headers
NetBSD Security Officer | 23 Jun 2009 22:50
Picon

NetBSD Security Advisory 2009-001: PF firewall remote Denial Of Service attack


		 NetBSD Security Advisory 2009-001
		 =================================

Topic:		PF firewall remote Denial Of Service attack

Version:	NetBSD-current:		affected
		NetBSD 5.0:		not affected
		NetBSD 4.0.*:		not affected
		NetBSD 4.0:		not affected
		NetBSD 3.1.*:		not affected
		NetBSD 3.1:		not affected
		NetBSD 3.0.*:		not affected
		NetBSD 3.0:		not affected

Severity:	Denial of service

Fixed:		NetBSD-current:		April 14, 2009
		NetBSD-5 branch:	April 14, 2009
			(5.0 includes the fix)

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

PF firewalls suffer from a remote denial of service attack (system
panic) due to mishandling of some ICMP and ICMPV6 packets.
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 23 Jun 2009 22:59
Picon

NetBSD Security Advisory 2009-002: tcpdump multiple denial of service and arbitrary code execution issues


		 NetBSD Security Advisory 2009-002
		 =================================

Topic:		tcpdump multiple denial of service and arbitrary code
		execution issues

Version:	NetBSD-current:		affected before July 20, 2007
		NetBSD 5.0:		not affected
		NetBSD 4.0.*:		not affected
		NetBSD 4.0:		affected

Severity:	Denial of Service, Arbitrary Code Execution

Fixed:		NetBSD-current:		July 20, 2007
		NetBSD-4-0 branch:	July 21, 2008
			(4.0.2 will include the fix)
		NetBSD-4 branch:	July 21, 2008
			(4.1 will include the fix)
		pkgsrc:			tcpdump-3.9.7 corrects the issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A number of issuses exist in the version of tcpdump(1) shipped with
NetBSD 4.0 allowing a remote attacker to hang or crash the
application and to execute arbitrary code via specially crafted
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 23 Jun 2009 23:00
Picon

NetBSD Security Advisory 2009-003: proplib crashes on reading bad XML data


		 NetBSD Security Advisory 2009-003
		 =================================

Topic:		proplib crashes on reading bad XML data

Version:	NetBSD-current:		affected prior to March 30, 2009
		NetBSD 5.0:		not affected
		NetBSD 4.0.1:		affected
		NetBSD 4.0:		affected

Severity:	Denial of service

Fixed:		NetBSD-current:		March 30, 2009
		NetBSD-5 branch:	March 30, 2009
			(5.0 includes the fix)
		NetBSD-4-0 branch:	March 31, 2009
			(4.0.2 will include the fix)
		NetBSD-4 branch:	March 31, 2009
			(4.1 will include the fix)

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

The proplib library can crash if a badly formatted externalized plist
is presented for import. The crash will happen during the
transformation of the text XML form into a binary list. This bug can
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 23 Jun 2009 23:01
Picon

NetBSD Security Advisory 2009-004: NetBSD OpenPAM passwd(1) changing weakness


		 NetBSD Security Advisory 2009-004
		 =================================

Topic:		NetBSD OpenPAM passwd(1) changing weakness

Version:	NetBSD-current:		affected before June 14, 2009
		NetBSD 5.0:		affected
		NetBSD 4.0.1:		affected
		NetBSD 4.0:		affected

Severity:	Change root password as normal user

Fixed:		NetBSD-current:		June 14, 2009
		NetBSD-5-0 branch:	June 18, 2009
			(5.0.1 will include the fix)
		NetBSD-5 branch:	June 18, 2009
			(5.1 will include the fix)
		NetBSD-4-0 branch:	June 18, 2009
			(4.0.2 will include the fix)
		NetBSD-4 branch:	June 18, 2009
			(4.1 will include the fix)

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A verification weakness in the pam_unix module allows an authenticated
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 24 Jun 2009 00:43
Picon

Changing the NetBSD Security Officer PGP key

Dear NetBSD users, dear followers of the NetBSD security community,

Please note that from now on, the NetBSD Security Officer will
use a new PGP key to sign announcements and other types of
communication. The old PGP key will be unenrolled over the next
time:

pub   1024R/F8376205 1997-07-01
uid                  security-officer <at> netbsd.org

It will be superseeded by the following key which is larger
and offers a better security margin:

pub   4096R/4C4A706E 2009-06-23 [expires: 2019-06-21]
uid                  NetBSD Security Officer <security-officer <at> NetBSD.org>
sub   4096R/DF2CE620 2009-06-23 [expires: 2019-06-21]

The key will be rotated on a regular basis in the future, for
better security of our users. Please update your processes to
make use of this new key in the future.

To testify this migration, this mail contains the new security-officer
PGP key below and, appended, a signature of the text part generated
with the old and the new key, correspondingly.

Thank you for your continued trust in NetBSD,

			The NetBSD Security Officers

-----BEGIN PGP PUBLIC KEY BLOCK-----
(Continue reading)

Permalink | Reply | 0 comments |
headers
Elad Efrat | 27 Jun 2009 19:50
Picon

ACLs

Hi,

As a quick "proof of concept" for generic ACLs (i.e., no file-system
support is required), I've implemented ACLs on top of kauth(9)'s
future "vnode" scope, fileassoc(9), and proplib. It's unfit for
production use as it is -- you might notice there aren't too many
"frees" in the code and that it's very bare bones -- but I'm posting
it anyway to get an opinion from people and see if anyone's even
interested in something like that in NetBSD, and perhaps others have
features they'd like to see implemented.

Most of it (secmodel part, module makefile, userland program) can be found at

    http://www.NetBSD.org/~elad/acl/acl-dist.tar.gz

(see the README file in the archive.)

Note that the vnode scope implementation is (obviously) not present,
but should be trivial to add.

For those interested in just a quick demonstration of it working, a
really short session is at

    http://www.NetBSD.org/~elad/acl/acl.demo

Thanks,

-e.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Adam Hamsik | 30 Jun 2009 10:43
Picon
Gravatar

Re: ACLs

Hi,
On Jun,Saturday 27 2009, at 7:50 PM, Elad Efrat wrote:

> Hi,
>
> As a quick "proof of concept" for generic ACLs (i.e., no file-system
> support is required), I've implemented ACLs on top of kauth(9)'s
> future "vnode" scope, fileassoc(9), and proplib. It's unfit for
> production use as it is -- you might notice there aren't too many
> "frees" in the code and that it's very bare bones -- but I'm posting
> it anyway to get an opinion from people and see if anyone's even
> interested in something like that in NetBSD, and perhaps others have
> features they'd like to see implemented.
>

Do you plan to make this ACL implementation POSIX compatible ? One of
missing NetBSD features which I have found during ZFS port are posix  
ACLs.

> Note that the vnode scope implementation is (obviously) not present,
> but should be trivial to add.

Another missing feature is vnode kauth scope [1].

[1]http://147.175.157.81/git?p=netbsd/src/.git;a=blob;f=external/cddl/osnet/sys/kern/policy.c;h=54417a247d3f18bba9ead19e3e42db3410bf9ca2;hb=haad-zfs

Regards

Adam.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Elad Efrat | 30 Jun 2009 11:37
Picon

Re: ACLs

On Tue, Jun 30, 2009 at 11:43 AM, Adam Hamsik<haaaad <at> gmail.com> wrote:

> Do you plan to make this ACL implementation POSIX compatible ? One of
> missing NetBSD features which I have found during ZFS port are posix ACLs.

I have no such plans, but since the code is available, anyone who's
interested in them can do it. :)

-e.
Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 30 Jun 2009 23:47
Picon

NetBSD Security Advisory 2009-005: Plaintext Recovery Attack Against SSH


		 NetBSD Security Advisory 2009-005
		 =================================

Topic:		Plaintext Recovery Attack Against SSH

Version:	NetBSD-current:	source prior to June 8, 2009
		NetBSD 5.0:	source prior to June 30, 2009
		NetBSD 4.0.1:	source prior to June 30, 2009
		NetBSD 4.0:	source prior to June 30, 2009
		pkgsrc:		openssh packages prior to 5.2

Severity:	Information leakage from SSH sessions

Fixed:		NetBSD-current:    June 8, 2009
		NetBSD-5 branch:   June 30, 2009 (5.0.1 will include the fix)
		NetBSD-4 branch:   June 30, 2009 (4.1 will include the fix)
		NetBSD-4-0 branch: June 30, 2009 (4.0.2 will include the fix)
		pkgsrc 2009Q1:	   openssh-5.2 corrects this issue

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

A defect exists in SSH protocol that allows active attackers to
recover plaintext from an SSH session if a CBC mode cipher is in
use. Updated versions of OpenSSH mitigate this problem.
(Continue reading)

Permalink | Reply | 0 comments |
headers
NetBSD Security Officer | 30 Jun 2009 23:51
Picon

NetBSD Security Advisory 2009-006: Buffer overflows in ntp


		 NetBSD Security Advisory 2009-006
		 =================================

Topic:		Buffer overflows in ntp

Version:	NetBSD-current:	source prior to May 21, 2009
		NetBSD 5.0:		source prior to May 27, 2009
		NetBSD 4.0.1:		source prior to May 27, 2009
		NetBSD 4.0:		source prior to May 27, 2009

Severity:	Potential remote arbitrary code execution

Fixed:		NetBSD-current:		May 20, 2009
		NetBSD-5 branch:	May 27, 2008 (5.0.1 will include the fix)
		NetBSD-4 branch:	May 27, 2008 (4.1 will include the fix)
		NetBSD-4-0 branch:	May 27, 2008 (4.0.2 will include the fix)

Please note that NetBSD releases prior to 4.0 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

Two remote buffer overflow vulnerabilities have been found in the ntp
(Network Time Protocol) code.

The first, in ntpq, potentially allows arbitrary code execution (as
the user running ntpq) if a hostile ntp daemon is contacted.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane