*BSD news from the past

Er is een handige security checklist verschenen voor FreeBSD‚ hiermee kun je nagaan of jouw FreeBSD installatie een beetje veilig is.
[quote]
This document is intended to be a working checklist of security settings implemented on FreeBSD servers.

There is no question that there are a number of well-written and often brilliant documents providing overviews‚ how-to’s and faqs on FreeBSD security for the practical systems administrator‚ but there is no to-the-point‚ checklist that can be a tool for each time a server is built. While there are no elaborate explanations supplied here‚ you can check out the bibliography at the end of this document. Remember‚ nothing upsets your fellow sysadmins more than not RTFM.

It is not intended to be final document‚ but rather a working‚ regularly updated tool‚ complemented with the input of others and myself.

Ideally‚ this document could be accessed over the internet or printed out and used as a reference when building a server.

This checklist is meant to focus on the actual operating system‚ not individual applications. It does not approach important basics such as firewalling with pf‚ ipf and ipfw‚ nor the various mail transfer agents‚ www servers and their configurations.

Finally‚ although I have tried to be as accurate as possible‚ it should be clear that I’m not responsible for any errors you make using this document.
[/quote]
[url=http://sddi.net/FBSDSecCheckList.html]De checklist[/url]

Vanaf heden veranderd het standaard compressie formaat van FreeBSD in bzipped tarball‚ dit op verzoek van het release engineers.
Ook de ports collection is veranderd in .tbz
[quote]
Date: Sun‚ 1 Sep 2002 13:15:02 -0700
From: Kris Kennaway
To: stable@FreeBSD.org
Subject: HEADS UP: Package compression format changed

–ibTvN161/egqYuK8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

At the request of the release engineers the default package
compression scheme has been changed from gzipped tarball to bzip2ed
tarball. The package tools have been updated to deal with the new
format (older package tools only had partial support for .tbz
packages).

Additionally‚ the ports collection packages distributed via the FTP
site have been switched to .tbz‚ so if you are a regular user of these
packages you will need to update and rebuild your package tools
(e.g. by doing a complete upgrade).

Kris [/quote]

NetBSD 1.6 is de negende release van NetBSD‚ momenteel zijn ze gevorderd tot Release Candidate 3 (RC3). Als het goed is worden er alleen belangrijke bugfixes gedaan voor de release.
[quote]
NetBSD 1.6 is the ninth major release of the NetBSD operating system‚ and is currently in the pre-release stage. The netbsd-1-6 CVS branch is currently at 1.6_RC3. As this is a release candidate‚ only critical bugs are expected to be fixed before the release. If you’re confident‚ you can build NetBSD from source or use the daily binary snapshots and perform testing on your system(s).

Note: Although the netbsd-1-6 branch is currently very stable‚ it should not be considered to be production quality until the final release. See Personal contributions to NetBSD for information on testing and reporting bugs.[/quote]

De FreeBSD stable branch is bevroren in de voorbereiding op FreeBSD 4.7. Dit zorgt er voor dat wijzigingen in de source tree eerst goedgekeurd dienen te worden door het FreeBSD Release engingeering team.
De verwachte release datum voor 4.7 is 1 oktober 2002.
[url=http://www.freebsd.org/releases/4.7R/schedule.html]Planning voor 4.7[/url]

Er is een security advisory verschenen van de ports‚ hierin staat beschreven welke ports een security probleempje hebben.
[quote]
FreeBSD-SN-02:05 Security Notice
The FreeBSD Project

Topic: security issues in ports
Announced: 2002-08-28

I. Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues. These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.

These ports are not installed by default‚ nor are they “part of
FreeBSD” as such. The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format. FreeBSD makes
no claim about the security of these third-party applications. See
for more information about the
FreeBSD Ports Collection.

II. Ports

+————————————————————————+
Port name: acroread5
Affected: versions < acroread-5.06 Status: Fixed Insecure temporary file handling. The acrobatviewer‚ acroread4‚ ghostscript‚ gv‚ mgv and xpdf ports can also display PDF files.

+————————————————————————+
Port name: aide
Affected: versions < aide-0.7_1 Status: Fixed The default aide.conf silently fails to check subdirectories‚ even though it appears to be configured to do so. +------------------------------------------------------------------------+ Port name: apache+mod_ssl Affected: versions < 1.3.26+2.8.10 Status: Fixed A child process of the Apache server can crash if it receives a request for the contents of a directory in which a maliciously constructed .htaccess file has been placed. In the default configuration‚ another child will be spawned‚ and the crash will be logged. Therefore the bug should be insignificant for most users.
+————————————————————————+
Port name: bugzilla
Affected: versions < bugzilla-2.14.2 Status: Fixed "Various security issues of varying importance."
+————————————————————————+
Port name: Canna
Affected: versions < ja-Canna-3.5b2_3 Status: Fixed A remotely exploitable buffer overflow exists in the cannaserver daemon. Although previously corrected‚ the patch containing the correction was inadvertently removed from the port skeleton.


+————————————————————————+
Port name: ethereal
Affected: versions < ethereal-0.9.6 Status: Fixed Buffer overflows in BGP‚ IS-IS‚ and WCP dissectors.

+————————————————————————+
Port name: fam
Affected: versions < fam-2.6.8 Status: Fixed "Unprivileged users can potentially learn names of files that only users in root's group should be able to view."

+————————————————————————+
Port name: isakmpd
Affected: versions < isakmpd-20020403_1 Status: Fixed ``Receiving IKE payloads out of sequence can cause isakmpd(8) to crash.''

+————————————————————————+
Port name: irssi
Affected: versions < irssi-0.8.5 Status: Fixed Maliciously long topic can crash program remotely.
+————————————————————————+
Port name: kdelibs2 and kdelibs3
Affected: versions < kdelibs2-2.2.2_1 versions < kdelibs3-3.0.2_4 Status: Fixed A man-in-the-middle attack is possible against Konqueror and other KDE applications which use SSL.
+————————————————————————+
Port name: krb5
Affected: versions < krb5-1.2.5_2 Status: Fixed Contains an overflow in Sun RPC XDR decoder.


+————————————————————————+
Port name: linux-netscape6‚ netscape7‚ linux-mozilla‚ and mozilla
Affected: versions < mozilla-1.0_1‚1 (mozilla) versions < linux-mozilla-1.1 (linux-mozilla) All versions (others) Status: Fixed (linux-mozilla and mozilla) Not fixed (others) Malicious Web pages or files can cause loss of X session. When the X server receives a request to display an enormously large scalable font‚ the server exits abruptly‚ killing all its clients. This has been confirmed only with XFree86 4.2.0‚ but there is evidence that XFree86 3.3.6‚ the X font server‚ and Xvnc behave the same way. Unpatched Netscape (major version 6 or 7) and Mozilla browsers do not limit the size of fonts which Web pages or files can specify‚ thus triggering the bug. Scalable fonts may be disabled as a workaround.
+————————————————————————+
Port name: mm
Affected: versions < mm-1.2.0 Status: Fixed May allow the local Apache user to gain privileges via temporary files.
+————————————————————————+
Port name: mpack
Affected: versions < mpack-1.5_2 Status: Fixed Buffer overflow which might be triggered when mpack is used to process data from a remote source (email‚ news‚ and so on).
+————————————————————————+
Port name: mozilla‚ linux-mozilla
Affected: versions < mozilla-1.0.rc1_2‚1 (mozilla) versions < linux-mozilla-1.0_1 (linux-mozilla) Status: Not fixed An overflow exists in the Chatzilla IRC client. It can cause Mozilla to crash even if the demonstration page does not cause the crash. According to Robert Ginda‚ the bug does not allow execution of malicious code.


+————————————————————————+
Port name: newsx
Affected: versions < newsx-1.4.8 Status: Fixed Format string bug reported by Niels Heinen .
+————————————————————————+
Port name: openssh‚ openssh-portable
Affected: versions < openssh-3.4 (openssh) versions < openssh-3.4p1 (openssh-portable) Status: Fixed Buffer overflow can lead to denial of service or root compromise.
+————————————————————————+
Port name: php
Affected: versions mod_php4-4.2.0 and mod_php4-4.2.1
versions php4-4.2.0 and php4-4.2.1
Status: Fixed
On i386 architecture‚ may be remotely crashed; on other architectures‚
may allow execution of arbitrary code with the privileges of the
Web server by anyone who can send HTTP POST requests.


+————————————————————————+
Port name: linux-png and png
Affected: versions < linux-png-1.0.14 versions < png-1.2.4 Status: Fixed Malformed images (for example‚ in Web pages) can cause applications to crash. Execution of malicious code may be possible.





+————————————————————————+
Port name: postgresql7
Affected: versions < postgresql7-7.2.2 Status: Fixed Multiple buffer overruns may allow execution of malicious code. Remote attack is possible only when the server is configured to accept TCP/IP connections‚ which is not the default.



+————————————————————————+
Port name: samba
Affected: versions < samba-2.2.5 Status: Fixed Possible buffer overflow.
+————————————————————————+
Port name: squid24
Affected: versions < squid-2.4_10 Status: Fixed Buffer overflows may allow remote execution of code.
+————————————————————————+
Port name: super
Affected: versions < super-3.20.0 Status: Fixed Local root exploit.
+————————————————————————+
Port name: webmin
Affected: versions < webmin-0.990_3 Status: Fixed "If a webmin user is able to view print jobs‚ he can execute any command as root."
+————————————————————————+
Port name: zmailer
Affected: versions < zmailer-2.99.51_1 Status: Fixed When using IPv6‚ a remote buffer overflow during the processing of the HELO command is possible. Reported by 3APA3A <3APA3A@SECURITY.NNOV.RU>.
+————————————————————————+

III. Upgrading Ports/Packages

To upgrade a fixed port/package‚ perform one of the following:

1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier. See:
/usr/ports/devel/portcheckout
/usr/ports/misc/porteasy
/usr/ports/sysutils/portupgrade

2) Deinstall the old package and install a new package obtained from

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/

Packages are not automatically generated for other architectures at
this time.

[/quote]

Bron: [url=http://www.webwereld.nl]Webwereld[/url]

In juni werd er uitvoerig bericht over een bug in de serversoftware ‘Apache’ en over een fout in de Secure Socket Layer‚ kortweg SSL. SSL wordt gebruikt op webpagina’s van banken en online winkels om de verbinding te versleutelen. Dit zorgt ervoor dat de gegevens veilig over het internet verstuurd kunnen worden en niet onderschept kunnen worden.

[url=http://www.webwereld.nl/nieuws/12208.phtml]Het heke artikel[/url]

[url=http://www.webwereld.nl/]Webwereld[/url]

XS4ALL biedt vanaf vandaag adsl van BBned aan. Deze adsl-dienst zal tot acht keer sneller zijn dan de huidige adsl-diensten van XS4ALL. BBned dekt vrijwel hetzelfde gebied dat MxStream dekt. Klanten van de nieuwe dienst kunnen gebruik maken van ‘line-sharing’. Hierdoor is het mogelijk om de telefonie via KPN te laten verlopen.

[url=http://www.webwereld.nl/nieuws/12198.phtml]Het hele artikel[/url]

Bron: [url=http://www.bsdforums.org/forums/showthread.php?s=&threadid=2608]BSDForums[/url]

A few system calls were identified that contained assumptions that
a given argument was always a positive integer‚ while in fact the
argument was handled as a signed integer. As a result‚ the boundary
checking code would fail if the system call were entered with a
negative argument.

The affected system calls could be called with large negative
arguments‚ causing the kernel to return a large portion of kernel
memory. Such memory might contain sensitive information‚ such as
portions of the file cache or terminal buffers. This information
might be directly useful‚ or it might be leveraged to obtain elevated
privileges in some way. For example‚ a terminal buffer might include
a user-entered password.

[quote]*************************************
Date: Mon‚ 19 Aug 2002 05:56:23 -0700 (PDT)
From: FreeBSD Security Advisories
To: FreeBSD Security Advisories
Subject: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error

—–BEGIN PGP SIGNED MESSAGE—–

==================================================
===========================
FreeBSD-SA-02:38.signed-error Security Advisory
The FreeBSD Project

Topic: Boundary checking errors involving signed integers

Category: core
Module: sys
Announced: 2002-08-19
Credits: Silvio Cesare
Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p10
Corrected: 2002-08-13 02:42:32 UTC (RELENG_4)
2002-08-13 12:12:36 UTC (RELENG_4_6)
2002-08-13 12:13:05 UTC (RELENG_4_5)
2002-08-13 12:13:49 UTC (RELENG_4_4)
FreeBSD only: YES

I. Background

The issue described in this advisory affects the accept(2)‚
getsockname(2)‚ and getpeername(2) system calls‚ and the vesa(4)
FBIO_GETPALETTE ioctl(2).

II. Problem Description

A few system calls were identified that contained assumptions that
a given argument was always a positive integer‚ while in fact the
argument was handled as a signed integer. As a result‚ the boundary
checking code would fail if the system call were entered with a
negative argument.

III. Impact

The affected system calls could be called with large negative
arguments‚ causing the kernel to return a large portion of kernel
memory. Such memory might contain sensitive information‚ such as
portions of the file cache or terminal buffers. This information
might be directly useful‚ or it might be leveraged to obtain elevated
privileges in some way. For example‚ a terminal buffer might include
a user-entered password.

IV. Workaround

None.

V. Solution

1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE;
or to any of the RELENG_4_6 (4.6.1-RELEASE-p11)‚ RELENG_4_5
(4.5-RELEASE-p19)‚ or RELENG_4_4 (4.4-RELEASE-p26) security branches
dated after the respective correction dates.

2) To patch your present system:

a) Download the relevant patch from the location below‚ and verify the
detached PGP signature using your PGP utility. The following patch
has been tested to apply to all FreeBSD 4.x releases.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C…ned-error.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/C…error.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch c) Recompile your kernel as described in
and reboot the system.

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Path Revision
Branch
– ————————————————————————-
src/sys/i386/isa/vesa.c
RELENG_4 1.32.2.1
RELENG_4_6 1.32.10.1
RELENG_4_5 1.32.8.1
RELENG_4_4 1.32.6.1
src/sys/kern/uipc_syscalls.c
RELENG_4 1.65.2.12
RELENG_4_6 1.65.2.9.6.1
RELENG_4_5 1.65.2.9.4.1
RELENG_4_4 1.65.2.9.2.1
src/sys/conf/newvers.sh
RELENG_4_6 1.44.2.23.2.16
RELENG_4_5 1.44.2.20.2.20
RELENG_4_4 1.44.2.17.2.25
– ————————————————————————-

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx
8Kz8M6gnrg4omw
w/ vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1Cr
ZwT/D5mkteU+
XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ
V8rt/2zD2wc=
=LpMd
—–END PGP SIGNATURE—–

This is the moderated mailing list freebsd-announce.
The list contains announcements of new FreeBSD capabilities‚
important events and project milestones.
See also the FreeBSD Web pages at http://www.freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with “unsubscribe freebsd-announce” in the body of the message
[/quote]

Bron: [url=http://www.webwereld.nl]Webwereld[/url]

KPN zal een ‘light-versie’ van MxStream op de markt brengen. De snelheid van de bestaande abonnementen gaat omhoog. Dat zei Ad Scheepbouwer, bestuursvoorzitter van KPN, dinsdagochtend bij de presentatie van de halfjaarcijfers. Details over het goedkope adsl en de nieuwe snelheden van MxStream worden pas donderdag bekendgemaakt. Wel is duidelijk dat de light-versie goedkoper zal zijn dan de huidige abonnementen.

[url=http://www.webwereld.nl/nieuws/12193.phtml]Het hele artikel[/url]

Er is een status rapport verschenen van FreeBSD, hier kun je zien waar de verschillende teams mee bezig zijn.
[quote]May and June were remarkably busy months for the FreeBSD Project– FreeBSD developers met in Monterey, CA in June for FreeBSD Developer Summit III to discuss strategy for the FreeBSD 5.0 release later this year, for the USENIX Annual Technical conference and for the FreeBSD BoF. Substantial technical progress was made on FreeBSD 5.0, and FreeBSD 4.6-RELEASE was cut on the RELENG_4 branch in June.[/quote]

[url=http://www.freebsd.org/news/status/report-may-2002-june-2002.html]Het hele status rapport[/url]