33])
by hub.freebsd.org (Postfix) with ESMTP id 1C47C37B479
for ; Fri, 24 Nov 2000 03:43:48 -0800 (PST)
Received: (from never@localhost)
by nevermind.kiev.ua (8.11.1/8.11.1) id eAOBgKQ17355;
Fri, 24 Nov 2000 13:42:21 +0200 (EET)
(envelope-from never)
Date: Fri, 24 Nov 2000 13:42:19 +0200
From: Nevermind
To: Dag-Erling Smorgrav
Cc: Vlad , security@FreeBSD.ORG
Subject: Re: ipf - icmp
Message-ID: <20001124134218.A17181@nevermind.kiev.ua>
References:
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from des@ofug.org on Fri, Nov 24, 2000 at 11:57:39AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello, Dag-Erling Smorgrav!
On Fri, Nov 24, 2000 at 11:57:39AM +0100, you wrote:
> Vlad writes:
> > pass in quick on sis0 proto icmp from any to any icmp-type 0
> > pass in quick on sis0 proto icmp from any to any icmp-type unreach code 3
> > pass in quick on sis0 proto icmp from any to any icmp-type unreach code 4
> > pass in quick on sis0 proto icmp from any to any icmp-type timex
> > pass out quick on sis0 proto icmp from any to any
> >
> > these entries will allow you to ping/traceroute anyone, will prohibit
> > anyone from pinging/tracerouting you.
> No. There is no way to completely prevent someone from tracerouting
> you. You can make it slightly harder by blocking incoming UDP (which
> your ruleset does not), but that's about it.
Why not to use ipfw?
ipfw add deny icmp from any to any via sis0
--
Alexandr P. Kovalenko http://nevermind.kiev.ua/
NEVE-RIPE
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 3:52:35 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
by hub.freebsd.org (Postfix) with ESMTP id 8071837B479
for ; Fri, 24 Nov 2000 03:52:32 -0800 (PST)
Received: (from des@localhost)
by flood.ping.uio.no (8.9.3/8.9.3) id MAA48969;
Fri, 24 Nov 2000 12:52:15 +0100 (CET)
(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
coincide with those of any organisation or company with
which I am or have been affiliated.
To: Nevermind
Cc: Vlad , security@FreeBSD.ORG
Subject: Re: ipf - icmp
References: <20001124134218.A17181@nevermind.kiev.ua>
From: Dag-Erling Smorgrav
Date: 24 Nov 2000 12:52:14 +0100
In-Reply-To: Nevermind's message of "Fri, 24 Nov 2000 13:42:19 +0200"
Message-ID:
Lines: 14
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Nevermind writes:
> > No. There is no way to completely prevent someone from tracerouting
> > you. You can make it slightly harder by blocking incoming UDP (which
> > your ruleset does not), but that's about it.
> Why not to use ipfw?
> ipfw add deny icmp from any to any via sis0
This still won't prevent traceroutes. The only 100% foolproof way to
prevent anyone from tracerouting your machine is to take it off the
net.
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 5:15:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.mclink.it (net128-053.mclink.it [195.110.128.53])
by hub.freebsd.org (Postfix) with ESMTP id 1DF9437B479
for ; Fri, 24 Nov 2000 05:15:37 -0800 (PST)
Received: from net147-007.mclink.it (net147-007.mclink.it [195.110.147.7])
by mail.mclink.it (8.9.3/8.9.0) with ESMTP id OAA03218;
Fri, 24 Nov 2000 14:15:27 +0100 (CET)
Date: Fri, 24 Nov 2000 14:08:47 +0100
From: Massimo Fubini
X-Mailer: The Bat! (v1.45)
Reply-To: Massimo Fubini
X-Priority: 3 (Normal)
Message-ID: <18813810961.20001124140847@aexis-telecom.it>
To: Dag-Erling Smorgrav
Cc: security@FreeBSD.ORG
Subject: Re[2]: ipf - icmp
In-reply-To:
References:
<20001124134218.A17181@nevermind.kiev.ua>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello Dag-Erling and all the group,
Friday, November 24, 2000, 12:52:14 PM, you wrote:
DES> Nevermind writes:
>> > No. There is no way to completely prevent someone from tracerouting
>> > you. You can make it slightly harder by blocking incoming UDP (which
>> > your ruleset does not), but that's about it.
Traceroute is based on ttl expiration.... What you can do is blocking
all the packet with a small ttl, so you will never have a ttl == 0 in
your internal network. If you have no more than 3 hops in your
internal network, and you discard all the packet with a ttl < 4 you
will never have ttl expiration, and this will make very hard for
program like traceroute, or firewalk to map your internal network.
Something can be done to understand if a port is closed at the
firewall or at the host... but it is an other topic.
Best regards,
Massimo
PS
It is my first post in *@freebsd.org, I'm a beginner with freebsd, and
hope I will learn a lot from this lists.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 10:21:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
by hub.freebsd.org (Postfix) with ESMTP id 0D7E937B479
for ; Fri, 24 Nov 2000 10:21:36 -0800 (PST)
Received: from localhost (smithi@localhost)
by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id FAA12254;
Sat, 25 Nov 2000 05:20:50 +1100 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Sat, 25 Nov 2000 05:20:50 +1100 (EST)
From: Ian Smith
To: Al Kwan
Cc: security@FreeBSD.ORG
Subject: Re: INBOX Locked
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Thu, 23 Nov 2000, Al Kwan wrote:
> Hello all,
>
> Figured it out after much frustration. Hopefully if anyone else gets this
> problem you can learn from my errors..
>
> Somehow my /tmp (/usr/tmp) directory permissions changed to:
>
> drwxr-xr-x - so groups and everyone didn't have write access to tmp
>
> Pine needs that to put the mailbox file in while it works on it and lets
> you delete messages and so forth.
>
> Change permission on the /usr/tmp directory to allow write access and the
> INBOX stops being "readonly".
Sure, but ..
> > /var/mail - permissions are rwx for owner/group/everyone
.. are you sure your /var/mail is world writeable? If so, why?
Ian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 12:15:35 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (pop.gmx.net [194.221.183.20])
by hub.freebsd.org (Postfix) with SMTP id D90AF37B479
for ; Fri, 24 Nov 2000 12:15:32 -0800 (PST)
Received: (qmail 11623 invoked by uid 0); 24 Nov 2000 20:15:31 -0000
Received: from p3ee21675.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.117)
by mail.gmx.net (mail03) with SMTP; 24 Nov 2000 20:15:31 -0000
Received: (from sittig@localhost)
by speedy.gsinet (8.8.8/8.8.8) id RAA21698
for freebsd-security@freebsd.org; Fri, 24 Nov 2000 17:42:31 +0100
Date: Fri, 24 Nov 2000 17:42:31 +0100
From: Gerhard Sittig
To: FreeBSD Security
Subject: static ARP tables
Message-ID: <20001124174231.Z27042@speedy.gsinet>
Mail-Followup-To: FreeBSD Security
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
Organization: System Defenestrators Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
You might be interested in the conf/23063 PR with the
"[PATCH] for static ARP tables in rc.network" synopsis
(http://www.freebsd.org/cgi/query-pr.cgi?pr=23063).
I understand that -security subscribers are the ones to use these
things more probably than others. Please comment on the patch to
improve it since it's far from perfect. Thank you for your
attention!
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 13: 3:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hboss-bsd.powersurfr.com (hboss-bsd.powersurfr.com [24.108.165.216])
by hub.freebsd.org (Postfix) with ESMTP id 1139F37B4CF
for ; Fri, 24 Nov 2000 13:03:42 -0800 (PST)
Received: from localhost (akwan@localhost)
by hboss-bsd.powersurfr.com (8.11.0/8.11.0) with ESMTP id eAOL4uT00252;
Fri, 24 Nov 2000 14:04:57 -0700 (MST)
(envelope-from akwan@hboss-bsd.powersurfr.com)
Date: Fri, 24 Nov 2000 14:04:56 -0700 (MST)
From: Al Kwan
To: Ian Smith
Cc: security@FreeBSD.ORG
Subject: Re: INBOX Locked
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
/var/mail is readable by all. I figure they need read access to view the
directory and their mailboxes within. Would their email still work if
they didn't have read access to that dir?
Al
On Sat, 25 Nov 2000, Ian Smith wrote:
> On Thu, 23 Nov 2000, Al Kwan wrote:
>
> > Hello all,
> >
> > Figured it out after much frustration. Hopefully if anyone else gets this
> > problem you can learn from my errors..
> >
> > Somehow my /tmp (/usr/tmp) directory permissions changed to:
> >
> > drwxr-xr-x - so groups and everyone didn't have write access to tmp
> >
> > Pine needs that to put the mailbox file in while it works on it and lets
> > you delete messages and so forth.
> >
> > Change permission on the /usr/tmp directory to allow write access and the
> > INBOX stops being "readonly".
>
> Sure, but ..
>
> > > /var/mail - permissions are rwx for owner/group/everyone
>
> .. are you sure your /var/mail is world writeable? If so, why?
>
> Ian
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 14: 5: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id 0341B37B4CF; Fri, 24 Nov 2000 14:05:03 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAOM5xi61812;
Fri, 24 Nov 2000 14:05:59 -0800 (PST)
(envelope-from kris)
Date: Fri, 24 Nov 2000 14:05:58 -0800
From: Kris Kennaway
To: Otter
Cc: Jorge Filipe Andrade ,
freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Security Advisories at FreeBSD 4.2?
Message-ID: <20001124140558.B59742@citusc17.usc.edu>
References: <20001123132851.A36019@citusc17.usc.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="cvVnyQ+4j833TQvp"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: ; from otterr@telocity.com on Thu, Nov 23, 2000 at 09:57:58PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--cvVnyQ+4j833TQvp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Nov 23, 2000 at 09:57:58PM -0500, Otter wrote:
> when/if they are announced, you can find them if you read:
> ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/4.2-RELEASE/ERRATA.TXT
Actually, we don't usually update the errata when security advisories
are released. There are too many other things to do. I should remove
the text from there and replace it with a pointer to the list on the
website.
Kris
--cvVnyQ+4j833TQvp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoe5kYACgkQWry0BWjoQKUF8QCeLZrDVWIXJxhcDnuZvAV//HFG
iFwAn1bC6Wm/KBOTlgCWj7IWi/xjLvk+
=5WQB
-----END PGP SIGNATURE-----
--cvVnyQ+4j833TQvp--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 14:10:34 2000
Delivered-To: freebsd-security@freebsd.org
Received: from phalse.2600.com (phalse.2600.COM [216.66.24.2])
by hub.freebsd.org (Postfix) with ESMTP id 29F4D37B4C5
for ; Fri, 24 Nov 2000 14:10:30 -0800 (PST)
Received: from localhost (localhost [[UNIX: localhost]])
by phalse.2600.com (8.8.8/8.8.8) with ESMTP id RAA25473
for ; Fri, 24 Nov 2000 17:10:28 -0500 (EST)
Date: Fri, 24 Nov 2000 17:10:22 -0500 (EST)
From: Dominick LaTrappe
To: freebsd-security@freebsd.org
Subject: Re: static ARP tables
In-Reply-To: <20001124174231.Z27042@speedy.gsinet>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
On Fri, 24 Nov 2000 Gerhard Sittig wrote:
> You might be interested in the conf/23063 PR with the
> "[PATCH] for static ARP tables in rc.network" synopsis
> (http://www.freebsd.org/cgi/query-pr.cgi?pr=23063).
With software-set MAC addresses supported by a number of cards, this patch
does not provide much security.
(2)=Ethernet, (3)=IP. If Mallory wants to play ARP games on your local
network, to get Alice(2) to talk with Mallory(2) when she really means to
talk with Bob(2), Mallory's ultimate plan is still for Alice(3) to talk
with Mallory(3). Using IPsec AH all over this network will prevent
Mallory(3) from successfully sending IP packets with a source address
other than Mallory(3)'s. (Specifically, the packet will be dropped by the
recipient.) If this isn't enough, using IPsec ESP all over this network
will prevent Mallory(3) from understanding any IP packets not truly bound
for Mallory(3). Now, all that Mallory(2) has done is caused a DoS.
Unless you can hardcode per-port MAC addresses into your switch, with
exactly one host interface connected to each port, using IPsec like this
is a good idea IMHO. Of course, there are all kinds of devices, including
the common SoHo router, that don't support any kind of IPsec. How to
prevent Mallory from masquerading as these is another story.
||| Dominick
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 15: 8:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bastuba.partitur.se (bastuba.partitur.se [212.209.169.194])
by hub.freebsd.org (Postfix) with ESMTP id 443A537B4CF
for ; Fri, 24 Nov 2000 15:08:37 -0800 (PST)
Received: from elbas.partitur.se (elbas.partitur.se [212.209.169.222])
by bastuba.partitur.se (8.9.3/8.9.3) with ESMTP id AAA09555;
Sat, 25 Nov 2000 00:08:35 +0100 (CET)
(envelope-from girgen@partitur.se)
Received: from partitur.se (localhost.partitur.se [127.0.0.1])
by elbas.partitur.se (8.11.1/8.11.1) with ESMTP id eAON8ZN35520;
Sat, 25 Nov 2000 00:08:35 +0100 (CET)
(envelope-from girgen@partitur.se)
Message-ID: <3A1EF4F3.1DBB456C@partitur.se>
Date: Sat, 25 Nov 2000 00:08:35 +0100
From: Palle Girgensohn
Organization: Partitur
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386)
X-Accept-Language: sv, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: telnet, SRA & preventing remote login as root?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi!
I just realized a strange thing:
Since 4.0, telnetd has SRA support. The SRA login dialog seems
to bypass login(1) and I can't find a proper way prevent root
from beeing able to login remotely.
Here's what happens:
$ telnet hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.
FreeBSD/i386 (hostname.domain) (ttyp2)
login: root
Password:
Login incorrect
login: Connection closed by foreign host.
$
fine, this is what I want... but:
$ telnet -l root hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.
Trying SRA secure login:
User (root): root
Password:
[ SRA accepts you ]
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All
rights reserved.
... (I'm logged in as root)
WTF!
This is a standard 4.2-RELEASE system. Before 4.0, it wasn't
possible to remotely log in as root (well, not any proper
documented way...:) and I am a bit surprised that I suddenly
can.
I tried stopping this with login.access, but it seems it is not
used by the SRA login dialog.
I tried telnetd -X SRA (in inetd.conf), and this works (but
crashes my 4.0-stable server just as PR 19606 says) but is
still a workaround, since it removes the SRA altogether.
Also, I tried telnetd -a off, and this will create double login
dialogs, the second beeing login(1):
$ telnet -l root hostname
Trying 1.2.3.4...
Connected to hostname.domain
Escape character is '^]'.
Trying SRA secure login:
User (root): root
Password:
[ SRA accepts you ]
Password:
Login incorrect
login: root
Password:
Login incorrect
login: Connection closed by foreign host.
$
Is this intentional?
/Palle
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 15:32: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id 0450837B4C5; Fri, 24 Nov 2000 15:32:04 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAONX7q71755;
Fri, 24 Nov 2000 15:33:07 -0800 (PST)
(envelope-from kris)
Date: Fri, 24 Nov 2000 15:33:07 -0800
From: Kris Kennaway
To: "Brian F. Feldman"
Cc: security@FreeBSD.org
Subject: Re: OpenSSH 2.3.0 pre-upgrade
Message-ID: <20001124153307.A71713@citusc17.usc.edu>
References: <200011242328.eAONSJ560421@green.dyndns.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011242328.eAONSJ560421@green.dyndns.org>; from green@FreeBSD.org on Fri, Nov 24, 2000 at 06:28:19PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Nov 24, 2000 at 06:28:19PM -0500, Brian F. Feldman wrote:
> What's new in this release? Mostly the adding of the AES (Rijndael) to t=
he=20
> SSH2 algorithms. Is anything now broken? Well, nothing new broken that =
I=20
Doesn't that rely on AES support in OpenSSL?
> There's some weird issue where for the Diffie-Hellman exchange, OpenSSH=
=20
> wants primes but doesn't seem to want to generate them... it expects an
> /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) an=
d I=20
> have no clue where the program is that supposedly generates them. So, fo=
r=20
> SSH2, the authentication stage generates a large warning and uses a=20
> hardcoded prime. This should not actually have an affect on security,=20
> though, according to my understanding of the Diffie-Hellman protocol.
They're static - OpenBSD just committed the file with some good primes
generated from OpenSSL, presumably.
Kris
--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoe+rMACgkQWry0BWjoQKUc/gCghafS9pr8E5Bee+oFJ0nUOuz5
ErEAnROdPkl5v/gO6a3N0iSV7sjnnou/
=Oa5X
-----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Fri Nov 24 18:31:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cfdnet.me.tuns.ca (CFDnet.me.TUNS.Ca [134.190.50.164])
by hub.freebsd.org (Postfix) with ESMTP
id CB00537B479; Fri, 24 Nov 2000 18:31:43 -0800 (PST)
Received: from localhost (freebsd@localhost)
by cfdnet.me.tuns.ca (8.9.3/8.9.3) with ESMTP id WAA01002;
Fri, 24 Nov 2000 22:27:34 -0400 (AST)
(envelope-from freebsd@cfdnet.me.tuns.ca)
Date: Fri, 24 Nov 2000 22:27:34 -0400 (AST)
From: Theo Bell
To: "Vladimir I. Kulakov"
Cc: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: DOS atack of hardware problem?
In-Reply-To: <20001124062133.97CBE76F9@mtu.ru>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi,
I had this problem with a D-Link 530TX card using device vr0. I swapped
cards a couple of times to no avail. Finally I changed the network cable
and the problem went away. I can't say for sure that is the solution to
your problem, but you never know...
HTH
Theo Bell
On Fri, 24 Nov 2000, Vladimir I. Kulakov wrote:
> Hello!
>
> Last week I noticed some strange messages in my log files:
> fxp0 : device timeout
>
> After that the ping bacame unstable, and somtimes the
> server was unreachable.
>
> Our we replugged the server from 100 Mbit/s 3com switch to
> ordinary 10 Mbit/s hub. It helped. The server started to work
> fine, but a few days after that the problems appeard again.
> It seems the network card in our server unpedicably
> swithes from 100 to 10 Mbits and from half-duplex to full duplex.
> When we plugged the server to uplink port in our swith, everything
> is working fine again...
>
> Our Ethernet card - Intel Ether Express Pro 100/s
>
> Can it be a flud or some kind of DOS-atack or it just a hardware
> problem? I tried another network card (also Ehter Express 100),
> but it's getting even worse - the server does not work at all.
>
> What is the best way to solve such a problem finally?
>
> Many thanks in advance...
>
> -----------------------------------------------------
> Vladimir I. Kulakov http://www.kudesniki.ru/
> VK9-RIPN
> kulakov@kudesniki.ru
> 2:5020/779.27@fidonet.org
>
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 2: 5:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65])
by hub.freebsd.org (Postfix) with ESMTP
id EE39C37B4C5; Sat, 25 Nov 2000 02:05:28 -0800 (PST)
Received: from localhost.localdom (p3E9E156A.dip.t-dialin.net [62.158.21.106])
by post.webmailer.de (8.9.3/8.8.7) with ESMTP id LAA29145;
Sat, 25 Nov 2000 11:05:29 +0100 (MET)
Received: from masterpc (master [192.168.0.1])
by localhost.localdom (8.11.1/8.11.1) with ESMTP id eAPA5JG06563;
Sat, 25 Nov 2000 11:05:19 +0100 (CET)
Date: Sat, 25 Nov 2000 11:05:04 -0800
From: Boris
X-Mailer: The Bat! (v1.46d) Personal
Reply-To: Boris
X-Priority: 3 (Normal)
Message-ID: <7885578635.20001125110504@x-itec.de>
To: Kris Kennaway
Cc: "Brian F. Feldman" , security@FreeBSD.ORG
Subject: Re[2]: OpenSSH 2.3.0 pre-upgrade
In-reply-To: <20001124153307.A71713@citusc17.usc.edu>
References: <200011242328.eAONSJ560421@green.dyndns.org>
<20001124153307.A71713@citusc17.usc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello Kris,
Friday, November 24, 2000, 3:33:07 PM, you wrote:
KK> They're static - OpenBSD just committed the file with some good primes
KK> generated from OpenSSL, presumably.
KK> Kris
How to recreate these numbers? I do not like static factors for
encryption, they are always a security risc
--
Best regards,
Boris mailto:koester@x-itec.de
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 4:44:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp23.singnet.com.sg (smtp23.singnet.com.sg [165.21.101.203])
by hub.freebsd.org (Postfix) with ESMTP id 2889E37B4C5
for ; Sat, 25 Nov 2000 04:44:37 -0800 (PST)
Received: from netserver01 (ad202.166.106.112.magix.com.sg [202.166.106.112])
by smtp23.singnet.com.sg (8.9.3/8.9.3) with SMTP id UAA22340
for ; Sat, 25 Nov 2000 20:44:35 +0800
(envelope-from spades@galaxynet.org)
Message-Id: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
X-Sender: spades@smtp.magix.com.sg
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Sat, 25 Nov 2000 20:45:08 +0800
To: freebsd-security@freebsd.org
From: Spades
Subject: Re: wuftp
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
I think someone tried to overflow my office server with mass anonymous
login.
Any idea or comments?
----------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 4:47:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
by hub.freebsd.org (Postfix) with ESMTP id E29A037B4CF
for ; Sat, 25 Nov 2000 04:47:22 -0800 (PST)
Received: (from bright@localhost)
by fw.wintelcom.net (8.10.0/8.10.0) id eAPClJ320955;
Sat, 25 Nov 2000 04:47:19 -0800 (PST)
Date: Sat, 25 Nov 2000 04:47:19 -0800
From: Alfred Perlstein
To: Spades
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wuftp
Message-ID: <20001125044719.J8051@fw.wintelcom.net>
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>; from spades@galaxynet.org on Sat, Nov 25, 2000 at 08:45:08PM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
* Spades [001125 04:44] wrote:
> I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
>
> I think someone tried to overflow my office server with mass anonymous
> login.
>
> Any idea or comments?
Upgrade to the lastest version of wu-ftpd. They probably tried
some linux/solaris version of the script to exploit.
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 4:50:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
by hub.freebsd.org (Postfix) with ESMTP id 4866A37B4CF
for ; Sat, 25 Nov 2000 04:50:22 -0800 (PST)
Received: from localhost (trevor@localhost)
by blues.jpj.net (right/backatcha) with ESMTP id eAPCoJK23262;
Sat, 25 Nov 2000 07:50:19 -0500 (EST)
Date: Sat, 25 Nov 2000 07:50:18 -0500 (EST)
From: Trevor Johnson
To: Spades
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wuftp
In-Reply-To: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
> I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
According to
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
that was fixed in June (before FreeBSD 4.1.1 was released).
--
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 6:19:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from beethoven.singa.pore.net (beethoven.singa.pore.net [202.156.1.28])
by hub.freebsd.org (Postfix) with ESMTP id 1A72737B479
for ; Sat, 25 Nov 2000 06:19:43 -0800 (PST)
Received: from sleipnir (mcns46.docsis24.singa.pore.net [202.156.24.46])
by beethoven.singa.pore.net (8.9.3/8.9.3) with SMTP id WAA10415;
Sat, 25 Nov 2000 22:20:26 +0800 (SST)
Message-ID: <001501c056ea$c437c860$2e189cca@sleipnir>
From: "James Lim"
To: , "Spades"
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
Subject: Re: wuftp
Date: Sat, 25 Nov 2000 22:19:46 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi there,
I just don't understand. Why use wuftpd which is notorious? Try
some other daemons like proftpd or ncftpd
Regards,
James Lim
evilfry at sg.freebsd.org
----- Original Message -----
From: "Spades"
To:
Sent: Saturday, November 25, 2000 8:45 PM
Subject: Re: wuftp
> I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
>
> I think someone tried to overflow my office server with mass anonymous
> login.
>
> Any idea or comments?
> ----------
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 7:13:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from postman.orangenetwork.net (ns.orangenetwork.net [211.123.49.50])
by hub.freebsd.org (Postfix) with SMTP id E765E37B4C5
for ; Sat, 25 Nov 2000 07:13:09 -0800 (PST)
Received: (qmail 75833 invoked from network); 26 Nov 2000 00:13:00 +0900
Received: from stanley.orangenetwork.net (HELO stanley) (211.123.49.54)
by ns.orangenetwork.net with SMTP; 26 Nov 2000 00:13:00 +0900
Date: Sun, 26 Nov 2000 00:12:00 +0900
From: Melon
To: freebsd-security@freebsd.org
Subject: Re[2]: wuftp
In-Reply-To: <001501c056ea$c437c860$2e189cca@sleipnir>
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg> <001501c056ea$c437c860$2e189cca@sleipnir>
Message-Id: <3A1FD6C030C.864DMELON@postman.orangenetwork.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.26.05
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hello,
I'm trying to use ProFTPD 1.2.0 rc2 instead of wu-ftpd 2.6.1
After installing ProFTPD, I found
No modules loaded for `ftp' service
error messeges each time user succesffully logged in.
How come this message appear?
Any suggestions will be appreciated.
Melon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 7:17:56 2000
Delivered-To: freebsd-security@freebsd.org
Received: from pro.lookanswer.com (pro.lookanswer.com [195.66.202.99])
by hub.freebsd.org (Postfix) with SMTP id ECBBA37B479
for ; Sat, 25 Nov 2000 07:17:44 -0800 (PST)
Received: (qmail 66561 invoked by uid 1001); 25 Nov 2000 15:17:37 -0000
From: Alex Koshterek
Reply-To: havoc@lookanswer.com
To: Melon
Subject: Re: Re[2]: wuftp
Date: Sat, 25 Nov 2000 17:15:58 +0200
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain;
charset="US-ASCII"
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg> <001501c056ea$c437c860$2e189cca@sleipnir> <3A1FD6C030C.864DMELON@postman.orangenetwork.net>
In-Reply-To: <3A1FD6C030C.864DMELON@postman.orangenetwork.net>
Cc: freebsd-security@FreeBSD.ORG
MIME-Version: 1.0
Message-Id: <00112517173700.50981@pro.lookanswer.com>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
ÓÂ , 25 ÎÏÑ 2000, Melon ÎÁÐÉÓÁÌ:
> Hello,
>
> I'm trying to use ProFTPD 1.2.0 rc2 instead of wu-ftpd 2.6.1
>
> After installing ProFTPD, I found
> No modules loaded for `ftp' service
> error messeges each time user succesffully logged in.
>
This is a PAM. I got same messages.
I think, you can remove lines about ftpd from /etc/pam.conf
Alex
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 7:28:36 2000
Delivered-To: freebsd-security@freebsd.org
Received: from postman.orangenetwork.net (ns.orangenetwork.net [211.123.49.50])
by hub.freebsd.org (Postfix) with SMTP id 63A6D37B479
for ; Sat, 25 Nov 2000 07:28:29 -0800 (PST)
Received: (qmail 76141 invoked from network); 26 Nov 2000 00:28:23 +0900
Received: from stanley.orangenetwork.net (HELO stanley) (211.123.49.54)
by ns.orangenetwork.net with SMTP; 26 Nov 2000 00:28:23 +0900
Date: Sun, 26 Nov 2000 00:27:22 +0900
From: Melon
To: havoc@lookanswer.com, freebsd-security@freebsd.org
Subject: Re[4]: wuftp
In-Reply-To: <00112517173700.50981@pro.lookanswer.com>
References: <3A1FD6C030C.864DMELON@postman.orangenetwork.net> <00112517173700.50981@pro.lookanswer.com>
Message-Id: <3A1FDA5A2F8.864EMELON@postman.orangenetwork.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.26.05
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
I think so.
But when I tried to build without PAM support, I failed.
Anyhow, is this message harmful for security or function?
Melon
On Sat, 25 Nov 2000 17:15:58 +0200
Alex Koshterek wrote:
> > Hello,
> >
> > I'm trying to use ProFTPD 1.2.0 rc2 instead of wu-ftpd 2.6.1
> >
> > After installing ProFTPD, I found
> > No modules loaded for `ftp' service
> > error messeges each time user succesffully logged in.
> >
> This is a PAM. I got same messages.
> I think, you can remove lines about ftpd from /etc/pam.conf
>
> Alex
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 7:39:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from pro.lookanswer.com (pro.lookanswer.com [195.66.202.99])
by hub.freebsd.org (Postfix) with SMTP id C92EE37B4CF
for ; Sat, 25 Nov 2000 07:39:43 -0800 (PST)
Received: (qmail 83973 invoked by uid 1001); 25 Nov 2000 15:39:36 -0000
From: Alex Koshterek
Reply-To: havoc@lookanswer.com
To: Melon , freebsd-security@FreeBSD.ORG
Subject: Re: Re[4]: wuftp
Date: Sat, 25 Nov 2000 17:38:44 +0200
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain;
charset="US-ASCII"
References: <3A1FD6C030C.864DMELON@postman.orangenetwork.net> <00112517173700.50981@pro.lookanswer.com> <3A1FDA5A2F8.864EMELON@postman.orangenetwork.net>
In-Reply-To: <3A1FDA5A2F8.864EMELON@postman.orangenetwork.net>
MIME-Version: 1.0
Message-Id: <00112517393602.50981@pro.lookanswer.com>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
ÓÂ , 25 ÎÏÑ 2000, Melon ÎÁÐÉÓÁÌ:
> I think so.
> But when I tried to build without PAM support, I failed.
>
> Anyhow, is this message harmful for security or function?
>
> Melon
You can simple ignore this message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 9: 2:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obelix.rby.hk-r.se (obelix-b.rby.hk-r.se [194.47.132.4])
by hub.freebsd.org (Postfix) with ESMTP id 6E50437B479
for ; Sat, 25 Nov 2000 09:02:38 -0800 (PST)
Received: from orc.rby.hk-r.se (orc [194.47.134.179])
by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id eAPH2aK06919
for ; Sat, 25 Nov 2000 18:02:36 +0100 (MET)
Received: from localhost (t98pth@localhost)
by orc.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id eAPH2ZS10001
for ; Sat, 25 Nov 2000 18:02:35 +0100 (MET)
Date: Sat, 25 Nov 2000 18:02:35 +0100 (MET)
From: =?ISO-8859-1?Q?P=E4r_Thoren?=
To: freebsd-security@freebsd.org
Subject: secure tunnel
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Can I forward port 80 on a natd server so that every connection that is
made by local machines (nat clients) to port 80 on the natdserver(on the
internal interface) will go to another server? Can this be done with ssh
tunneling so that the connection between the natdserver and the other www
server will be secure?
/P=E4r
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 11:44:25 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1])
by hub.freebsd.org (Postfix) with ESMTP id 80D0A37B479
for ; Sat, 25 Nov 2000 11:44:23 -0800 (PST)
Received: from localhost (vdrifter@localhost)
by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id LAA30966
for ; Sat, 25 Nov 2000 11:44:22 -0800
Date: Sat, 25 Nov 2000 11:44:22 -0800 (PST)
From: John F Cuzzola
To: security@freebsd.org
Subject: jail
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi all,
I'm trying to configure a jail on my 4.2 system. Following the
instructions on "man jail" ...
cd /usr/src
make hierarchy DESTDIR=/path/to/jail
I get the message "I dont know how to make hierarchy". I've installed the
full sources (I believe). Can someone please fill me in.
Thanks
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 13:11: 9 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP
id D610437B4C5; Sat, 25 Nov 2000 13:11:07 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAPLC5M04775;
Sat, 25 Nov 2000 13:12:05 -0800 (PST)
(envelope-from kris)
Date: Sat, 25 Nov 2000 13:12:05 -0800
From: Kris Kennaway
To: Boris
Cc: "Brian F. Feldman" , security@FreeBSD.ORG
Subject: Re: OpenSSH 2.3.0 pre-upgrade
Message-ID: <20001125131205.A4706@citusc17.usc.edu>
References: <200011242328.eAONSJ560421@green.dyndns.org> <20001124153307.A71713@citusc17.usc.edu> <7885578635.20001125110504@x-itec.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <7885578635.20001125110504@x-itec.de>; from koester@x-itec.de on Sat, Nov 25, 2000 at 11:05:04AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sat, Nov 25, 2000 at 11:05:04AM -0800, Boris wrote:
> How to recreate these numbers? I do not like static factors for
> encryption, they are always a security risc
Read about Diffie-Hellman. It is not a security risk.
Kris
--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjogKyUACgkQWry0BWjoQKUwgQCePUuaI2HQNfotb/VrAMygq0LA
rDMAniMMOFOb2k66/EuXUX818bjvtD6A
=mVm8
-----END PGP SIGNATURE-----
--NzB8fVQJ5HfG6fxh--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 13:14:54 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
by hub.freebsd.org (Postfix) with ESMTP id F3BA937B479
for ; Sat, 25 Nov 2000 13:14:52 -0800 (PST)
Received: (from kris@localhost)
by citusc17.usc.edu (8.11.1/8.11.1) id eAPLFk004887;
Sat, 25 Nov 2000 13:15:46 -0800 (PST)
(envelope-from kris)
Date: Sat, 25 Nov 2000 13:15:46 -0800
From: Kris Kennaway
To: Spades
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: wuftp
Message-ID: <20001125131546.A4850@citusc17.usc.edu>
References: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3.0.32.20001125204508.01752dd0@smtp.magix.com.sg>; from spades@galaxynet.org on Sat, Nov 25, 2000 at 08:45:08PM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sat, Nov 25, 2000 at 08:45:08PM +0800, Spades wrote:
> I run FreeBSD 4.1.1-release, is it vulnerable to the wuftp exploit?
wu-ftpd isn't part of any version of FreeBSD. Which version of
*wu-ftpd* are you running?
Kris
--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjogLAIACgkQWry0BWjoQKW2SQCfY/R+7eXwc/3pp07p2dt7KrnK
KrEAnR2XgM4EMUv+HMFVgGIPrNSetIgl
=CF98
-----END PGP SIGNATURE-----
--tThc/1wpZn/ma/RB--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 14:13: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
by hub.freebsd.org (Postfix) with ESMTP id 0784A37B4C5
for ; Sat, 25 Nov 2000 14:13:00 -0800 (PST)
Received: (from danderse@localhost)
by faith.cs.utah.edu (8.9.3/8.9.3) id PAA26585;
Sat, 25 Nov 2000 15:12:56 -0700 (MST)
Message-Id: <200011252212.PAA26585@faith.cs.utah.edu>
Subject: Re: static ARP tables
To: Gerhard.Sittig@gmx.net
Date: Sat, 25 Nov 2000 15:12:56 -0700 (MST)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: from "Dominick LaTrappe" at Nov 24, 2000 05:10:22 PM
From: "David G. Andersen"
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Lo and behold, Dominick LaTrappe once said:
>
> On Fri, 24 Nov 2000 Gerhard Sittig wrote:
> > You might be interested in the conf/23063 PR with the
> > "[PATCH] for static ARP tables in rc.network" synopsis
> > (http://www.freebsd.org/cgi/query-pr.cgi?pr=23063).
>
> With software-set MAC addresses supported by a number of cards, this patch
> does not provide much security.
When used in conjunction with switch-enfored MAC security, it's actually
quite useful. You yourself state this; I have a need for exactly this
kind of functionality for Utah's network testbed, actually.
You have a point, of course; this shouldn't be plugged as "the perfect
solution for ip-based authentication," because it does have many holes of
which a user must be aware, but it's a very nice thing to have around, and
I'd love to see it controllable via rc.conf.
One thing that would be nice from my perspective would be the ability to
specify an external file that contains the static ARP entries, e.g.
static_arp_table="/etc/arpfile"
(The same kind of functionality currently provided by rc.firewall).
Thanks, Gerhard!
-Dave
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
From owner-freebsd-security Sat Nov 25 14:59:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from beethoven.singa.pore.net (beethoven.singa.pore.net [202.156.1.28])
by hub.freebsd.org (Postfix) with ESMTP id C8CBA37B4CF
for ; Sat, 25 Nov 2000 14:59:33 -0800 (PST)
Received: from sleipnir (mcns46.docsis24.singa.pore.net [202.156.24.46])
by beethoven.singa.pore.net (8.9.3/8.9.3) with SMTP id GAA20947;
Sun, 26 Nov 2000 06:59:18 +0800 (SST)
Message-ID: <001301c05733$423b3920$2e189cca@sleipnir>
From: "James Lim"
To: "Melon" , ,
References: <3A1FD6C030C.864DMELON@postman.orangenetwork.net> <00112517173700.50981@pro.lookanswer.com> <3A1FDA5A2F8.864EMELON@postman.orangenetwork.net>
Subject: Re: Re[4]: wuftp
Date: Sun, 26 Nov 2000 06:58:41 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
Hi there,
Make sure u have AuthPAM off in the proftpd.conf :)
Hope this Helps,
Regards,
James Lim
----- Original Message -----
From: "Melon"
To: ;
Sent: Saturday, November 25, 2000 11:27 PM
Subject: Re[4]: wuftp
> I think so.
> But when I tried to build without PAM support, I failed.
>
> Anyhow, is this message harmful for security or function?
>
> Melon
>
>
> On Sat, 25 Nov 2000 17:15:58 +0200
> Alex Koshterek wrote:
>
> > > Hello,
> > >
> > > I'm trying to use ProFTPD 1.2.0 rc2 instead of wu-ftpd 2.6.1
> > >
> > > After installing ProFTPD, I found
> > > No modules loaded for `ftp' service
> > > error messeges each time user succesffully logged in.
> > >
> > This is a PAM. I got same messages.
> > I think, you can remove lines about ftpd from /etc/pam.conf
> >
> > Alex
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message