From owner-doc-jp@jp.freebsd.org  Sun Feb 25 01:48:14 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id BAA16100;
	Sun, 25 Feb 2001 01:48:14 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id BAA16093
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 01:48:13 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0157-ip01funabasi.chiba.ocn.ne.jp [211.123.225.157])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id BAA01145
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 01:48:08 +0900 (JST)
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id BAA34107
	for <doc-jp@jp.freebsd.org>; Sun, 25 Feb 2001 01:46:05 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Date: Sun, 25 Feb 2001 01:45:04 +0900 (JST)
Message-Id: <20010225.014504.08314398.hrs@eos.ocn.ne.jp>
To: doc-jp@jp.freebsd.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200102072038.f17KcB513558@freefall.freebsd.org>
References: <200102072038.f17KcB513558@freefall.freebsd.org>
X-Mailer: Mew version 1.95b101 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Sun_Feb_25_01:45:04_2001_764)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 8003
Subject: [doc-jp 8003] Re: ANNOUNCE: FreeBSD Ports Security Advisory:
 FreeBSD-SA-01:22.dc20ctrl
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Sun_Feb_25_01:45:04_2001_764)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 01:22 $B$H(B 01:24 $B$G$9!#(B

 01:24 $B$O2<5-$NItJ,!"FC$K(B On average.. $B$+$i$N0lJ8$NLu$,$*$+$7$$$H(B
 $B;W$&$N$G!"LuJ8Jg=8$G$9!#(B

  # to have a high chance of succeeding $B$N<gBN$,(B
  # $BNI$/J,$+$i$s$G$9!#(B

  |This attack is mitigated by the requirement to initiate large
  |numbers of SSH1 protocol connections to the server during the
  |lifetime of the key.  On average a sustained connection rate of
  |around 400 connections and SSH1 protocol handshakes must be carried
  |out per second to have a high chance of succeeding within the 1 hour
  |lifetime of the server key.  OpenSSH contains rate-limiting code
  |which will limit the number of outstanding connections to a fraction
  |of this number in the default configuration, and computational and
  |network limitations may reduce this number still further.
  |
  |$B$3$N967b$O(B, $B0l;~%5!<%P80$NM-8z4|4VFb$N?75,(B SSH1 $B%W%m%H%3%k@\B3?t$r(B
  |$BB?$/@_Dj$9$k$3$H$G4KOB$9$k$3$H$,$G$-$^$9(B.  $B967b$r<u$1$J$$$?$a$K$O(B,
  |$B0l;~%5!<%P80$NM-8z4|4V(B, $B$D$^$j(B 1 $B;~4V0JFb$K%5!<%P$,<u$1F~$l$kM-8z$J@\B3$H(B
  |SSH1 $B%W%m%H%3%k$N%O%s%I%7%'%$%/$,(B, $BKhICJ?6Q$7$F(B 400 $B@\B3A08eI,MW$K$J$j$^$9(B.
  |OpenSSH $B$K$O(B, $B?75,@\B3?t$rI8=`$G@_Dj$5$l$?3d9g$K@)8B$9$k$?$a$N%3!<%I$,(B
  |$B4^$^$l$F$*$j(B, $B<B:]$N@\B3?t$O$5$i$K(B, $B7W;;5!$NG=NO$*$h$S%M%C%H%o!<%/$N(B
  |$BJ*M}E*$JB.EY$N8B3&$K$h$C$F@)8B$5$l$^$9(B.

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|
| sato@sekine00.ee.noda.sut.ac.jp (UNIV)
| hrs@FreeBSD.org (FreeBSD Project)


----Next_Part(Sun_Feb_25_01:45:04_2001_764)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:22"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:22 (2001-02-07)
 * dc20ctrl port contains a locally exploitable buffer overflow
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:22.dc20ctrl
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Wed, 7 Feb 2001 12:38:11 -0800 (PST)
  Message-Id: <200102072038.f17KcB513558@freefall.freebsd.org>
  X-Sequence: announce-jp 690

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:22                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	dc20ctrl port contains a locally exploitable buffer overflow
                yielding gid dialer

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	dc20ctrl
$B9pCNF|(B:		2001-02-07
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2001-02-07
$B%Y%s%@$NBP1~(B:	$B%Y%s%@$KDLCN$:$_(B
FreeBSD $B$K8GM-$+(B:	No


I.   $BGX7J(B - Background

dc20ctrl is a program to control Kodak DC20 digital cameras.

dc20ctrl $B$O(B, $B%G%#%8%?%k%+%a%i(B Kodak DC20 $B$rA`:n$9$k$?$a$N%W%m%0%i%`$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

The dc20ctrl port, versions prior to 0.4_1, contains a locally
exploitable buffer overflow.  Because the dc20ctrl program is also
setgid dialer, unprivileged local users may gain gid dialer on the
local system.  This may allow the users to gain unauthorized access to
the serial port devices.

dc20ctrl port $B$N%P!<%8%g%s(B 0.4_1 $B$h$jA0$N$b$N$K$O(B, $B%m!<%+%k$+$i(B
$B0-MQ2DG=$J%P%C%U%!%*!<%P%U%m!<LdBj$,4^$^$l$F$$$^$9(B.
dc20ctrl $B%W%m%0%i%`$O(B dialer $B%0%k!<%W$K(B setgid $B$5$l$F$$$k$?$a(B,
$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N(B
dialer $B%0%k!<%W$N8"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9(B.
$B$7$?$,$C$F$3$N<eE@$O(B, $B%7%j%"%k%]!<%H%G%P%$%9$X$NIT@5$J%"%/%;%9$r(B
$B5v$9$3$H$K$J$j$^$9(B.

The dc20ctrl port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 4500 third-party applications in a ready-to-install
format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
contain this problem since it was discovered after the releases.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

dc20ctrl $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.


III. $B1F6AHO0O(B - Impact

Unprivileged local users may gain increased privileges on the local
system including potentially unauthorized access to the serial port
devices.

$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N(B
$B9b$$8"8B$rF~<j$7(B, $B%7%j%"%k%]!<%H%G%P%$%9$XIT@5$K%"%/%;%9$G$-$k2DG=@-$,(B
$B$"$j$^$9(B.

If you have not chosen to install the dc20ctrl port/package, then
your system is not vulnerable to this problem.

dc20ctrl $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.


IV.  $B2sHrJ}K!(B - Workaround

Deinstall the dc20ctrl port/package, if you have installed it.

dc20ctrl $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.


V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the dc20ctrl port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, dc20ctrl $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: dc20ctrl $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/dc20ctrl-0.4_1.tgz

NOTE: it may be several days before updated packages are available.
$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

3) download a new port skeleton for the dc20ctrl from:
3) dc20ctrl $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:22,v 1.1 2001/02/24 16:15:42 hrs Exp $

----Next_Part(Sun_Feb_25_01:45:04_2001_764)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:24"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:24 (2001-02-12)
 * SSH1 implementations may allow remote system, data compromise
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Mon, 12 Feb 2001 16:50:46 -0800 (PST)
  Message-Id: <200102130050.f1D0okB80896@freefall.freebsd.org>
  X-Sequence: announce-jp 693

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:24                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	SSH1 implementations may allow remote system, data compromise

$BJ,N`(B:		core/ports
$B%b%8%e!<%k(B:	openssh, ssh
$B9pCNF|(B:		2001-02-12
$B%/%l%8%C%H(B:	Michal Zalewski <lcamtuf@razor.bindview.com> ($B<eE@(B 1)
                Core-SDI (http://www.core-sdi.com) ($B<eE@(B 2)
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B FreeBSD 4.x, 4.2-STABLE
                $B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		OpenSSH [FreeBSD 4.x $B%Y!<%9%7%9%F%`(B]:
                   2000-12-05 ($B<eE@(B 1)
                   2001-02-11 ($B<eE@(B 2)
                OpenSSH [ports]:
                   2001-02-09 ($B<eE@(B 1)
                   2001-02-11 ($B<eE@(B 2)
                ssh [ports]:
                   2001-02-09 ($B<eE@(B 1)
                   2001-02-09 ($B<eE@(B 2)
$B%Y%s%@$NBP1~(B:	$B=$@5%Q%C%A$,8x3+$:$_(B
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

OpenSSH is an implementation of the SSH1 and SSH2 secure shell
protocols for providing encrypted and authenticated network access,
which is available free for unrestricted use.

OpenSSH $B$O(B, $B0E9f2=$HG'>Z$rHw$($?%M%C%H%o!<%/%"%/%;%9$rDs6!$9$k(B
SSH1/SSH2 $B%;%-%e%"%7%'%k%W%m%H%3%k<BAu$N0l$D$G$9(B.  OpenSSH $B$O(B
$B%U%j!<$G$"$j(B, $BMxMQ@)8B$O$"$j$^$;$s(B.

An SSH1 client/server (ssh) from ssh.com is included in the ports
collection.  This software is not available free of charge for all
uses, and the FreeBSD Security Officer does not recommend its use.

Ports Collection $B$K$O(B, ssh.com $B$+$iDs6!$5$l$F$$$k(B
SSH1 $B%/%i%$%"%s%H(B/$B%5!<%P(B (ssh) $B$,4^$^$l$F$$$^$9(B.
$B$3$N%=%U%H%&%'%"$O$9$Y$F$N%f!<%6$,L5NA$GMxMQ$G$-$k$b$N$G$O$J$$$?$a(B,
FreeBSD $B%;%-%e%j%F%#%*%U%#%5$O(B, $B$3$N%=%U%H%&%'%"$N;HMQ$r?d>)$7$F$$$^$;$s(B.


II.  $BLdBj$N>\:Y(B - Problem Description

There are two flaws in the SSH1 protocol as implemented by OpenSSH and
ssh.

OpenSSH $B$*$h$S(B ssh $B$K<BAu$5$l$F$$$k(B SSH1 $B%W%m%H%3%k$K$O(B,
$B0J2<$K<($9$h$&$J(B 2 $B$D$N7g4Y$,B8:_$7$^$9(B.

$B<eE@(B 1:

  An integer overflow may allow arbitrary remote users to obtain root
  permissions on the server running sshd.  This is due to a coding
  mistake in code intended to work around a protocol flaw in the SSH1
  protocol.  This vulnerability was corrected in OpenSSH 2.3.0, which
  was committed to FreeBSD 4.2-STABLE on 2000-12-05.

  $B@0?t$N%*!<%P%U%m!<LdBj$rMxMQ$9$k$3$H$G(B, $B$9$Y$F$N%j%b!<%H%f!<%6$O(B
  sshd $B$,<B9T$5$l$F$$$k%5!<%P>e$N(B root $B8"8B$rIT@5$KF~<j$9$k$3$H$,(B
  $B2DG=$G$9(B.  $B$3$l$O(B SSH1 $B%W%m%H%3%k$K$"$kIT6q9g$r=$@5$9$k$?$a$N(B
  $B%3!<%I$K8m$j$,$"$C$?$3$H$,860x$G$9(B.  $B$3$N%;%-%e%j%F%#>e$N<eE@$O(B
  OpenSSH 2.3.0 $B$G=$@5$5$l(B, 2000-12-05 $B$K(B FreeBSD 4.2-STABLE $B$X(B
  $BH?1G$5$l$^$7$?(B.

$B<eE@(B 2;

  Remote attackers who can observe the encrypted contents of a user's
  SSH1 session, and who have the ability to mount large numbers of
  connections fo the SSH1 server may be able to break the transient
  server key used by the server to negotiate encryption parameters for
  the session, and from there can decrypt the entire contents of the
  snooped connection.  The transient key has a lifetime of only one
  hour by default, but all snooped SSH1 sessions captured within this
  timeframe may be broken if the attack is successful.

  $B$"$k%f!<%6$N(B SSH1 $B%;%7%g%s$K4^$^$l$k0E9f2=$5$l$?DL?.FbMF$r(B
  $B4F;k$G$-(B, $B$+$D$=$N(B SSH1 $B%5!<%P$KBP$7$FHs>o$KB??t$N@\B3$r9T$J$($k(B
  $B%j%b!<%H$N967b<T$O(B, $B3F%;%7%g%s$G0E9f2=%Q%i%a!<%?$r8r>D$9$k$?$a$K(B
  $B%5!<%P$,MQ$$$k0l;~%5!<%P80(B (transient server key) $B$rGK$j(B,
  $B4F;k$7$F$$$k@\B3$NDL?.FbMF$r$9$Y$FI|9f$9$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9(B.
  $B0l;~%5!<%P80$NM-8z4|4V$OI8=`$G(B 1 $B;~4V$7$+$"$j$^$;$s$,(B, $B967b$,@.8y$9$k$H(B,
  $B$=$N;~4VFb$K967b<T$,4F;k!&JaB*$7$F$$$k$9$Y$F$N(B SSH1 $B%;%7%g%s$N0E9f$r(B
  $BGK$k$3$H$,2DG=$G$9(B.

  This attack is mitigated by the requirement to initiate large
  numbers of SSH1 protocol connections to the server during the
  lifetime of the key.  On average a sustained connection rate of
  around 400 connections and SSH1 protocol handshakes must be carried
  out per second to have a high chance of succeeding within the 1 hour
  lifetime of the server key.  OpenSSH contains rate-limiting code
  which will limit the number of outstanding connections to a fraction
  of this number in the default configuration, and computational and
  network limitations may reduce this number still further.
  Therefore, though the potential impact of this flaw is great, it is
  made very difficult to exploit in practice.  However, note that even
  though the chances of success are reduced, the vulnerability is not
  eliminated.

  $B$3$N967b$O(B, $B0l;~%5!<%P80$NM-8z4|4VFb$N?75,(B SSH1 $B%W%m%H%3%k@\B3?t$r(B
  $BB?$/@_Dj$9$k$3$H$G4KOB$9$k$3$H$,$G$-$^$9(B.  $B967b$r<u$1$J$$$?$a$K$O(B,
  $B0l;~%5!<%P80$NM-8z4|4V(B, $B$D$^$j(B 1 $B;~4V0JFb$K%5!<%P$,<u$1F~$l$kM-8z$J@\B3$H(B
  SSH1 $B%W%m%H%3%k$N%O%s%I%7%'%$%/$,(B, $BKhICJ?6Q$7$F(B 400 $B@\B3A08eI,MW$K$J$j$^$9(B.
  OpenSSH $B$K$O(B, $B?75,@\B3?t$rI8=`$G@_Dj$5$l$?3d9g$K@)8B$9$k$?$a$N%3!<%I$,(B
  $B4^$^$l$F$*$j(B, $B<B:]$N@\B3?t$O$5$i$K(B, $B7W;;5!$NG=NO$*$h$S%M%C%H%o!<%/$N(B
  $BJ*M}E*$JB.EY$N8B3&$K$h$C$F@)8B$5$l$^$9(B.
  $B$7$?$,$C$F(B, $B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k1F6A$OBg$-$$$b$N$N(B,
  $B<B:]$K<eE@$rFM$/$3$H$OHs>o$K:$Fq$G$9(B.  $B$?$@$7(B, $B2DG=@-$,Dc$$$+$i$H$$$C$F(B,
  $B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k1F6A$rL5;k$G$-$k$o$1$G$O$"$j$^$;$s(B.

OpenSSH is installed if you chose to install the 'crypto' distribution
at install-time or when compiling from source, and is installed and
enabled by default as of FreeBSD 4.1.1-RELEASE.  By default SSH1
protocol support is enabled.

OpenSSH $B$O(B, $B%$%s%9%H!<%k;~(B, $B$b$7$/$O%=!<%9$+$i%7%9%F%`$r9=C[$9$k:]$K(B
'crypt' $BG[I[J*$N%$%s%9%H!<%k$rA*Br$9$k$H%$%s%9%H!<%k$5$l$^$9(B. $B$^$?(B,
FreeBSD 4.1.1-RELEASE $B0J9_$G$O(B, $BI8=`$G%$%s%9%H!<%k$5$l(B, $BM-8z2=$5$l$F$$$^$9(B.
$B$$$:$l$N>l9g$b(B SSH1 $B%W%m%H%3%k$OI8=`$GM-8z2=$5$l$F$$$^$9(B.

If SSH1 protocol support has been disabled in OpenSSH, it is not
vulnerable to these attacks.  They do not affect implementations of
the SSH2 protocol, such as OpenSSH run in SSH2-only mode.

OpenSSH $B$N(B SSH1 $B%W%m%H%3%kBP1~$rL58z2=$7$?>l9g(B, $B$3$NLdBj$rMxMQ$7$?(B
$B967b$KBP$9$k<eE@$O$J$/$J$j$^$9(B.  $B$3$N$3$H$O(B, OpenSSH $B$N(B SSH2-only
$B%b!<%I$J$I$N(B SSH2 $B%W%m%H%3%k<BAu$NF0:n$K1F6A$9$k$3$H$O$"$j$^$;$s(B.

Versions of the OpenSSH port prior to openssh-2.2.0_2, and versions
of the ssh port prior to ssh-1.2.27_3 are vulnerable to these attacks.

$B$3$l$i$N<eE@$rMxMQ$7$?967b$N1F6A$r<u$1$k$N$O(B,
OpenSSH port $B$N(B openssh-2.2.0_2 $B$h$jA0$N%P!<%8%g%s$N$b$N(B, $B$*$h$S(B
ssh port $B$N(B ssh-1.2.27_3 $B$h$jA0$N%P!<%8%g%s$N$b$N$G$9(B.


III. $B1F6AHO0O(B - Impact

Arbitrary remote users may be able to execute arbitrary code as root
on an SSH1 server accepting connections via the SSH1 protocol.

$B$9$Y$F$N%j%b!<%H%f!<%6$O(B, SSH1 $B%W%m%H%3%k7PM3$G@\B32DG=$J(B SSH1 $B%5!<%P>e$N(B
root $B8"8B$G(B, $BG$0U$N%3!<%I$rIT@5$K<B9T$G$-$k2DG=@-$,$"$j$^$9(B.

Remote users who can snoop the encrypted contents of SSH1 sessions
belonging to other users, and who can mount a very high rate of
connections to the server may be able to mount an attack leading to
the ability to decrypt these sessions.  This attack may disclose
account password details as well as other sensitive data.

$BB>$N%f!<%6$,;HMQ$7$F$$$k(B SSH1 $B%;%7%g%s$K4^$^$l$k0E9f2=$5$l$?FbMF$r(B
$B4F;k$G$-(B, $B%5!<%P$KBP$7$FC;;~4V$KHs>o$KB?$/$N@\B3$r9T$J$&$3$H$,$G$-$k(B
$B%j%b!<%H%f!<%6$O(B, $B4F;k$7$F$$$k(B SSH1 $B%;%7%g%s$NI|9f$r<B8=$9$k$h$&$J967b$,(B
$B$G$-$k2DG=@-$,$"$j$^$9(B.  $B$3$l$O(B, $B%"%+%&%s%H%Q%9%o!<%IEy$N=EMW$J>pJs$,(B
$BO31L$9$k860x$H$J$k$G$7$g$&(B.


IV.  $B2sHrJ}K!(B - Workaround

If you are running sshd, disable the use of the SSH1 protocol in
OpenSSH.  SSH1 contains inherent protocol deficiencies and is not
recommended for use in high-security environments.  Note that some
third-party SSH clients are not capable of using the SSH2 protocol,
however the OpenSSH client (version 2.1 and later) included in FreeBSD
is SSH2-capable.

sshd $B$r<B9T$7$F$$$k>l9g$O(B, OpenSSH $B$K$"$k(B SSH1 $B%W%m%H%3%k$NMxMQ@_Dj$r(B
$BL58z$K$7$^$9(B.  SSH1 $B$O85!9%W%m%H%3%k$K7g4Y$,$"$k$?$a(B, $B9b$$%;%-%e%j%F%#$,(B
$BMW5a$5$l$k4D6-$G$N;HMQ$O?d>)$5$l$F$$$^$;$s(B.  $B%5!<%I%Q!<%F%#@=$N(B
SSH $B%/%i%$%"%s%H$K$O(B, SSH2 $B%W%m%H%3%k$,MxMQ$G$-$J$$$b$N$b$"$j$^$9$,(B,
FreeBSD $B$K4^$^$l$k(B OpenSSH $B%/%i%$%"%s%H(B ($B%P!<%8%g%s(B 2.1 $B0J9_(B) $B$G$O(B,
SSH2 $B%W%m%H%3%k$rMxMQ$9$k$3$H$,2DG=$G$9(B.

To disable SSH1, add the following line to the /etc/ssh/sshd_config
file (/usr/local/etc/sshd_config for the OpenSSH port):

SSH1 $B%W%m%H%3%k$rL58z$K$9$k$K$O(B, $B2<$N9T(B

Protocol 2

and remove any other "Protocol" directives from that file.

$B$r(B /etc/ssh/sshd_config $B%U%!%$%k(B (OpenSSH port $B$N>l9g$O(B
/usr/local/etc/sshd_config) $B$KDI2C$7(B, $B$3$N%U%!%$%kCf$K$"$k(B
$BB>$N(B "Protocol" $B;X<(;R$r$9$Y$F:o=|$7$^$9(B.

Execute the following command as root:

$B$=$7$F(B, root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# kill -HUP `cat /var/run/sshd.pid`

This will cause the parent process to reread its configuration file,
and should not interfere with existing SSH sessions.

$B$3$l$K$h$j(B ssh $B$N?F%W%m%;%9$O@_Dj%U%!%$%k$r:FFI$_9~$_$7$^$9(B.
$B4{B8$N(B SSH $B%;%7%g%s$O1F6A$r<u$1$^$;$s(B.


V.   $B2r7h:v(B - Solution

- --[OpenSSH - base system]-----
- --[OpenSSH - $B%Y!<%9%7%9%F%`$N>l9g(B]-----

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade to FreeBSD 4.2-STABLE after the correction date.  Note that
these versions of FreeBSD contain a newer version of OpenSSH (version
2.3.0) than was in 4.2-RELEASE (version 2.2.0).
1) FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 4.2-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.
   $B$3$l$K$O(B, 4.2-RELEASE $B$K4^$^$l$k(B OpenSSH ($B%P!<%8%g%s(B 2.2.0) $B$h$j$b(B
   $B?7$7$$%P!<%8%g%s$N(B OpenSSH ($B%P!<%8%g%s(B 2.3.0) $B$,4^$^$l$F$$$^$9(B.

2) Download the patch and detached PGP signature from the following
location:
2) $B0J2<$N>l=j$K$"$k=$@5%Q%C%A$H(BPGP $B=pL>$r%@%&%s%m!<%I$7$^$9(B.

The following patch applies to FreeBSD 4.2-RELEASE.
$B0J2<$N=$@5%Q%C%A$O(B FreeBSD 4.2-RELEASE $BMQ$G$9(B.

# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch.asc

The folllowing patch applies to FreeBSD 4.2-STABLE which is running
OpenSSH 2.3.0 (4.2-STABLE dated after 2000-12-05)

$B0J2<$N=$@5%Q%C%A$O(B, OpenSSH 2.3.0 $B$r<B9T$7$F$$$k(B
(2000-12-05 $B0J9_$N(B) FreeBSD 4.2-STABLE $BMQ$G$9(B.

# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch.asc

Verify the detached signature using your PGP utility.
PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

Issue the following commands as root:
$B<!$K(B, root $B8"8B$G0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

# cd /usr/src/crypto/openssh
# patch -p < /path/to/patch
# cd /usr/src/secure/lib/libssh
# make all
# cd /usr/src/secure/usr.bin/ssh-agent
# make all install
# cd /usr/src/secure/usr.sbin/sshd
# make all install

Finally, if sshd is already running then kill and restart the sshd
daemon: perform the following command as root:

$B:G8e$K(B, sshd $B$,4{$K<B9T$5$l$F$$$k>l9g$O(B, $B$=$l$r(B kill $B$7$F(B
sshd $B%G!<%b%s$r:F5/F0$7$^$9(B.  root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$F$/$@$5$$(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/sbin/sshd

This will not affect sessions in progress.
$B$3$N:F5/F0$O(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($^$;$s(B.

- --[OpenSSH - port]-----
- --[OpenSSH - port $B$N>l9g(B]-----

Use one of the following options to upgrade the OpenSSH software, then
kill and restart the sshd daemon if it is already running.  This will
not affect sessions in progress.

$B0J2<$N$$$:$l$+$K=>$C$F(B OpenSSH $B%=%U%H%&%'%"$r%"%C%W%0%l!<%I$7(B,
$B$9$G$K(B sshd $B%G!<%b%s$,<B9T$5$l$F$$$l$P(B, $B$=$l$r(B kill $B$7$F:F5/F0$7$^$9(B.
$B$3$N:F5/F0$O(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($^$;$s(B.

To kill and restart the sshd daemon, perform the following command as
root:
sshd $B%G!<%b%s$r(B kill $B$7$F:F5/F0$9$k$K$O(B, root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$^$9(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd

1) Upgrade your entire ports collection and rebuild the OpenSSH port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, OpenSSH $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: OpenSSH $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0_2.tgz

NOTE: It may be several days before updated packages are available.
$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.
 
3) download a new port skeleton for the OpenSSH port from:
3) OpenSSH $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

- --[ssh - port]-----
- --[ssh - port $B$N>l9g(B]-----

Use one of the following options to upgrade the ssh software, then
kill and restart the sshd daemon if it is already running.  This will
not affect sessions in progress.

$B0J2<$N$$$:$l$+$K=>$C$F(B ssh $B%=%U%H%&%'%"$r%"%C%W%0%l!<%I$7(B,
$B$9$G$K(B sshd $B%G!<%b%s$,<B9T$5$l$F$$$l$P(B, $B$=$l$r(B kill $B$7$F:F5/F0$7$^$9(B.
$B$3$N:F5/F0$O(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($^$;$s(B.

To kill and restart the sshd daemon, perform the following command as
root:
sshd $B%G!<%b%s$r(B kill $B$7$F:F5/F0$9$k$K$O(B, root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$^$9(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd

1) Upgrade your entire ports collection and rebuild the ssh port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, ssh $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: ssh $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/ssh-1.2.27_3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ssh-1.2.27_3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ssh-1.2.27_3.tgz

NOTE: It may be several days before updated packages are available.
$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.
 
3) download a new port skeleton for the OpenSSH port from:
3) ssh $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

   [$BLuCm(B] $B86J8$G$O(B OpenSSH port $B$H$J$C$F$$$^$9$,(B, ssh $B$N8m5-$@$H(B
          $B;W$o$l$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:24,v 1.2 2001/02/24 16:34:59 hrs Exp $

----Next_Part(Sun_Feb_25_01:45:04_2001_764)----
