FreeBSD Security Advisories (ftpd & protosw)

The FreeBSD Team has issued 2 security warnings:

  • FreeBSD-SA-08:13.protosw – netgraph / bluetooth privilege escalation
  • FreeBSD-SA-08:12.ftpd – Cross-site request forgery in ftpd(8)

FreeBSD-SA-08:13.protosw

I. Background

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. As an early form of object-oriented design, much of the functionality specific to different types of sockets is abstracted via function pointers.

II. Problem Description

Some function pointers for netgraph and bluetooth sockets are not properly initialized.

III. Impact

A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

For a workaround, solution and patch etc go here

FreeBSD-SA-08:12.ftpd

I. Background

ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server.

A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site.

II. Problem Description

The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

III. Impact

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

For a workaround, solution and patch etc go here

OpenVPN – getting it running

FreeBSD Diary has 2 howtos on setting up OpenVPN on FreeBSD

This article is about OpenVPN, a full-featured open source SSL VPN solution. I first started using OpenVPN in December 2006. That is nearly two years ago. I took some notes but I never published anything until today. My original use for OpenVPN was easy access to my home network while away from home. For this is was wonderful. Being able to ssh “directly” to my machines, cvsup, etc, was very convenient.

1) 1 OpenVPN – getting it running

In this article, I will show you how I created a routed VPN using OpenVPN. In this network, multiple clients can attach to the server, each of which has access to the network attached to the server. Each client can also contact any other client, subject to firewall rules.

In my case, I wanted a way for all my servers (on the internet, in data centers) to contact my CVS repository behind my firewall at home. Given that home has a dynamic IP address, it complicates matters. A VPN solves this issue and provides several benefits.

2) Creating a Routed VPN

iPod A1285 and FreeBSD happiness

Earlier this year Naomi got her hands on a blue iPod. It is the first time that an iPod thing invaded our life and now that I spend about a good two hours per day on the train, I think it is the right time. Only, what to put on it?

Music! Everywhere I see people with the white earplugs I hear their music, I see them chosing the next track and I wonder “Which music can be so good that you can listen to it every day?”. So music is a no-no.

Podcasts! I have several of them and up to now I always managed to listen to them while I was working from home. Right now I don’t have the luxery of working from home, or listening to them on the weekend because I spend all my time entertaining the kids. So for the last weeks these things have been piling up:….

Read further how to get (some) ipod(s) working with FreeBSD and gtkpod

FreeBSD Foundation end-of-year fund raising drive (update)

The FreeBSD Foundation end-of-year fund raise drive message from the FreeBSD mailinglist:

“Dear FreeBSD Community,

First, we would like to thank everyone who has donated to the FreeBSD Foundation this year. We have raised $198,583 towards our 2008 goal of $300,000! We are almost 2/3 of the way to reaching our goal!

Like most non-profits, we are seeing the affects of the weak economy. This time last year we had raised $346,587. By meeting our goal this year will allow us to continue the same amount of support next year, as well as continue to invest some of the funds.

Why do we need donations?

The goal of the FreeBSD Project is to provide software that may be used for any purpose — and without strings attached. Our mission is to support the FreeBSD Project and community. Our funding comes from people like you – those who are determined to keep FreeBSD free!

How have we spent the money this year?

 

  • Sponsored FreeBSD related conferences like BSDCan, EuroBSDCon, AsiaBSDCon, meetBSD, and NYCBSDCon. We also sponsored FreeBSD developer summits in Ottawa and Cambridge.
  • Provided 23 travel grants and funding to individuals to attend these conferences this year.
  • Provided legal support for the project on issues like understanding the GPLv3 impact on FreeBSD, providing a privacy policy, trademark ownership and permission, and other legal issues that come up.
  • Provided grants for projects that improve FreeBSD, like Java binaries, Network Stack Virtualization, Improving Hardware Performance Counter Support, making improvements to the TCP stack, making FreeBSD tolerate the removal of active disk devices, and a couple of other projects that we will be announcing soon.
  • Provided equipment for developers working to improve FreeBSD and projects like the NetPerf cluster. Facilitated donation of NetApp filer, 32-core hardware, and 10 Gigabit equipment for project continuity planning and the NetPerf Cluster.

 

How can you help?

Your financial support is critical for the FreeBSD Project. Please help us keep FreeBSD free. Go to

http://www.freebsdfoundation.org/donate/

to donate (any amount will help). And thank you for your continued support of the FreeBSD Foundation.”

Jail updates in FreeBSD 8-CURRENT

Bjoern Zeeb has updated the jail code (Wikipedia | FBSD Handbook) in freebsd 8-current with the following new futures:

  • support of several IP for every jail
  • support of IPv6
  • Jail can now be created without IP address support
  • SCTP is updated inside the jail code
  • cpuset is capable to assign processes to a specific jailid or irq
  • hostname support for alternative jail names

More information on the complete changes here