From henk at ripe.net Mon Mar 4 09:47:55 2002 From: henk at ripe.net (Henk Uijterwaal (RIPE-NCC)) Date: Mon, 4 Mar 2002 09:47:55 +0100 (CET) Subject: IMW 2002 CFP Message-ID: FYI and sorry for duplicate copies, Henk ---------- Forwarded message ---------- Date: Fri, 01 Mar 2002 17:03:39 -0500 From: Balachander Krishnamurthy Subject: IMW 2002 CFP [some of you may have seen it on some mailing lists but just in case..] Internet Measurement Workshop 2002 Sponsored by ACM SIGCOMM and co-sponsored by ACM SIGMETRICS and USENIX November 6-8, 2002, Marseille, France Workshop URL: http://www.icir.org/vern/imw-2002/ The 2nd Internet Measurement Workshop is a two and a half day event focusing on Internet measurement and analysis. Submissions should contribute to the current understanding of how to collect or analyze Internet measurements, or give insight into how the Internet behaves. Examples of relevant topics are: - Workload characterization and traffic analysis - Traffic engineering and measurement of traffic matrices - Web and peer-to-peer measurements - Inter-domain and intra-domain routing - Active and passive measurement - Anonymization and privacy issues - Measurement-based inference of network properties - Efficacy of content distribution networks - Reassessment/testing of previous measurement findings - Assessment of previous simulation/testbed findings - Design of monitoring systems - Sampling techniques Papers that do not in some fashion rely on measuring Internet properties are out of scope. Attendance will be limited to 100 participants, with priority given to authors of accepted papers, program committee members, and authors of submitted papers. The papers from last year's Internet Measurement Workshop are available on the Web at http://www.icir.org/vern/imw-2001/proceedings.html. The workshop is open to two forms of submissions: - Full papers (up to 14 two-column pages) should exhibit succinctness appropriate to the topics and themes they discuss. - Extended abstracts (up to 6 two-column pages), conveying work expected to mature by the time of the workshop. Accepted extended abstracts will still be subject to a 6-page limit in the proceedings. Submissions must be in electronic form, as Postscript or PDF documents (see http://www.icir.org/vern/imw-2002/submit.html for instructions). All manuscripts must be in English. Submissions must be registered in advance at http://www.icir.org/vern/imw-2002/register.html. Registration opens April 1, 2002. Registration will be confirmed via email, including the assignment of a paper number. The top of the first page of each submitted paper should include the title of the paper, the authors, the registration number, and the number of pages in the submission. Key dates: - 11PM EDT, May 3, 2002: Registration of title and 250-word abstract - 11PM EDT, May 10, 2002: HARD submission deadline - June 28, 2002: Notification - August 9, 2002: Camera Ready Copy due - November 6-8, 2002: Workshop held in Marseille, France All full papers and extended abstracts accepted for presentation at the workshop will be published by ACM in proceedings. In addition to the published proceedings, the Program Committee may also select a few papers for fast-track submission for possible publication in IEEE/ACM Transactions on Networking. There may also be an opportunity to present some papers that are not accepted in a poster session. The workshop will present a best student paper award for the top paper with a student as the primary author and contributor. A limited number of travel grants will be available to students who are unable to secure funding from their advisors. Steering committee - Christophe Diot, Sprint ATL (cdiot at sprintlabs.com) - Balachander Krishnamurthy, AT&T--Labs Research (bala at research.att.com) - Vern Paxson, ICIR (vern at icir.org) - Jennifer Rexford, AT&T--Labs Research (jrex at research.att.com) Program committee - Mostafa Ammar (Georgia Institute of Technology) - Mark Crovella (Boston University) - Anja Feldmann (University of Saarbruecken) - Ramesh Govindan (International Computer Science Institute) - Steven Gribble (University of Washington) - Venkat Padmanabhan (Microsoft Research) - Kave Salamatian (Universite Pierre et Marie Curie) - Darryl Veitch (University of Melbourne) ------- End of Blind-Carbon-Copy From henk at ripe.net Thu Mar 7 21:00:02 2002 From: henk at ripe.net (Henk Uijterwaal (RIPE-NCC)) Date: Thu, 7 Mar 2002 21:00:02 +0100 (CET) Subject: [ripe-ttraffic #50596] [security-advisories@FreeBSD.ORG: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh] (fwd) Message-ID: Dear test-box hosts, You may have seen the attached mail about a bug in OpenSSH. The test-box at your site is still running 3.0p1. We are aware of this and will upgrade as soon as practically possible. No action from your side is required at the moment and, please, don't send us output of port-scans showing that we are using version SSH-1.99-OpenSSH_3.0p1. Kind regards, Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal at ripe.net RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk Singel 258 Phone: +31.20.5354414 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ That problem that we weren't having yesterday, is it better? (Big ISP NOC) ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:12:33 +0100 From: Mark Santcroos To: tt-ops Subject: [ripe-ttraffic #50596] [security-advisories at FreeBSD.ORG: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh] No real urgency, but may be nice to upgrade ssh in the future for this. ----- Forwarded message from FreeBSD Security Advisories ----- >From ms Thu Mar 7 16:09:01 2002 X-Authentication-Warning: laptop.6bone.nl: ms set sender to owner-freebsd-announce at FreeBSD.ORG using -f X-Recipient: Delivered-To: freebsd-announce at freebsd.org Date: Thu, 7 Mar 2002 06:59:49 -0800 (PST) X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories at freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Reply-To: security-advisories at FreeBSD.ORG List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Precedence: bulk X-UIDL: ]eL"!k=]"!&)!#!*$-"! -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:13 Security Advisory FreeBSD, Inc. Topic: OpenSSH contains exploitable off-by-one bug Category: core, ports Module: openssh, ports_openssh, openssh-portable Announced: 2002-03-07 Credits: Joost Pol Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE FreeBSD 4.5-STABLE prior to the correction date openssh port prior to openssh-3.0.2_1 openssh-portable port prior to openssh-portable-3.0.2p1_1 Corrected: 2002-03-06 13:57:54 UTC (RELENG_4) 2002-03-07 14:40:56 UTC (RELENG_4_5) 2002-03-07 14:40:07 UTC (RELENG_4_4) 2002-03-06 13:53:38 UTC (ports/security/openssh) 2002-03-06 13:53:39 UTC (ports/security/openssh-portable) CVE: CAN-2002-0083 FreeBSD only: NO I. Background OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. `ssh' is the client application, while `sshd' is the server. II. Problem Description OpenSSH multiplexes `channels' over a single TCP connection in order to implement X11, TCP, and agent forwarding. An off-by-one error in the code which manages channels can result in a reference to memory beyond that allocated for channels. A malicious client or server may be able to influence the contents of the memory so referenced. III. Impact An authorized remote user (i.e. a user that can successfully authenticate on the target system) may be able to cause sshd to execute arbitrary code with superuser privileges. A malicious server may be able to cause a connecting ssh client to execute arbitrary code with the privileges of the client user. IV. Workaround Do one of the following: 1) The FreeBSD malloc implementation can be configured to overwrite or `junk' memory that is returned to the malloc arena. Due to the details of exploiting this bug, configuring malloc to junk memory will thwart the attack. To configure a FreeBSD system to junk memory, execute the following commands as root: # ln -fs J /etc/malloc.conf Note that this option will degrade system performance. See the malloc(3) man page for full details on malloc options. 2) Disable the base system sshd by executing the following command as root: # kill `cat /var/run/sshd.pid` Be sure that sshd is not restarted when the system is restarted by adding the following line to the end of /etc/rc.conf: sshd_enable="NO" AND Deinstall the openssh or openssh-portable ports if you have one of them installed. V. Solution Do one of the following: [For OpenSSH included in the base system] 1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2, or 4.5-STABLE after the correction date and rebuild. 2) FreeBSD 4.x systems prior to the correction date: The following patch has been verified to apply to FreeBSD 4.4-RELEASE, 4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It may or may not apply to older, unsupported versions of FreeBSD. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/sshd.patch # cd /usr/src/secure/lib/libssh # make depend && make all # cd /usr/src/secure/usr.sbin/sshd # make depend && make all install # cd /usr/src/secure/usr.bin/ssh # make depend && make all install [For the OpenSSH ports] One of the following: 1) Upgrade your entire ports collection and rebuild the OpenSSH port. 2) Deinstall the old package and install a new package obtained from the following directory: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ [other platforms] Packages are not automatically generated for other platforms at this time due to lack of build resources. 3) Download a new port skeleton for the openssh or openssh-portable port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Path Revision Branch - ------------------------------------------------------------------------- [Base system] src/crypto/openssh/channels.c HEAD 1.8 RELENG_4 1.1.1.1.2.6 RELENG_4_5 1.1.1.1.2.5.2.1 RELENG_4_4 1.1.1.1.2.4.4.1 src/crypto/openssh/version.h HEAD 1.10 RELENG_4 1.1.1.1.2.8 RELENG_4_5 1.1.1.1.2.7.2.1 RELENG_4_4 1.1.1.1.2.5.2.2 src/sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.3 RELENG_4_4 1.44.2.17.2.8 [Ports] ports/security/openssh/Makefile 1.81 ports/security/openssh/files/patch-channels.c 1.1 ports/security/openssh-portable/Makefile 1.21 ports/security/openssh-portable/files/patch-channels.c 1.1 - ------------------------------------------------------------------------- Branch Version string - ------------------------------------------------------------------------- HEAD OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4 OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20020307 - ------------------------------------------------------------------------- To view the version string of the OpenSSH server, execute the following command: % /usr/sbin/sshd -\? The version string is also displayed when a client connects to the server. To view the version string of the OpenSSH client, execute the following command: % /usr/bin/ssh -V VII. References The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0083 to this issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPId+x1UuHi5z0oilAQGvpAP+NDgcpdZAo8aB2ptAbbS7h3MzJULCnPlN BqnQ+AylR8HTcPt7XduF6Sh8KSpu75Y5uCJcrNvAoF2jmnH3DFa79GY4hEj7VvCl DiAzN3bwcTFBAPWSNaCXK6odyqCjumMOL3drgtibuMHZuQSKn5ZOvNKquVSXuaY+ 86MXQwGukUU= =csOr -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo at FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message ----- End forwarded message ----- -- Mark Santcroos RIPE Network Coordination Centre http://www.ripe.net/home/mark/ New Projects Group/TTM From henk at ripe.net Thu Mar 28 11:07:34 2002 From: henk at ripe.net (Henk Uijterwaal (RIPE-NCC)) Date: Thu, 28 Mar 2002 11:07:34 +0100 (CET) Subject: RIPE NCC Offices Closed - 29 March & 1 April 2002 (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 27 Mar 2002 17:27:33 +0100 From: Paul Rendek To: local-ir at ripe.net Subject: RIPE NCC Offices Closed - 29 March & 1 April 2002 Dear Colleagues, Please note that the RIPE NCC offices will be closed on Friday, 29 March 2002 & Monday, 1 April 2002 due to public holidays in The Netherlands. Normal office hours will resume on Tuesday, 2 April 2002. Regards, Paul Rendek RIPE NCC