From owner-freebsd-announce Mon Nov 6 11:58:41 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5C6BA37B4CF; Mon, 6 Nov 2000 11:58:27 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump [REISSUED] Reply-To: security-advisories@freebsd.org Message-Id: <20001106195827.5C6BA37B4CF@hub.freebsd.org> Date: Mon, 6 Nov 2000 11:58:27 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:61 Security Advisory FreeBSD, Inc. Topic: tcpdump contains remote vulnerabilities [REISSUED] Category: core Module: tcpdump Announced: 2000-10-31 Reissued: 2000-11-06 Credits: Discovered during internal auditing. Affects: All releases of FreeBSD 3.x, 4.x prior to 4.2 FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the correction date Corrected: 2000-10-04 (FreeBSD 4.1.1-STABLE) 2000-10-05 (FreeBSD 3.5.1-STABLE) Vendor status: Patch released FreeBSD only: NO 0. Revision History v1.0 2000-10-31 Initial release v1.1 2000-11-06 Corrected patch I. Background tcpdump is a tool for monitoring network activity. II. Problem Description Several overflowable buffers were discovered in the version of tcpdump included in FreeBSD, during internal source code auditing. Some simply allow the remote attacker to crash the local tcpdump process, but there is a more serious vulnerability in the decoding of AFS ACL packets in the more recent version of tcpdump (tcpdump 3.5) included in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow a remote attacker to execute arbitrary code on the local system (usually root, since root privileges are required to run tcpdump). The former issue may be a problem for systems using tcpdump as a form of intrusion detection system, i.e. to monitor suspicious network activity: after the attacker crashes any listening tcpdump processes their subsequent activities will not be observed. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE, 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are vulnerable to the "remote crash" problems, and FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are also vulnerable to the "remote execution" vulnerability. Both problems were corrected in 4.1.1-STABLE prior to the release of FreeBSD 4.2-RELEASE. III. Impact Remote users can cause the local tcpdump process to crash, and (under FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE and 4.1.1-STABLE prior to the correction date) may be able to cause arbitrary code to be executed as the user running tcpdump, usually root. IV. Workaround Do not use vulnerable versions of tcpdump in network environments which may contain packets from untrusted sources. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2a) FreeBSD 3.x systems prior to the correction date Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc # cd /usr/src/contrib/tcpdump # patch -p < /path/to/patch # cd /usr/src/usr.sbin/tcpdump # make depend && make all install 2b) FreeBSD 4.x systems prior to the correction date NOTE: The patch distributed with the original version of this advisory was incomplete and did not include all of the security fixes made to the tcpdump utility. In particular, it did not address the remote code execution vulnerability. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc # cd /usr/src/contrib/tcpdump # patch -p < /path/to/patch # cd /usr/src/usr.sbin/tcpdump # make depend && make all install -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgcNKFUuHi5z0oilAQGYQAP9F00eE4rd0M46f8WMWTO7uFb1gV2p4Y0l KV0vT1wMy+PdmFNpo7SVrb/tdpa4Wtxb/Q/tu7RDZQqFI29yBPTFnE1iu8T2BSAm cO/dE5ypkjJkEjf8QjxqQXVhTbtIVVQa3Tosw3AdUFP0gKHUkZ36ryCQVxbqRMQK c0ZkdbwESp8= =uaOo -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 6 12: 1:31 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 03CE337B4CF; Mon, 6 Nov 2000 12:01:10 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED] Reply-To: security-advisories@freebsd.org Message-Id: <20001106200110.03CE337B4CF@hub.freebsd.org> Date: Mon, 6 Nov 2000 12:01:10 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:62 Security Advisory FreeBSD, Inc. Topic: top allows reading of kernel memory [REISSUED] Category: core Module: top Announced: 2000-11-01 Reissued: 2000-11-06 Credits: vort@wiretapped.net via OpenBSD Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the correction date. Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE) 2000-11-05 (FreeBSD 3.5.1-STABLE) FreeBSD only: NO 0. Revision History v1.0 2000-11-01 Initial release v1.1 2000-11-06 Updated patch released. I. Background top is a utility for displaying current system resource statistics such as process CPU and memory use. It is externally-maintained, contributed software which is included in FreeBSD by default. II. Problem Description A "format string vulnerability" was discovered in the top(1) utility which allows unprivileged local users to cause the top process to execute arbitrary code. The top utility runs with increased privileges as a member of the kmem group, which allows it to read from kernel memory (but not write to it). A process with the ability to read from kernel memory can monitor privileged data such as network traffic, disk buffers and terminal activity, and may be able to leverage this to obtain further privileges on the local system or on other systems, including root privileges. All released versions of FreeBSD prior to the correction date including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, but it was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE. III. Impact Local users can read privileged data from kernel memory which may provide information allowing them to further increase their local or remote system access privileges. IV. Workaround Remove the setgid bit on the top utilities. This has the side-effect that users who are not a member of the kmem group or who are not the superuser cannot use the top utility. # chmod g-s /usr/bin/top V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2) Apply the patch below and recompile the relevant files: NOTE: The original version of this advisory contained an incomplete patch which does not fully eliminate the security vulnerability. The additional vulnerability was pointed out by Przemyslaw Frasunek . Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1.asc Execute the following commands as root: # cd /usr/src/contrib/top # patch -p < /path/to/patch_or_advisory # cd /usr/src/usr.bin/top # make depend && make all install Patch for vulnerable systems: Index: display.c =================================================================== RCS file: /mnt/ncvs/src/contrib/top/display.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- display.c 1999/01/09 20:20:33 1.4 +++ display.c 2000/10/04 23:34:16 1.5 @@ -829,7 +831,7 @@ register int i; /* first, format the message */ - (void) sprintf(next_msg, msgfmt, a1, a2, a3); + (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3); if (msglen > 0) { Index: top.c =================================================================== RCS file: /mnt/ncvs/src/contrib/top/top.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- top.c 1999/01/09 20:20:34 1.4 +++ top.c 2000/10/04 23:34:16 1.5 @@ -807,7 +809,7 @@ { if ((errmsg = kill_procs(tempbuf2)) != NULL) { - new_message(MT_standout, errmsg); + new_message(MT_standout, "%s", errmsg); putchar('\r'); no_command = Yes; } Index: top.c =================================================================== RCS file: /mnt/ncvs/src/contrib/top/top.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- top.c 2000/10/04 23:34:16 1.5 +++ top.c 2000/11/03 22:00:10 1.6 @@ -826,7 +826,7 @@ { if ((errmsg = renice_procs(tempbuf2)) != NULL) { - new_message(MT_standout, errmsg); + new_message(MT_standout, "%s", errmsg); putchar('\r'); no_command = Yes; } -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgcN7lUuHi5z0oilAQFqJgP/bn4SN6FaNvazYMaVzypsEgWzofK/kdlu iWXcdZVkoFZlF4J7e6M/wRn0xS1lvNPlv5yNF4bYa7lnZHeNzS/58v94+Sze2ooV bgML9JzhfaM0Ps+/mAXO4FzGi+WryTkdZGl9KVkwT+QwuRer/bz4GoJvnrsGuBpf dXoovvpgwiA= =hVPb -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 6 12:14:20 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5C3C337B661; Mon, 6 Nov 2000 12:14:04 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:64.global Reply-To: security-advisories@freebsd.org Message-Id: <20001106201404.5C3C337B661@hub.freebsd.org> Date: Mon, 6 Nov 2000 12:14:04 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:64 Security Advisory FreeBSD, Inc. Topic: global port allows remote compromise through CGI script Category: ports Module: global Announced: 2000-11-06 Credits: Shigio Yamaguchi Affects: Ports collection prior to the correction date. Corrected: 2000-10-09 Vendor status: Updated version released FreeBSD only: NO I. Background global is a source-code tagging system for indexing and searching large bodies of source code. II. Problem Description The global port, versions 3.5 through to 3.55, contains a vulnerability in the CGI script generated by the htags utility which allows a remote attacker to execute code on the local system as the user running the script, typically user 'nobody' in most installations. There is no vulnerability in the default installation of the port, but if an administrator uses the 'htags -f' command to generate a CGI script enabling the browsing of source code, then the system is vulnerable to attack caused by incorrect validation of input. An older version of global was included in previous releases of FreeBSD; this is not vulnerable to the problem described here. The global port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact If the 'htags -f' command is used to generate a CGI script which is then installed under a webserver, then remote users may execute arbitrary commands on the local system as the user which runs the CGI script. If you have not chosen to install the global port/package, or you have not used the 'htags -f' command to produce a CGI script, then your system is not vulnerable to this problem. IV. Workaround Deinstall the global port/package, if you you have installed it, or remove the 'global.cgi' file installed on the website. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the global port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/global-4.0.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/global-4.0.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/global-4.0.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/global-4.0.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/global-4.0.1.tgz 3) download a new port skeleton for the cvsweb port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgcQslUuHi5z0oilAQHKXAP/Wz2SmgOAIYFOquE3z+++5nbNxKYmKS/J Tb1ClUtPSSk6s/dfX3t17O1o0a/Pmj3u+CxAdRXdIka1XAQE9lY2pL4uhEVr0nXT /+I4Hap17OZVdNTTiF/a6LYd/WYbJkMrRbADnZjvRp5zrOpPwbzc1ZwIn9GRqiHc XYA/cWGGWXg= =+ex8 -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 6 15:44:32 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 6903437B479; Mon, 6 Nov 2000 15:44:19 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:65.xfce Reply-To: security-advisories@freebsd.org Message-Id: <20001106234419.6903437B479@hub.freebsd.org> Date: Mon, 6 Nov 2000 15:44:19 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:65 Security Advisory FreeBSD, Inc. Topic: xfce allows local X session compromise Category: ports Module: xfce Announced: 2000-11-06 Credits: Nicholas Brawn Affects: Ports collection prior to the correction date. Corrected: 2000-11-01 Vendor status: Updated version released FreeBSD only: NO I. Background xfce is a window manager/desktop environment for the X Windows system. II. Problem Description Versions of xfce prior to 3.52 contain a startup script which incorrectly allows access to the X display to all other users on the local system. Such users are able to monitor and control the contents of the display window as well as monitoring input from keyboard and mouse devices. For example, this allows them to monitor passphrases typed into a terminal window, among other possibilities. The xfce port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are vulnerable to this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Local users can monitor and control the contents of the X display running xfce, as well as input devices such as mice and keyboards. IV. Workaround Deinstall the xfce port/package, if you you have installed it, or remove the lines containing 'xhost +$HOSTNAME' in the following files: /usr/X11R6/etc/xfce/xinitrc /usr/X11R6/etc/xfce/xinitrc.mwm V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the xfce port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz 3) download a new port skeleton for the xfce port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgdCalUuHi5z0oilAQEwxwP+OoowcV51kn3hHjcFWZRk2GAIw/mu6gxP GsLscf2IMAX+dyJG+sNtpzktsrMsIFcv5ADjNjhW+WAqqGhNCosV6cQ8/BNi0+m4 o4Mqyc3jsYBkWzzXd/W6y4EWStup+7/iz/68DPdIUHs1IyfFQ7DiCgWXzZBo8GG1 6muI/XYYm6Q= =Ioj2 -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Mon Nov 6 15:46: 2 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 11EB637B65F; Mon, 6 Nov 2000 15:45:41 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:66.netscape Reply-To: security-advisories@freebsd.org Message-Id: <20001106234541.11EB637B65F@hub.freebsd.org> Date: Mon, 6 Nov 2000 15:45:41 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:66 Security Advisory FreeBSD, Inc. Topic: Client vulnerability in Netscape Category: ports Module: netscape Announced: 2000-11-06 Credits: Michal Zalewski Affects: Ports collection prior to the correction date. Corrected: 2000-10-29 Vendor status: Updated version released FreeBSD only: NO I. Background Netscape is a popular web browser, available in several versions in the FreeBSD ports collection. II. Problem Description Versions of netscape prior to 4.76 allow a client-side exploit through a buffer overflow in html code. A malicious website operator can cause arbitrary code to be executed by the user running the netscape client. The netscape ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are vulnerable to this problem since it was discovered after the release, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote attackers can execute arbitrary code on the local system by convincing users to visit a malicious website. If you have not chosen to install the netscape port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the netscape port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the relevant netscape port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/ Since there are so many variations of the netscape ports in the FreeBSD ports collection they are not listed separately here. Localized versions are also available in the respective language subdirectory. 3) download a new port skeleton for the netscape port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgdCqFUuHi5z0oilAQFMFgQAjrqHzfVCD2oLCya0budGincSy+e6onfi XCMqyf8sAeEO5Bg4klVhkTMKCCPo9MEeLNWm3EwQHU4bN8wxD9NUHkYrVgNCsD8b rN34aAogoJR1fsfN960OW9EHWH8trPJDlC6IS1KYOmpOL8AuBfmbahL1vSx5TtZP vPFky0dFwKg= =mKdp -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Thu Nov 9 7: 3:15 2000 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id E84F037B479; Thu, 9 Nov 2000 07:03:02 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eA9F2xg20453; Thu, 9 Nov 2000 08:03:00 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id eA9F3lG19578; Thu, 9 Nov 2000 08:03:47 -0700 (MST) Message-Id: <200011091503.eA9F3lG19578@billy-club.village.org> To: freebsd-announce@freebsd.org Cc: security@freebsd.org, BUGTRAQ@securityfocus.com Subject: New FreeBSD security Officer Date: Thu, 09 Nov 2000 08:03:47 -0700 From: Warner Losh Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Greetings! I am resigning as FreeBSD's Security Officer. Over the past several years I have enjoyed watching FreeBSD's security improve. The change in attitude towards security issues of FreeBSD has been refreshing to see. This improvement could not have happened without the support of the FreeBSD committers. I will be succeeded by Kris Kennaway. He has been my deputy for the past ten months in charge of the ports system. As many of you have noticed, he has been responsible for the FreeBSD project taking security of the entire system to the next level. He has done an excellent job coordinating the securing of the ports and the dissemination of vulnerabilities to the public. The FreeBSD project will be in good hands with Kris at the Security helm. I will continue to be involved with FreeBSD and the FreeBSD security team. Over the years this team has grown from the Security Officer and his deputy to include key security personnel in the FreeBSD project who have the time and energy to help maintain FreeBSD's security. This team now consists of emeritus Security Officers, key security architects of the FreeBSD project as well as project administrative personnel. The team has grown to 7 members who contribute on a regular basis. Warner Losh FreeBSD core Former FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOgq8sFUuHi5z0oilAQGJMQP9Gd98qtkmzyra5qkv7efSc5GWcFKfQiHH OazSi9CIBV7ZXGvDXOOkMStYIg+j9xzNAaIRlITM3W06nqbv3g5o7rD+MnPxi9ul 3Dd5v0uIc6IMFoHLN+QmJGD8FPug7aG+v3o+cZcZAKStJnqZrNqlsvrZAQybmk44 f+mZCgUPILw= =j/bE -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Nov 10 14:45:26 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id ACB9237B4C5; Fri, 10 Nov 2000 14:45:11 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:67.gnupg Reply-To: security-advisories@freebsd.org Message-Id: <20001110224511.ACB9237B4C5@hub.freebsd.org> Date: Fri, 10 Nov 2000 14:45:11 -0800 (PST) Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:67 Security Advisory FreeBSD, Inc. Topic: gnupg fails to correctly verify signatures Category: ports Module: gnupg Announced: 2000-11-10 Credits: Jim Small Affects: Ports collection prior to the correction date. Corrected: 2000-10-18 Vendor status: Updated version released FreeBSD only: NO I. Background GnuPG is an implementation of the PGP digital signature/encryption protocol. II. Problem Description Versions of gnupg prior to 1.04 fail to correctly verify multiple signatures contained in a single document. Only the first signature encountered is actually verified, meaning that other data with invalid signatures (e.g. data which has been tampered with by an attacker) will not be verified, and the entire document will be treated as having valid signatures. The gnupg port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4100 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are vulnerable to this problem since it was discovered after the releases, but it was corrected prior to the release of FreeBSD 4.2. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Documents containing multiple signed regions of data can be corrupted or tampered with by an attacker without detection, as long as the first signature in the document remains valid. IV. Workaround Deinstall the gnupg port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the gnupg port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/gnupg-1.04.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.04.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/gnupg-1.04.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.04.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/gnupg-1.04.tgz 3) download a new port skeleton for the gnupg port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOgx6dlUuHi5z0oilAQEGaAP+KXIJlLBgF7tXXtLWcyJkhI6mAxgMyHEJ y+9RkI22mz7etMN1Nqm22Rj1cYBO99Q35lx4qJpuGftuRV+D9P6f5FbXMp+qhw24 K1t07eQhgiiNO1y9snvvEwwWtsHiosMFyIleFdbJwXoioqNsDFcByOwbG7zoEOOU BfDBTmKtPvQ= =1ZMA -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message