From owner-doc-jp@jp.freebsd.org  Sun Mar  4 01:48:34 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id BAA34900;
	Sun, 4 Mar 2001 01:48:34 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id BAA34895
	for <doc-jp@jp.freebsd.org>; Sun, 4 Mar 2001 01:48:34 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0410-ip01funabasi.chiba.ocn.ne.jp [211.130.235.156])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id BAA09181
	for <doc-jp@jp.freebsd.org>; Sun, 4 Mar 2001 01:48:27 +0900 (JST)
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id BAA06284
	for <doc-jp@jp.freebsd.org>; Sun, 4 Mar 2001 01:42:33 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Date: Sun, 04 Mar 2001 01:40:41 +0900 (JST)
Message-Id: <20010304.014041.71083642.hrs@eos.ocn.ne.jp>
To: doc-jp@jp.freebsd.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200102250230.DJE45570.JIPLS@pp.iij4u.or.jp>
References: <200102072038.f17KcB513558@freefall.freebsd.org>
	<20010225.014504.08314398.hrs@eos.ocn.ne.jp>
	<200102250230.DJE45570.JIPLS@pp.iij4u.or.jp>
X-Mailer: Mew version 1.95b101 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Sun_Mar__4_01:40:41_2001_026)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 8016
Subject: [doc-jp 8016] Re: ANNOUNCE: FreeBSD Ports Security
 Advisory:FreeBSD-SA-01:22.dc20ctrl
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

Kiroh HARADA <kiroh@pp.iij4u.or.jp> wrote
  in <200102250230.DJE45570.JIPLS@pp.iij4u.or.jp>:

kiroh> $B$3$N967b$O!"%5!<%P80$NM-8z4|4VFb$KB??t$N(B SSH1 $B%W%m%H%3%k@\B3$r3NN)$7$J$1$l$P$J(B
kiroh> $B$i$J$$$?$a!"$=$l$[$I6<0R$G$O$"$j$^$;$s!##1;~4V$N%5!<%P80$NM-8z4|4VFb$K!"$3$N96(B
kiroh> $B7b$r9b$$3NN($G@.8y$5$;$k$?$a$K$O!"J?6Q$7$F!"KhICLs#4#0#02s$N(B SSH1 $B%W%m%H%3%k(B
kiroh> $B%O%s%I%7%'%$%/$*$h$S@\B3$r9T$&I,MW$,$"$j$^$9!#(BOpenSSH $B$K$O%G%U%)%k%H$N@_Dj$G!"(B
kiroh> $BKhIC$"$?$j$N@\B32DG=2s?t$r$3$N?t$h$j$+$J$j>/$J$/$9$k%3!<%I$,4^$^$l$F$$$^$9$7!"(B
kiroh> $B7W;;5!$NG=NO$d%M%C%H%o!<%/$N@)8B$K$h$j!"2DG=$J@\B32s?t$O$5$i$K>/$J$/$J$k>l9g$b(B
kiroh> $B$"$k$G$7$g$&!#(B
kiroh> 
kiroh> $B$/$i$$$G!"$$$+$,$G$7$g$&$+!)967b$KBP$9$kBP:v$G$O$J$/$F!"967b$NFq$7$5$r;XE&$7$?(B
kiroh> $BJ8=q$G$9$M!#(B

 $B$I$&$b$G$9!#$[$\$=$N$^$^$$$?$@$-$^$7$?(B :-)

 $B;D$j$N(B 01:20-25 $B$G$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|
| sato@sekine00.ee.noda.sut.ac.jp (UNIV)
| hrs@FreeBSD.org (FreeBSD Project)

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:20"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:20 (2001-02-07)
 * mars_nwe contains potential remote root compromise
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:20.mars_nwe
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Wed, 7 Feb 2001 11:42:07 -0800 (PST)
  Message-Id: <200102071942.f17Jg7N05262@freefall.freebsd.org>
  X-Sequence: announce-jp 688

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:20                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	mars_nwe contains potential remote root compromise

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	mars_nwe
$B9pCNF|(B:		2001-02-07
$B%/%l%8%C%H(B:	Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2001-01-30
$B%Y%s%@$NBP1~(B:	$B%Y%s%@$KDLCN$:$_(B
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

mars_nwe $B$O(B, Novell Netware $B%5!<%P$N%(%_%e%l!<%?$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

mars_nwe port $B$N%P!<%8%g%s(B 0.99.b19_1 $B$h$jA0$N$b$N$K$O(B,
$B=q<0J8;zNs$K5/0x$9$k(B, $B%j%b!<%H$+$i0-MQ2DG=$J(B
$B%;%-%e%j%F%#>e$N<eE@$,B8:_$7$^$9(B.  $B0-0U$r;}$C$?%j%b!<%H%f!<%6$O(B
$BFC<l$J%Q%1%C%H$rAw$k$3$H$G$3$N<eE@$r0-MQ$7(B, $B%m!<%+%k%7%9%F%`>e$G(B
$BG$0U$N%3!<%I$r<B9T$7$F(B root $B8"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9(B.

mars_nwe $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.


III. $B1F6AHO0O(B - Impact

$B0-0U$r;}$C$?%j%b!<%H%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$GG$0U$N%3!<%I$r(B
$B<B9T$7(B, root $B8"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9(B.  

mars_nwe $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.


IV.  $B2sHrJ}K!(B - Workaround

mars_nwe $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, mars_nwe $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: mars_nwe $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mars_nwe-0.99.b19_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mars_nwe-0.99.b19_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mars_nwe-0.99.b19_1.tgz

[alpha]
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

3) mars_nwe $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:20,v 1.3 2001/03/03 16:14:32 hrs Exp $

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:21"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:21 (2001-02-07)
 * ja-elvis and ko-helvis ports contain a local
   root compromise
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:21.ja-elvis
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Wed, 7 Feb 2001 11:44:59 -0800 (PST)
  Message-Id: <200102071944.f17Jixq05555@freefall.freebsd.org>
  X-Sequence: announce-jp 689

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:21                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	ja-elvis and ko-helvis ports contain a local
                root compromise

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	ja-elvis/ko-helvis
$B9pCNF|(B:		2001-02-07
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2001-01-28
$B%Y%s%@$NBP1~(B:	$B%Y%s%@$KDLCN$:$_(B
FreeBSD $B$K8GM-$+(B:	No


I.   $BGX7J(B - Background

ja-elvis $B$*$h$S(B ko-helvis $B$O(B, vi $B%(%G%#%?$N%/%m!<%s$G$"$k(B elvis $B$N(B
($BLuCm(B: $B$=$l$>$lF|K\8~$1(B, $B4Z9q8~$1$K(B) $BCO0h2=$5$l$?%P!<%8%g%s$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

$B$=$l$>$l(B ja-elvis-1.8.4_1, ko-helvis-1.8h2_1 $B$h$jA0$N(B
$B%P!<%8%g%s$N$b$N$O(B, elvrec $B%f!<%F%#%j%F%#$K0-MQ2DG=$J(B
$B%P%C%U%!%*!<%P%U%m!<LdBj$,4^$^$l$F$$$^$9(B.
elvrec $B$O(B root $B%f!<%6$K(B setuid $B$5$l$F$$$k$?$a(B, $B9b$$8"8B$r;}$?$J$$(B
$B%m!<%+%k%f!<%6$,(B, $B%m!<%+%k%7%9%F%`>e$N(B root $B8"8B$rIT@5$KF~<j$G$-$k(B
$B2DG=@-$,$"$j$^$9(B.

ja-elvis $B$*$h$S(B ko-helvis $B$N(B port $B$O(B, $B$$$:$l$b%G%U%)%k%H$G(B
$B%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, $B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r(B
$B9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.


III. $B1F6AHO0O(B - Impact

$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N(B
root $B8"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9(B.

ja-elvis $B$b$7$/$O(B ko-helvis $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.


IV.  $B2sHrJ}K!(B - Workaround

ja-elvis $B$b$7$/$O(B ko-helvis $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, ja-elvis $B$b$7$/$O(B
   ko-helvis $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: ja-elvis $B$b$7$/$O(B ko-helvis $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]

[ja-elvis]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz

[ko-helvis]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-helvis-1.8h2_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korean/ko-helvis-1.8h2_1.tgz

[alpha]
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

3) ja-elvis $B$b$7$/$O(B ko-helvis $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:21,v 1.2 2001/03/03 16:14:32 hrs Exp $

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:22"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:22 (2001-02-07)
 * dc20ctrl port contains a locally exploitable buffer overflow
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:22.dc20ctrl
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Wed, 7 Feb 2001 12:38:11 -0800 (PST)
  Message-Id: <200102072038.f17KcB513558@freefall.freebsd.org>
  X-Sequence: announce-jp 690

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:22                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	dc20ctrl port contains a locally exploitable buffer overflow
                yielding gid dialer

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	dc20ctrl
$B9pCNF|(B:		2001-02-07
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2001-02-07
$B%Y%s%@$NBP1~(B:	$B%Y%s%@$KDLCN$:$_(B
FreeBSD $B$K8GM-$+(B:	No


I.   $BGX7J(B - Background

dc20ctrl $B$O(B, $B%G%#%8%?%k%+%a%i(B Kodak DC20 $B$rA`:n$9$k$?$a$N%W%m%0%i%`$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

dc20ctrl port $B$N%P!<%8%g%s(B 0.4_1 $B$h$jA0$N$b$N$K$O(B, $B%m!<%+%k$+$i(B
$B0-MQ2DG=$J%P%C%U%!%*!<%P%U%m!<LdBj$,4^$^$l$F$$$^$9(B.
dc20ctrl $B%W%m%0%i%`$O(B dialer $B%0%k!<%W$K(B setgid $B$5$l$F$$$k$?$a(B,
$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N(B
dialer $B%0%k!<%W$N8"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9(B.
$B$7$?$,$C$F$3$N<eE@$O(B, $B%7%j%"%k%]!<%H%G%P%$%9$X$NIT@5$J%"%/%;%9$r(B
$B5v$9$3$H$K$J$j$^$9(B.

dc20ctrl $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.


III. $B1F6AHO0O(B - Impact

$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N9b$$8"8B$rF~<j$7(B,
$B%7%j%"%k%]!<%H%G%P%$%9$XIT@5$K%"%/%;%9$G$-$k2DG=@-$,$"$j$^$9(B.

dc20ctrl $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.


IV.  $B2sHrJ}K!(B - Workaround

dc20ctrl $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, dc20ctrl $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: dc20ctrl $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/dc20ctrl-0.4_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/dc20ctrl-0.4_1.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.

3) dc20ctrl $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:22,v 1.2 2001/03/03 16:14:32 hrs Exp $

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:24"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:24 (2001-02-12)
 * SSH1 implementations may allow remote system, data compromise
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-01:24.ssh
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Mon, 12 Feb 2001 16:50:46 -0800 (PST)
  Message-Id: <200102130050.f1D0okB80896@freefall.freebsd.org>
  X-Sequence: announce-jp 693

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:24                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	SSH1 implementations may allow remote system, data compromise

$BJ,N`(B:		core/ports
$B%b%8%e!<%k(B:	openssh, ssh
$B9pCNF|(B:		2001-02-12
$B%/%l%8%C%H(B:	Michal Zalewski <lcamtuf@razor.bindview.com> ($B<eE@(B 1)
                Core-SDI (http://www.core-sdi.com) ($B<eE@(B 2)
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B FreeBSD 4.x, 4.2-STABLE
                $B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		OpenSSH [FreeBSD 4.x $B%Y!<%9%7%9%F%`(B]:
                   2000-12-05 ($B<eE@(B 1)
                   2001-02-11 ($B<eE@(B 2)
                OpenSSH [ports]:
                   2001-02-09 ($B<eE@(B 1)
                   2001-02-11 ($B<eE@(B 2)
                ssh [ports]:
                   2001-02-09 ($B<eE@(B 1)
                   2001-02-09 ($B<eE@(B 2)
$B%Y%s%@$NBP1~(B:	$B=$@5%Q%C%A$,8x3+$:$_(B
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

OpenSSH $B$O(B, $B0E9f2=$HG'>Z$rHw$($?%M%C%H%o!<%/%"%/%;%9$rDs6!$9$k(B
SSH1/SSH2 $B%;%-%e%"%7%'%k%W%m%H%3%k<BAu$N0l$D$G$9(B.  OpenSSH $B$O(B
$B%U%j!<$G$"$j(B, $BMxMQ@)8B$O$"$j$^$;$s(B.

Ports Collection $B$K$O(B, ssh.com $B$+$iDs6!$5$l$F$$$k(B
SSH1 $B%/%i%$%"%s%H(B/$B%5!<%P(B (ssh) $B$,4^$^$l$F$$$^$9(B.
$B$3$N%=%U%H%&%'%"$O$9$Y$F$N%f!<%6$,L5NA$GMxMQ$G$-$k$b$N$G$O$J$$$?$a(B,
FreeBSD $B%;%-%e%j%F%#%*%U%#%5$O(B, $B$3$N%=%U%H%&%'%"$N;HMQ$r?d>)$7$F$$$^$;$s(B.


II.  $BLdBj$N>\:Y(B - Problem Description

OpenSSH $B$*$h$S(B ssh $B$K<BAu$5$l$F$$$k(B SSH1 $B%W%m%H%3%k$K$O(B,
$B0J2<$K<($9$h$&$J(B 2 $B$D$N7g4Y$,B8:_$7$^$9(B.

$B<eE@(B 1:

  $B@0?t$N%*!<%P%U%m!<LdBj$rMxMQ$9$k$3$H$G(B, $B$9$Y$F$N%j%b!<%H%f!<%6$O(B
  sshd $B$,<B9T$5$l$F$$$k%5!<%P>e$N(B root $B8"8B$rIT@5$KF~<j$9$k$3$H$,(B
  $B2DG=$G$9(B.  $B$3$l$O(B SSH1 $B%W%m%H%3%k$K$"$kIT6q9g$r=$@5$9$k$?$a$N(B
  $B%3!<%I$K8m$j$,$"$C$?$3$H$,860x$G$9(B.  $B$3$N%;%-%e%j%F%#>e$N<eE@$O(B
  OpenSSH 2.3.0 $B$G=$@5$5$l(B, 2000-12-05 $B$K(B FreeBSD 4.2-STABLE $B$X(B
  $BH?1G$5$l$^$7$?(B.

$B<eE@(B 2;

  $B$"$k%f!<%6$N(B SSH1 $B%;%7%g%s$K4^$^$l$k0E9f2=$5$l$?DL?.FbMF$r(B
  $B4F;k$G$-(B, $B$+$D$=$N(B SSH1 $B%5!<%P$KBP$7$FHs>o$KB??t$N@\B3$r9T$J$($k(B
  $B%j%b!<%H$N967b<T$O(B, $B3F%;%7%g%s$G0E9f2=%Q%i%a!<%?$r8r>D$9$k$?$a$K(B
  $B%5!<%P$,MQ$$$k0l;~%5!<%P80(B (transient server key) $B$rGK$j(B,
  $B4F;k$7$F$$$k@\B3$NDL?.FbMF$r$9$Y$FI|9f$9$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9(B.
  $B0l;~%5!<%P80$NM-8z4|4V$OI8=`$G(B 1 $B;~4V$7$+$"$j$^$;$s$,(B, $B967b$,@.8y$9$k$H(B,
  $B$=$N;~4VFb$K967b<T$,4F;k!&JaB*$7$F$$$k$9$Y$F$N(B SSH1 $B%;%7%g%s$N0E9f$r(B
  $BGK$k$3$H$,2DG=$G$9(B.

  $B$3$N967b$O(B, $B0l;~%5!<%P80$NM-8z4|4VFb$KB??t$N(B SSH1 $B%W%m%H%3%k@\B3$r(B
  $B3NN)$7$J$1$l$P$J$i$J$$$?$a(B, $B$=$l$[$I6<0R$G$O$"$j$^$;$s(B.
  $B967b$r9b$$3NN($G@.8y$5$;$k$K$O(B, $B0l;~%5!<%P80$NM-8z4|4V(B, $B$D$^$j(B 1 $B;~4V0JFb$K(B
  $BJ?6Q$7$FKhICLs(B 400 $B2s$N(B SSH1 $B%W%m%H%3%k%O%s%I%7%'%$%/$*$h$S@\B3$r(B
  $B9T$&I,MW$,$"$j$^$9(B.  OpenSSH $B$K$OI8=`$GKhIC$"$?$j$N@\B32DG=2s?t$r(B
  $B$3$N?t$h$j>/$J$/$9$k%3!<%I$,4^$^$l$F$$$^$9$7(B, $B7W;;5!$NG=NO$d(B
  $B%M%C%H%o!<%/$N@)8B$K$h$j(B, $B<B8=$G$-$k@\B32s?t$O$5$i$K>/$J$/$J$k$G$7$g$&(B.
  $B$7$?$,$C$F(B, $B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k1F6A$OBg$-$$$b$N$N(B,
  $B<B:]$K<eE@$rFM$/$3$H$OHs>o$K:$Fq$G$9(B.  $B$?$@$7(B, $B2DG=@-$,Dc$$$+$i$H$$$C$F(B,
  $B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k1F6A$rL5;k$G$-$k$o$1$G$O$"$j$^$;$s(B.

OpenSSH $B$O(B, $B%$%s%9%H!<%k;~(B, $B$b$7$/$O%=!<%9$+$i%7%9%F%`$r9=C[$9$k:]$K(B
'crypt' $BG[I[J*$N%$%s%9%H!<%k$rA*Br$9$k$H%$%s%9%H!<%k$5$l$^$9(B. $B$^$?(B,
FreeBSD 4.1.1-RELEASE $B0J9_$G$O(B, $BI8=`$G%$%s%9%H!<%k$5$l(B, $BM-8z2=$5$l$F$$$^$9(B.
$B$$$:$l$N>l9g$b(B SSH1 $B%W%m%H%3%k$,I8=`$GM-8z2=$5$l$F$$$^$9(B.

OpenSSH $B$N(B SSH1 $B%W%m%H%3%kBP1~$rL58z2=$7$?>l9g(B, $B$3$NLdBj$rMxMQ$7$?(B
$B967b$KBP$9$k<eE@$O$J$/$J$j$^$9(B.  $B$3$N$3$H$O(B, OpenSSH $B$N(B SSH2-only
$B%b!<%I$J$I$N(B SSH2 $B%W%m%H%3%k<BAu$NF0:n$K1F6A$9$k$3$H$O$"$j$^$;$s(B.

$B$3$l$i$N<eE@$rMxMQ$7$?967b$N1F6A$r<u$1$k$N$O(B,
OpenSSH port $B$N(B openssh-2.2.0_2 $B$h$jA0$N%P!<%8%g%s$N$b$N(B, $B$*$h$S(B
ssh port $B$N(B ssh-1.2.27_3 $B$h$jA0$N%P!<%8%g%s$N$b$N$G$9(B.


III. $B1F6AHO0O(B - Impact

$B$9$Y$F$N%j%b!<%H%f!<%6$O(B, SSH1 $B%W%m%H%3%k7PM3$G@\B32DG=$J(B SSH1 $B%5!<%P>e$N(B
root $B8"8B$G(B, $BG$0U$N%3!<%I$rIT@5$K<B9T$G$-$k2DG=@-$,$"$j$^$9(B.

$BB>$N%f!<%6$,;HMQ$7$F$$$k(B SSH1 $B%;%7%g%s$K4^$^$l$k0E9f2=$5$l$?FbMF$r(B
$B4F;k$G$-(B, $B%5!<%P$KBP$7$FC;;~4V$KHs>o$KB?$/$N@\B3$r9T$J$&$3$H$,$G$-$k(B
$B%j%b!<%H%f!<%6$O(B, $B4F;k$7$F$$$k(B SSH1 $B%;%7%g%s$NI|9f$r<B8=$9$k$h$&$J967b$,(B
$B$G$-$k2DG=@-$,$"$j$^$9(B.  $B$3$l$O(B, $B%"%+%&%s%H%Q%9%o!<%IEy$N=EMW$J>pJs$,(B
$BO31L$9$k860x$H$J$k$G$7$g$&(B.


IV.  $B2sHrJ}K!(B - Workaround

sshd $B$r<B9T$7$F$$$k>l9g$O(B, OpenSSH $B$K$"$k(B SSH1 $B%W%m%H%3%k$NMxMQ@_Dj$r(B
$BL58z$K$7$^$9(B.  SSH1 $B$O85!9%W%m%H%3%k$K7g4Y$,$"$k$?$a(B, $B9b$$%;%-%e%j%F%#$,(B
$BMW5a$5$l$k4D6-$G$N;HMQ$O?d>)$5$l$F$$$^$;$s(B.  $B%5!<%I%Q!<%F%#@=$N(B
SSH $B%/%i%$%"%s%H$K$O(B, SSH2 $B%W%m%H%3%k$,MxMQ$G$-$J$$$b$N$b$"$j$^$9$,(B,
FreeBSD $B$K4^$^$l$k(B OpenSSH $B%/%i%$%"%s%H(B ($B%P!<%8%g%s(B 2.1 $B0J9_(B) $B$G$O(B,
SSH2 $B%W%m%H%3%k$rMxMQ$9$k$3$H$,2DG=$G$9(B.

SSH1 $B%W%m%H%3%k$rL58z$K$9$k$K$O(B, $B2<$N9T(B

Protocol 2

$B$r(B /etc/ssh/sshd_config $B%U%!%$%k(B (OpenSSH port $B$N>l9g$O(B
/usr/local/etc/sshd_config) $B$KDI2C$7(B, $B$3$N%U%!%$%kCf$K$"$k(B
$BB>$N(B "Protocol" $B;X<(;R$r$9$Y$F:o=|$7$^$9(B.

$B$=$7$F(B, root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# kill -HUP `cat /var/run/sshd.pid`

$B$3$l$K$h$j(B ssh $B$N?F%W%m%;%9$O@_Dj%U%!%$%k$r:FFI$_9~$_$7$^$9(B.
$B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($k$3$H$O$"$j$^$;$s(B.


V.   $B2r7h:v(B - Solution

- --[OpenSSH - $B%Y!<%9%7%9%F%`$N>l9g(B]-----

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 4.2-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.
   $B$3$l$K$O(B, 4.2-RELEASE $B$K4^$^$l$k(B OpenSSH ($B%P!<%8%g%s(B 2.2.0) $B$h$j$b(B
   $B?7$7$$%P!<%8%g%s$N(B OpenSSH ($B%P!<%8%g%s(B 2.3.0) $B$,4^$^$l$F$$$^$9(B.

2) $B0J2<$N>l=j$K$"$k=$@5%Q%C%A$H(B PGP $B=pL>$r%@%&%s%m!<%I$7$^$9(B.

$B0J2<$N=$@5%Q%C%A$O(B FreeBSD 4.2-RELEASE $BMQ$G$9(B.

# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch.asc

$B0J2<$N=$@5%Q%C%A$O(B, OpenSSH 2.3.0 $B$r<B9T$7$F$$$k(B
(2000-12-05 $B0J9_$N(B) FreeBSD 4.2-STABLE $BMQ$G$9(B.

# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch.asc

PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

$B<!$K(B, root $B8"8B$G0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

# cd /usr/src/crypto/openssh
# patch -p < /path/to/patch
# cd /usr/src/secure/lib/libssh
# make all
# cd /usr/src/secure/usr.bin/ssh-agent
# make all install
# cd /usr/src/secure/usr.sbin/sshd
# make all install

$B:G8e$K(B, sshd $B$,4{$K<B9T$5$l$F$$$k>l9g$O(B, $B$=$l$r(B kill $B$7$F(B
sshd $B%G!<%b%s$r:F5/F0$7$^$9(B.  root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$F$/$@$5$$(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/sbin/sshd

$B$3$N:F5/F0$,(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($k$3$H$O(B
$B$"$j$^$;$s(B.

- --[OpenSSH - port $B$N>l9g(B]-----

$B0J2<$N$$$:$l$+$K=>$C$F(B OpenSSH $B%=%U%H%&%'%"$r%"%C%W%0%l!<%I$7(B,
$B$9$G$K(B sshd $B%G!<%b%s$,<B9T$5$l$F$$$l$P(B, $B$=$l$r(B kill $B$7$F:F5/F0$7$^$9(B.
$B$3$N:F5/F0$O(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($^$;$s(B.

sshd $B%G!<%b%s$r(B kill $B$7$F:F5/F0$9$k$K$O(B, root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$^$9(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, OpenSSH $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: OpenSSH $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0_2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0_2.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.
 
3) OpenSSH $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

- --[ssh - port $B$N>l9g(B]-----

$B0J2<$N$$$:$l$+$K=>$C$F(B ssh $B%=%U%H%&%'%"$r%"%C%W%0%l!<%I$7(B,
$B$9$G$K(B sshd $B%G!<%b%s$,<B9T$5$l$F$$$l$P(B, $B$=$l$r(B kill $B$7$F:F5/F0$7$^$9(B.
$B$3$N:F5/F0$O(B, $B$=$N;~E@$G@\B3:Q$_$N(B SSH $B%;%7%g%s$K1F6A$rM?$($^$;$s(B.

sshd $B%G!<%b%s$r(B kill $B$7$F:F5/F0$9$k$K$O(B, root $B8"8B$G0J2<$N%3%^%s%I$r(B
$B<B9T$7$^$9(B.

# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, ssh $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: ssh $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B,
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F(B
   $B%$%s%9%H!<%k$7$^$9(B.

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/ssh-1.2.27_3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ssh-1.2.27_3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ssh-1.2.27_3.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

[alpha]
$B8=;~E@$G$O9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a(B,
alpha $B%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s(B.
 
3) ssh $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B, $B$=$l$i$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

   [$BLuCm(B] $B86J8$G$O(B OpenSSH port $B$H$J$C$F$$$^$9$,(B, ssh $B$N8m5-$@$H(B
          $B;W$o$l$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:24,v 1.5 2001/03/03 16:14:32 hrs Exp $

----Next_Part(Sun_Mar__4_01:40:41_2001_026)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:25"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:25 (2001-02-14)
 * Local and remote vulnerabilities in Kerberos IV
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-01:25.kerberosIV
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Wed, 14 Feb 2001 09:26:39 -0800 (PST)
  Message-Id: <200102141726.f1EHQdl35048@freefall.freebsd.org>
  X-Sequence: announce-jp 694

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:25                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	Local and remote vulnerabilities in Kerberos IV

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	libkrb, telnetd
$B9pCNF|(B:		2001-02-14
$B%/%l%8%C%H(B:	Jouko Pynnoen <jouko@solutions.fi>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B FreeBSD 4.2-STABLE $B$*$h$S(B 3.5-STABLE
$B=$@5F|(B:		2000-12-13 (FreeBSD 4.2-STABLE)
                2000-12-15 (FreeBSD 3.5-STABLE)
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

telnetd $B$O(B telnet Kerberos $BG'>Z%W%m%H%3%k$r%5%]!<%H$7$?(B
$B%j%b!<%H%m%0%$%s%W%m%H%3%k%5!<%P$G$9(B.  Kerberos $B$KBP1~$7$?(B
$B%"%W%j%1!<%7%g%s(B (telnetd $B$d(B login) $B$K$O(B, libkrb $B$H$$$&%i%$%V%i%j$,(B
$B;H$o$l$F$$$^$9(B.  FreeBSD $B$K$O(B, $BFbIt$GJ]<i$5$l$F$$$k$b$N$G$O$J$/(B,
$B30It$+$i4sB#$5$l$?(B KTH Kerberos $B<BAu$,%Y!<%9%7%9%F%`$N(B
$B%*%W%7%g%s$H$7$FAH$_9~$^$l$F$$$^$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

$B$3$N%;%-%e%j%F%#4+9p$G$O(B, 3 $B$D$N<eE@$K$D$$$F=q$+$l$F$$$^$9(B.
1 $B$DL\$O(B libkrb Kerberos $BG'>Z%i%$%V%i%j$K4^$^$l$k(B
$B%P%C%U%!%*!<%P%U%m!<LdBj(B, 2 $B$DL\$O(B KerberosIV $BBP1~(B telnet $B%G!<%b%s$,(B
$B4D6-JQ?t$N%U%#%k%?=hM}$,ITE,@Z$G$"$k$H$$$&LdBj(B, $B$=$7$F(B 3 $B$DL\$O(B,
KerberosIV $BG'>Z%A%1%C%H4IM}%3!<%I$N0l;~%U%!%$%k$K=hM}$KB8:_$9$k<eE@$G$9(B.

libkrb Kerberos $BG'>Z%i%$%V%i%j$K$O(B, $B0-0U$r;}$C$?%j%b!<%HG'>Z%5!<%P$+$i(B
$B0-MQ2DG=$J%P%C%U%!%*!<%P%U%m!<LdBj$,B8:_$7$^$9(B.  $B$3$N<eE@$,B8:_$9$k$N$O(B,
kdc_reply_cipher() $B4X?t$G$9(B.  $B967b<T$OG'>Z$r8r49$9$k4V$K(B
$B%P%C%U%!%*!<%P%U%m!<$rH/@8$5$;(B, kdc_reply_cipher() $B4X?t$r8F$S=P$7$?(B
$B%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

telnet $B%W%m%H%3%k$K$O(B, UNIX $B4D6-JQ?t$r%/%i%$%"%s%H$+$i(B
$B%5!<%P$N%m%0%$%s%;%7%g%s$XEO$95!G=$,$"$j$^$9(B.  $B%Y!<%9%7%9%F%`$K(B
$B4^$^$l$k(B telnet $B%G!<%b%s(B telnetd $B$O(B, $B%m%0%$%s$*$h$SG'>Z5!9=$K(B
$B0-1F6A$r5Z$\$5$J$$$h$&(B, $BHs>o$KD9$$JQ?t$rEO$5$J$$$h$&$J@)8B$,(B
$B@_$1$i$l$F$$$^$9(B.  $B$7$+$70lJ}$G(B, $B$3$N(B telnet $B%G!<%b%s$,;}$D(B
login $B%W%m%0%i%`$N<B9TA0$K:o=|$9$Y$-(B, KerberosIV $B$K1F6A$r(B
$BM?$($k4D6-JQ?t$N%j%9%H$O(B, $B:#$^$GIT40A4$J$b$N$K$J$C$F$$$^$7$?(B.
$B$3$l$O%;%-%e%j%F%#4+9p(B 00:69 $B$K=R$Y$i$l$F$$$k$b$N$HF1<o$N(B
$B<eE@$H$J$j$^$9(B.

Kerberos $B%f!<%6$K$H$C$F4m81$@$H9M$($i$l$k$N$O(B, $B<!$N(B 2 $B$D$N4D6-JQ?t$G$9(B.
1 $B$DL\$O%j%b!<%H%f!<%6$,G'>ZMW5a$r=P$9(B Kerberos $B%5!<%P$rJQ99$9$k$b$N$G(B,
$B967b<T$K%P%C%U%!%*!<%P%U%m!<$rMxMQ$7$?967b$N%A%c%s%9$rM?$($k2DG=@-$,(B
$B$"$j$^$9(B.  2 $B$DL\$O(B Kerberos $B$N@_Dj%G%#%l%/%H%j$rJQ99$9$k$b$N$G(B,
$B967b<T$,%m!<%+%k%U%!%$%k%7%9%F%`$rJQ99$9$k8"8B$r;}$C$F$$$?>l9g(B,
$BIT@5$J%5!<%P@_Dj(B (Kerberos $B$NNN0h$*$h$S%5!<%P$N@_Dj(B, srvtab $B$r4^$`(B) $B$G(B
Kerberos $BG'>Z$r9T$J$o$;$k$3$H$,2DG=$K$J$j$^$9(B.  $B$3$l$i$N<eE@$O(B,
root $B%"%/%;%9$NIT@5MxMQ$K;H$o$l$k2DG=@-$,$"$j$^$9(B.

$BG'>Z%A%1%C%H%U%!%$%k$N(B/tmp $BFb$G$N07$$$K6%9g>uBV$,B8:_$7$^$9(B.
$B$3$N<eE@$r0-MQ$9$k$3$H$G(B, $B%m!<%+%k%f!<%6$O%U%!%$%k%7%9%F%`>e$N(B
$BG$0U$N=jM-<T8"8B$rF@$k$3$H$,2DG=$K$J$j$^$9(B.  $B$3$N<eE@$O(B,
root $B%"%/%;%9$rIT@5$KF@$k$?$a$K$bMxMQ2DG=$G$9(B.

$B$3$l$i$N%;%-%e%j%F%#>e$N<eE@$O(B, $B%*%W%7%g%s$G$"$k(B Kerberon IV $BG[I[J*$r(B
$B%$%s%9%H!<%k$7$F$$$k%7%9%F%`$K$N$_(B ($B@_Dj$5$l$F$$$k$+$I$&$+$O4X78$J$/(B),
$BB8:_$7$^$9(B.  $B$3$l$O(B, $B%G%U%)%k%H$G$O%$%s%9%H!<%k$5$l$^$;$s(B.


III. $B1F6AHO0O(B - Impact

$B%7%9%F%`$K(B KerberosIV $BG[I[J*$r%$%s%9%H!<%k$7$F$$$k>l9g(B, $B%j%b!<%H$*$h$S(B
$B%m!<%+%k$N%f!<%6$O(B, $B%m!<%+%k%7%9%F%`>e$N(B root $B8"8B$rIT@5$K(B
$BF@$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9(B.


IV.  $B2sHrJ}K!(B - Workaround

telnet $B%5!<%S%9$rMxMQ$7$F%j%b!<%H$+$i(B root $B8"8B$rC%$o$l$J$$$h$&$K$9$k$?$a(B,
telnet $B%5!<%S%9(B ($BDL>o(B inetd $B$+$i<B9T$5$l$^$9(B) $B$rL58z$K$7$^$9(B.
/etc/inetd.conf $B$K0J2<$N9T$,4^$^$l$F$$$?$i(B, $B$=$l$i$r(B
$B%3%a%s%H%"%&%H$7$F$/$@$5$$(B.

telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd

telnet  stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd

$B%m!<%+%k%f!<%6$K$h$k(B root $B8"8B$NIT@5;HMQ$r2sHr$9$k$?$a$N(B
$B4JC1$JJ}K!$O$"$j$^$;$s(B.


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 4.2-STABLE $B$b$7$/$O(B 3.5-STABLE
   $B$K%"%C%W%0%l!<%I$7$^$9(B.

2) $BBP1~$9$k=$@5%Q%C%A$rE,MQ$7(B, $B=$@5$5$l$?%U%!%$%k$r:F9=C[$7$^$9(B.

$B$^$:(B, $BBP1~$9$k=$@5%Q%C%A$*$h$S(B, PGP $B=pL>$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7$F(B,
PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

[FreeBSD 4.2 $BMQ(B]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch.asc

[FreeBSD 3.5.1 $BMQ(B]
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc

$BCm0U(B: $B$3$N=$@5%Q%C%A$O(B, $B%;%-%e%j%F%#4+9p(B SA-00:69 $B$N=$@5%Q%C%A$,(B
      $BE,MQ:Q$_$G$"$k$3$H$rA0Ds$H$7$F$$$^$9(B.

$B$=$7$F(B root $B8"8B$G0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

# cd /usr/src
# patch -p < /path/to/patch
# cd /usr/src/kerberosIV
# make depend && make all install
# cd /usr/src/libexec/telnetd
# make depend && make all install


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:25,v 1.2 2001/03/03 16:14:32 hrs Exp $

----Next_Part(Sun_Mar__4_01:40:41_2001_026)----
