FreeBSD Security Advisory (Crypt)

The FreeBSD Security Team has identified an issue in crypt and has issued the following security advisory: FreeBSD-SA-12:02.crypt (30/05/2012).

I. Background

The crypt(3) function performs password hashing with additional code added to deter key search attempts.

II. Problem Description

There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII.

III. Impact

When the input contains characters with only the most significant bit set (0×80), that character and all characters after it will be ignored.

For a workaround and solution, check out the security advisory: FreeBSD-SA-12:02.crypt

FreeBSD Security Advisory (OpenSSL)

The FreeBSD Security Team has identified a security issue in openssl.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

OpenSSL support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.

To find out more about the impact, a work-around and solution, check out the advisory page:FreeBSD Security Advisory (openssl)

FreeBSD quick news and links (GhostBSD, Centreon, FreeBSD Dev, iXsystems)

GhostBSD 2.5: A GNOME-ified FreeBSD 9.0

If you want to try out FreeBSD 9.0 this holiday but are not turned on by the actual FreeBSD 9.0 install and setup process, nor find the KDE desktop of PC-BSD 9.0 enjoyable, you may want to try out GhostBSD 2.5.

GhostBSD 2.5: A GNOME-ified FreeBSD 9.0


Centreon 2.3.3 on FreeBSD 9

This tutorial will guide the user to complete the installation of Centreon on FreeBSD. We will be using an installation on a FreeBSD 9.0-PRERELEASE kernel version, kernel version does not influence the tutorial.

What is the Centreon? Centreon is a powerful tool for monitoring hosts and services, it is a frontend that works on top of Nagios, adding many features for viewing and alert history, status, etc. ..

Centreon 2.3.3 on FreeBSD 9


Debian GNU/kFreeBSD Gets Ready For FreeBSD 9.0

It’s not only the FreeBSD and PC-BSD camps gearing up for the imminent release of FreeBSD 9.0, but Debian developers have already been gearing up for the major update of this leading BSD distribution as they prepare to pull in its new kernel.

Debian GNU/kFreeBSD Gets Ready For FreeBSD 9.0


Top 6 Linux and BSD graphical installation programs

PC-BSD’s installation setup is one of them: Top 6 Linux and BSD graphical installation programs.


FreeBSD Development over 13 Years

This video shows the visual development of FreeBSD with its committers.

iXsystems Haiku Contest

Do you have the creativity/humor/love for FreeBSD and PC-BSD? Then submit an original haiku poem.

Here at iXsystems we always love hearing what you have to say, and what better way to celebrate the upcoming PC-BSD 9.0 release than indulging in some creative writing? We’ll gladly give away a PC-BSD shirt to the winner, and immortalize his/her haiku up on our Facebook and Google+ sites. (via)

bsdtalk210 – James Nixon from iXsystems

Interview with James Nixon from iXsystems at the LISA 2011 conference in Boston.

bsdtalk210 – James Nixon from iXsystems


BSDs ‘lost’ just because of this phone number 1-800-ITS-UNIX

BSD ‘lost’ because of a phone number? Nonsense.

Four of the BSD guys had just formed a company to sell BSD commercially. They even had a nice phone number: 1-800-ITS-UNIX. That phone number did them and me in. AT&T sued them over the phone number and the lawsuit took 3 years to settle. That was precisely the period Linux was launched and BSD was frozen due to the lawsuit

Interview with Andrew Tanenbaum


FreeBSD Security Advisories

PAMPAM_sshtelnetdchroot, and bind.

FreeBSD Security Advisory (mountd)

The FreeBSD Security Team has identified a security bug in mountd.

I. Background

The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call.

II. Problem Description

While parsing the exports(5) table, a network mask in the form of “-network=netname/prefixlength” results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as “-network 192.0.2.0/23″ would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

III. Impact

When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems.

For a workaround and solution, check out the security advisory: FreeBSD Security Advisory (mountd)

FreeBSD Security Advisory (openssl)

The FreeBSD Security Team has identified a security bug in openssl:

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL’s internal caching mechanism. The race condition can lead to a buffer overflow.

A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.

III. Impact

For affected server applications, an attacker may be able to utilize the buffer overflow to crash the application or potentially run arbitrary code with the privileges of the application.

It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server.

To find out more about the impact, a work-around and solution, check out the advisory page: FreeBSD Security Advisory (openssl)

FreeBSD Security Advisory (pseudofs)

The FreeBSD Security Team has identified a little bug in FreeBSD with speudofs:

I. Background

pseudofs offers an abstract API for pseudo file systems which is utilized by procfs(5) and linprocfs(5). It provides generic file system services such as ACLs, extended attributes which interface with VFS and which are otherwise onerous to implement. This enables pseudo file system authors to add this functionality to their file systems with minimal effort.

II. Problem Description

The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.

To find out more about the impact, a work-around and solution, check out the advisory page:

FreeBSD Security Advisory (pseudofs)