From owner-doc-jp@jp.freebsd.org  Sat Mar 25 23:56:08 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id XAA03117;
	Sat, 25 Mar 2000 23:56:08 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id XAA03112
	for <doc-jp@jp.freebsd.org>; Sat, 25 Mar 2000 23:56:08 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id XAA06314 for <doc-jp@jp.freebsd.org>; Sat, 25 Mar 2000 23:56:07 +0900 (JST)
Received: from mail.hrs.jp (sutkmax2-ppp40.ed.kagu.sut.ac.jp [133.31.177.106]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id XAA28865 for <doc-jp@jp.freebsd.org>; Sat, 25 Mar 2000 23:56:01 +0900 (JST)
Message-Id: <200003251456.XAA28865@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id XAA64284
	for <doc-jp@jp.freebsd.org>; Sat, 25 Mar 2000 23:15:13 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Sat_Mar_25_23:15:06_2000_737)--"
Content-Transfer-Encoding: 7bit
Date: Sat, 25 Mar 2000 23:15:11 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 939
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7225
Subject: [doc-jp 7225] recent SAs and 4.0 announcement
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

$B::FI7k2L$rH?1G$5$;$^$7$?!#(B
$BI=8=$rBg$-$/$rJQ$($?ItJ,$@$1$rH4?h$7$F0J2<$K<($7$^$9!#(B

$BB>$NJQ99$O!"4pK\E*$K::FI$N$r$=$N$^$^:N$jF~$l$^$7$?!#(B
$B$^$?!"2~D{$7$?$b$N$G$O6gFIE@$r$9$Y$F(B ASCII $BJ8;z$KJQ99$7$F$"$j$^$9!#(B
$B$3$l$O:9J,$K$O4^$a$F$$$^$;$s!#(B

$B2~D{HG$b0l=o$K$^$H$a$F$D$1$F$*$-$^$9!#$^$@2?$+$*$+$7$$$H$3$m$,$"$l$P(B
$B1sN8$J$/;XE&$7$F$/$@$5$$!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                  j7397067@ed.noda.sut.ac.jp(univ)
|                        hrs@jp.FreeBSD.org(FreeBSD doc-jp Project)

 *** 4.0 announce 

 -4 $BKgAH$N(B CD $B$r(B FreeBSD Mall(http://www.freebsdmall.com) $B$+$i(B
 -$BCmJ8$9$k$3$H$b2DG=$G$9!#$5$i$K(B FreeBSD 4.0 $B$K$O!"<!$N$h$&$JFs<oN`$N(B
 -$B%;%C%H$b$"$j$^$9!#0l$D$O(B x86 $B%"!<%-%F%/%A%cMQ$N%$%s%9%H!<%k%-%C%H$d!"(B
 -$B%W%m%0%i%^$@$1$G$J$/%(%s%I%f!<%6$K$H$C$F$b6=L#$rA_$-N)$F$i$l$k(B
 -$BG[I[J*$r4^$s$@$b$N!"$b$&0l$D$O$=$l$i$,(B DEC Alpha $B%"!<%-%F%/%A%cMQ$K(B
 -$B9=@.$5$l$F$$$k$b$N$G$9!#(B
 +4 $BKgAH$N(B CD $B$r(B FreeBSD Mall(http://www.freebsdmall.com) $B$GCmJ8$9$k$3$H$b(B
 +$B2DG=$G$9!#(BFreeBSD 4.0 $B$K$O!"<!$N$h$&$JFs<oN`$,MQ0U$5$l$F$$$^$9!#(B
 +$B$=$l$>$l(B x86 $B%"!<%-%F%/%A%cMQ$N%$%s%9%H!<%k%-%C%H(B($B$K2C$(!"%W%m%0%i%^(B
 +$B$@$1$G$J$/%(%s%I%f!<%6$K$H$C$F$b6=L#$rA_$-N)$F$i$l$kG[I[J*(B)$B$r4^$s$@$b$N!"(B
 +$B$b$&0l$D$O(B DEC Alpha $B%"!<%-%F%/%A%cMQ$N$b$N$G$9!#(B

 -$B=EMW$JDI2CG[I[J*$N$9$Y$F$r!"5/F02DG=$JC10l$N%G%#%9%/%$%a!<%8$+$i(B
 +$B=EMW$JDI2CG[I[J*$N$9$Y$F$r!"%V!<%H2DG=$JC10l$N%G%#%9%/%$%a!<%8$+$i(B
  $B%$%s%9%H!<%k$9$k$3$H$,2DG=$K$J$j$^$9!#$3$N%G%#%9%/%$%a!<%8$O!"(B
 -CDROM $B:n@.%=%U%H%&%'%"$r;H$&$3$H$G!"(BISO 9660 $B%$%a!<%8$H$7$F(B CD $B$K(B
 -$B=q$-9~$`$3$H$,$G$-$^$9!#(B
 +$B$[$H$s$I$N(B CDROM $B=q$-9~$_MQ%=%U%H%&%'%"$G!"(BISO 9660 $B%$%a!<%8$H$7$F(B
 +CD $B$K=q$-9~$`$3$H$,$G$-$^$9!#(B

 *** 07.mh

 -mhshow $B%3%^%s%I$O!"(BMIME attachments ($BLuCm(B: $B$$$o$f$kE:IU%U%!%$%k$N$3$H!#(B
 -$B0J2<!"(Battachments $B$r!VE:IU%U%!%$%k!W$HI=5-$7$^$9(B) $B$NI=<($K;H$o$l$^$9!#(B
 -$B$3$N%3%^%s%I$K$O!"FCJL$K$D$/$i$l$?%a!<%kE:IU%U%!%$%k$K$h$C$F(B exploit $B2DG=$J(B
 -$B%P%C%U%!%*!<%P%U%m!<LdBj$,$"$j$^$9!#$=$N$?$a!"E:IU%U%!%$%k$r3+$/:]$K!"(B
 -$B%m!<%+%k%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B
 +MIME attachments ($BLuCm(B: $B$$$o$f$kE:IU%U%!%$%k$N$3$H!#(B
 +$B0J2<!"(Battachments $B$r!VE:IU%U%!%$%k!W$HI=5-$7$^$9(B) $B$NI=<($K;HMQ$5$l$k(B
 +mhshow $B%3%^%s%I$K$O!"FCJL$K$D$/$i$l$?%a!<%kE:IU%U%!%$%k$K$h$C$F(B
 +$B0-MQ$5$l$k2DG=@-$N$"$k%P%C%U%!%*!<%P%U%m!<LdBj$,B8:_$7$^$9!#(B
 +$B$=$N$?$a!"E:IU%U%!%$%k$r3+$/:]$K!"%m!<%+%k%f!<%6$N8"8B$G(B
 +$BG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B

 -$B967b<T$,%a!<%k%a%C%;!<%8$N0lIt$H$7$FAw$i$l$k0-0U$N$"$k(B MIME $BE:IU%U%!%$%k$r!"(B
 -$B<u$1<h$C$?%f!<%6$K3+$+$;$k$3$H$,$G$-$k>l9g!"$=$N%U%!%$%k$r3+$$$?%f!<%6$N8"8B$G(B
 -$BG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B
 +$B967b<T$O%a!<%k%a%C%;!<%8$N0lIt$H$7$F0-0U$N$"$k(B MIME $BE:IU%U%!%$%k$rAw$j!"(B
 +$B$=$N%U%!%$%k$r3+$$$?%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B

 *** 10.orville-write

 -$B5v2DB0@-$GIT@5$K%$%s%9%H!<%k$5$l$F$7$^$&$b$N$,$"$j$^$9!#(B
 -'huh' $B%3%^%s%I$O%m!<%+%k%f!<%6$,5-O?$5$l$?<+J,$N%a%C%;!<%8$r(B
 -$B1\Mw$9$kL\E*$G<B9T$9$k$h$&@_7W$5$l$F$$$k$?$a!"(B
 -$BK\Mh!"FCJL$J8"8B$r;}$D$Y$-$b$N$G$O$"$j$^$;$s!#(B
 +$B5v2DB0@-$GITE,@Z$K%$%s%9%H!<%k$5$l$F$7$^$&$b$N$,$"$j$^$9!#(B
 +'huh' $B%3%^%s%I$O!"5-O?$5$l$?%a%C%;!<%8$r1\Mw$9$k$?$a$K(B
 +$B%m!<%+%k%f!<%6$K$h$C$F<B9T$5$l$k%3%^%s%I$G$9!#(B
 +$B$=$N$?$a!"$=$b$=$bFCJL$J8"8B$r;}$D$Y$-$b$N$G$O$"$j$^$;$s!#(B


----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="rel.txt.new"

Subject: ANNOUNCE: 4.0-RELEASE is now available
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Date: Tue, 14 Mar 2000 22:29:43 -0800 (PST)
Message-Id: <200003150629.WAA67193@zippy.cdrom.com>
X-Sequence: announce-jp 397

Well, it's a bit late and hopefully all the better for it, but here
it is.  It gives me great pleasure to announce the release of FreeBSD
4.0-RELEASE.  This is our first release along the 4.x-stable (RELENG_4)
branch and contains a number of significant advancements over FreeBSD
3.4.  Please see the release notes for further information as the list
of new features is too long to list here.

$B$h$&$d$/%j%j!<%9$N;~$,$d$C$F$-$^$7$?(B.  $BM=Dj$h$j$b>/!9CY$l$F(B
$B$7$^$$$^$7$?$,(B, $B$=$l$G$+$($C$FNI$$$b$N$K$J$C$?$H;W$$$^$9(B.  
FreeBSD 4.0-RELEASE $B$N8x3+$r%"%J%&%s%9$G$-$k$3$H$r(B, 
$B$H$F$b4r$7$/;W$$$^$9(B.  $B$3$l$O(B, 4.x-stable(RELENG_4) $B%V%i%s%A$K$*$1$k(B
$B=i$N%j%j!<%9$G$"$j(B, FreeBSD 3.4 $B$+$i2C$($i$l$?Hs>o$KB?$/$N2~NI$,(B
$B4^$^$l$F$$$^$9(B.  $B?75!G=$N%j%9%H$O$H$F$bD9$$$?$a(B, $B$3$3$K$O:\$;$F$$$^$;$s(B.  
$B>\$7$$>pJs$O(B, $B%j%j!<%9%N!<%H$r$4Mw$/$@$5$$(B.  

FreeBSD 4.0-RELEASE is available from ftp.freebsd.org and various FTP
mirror sites throughout the world.  It can also be ordered on CD from
The FreeBSD Mall (http://www.freebsdmall.com), from where it will be
shipping soon on a 4 CD set.  There will also be two such sets available
for 4.0, one containing installation bits for the x86 architecture
(as well a lot of other material of general interest to programmers and
end-users alike) and another for DEC Alpha architecture machines.

FreeBSD 4.0-RELEASE $B$O(B, ftp.freebsd.org $B$*$h$S(B, $B@$3&Cf$KB8:_$9$k(B
FTP $B%_%i!<%5%$%H$+$iF~<j$9$k$3$H$,$G$-$^$9(B.  $B$^$?(B, $B$^$b$J$/=P2Y$5$l$k(B
4 $BKgAH$N(B CD $B$r(B FreeBSD Mall(http://www.freebsdmall.com) $B$GCmJ8$9$k$3$H$b(B
$B2DG=$G$9(B.  FreeBSD 4.0 $B$K$O(B, $B<!$N$h$&$JFs<oN`$,MQ0U$5$l$F$$$^$9(B.  
$B$=$l$>$l(B x86 $B%"!<%-%F%/%A%cMQ$N%$%s%9%H!<%k%-%C%H(B($B$K2C$((B, $B%W%m%0%i%^(B
$B$@$1$G$J$/%(%s%I%f!<%6$K$H$C$F$b6=L#$rA_$-N)$F$i$l$kG[I[J*(B)$B$r4^$s$@$b$N(B, 
$B$b$&0l$D$O(B DEC Alpha $B%"!<%-%F%/%A%cMQ$N$b$N$G$9(B.  

As usual, disc #1 from Walnut Creek CDROM's official distribution (for
both architectures) will also be available via anonymous FTP as soon
as it's been compiled in its final form.  Please monitor the master FTP
site for details.  We also can't promise that all the mirror sites will
carry this rather large (660MB) installation image, but it will at least
be available (once ready) from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/ISO-IMAGES/4.0-install.iso
ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/alpha/ISO-IMAGES/4.0-install.iso

$B:#$^$G$I$*$j(B, Walnut Creek CDROM $B$N8x<0G[I[$K4^$^$l$k%G%#%9%/(B #1 $B$O(B, 
$B=`Hw$,$G$-$7$@$$(B($BN>J}$N%"!<%-%F%/%A%c$H$b$K(B) anonymous FTP $B$G$b(B
$BF~<j$G$-$k$h$&$K$J$kM=Dj$G$9(B.  $B>\$7$/$O(B, FTP $B$N%^%9%?!<%5%$%H$KCmL\$7$F$/$@$5$$(B.  
$B$9$Y$F$N%_%i!<%5%$%H$K(B, $B$3$N5pBg$J%$%s%9%H!<%k%$%a!<%8(B(660MB)$B$,(B
$BMQ0U$5$l$k$3$H$r$*LsB+$9$k$3$H$O$G$-$^$;$s$,(B, $B=`Hw$,$G$-$?8e$O(B, $B>/$J$/$H$b(B

ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/ISO-IMAGES/4.0-install.iso
ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/alpha/ISO-IMAGES/4.0-install.iso

$B$+$iF~<j$9$k$3$H$,2DG=$K$J$j$^$9(B.  

These files allow one to install the base system and all of its most
important add-ons from a single bootable image, one which can be written
as a raw ISO 9660 image by most CD creator software.

$B$3$l$i$N%U%!%$%k$r;H$&$3$H$G(B, FreeBSD $B$N4pK\%7%9%F%`$K2C$((B, 
$B=EMW$JDI2CG[I[J*$N$9$Y$F$r(B, $B%V!<%H2DG=$JC10l$N%G%#%9%/%$%a!<%8$+$i(B
$B%$%s%9%H!<%k$9$k$3$H$,2DG=$K$J$j$^$9(B.  $B$3$N%G%#%9%/%$%a!<%8$O(B, 
$B$[$H$s$I$N(B CDROM $B=q$-9~$_MQ%=%U%H%&%'%"$G(B, ISO 9660 $B%$%a!<%8$H$7$F(B
CD $B$K=q$-9~$`$3$H$,$G$-$^$9(B.  

Even though we make our installation CDs freely available, we also
hope that you'll continue to support the FreeBSD project by purchasing
one of its official CD releases from the FreeBSD mall.  A portion of
each sale goes to support FreeBSD's development and general infrastructure
and is thus highly appreciated.

$B%$%s%9%H!<%k(B CD $B$OL5NA$G<+M3$KF~<j$G$-$k$h$&$K$J$C$F$$$^$9$,(B, 
$B$o$?$7$?$A$O(B, $B$"$J$?$,(B FreeBSD Mall $B$+$i=P2Y$5$l$F$$$k(B
$B8x<0G[I[(B CD $B$r9XF~$7(B, $B7QB3$7$F(B FreeBSD $B%W%m%8%'%/%H$r;Y1g$7$F(B
$B$/$@$5$k$3$H$r4|BT$7$F$$$^$9(B.  $BGd>e$N0lIt$O(B FreeBSD $B$N3+H/$d(B
$B4pHW$N@0Hw$K$"$F$i$l$k(B, $BHs>o$K=EMW$J$b$N$J$N$G$9(B.  

The official FTP distribution site for FreeBSD is:

  ftp://ftp.FreeBSD.org/pub/FreeBSD
  
Or via the WEB pages at:

  http://www.freebsdmall.com
  http://www.wccdrom.com
  
And directly from Walnut Creek CDROM:

  Walnut Creek CDROM
  4041 Pike Lane, #F
  Concord CA, 94520 USA
  Phone: +1 925 674-0783
  Fax: +1 925 674-0821
  Tech Support: +1 925 603-1234
  Email: info@wccdrom.com
  WWW: http://www.wccdrom.com/

FreeBSD $B$N8x<0(B FTP $BG[I[%5%$%H$O(B

  ftp://ftp.FreeBSD.org/pub/FreeBSD

$B$G$9(B.  $B$^$?(B, $B%&%'%V%Z!<%8$G$O(B

  http://www.freebsdmall.com
  http://www.wccdrom.com

$B$+$i%"%/%;%9$G$-$^$9(B.  Walnut Creek CDROM $B$+$i(B
$BD>@\F~<j$9$k>l9g$NO"Mm@h$O<!$N$H$*$j$G$9(B.  

  Walnut Creek CDROM
  4041 Pike Lane, #F
  Concord CA, 94520 USA
  Phone: +1 925 674-0783
  Fax: +1 925 674-0821
  Tech Support: +1 925 603-1234
  Email: info@wccdrom.com
  WWW: http://www.wccdrom.com/
  
Additionally, FreeBSD is available via anonymous FTP from mirror sites
in the following countries: Argentina, Australia, Brazil, Bulgaria,
Canada, the Czech Republic, Denmark, Estonia, Finland, France,
Germany, Hong Kong, Hungary, Iceland, Ireland, Israel, Japan, Korea,
Latvia, Malaysia, the Netherlands, Poland, Portugal, Rumania, Russia,
Slovenia, South Africa, Spain, Sweden, Taiwan, Thailand, the Ukraine
and the United Kingdom (and quite possibly several others which I've
never even heard of :).

$B$5$i$K(B, FreeBSD $B$O0J2<$K$"$2$k3F9q$N%_%i!<%5%$%H$+$i(B
anonymous FTP $B$GF~<j$9$k$3$H$,$G$-$^$9(B.  
$B%"%k%<%s%A%s(B, $B%*!<%9%H%i%j%"(B, $B%V%i%8%k(B, $B%V%k%,%j%"(B, $B%+%J%@(B, $B%A%'%36&OB9q(B,
$B%G%s%^!<%/(B, $B%(%9%H%K%"(B, $B%U%#%s%i%s%I(B, $B%U%i%s%9(B, $B%I%$%D(B, $B9a9A(B,
$B%O%s%,%j!<(B, $B%"%$%9%i%s%I(B, $B%"%$%k%i%s%I(B, $B%$%9%i%(%k(B, $BF|K\(B, $B4Z9q(B, $B%i%H%S%"(B,
$B%^%l!<%7%"(B, $B%*%i%s%@(B, $B%]!<%i%s%I(B, $B%]%k%H%,%k(B, $B%k!<%^%K%"(B, $B%m%7%"(B, $B%9%m%Y%K%"(B,
$BFn%"%U%j%+(B, $B%9%Z%$%s(B, $B%9%&%'!<%G%s(B, $BBfOQ(B, $B%?%$(B, $B%&%/%i%$%J(B, $B%$%.%j%9(B
($B$b$A$m$s(B, $B$o$?$7$NJ9$$$?$3$H$,$J$$B>$N9q$K$b$"$k$G$7$g$&(B :)

Before trying the central FTP site, please check your regional
mirror(s) first by going to:

  ftp://ftp.<yourdomain>.freebsd.org/pub/FreeBSD
  
Any additional mirror sites will be labeled ftp2, ftp3 and so on.

$B%^%9%?!<(B FTP $B%5%$%H$K%"%/%;%9$r;n$_$kA0$K(B, 
$B<!$N$h$&$K$7$F(B, $B$"$J$?$NCO0h$K$"$k%_%i!<%5%$%H$rD4$Y$F$_$F$/$@$5$$(B.  

  ftp://ftp.<$B$"$J$?$NCO0h(B>.freebsd.org/pub/FreeBSD

$BF1$8CO0h$K$"$kB>$N%_%i!<%5%$%H$K$O(B, ftp2, ftp3,...
$B$H$$$&=g$KL>A0$,IU$1$i$l$F$$$^$9(B.  

The latest versions of export-restricted code for FreeBSD (2.0C or
later) (eBones and secure) are also being made available at the
following locations. If you are outside the U.S. or Canada, please get
secure (DES) and eBones (Kerberos) from one of the following foreign
distribution sites:

South Africa
       ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSD
       ftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSD
       
Brazil
       ftp://ftp.br.FreeBSD.ORG/pub/FreeBSD
       
Finland
       ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt

FreeBSD(2.0C $B$*$h$S$=$l0J9_(B)$BMQ$N(B, $B:G?7$NM"=P@)8B$5$l$?(B
$B%3!<%IItJ,(B(eBones $B$H(B secure)$B$O(B, $B<!$N>l=j$+$iF~<j$G$-$k$h$&$K(B
$B$J$C$F$$$^$9(B.  $B9g=09q$*$h$S%+%J%@6&OB9q$K:_=;$G$J$$J}$O(B, 
secure(DES) $B$H(B eBones(Kerberos) $B$r2<$K<($9G[I[%5%$%H$+$iF~<j$7$F$/$@$5$$(B.  

$BFn%"%U%j%+(B
       ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSD
       ftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSD
       
$B%V%i%8%k(B
       ftp://ftp.br.FreeBSD.ORG/pub/FreeBSD
       
$B%U%#%s%i%s%I(B
       ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt

Thanks!

- Jordan

----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="sa0007.txt.new"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:07.mh [REVISED]
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Sun, 19 Mar 2000 22:31:45 -0800 (PST)
  Message-Id: <20000320063145.8E1A037B528@hub.freebsd.org>
  X-Sequence: announce-jp 404

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:07                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	mh/nmh/exmh/exmh2 ports allow remote execution of binary code

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     mh/nmh/exmh/exmh2
$B9pCNF|(B:         2000-03-15
$B2~D{F|(B:	        2000-03-19
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         [$B0J2<$K$"$k>\:Y$J5-=R$r$4Mw$/$@$5$$(B]
		4.0-RELEASE $B$G$O$9$Y$F=$@5:Q$_$G$9(B.
		mh: 2000-03-04
		nmh: 2000-02-29
		exmh: 2000-03-05
		exmh2: 2000-03-05
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are
TCL/TK-based front-ends to the MH system. There are also Japanese-language
versions of the MH and EXMH2 ports, but these are developed separately and are
not vulnerable to the problem described here.

MH $B$*$h$S(B, $B$=$N8e7Q$G$"$k(B NMH $B$O(B, $B?M5$$N$"$k%a!<%k%f!<%6%(!<%8%'%s%H$G$9(B.  
$B$^$?(B, EXMH $B$H(B EXMH2 $B$O(B, TCL/TK $B$r4pK\$H$7$?(B MH $B%7%9%F%`$N%U%m%s%H%(%s%I$G$9(B.  
$BF|K\8lHG(B MH, EXMH2 $B$N(B port $B$bB8:_$7$^$9$,(B, $B$=$l$i$OJL8D$K3+H/$5$l$F$$$k$?$a(B, 
$B$3$3$G=R$Y$i$l$F$$$kLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

The mhshow command used for viewing MIME attachments contains a buffer
overflow which can be exploited by a specially-crafted email attachment,
which will allow the execution of arbitrary code as the local user when the
attachment is opened.

MIME attachments ($BLuCm(B: $B$$$o$f$kE:IU%U%!%$%k$N$3$H(B.  
$B0J2<(B, attachments $B$r!VE:IU%U%!%$%k!W$HI=5-$7$^$9(B) $B$NI=<($K;HMQ$5$l$k(B
mhshow $B%3%^%s%I$K$O(B, $BFCJL$K$D$/$i$l$?%a!<%kE:IU%U%!%$%k$K$h$C$F(B
$B0-MQ$5$l$k2DG=@-$N$"$k%P%C%U%!%*!<%P%U%m!<LdBj$,B8:_$7$^$9(B.  
$B$=$N$?$a(B, $BE:IU%U%!%$%k$r3+$/:]$K(B, $B%m!<%+%k%f!<%6$N8"8B$G(B
$BG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.  

The *MH ports are not installed by default, nor are they "part of
FreeBSD" as such: they are part of the FreeBSD ports collection, which
contains over 3100 third-party applications in a ready-to-install
format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
this problem.

mh/nmh/exmh/exmh2 $B$N(B ports $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  
$B$=$l$i$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  FreeBSD 4.0-RELEASE $B$K4^$^$l$k(B
Ports Collection $B$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

An attacker who can convince a user to open a hostile MIME attachment sent
as part of an email message can execute arbitrary binary code running with
the privileges of that user.

$B967b<T$O%a!<%k%a%C%;!<%8$N0lIt$H$7$F0-0U$N$"$k(B MIME $BE:IU%U%!%$%k$rAw$j(B, 
$B$=$N%U%!%$%k$r3+$$$?%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.  

If you have not chosen to install any of the mh/nmh/exmh/exmh2
ports/packages, then your system is not vulnerable.

mh/nmh/exmh/exmh2 $B$N(B ports $B$b$7$/$O(B packages $B$r0l$D$b%$%s%9%H!<%k$7$F$$$J$1$l$P(B, 
$B%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

The Japanese-language version of MH is being actively developed and is
believed to have fixed this particular problem over a year ago. Consequently
the ja-mh and ja-exmh2 ports are not believed to be vulnerable to this problem.

$BF|K\8lHG(B MH $B$O3hH/$K3+H/$,B3$1$i$l$F$*$j(B, $B$3$NLdBj$O:rG/$N$&$A$K(B
$B=$@5$5$l$F$$$^$9(B.  $B$7$?$,$C$F(B, ja-mh $B$*$h$S(B ja-exmh2 $B$N(B port $B$O(B, 
$B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$OB8:_$7$J$$$H9M$($i$l$^$9(B.  

IV.  $BBP1~:v(B - Workaround

1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will
prevent the viewing of MIME attachments from within *mh.

2) Remove the mh/nmh/exmh/exmh2 ports, if you you have installed them.

1) /usr/local/bin/mhshow $B$K$"$k(B mhshow $B$N%P%$%J%j%U%!%$%k$r:o=|$7$F$/$@$5$$(B.  
   $B$3$l$K$h$j(B, mh/nmh/exmh/exmh2 $B$G(B MIME $BE:IU%U%!%$%k$r(B
   $B1\Mw$9$k$3$H$O$G$-$J$/$J$j$^$9(B.  

2) mh/nmh/exmh/exmh2 $B$N(B ports $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, 
   $B$=$l$i$r:o=|$7$F$/$@$5$$(B.  

V.   $B=$@5=hCV(B - Solution

The English language version of the MH software is no longer actively
developed, and no fix is currently available. It is unknown whether a fix
to the problem will be forthcoming - consider upgrading to use NMH instead,
which is the designated successor of the MH software. EXMH and EXMH2 can
both be compiled to use NMH instead (this is now the default behaviour). It
is not necessary to recompile EXMH/EXMH2 after reinstalling NMH.

$B1Q8lHG$N(B MH $B$O$b$O$d3hH/$J3+H/$,9T$J$o$l$F$$$J$$$?$a(B, $B8=:_$N$H$3$m(B
$B=$@5HG$OB8:_$7$^$;$s(B.  $B$^$?(B, $B>-MhE*$K=$@5HG$,3+H/$5$l$k$+$I$&$+$bITL@$G$9(B.  
$B$=$N$?$a(B, MH $B$rMxMQ$9$k$N$G$O$J$/(B, NMH $B$K99?7$9$k$3$H$r8!F$$7$F$/$@$5$$(B.  
NMH $B$O(B MH $B$N8e7Q$H$7$F@_7W$5$l$?%=%U%H%&%'%"$G$9(B.  EXMH $B$H(B EXMH2 $B$O(B, 
$BN>J}$H$b(B MH $B$NBe$o$j$K(B NMH $B$rMxMQ$7$F%3%s%Q%$%k$9$k$3$H$,$G$-$^$9(B($B8=:_$N(B
$B%G%U%)%k%H$b$=$&$J$C$F$$$^$9(B).  $B$^$?(B, NMH $B$r:F%$%s%9%H!<%k$7$?>l9g$K$O(B, 
$B%$%s%9%H!<%k8e$K(B EXMH/EXMH2 $B$r:F%3%s%Q%$%k$9$kI,MW$O$"$j$^$;$s(B.  

SOLUTION: Remove any old versions of the mail/mh or mail/nmh ports and
perform one of the following:

1) Upgrade your entire ports collection and rebuild the mail/nmh port.

2) Reinstall a new package obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz

3) download a new port skeleton for the nmh port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

$B=$@5=hCV(B:
    mail/mh $B$b$7$/$O(B mail/nmh $B$N5l%P!<%8%g%s$N(B ports $B$r$9$Y$F:o=|$7(B, 
    $B<!$N$$$:$l$+$N<j=g$K=>$C$F$/$@$5$$(B.  

1) Ports Collection $BA4BN$r99?7$7$F(B, mail/nmh $B$N(B ports $B$r:F%3%s%Q%$%k$9$k(B.  

2) $B0J2<$N>l=j$+$i?7$7$$(B package $B$rF~<j$7$F%$%s%9%H!<%k$9$k(B.  

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz

3) $B0J2<$N>l=j$+$i(B nmh $B$N(B $B?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I$7(B, 
   $B$=$l$rMxMQ$7$F(B nmh $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

http://www.freebsd.org/ports/

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

VI.   $B99?7MzNr(B - Revision history

v1.0  2000-03-15   Initial release
v1.1  2000-03-19   Update to note that the japanese-localized ports are not
                   vulnerable

v1.0  2000-03-15   $B=iHG$N8x3+(B
v1.1  2000-03-19   $BF|K\8lHG(B ports $B$K$O%;%-%e%j%F%#>e$N<eE@$,(B
                   $BB8:_$7$J$$$3$H$K4X$9$kCm5-$NDI2C(B

----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="sa0008.txt.new"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Wed, 15 Mar 2000 09:34:43 -0800 (PST)
  Message-Id: <20000315173443.F231737BA56@hub.freebsd.org>
  X-Sequence: announce-jp 399

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:08                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	Lynx ports contain numerous buffer overflows

$BJ,N`(B:           ports
$B%b%8%e!<%k(B      lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current
$B9pCNF|(B:         2000-03-15
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         $BK\J8$r;2>H(B
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

Lynx is a popular text-mode WWW browser, available in several versions
including SSL support and Japanese language localization.

lynx $B$O?M5$$N$"$k%F%-%9%H%b!<%I(B WWW $B%V%i%&%6$G(B, SSL $BBP1~HG$d(B
$BF|K\8lBP1~HG$J$I$N$$$/$D$+$N%P!<%8%g%s$,$"$j$^$9(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

The lynx software is written in a very insecure style and contains numerous
potential and several proven security vulnerabilities (publicized on the
BugTraq mailing list) exploitable by a malicious server.

lynx $B$O(B, $B%;%-%e%j%F%#$r$[$H$s$I9MN8$7$J$$%9%?%$%k$G=q$+$l$F$$$k$?$a(B, 
$B@x:_E*$J%;%-%e%j%F%#>e$N<eE@$r?tB?$/4^$s$G$$$^$9(B.  $B$=$7$F(B, 
$B$=$N$&$A$N$$$/$D$+$O(B, $B0-0U$N%5!<%P$K$h$C$F0-MQ$5$l$k2DG=@-$N$"$k$b$N$G$9(B
(BugTraq $B%a!<%j%s%0%j%9%H$G8x3+$5$l$^$7$?(B).  

The lynx ports are not installed by default, nor are they "part of FreeBSD"
as such: they are part of the FreeBSD ports collection, which contains over
3100 third-party applications in a ready-to-install format.

lynx $B$N(B ports $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  
$B$=$l$i$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

A malicious server which is visited by a user with the lynx browser can
exploit the browser security holes in order to execute arbitrary code as
the local user.

$B%f!<%6$,(B lynx $B%V%i%&%6$r;H$C$F0-0U$N$"$k%5!<%P$K%"%/%;%9$7$?>l9g(B, 
$B$=$N%5!<%P$O%V%i%&%6$N%;%-%e%j%F%#%[!<%k$r0-MQ$7$F(B
$B%"%/%;%9$7$?%m!<%+%k%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.  

If you have not chosen to install any of the
lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then
your system is not vulnerable.

lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current $B$N(B ports $B$b$7$/$O(B packages $B$r(B
$B0l$D$b%$%s%9%H!<%k$7$F$$$J$1$l$P(B, $B%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

IV.  $BBP1~:v(B - Workaround

Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you
you have installed them.

lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current $B$N(B ports $B$,(B
$B%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, $B$=$l$i$r:o=|$7$F$/$@$5$$(B.  

V.   $B=$@5=hCV(B - Solution

Unfortunately, there is no simple fix to the security problems with the
lynx code: it will require a full review by the lynx development team and
recoding of the affected sections with a more security-conscious attitude.

$B;DG0$J$,$i(B, $B$3$N(B lynx $B%3!<%I$KB8:_$9$k%;%-%e%j%F%#>e$NLdBjE@$r(B
$B4JC1$K=$@5$9$kJ}K!$O$"$j$^$;$s(B.  $B$=$l$K$O(B, lynx $B3+H/%A!<%`$K$h$k40A4$J8!>Z$H(B, 
$B$h$j%;%-%e%j%F%#$r9MN8$7$?7A$G$N(B, $B1F6A$9$kItJ,$N:F%3!<%G%#%s%0$rI,MW$H$7$^$9(B.  

In the meantime, there are two other text-mode WWW browsers available in
FreeBSD ports: www/w3m (also available in www/w3m-ssl for an SSL-enabled
version, and japanese/w3m for Japanese-localization) and www/links.

$B$=$l$^$GMxMQ$G$-$k$b$N$H$7$F(B, FreeBSD Ports Collection $B$K$O(B
$BB>$K(B www/w3m(SSL $B$r%5%]!<%H$9$k(B www/w3m-ssl $B$H(B $BF|K\8lHG$N(B japanese/w3m $B$b$"$j$^$9(B)
$B$H(B www/links $B$H$$$&(B, $BFs$D$N%F%-%9%H%b!<%I$N(B WWW $B%V%i%&%6$,4^$^$l$F$$$^$9(B.  

Note that the FreeBSD Security Officer does not make any recommendation
about the security of these two browsers - in particular, they both appear
to contain potential security risks, and a full audit has not been
performed, but at present no proven security holes are known. User beware -
please watch for future security advisories which will publicize any such
vulnerabilities discovered in these ports.

$B$?$@$7(B, FreeBSD Security Officer $B$H$7$F(B, $B$3$l$iFs$D$N%V%i%&%6$r(B
$B%;%-%e%j%F%#$N8+CO$+$i?d>)$7$F$$$k$H$$$&$o$1$G$O$"$j$^$;$s$N$G$4Cm0U$/$@$5$$(B.  
$B$3$l$i$OFs$D$H$b@x:_E*$J%;%-%e%j%F%#%j%9%/$r4^$s$G$$$k$H;W$o$l$^$9$,(B, 
$B40A4$JD4::$,9T$J$o$l$F$$$J$$$?$a(B, $B8!>Z2DG=$J%;%-%e%j%F%#%[!<%k$O8=;~E@$G(B
$BCN$i$l$F$$$^$;$s(B.  $BMxMQ$5$l$k>l9g$K$O(B, $B$3$l$iFs$D$N(B ports $B$N(B
$B%;%-%e%j%F%#>e$N<eE@$K4X$9$k:#8e$N4+9p$KCm0U$9$k$h$&$K$*4j$$$7$^$9(B.  

----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="sa0009.txt.new"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:09.mtr
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Wed, 15 Mar 2000 09:36:26 -0800 (PST)
  Message-Id: <20000315173626.120F537C0AF@hub.freebsd.org>
  X-Sequence: announce-jp 400

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:09                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       mtr port contains a local root exploit.

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     mtr
$B9pCNF|(B:         2000-03-15
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         2000-03-07 (FreeBSD 4.0-RELEASE $B$b4^$`(B)
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

mtr ("Multi Traceroute") combines the functionality of the "traceroute" and
"ping" programs into a single network diagnostic tool.

mtr ("Multi Traceroute") $B$O(B, "traceroute" $B$H(B "ping" $B%W%m%0%i%`$N(B
$B5!G=$r$R$H$D$K$^$H$a$?%M%C%H%o!<%/?GCG%D!<%k$G$9(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

The mtr program (versions 0.41 and below) fails to correctly drop setuid
root privileges during operation, allowing a local root compromise.

mtr $B%W%m%0%i%`(B($B%P!<%8%g%s(B 0.41 $B$*$h$S$=$l0JA0(B)$B$O(B, 
setuid $B$5$l$?(B root $B8"8B$rF0:nCf$K$-$A$s$HL58z2=$7$^$;$s(B.  $B$=$N$?$a(B, 
$B%m!<%+%k$N(B root $B8"8B$,C%$o$l$k4m81@-$,$"$j$^$9(B.  

The mtr port is not installed by default, nor is it "part of FreeBSD" as
such: it is part of the FreeBSD ports collection, which contains over 3100
third-party applications in a ready-to-install format. The FreeBSD
4.0-RELEASE ports collection is not vulnerable to this problem.

mtr $B$N(B port $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  
$B$=$l$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  FreeBSD 4.0-RELEASE $B$K4^$^$l$k(B
Ports Collection $B$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit of
the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

A local user can exploit the security hole to obtain root privileges.

$B%m!<%+%k%f!<%6$O$3$N%;%-%e%j%F%#%[!<%k$r0-MQ$7$F(B, 
$B%m!<%+%k%7%9%F%`$N(B root $B8"8B$rF@$k$3$H$,$G$-$^$9(B.  

If you have not chosen to install the mtr port/package, then your system is
not vulnerable.

mtr $B$N(B port $B$b$7$/$O(B package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B, 
$B%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

IV.  $BBP1~:v(B - Workaround

1) Remove the mtr port if you have installed it.

2) Disable the setuid bit - run the following command as root:

chmod u-s /usr/local/sbin/mtr

This will mean non-root users cannot make use of the program, since it
requires root privileges to properly run.

1) mtr $B$N(B port $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, 
   $B$=$l$r:o=|$7$F$/$@$5$$(B.  

2) setuid $B%S%C%H$rL58z$K$7$F$/$@$5$$(B.  $B$=$l$K$O(B, root $B8"8B$G(B
   $B<!$N%3%^%s%I$r<B9T$7$^$9(B.  

chmod u-s /usr/local/sbin/mtr

mtr $B%W%m%0%i%`$r@5>o$K<B9T$5$;$k$K$O(B root $B8"8B$rI,MW$H$9$k$?$a(B, 
$B$3$NA`:n$K$h$j(B, root $B$G$J$$%f!<%6$O$3$N%W%m%0%i%`$rMxMQ$9$k$3$H$,(B
$B$G$-$J$/$J$j$^$9(B.  

V.   $B=$@5=hCV(B - Solution

1) Upgrade your entire ports collection and rebuild the mtr port.

2) Reinstall a new package obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz

Note: it may be several days before the updated packages are available.

3) download a new port skeleton for the mtr port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

1) Ports Collection $BA4BN$r99?7$7$F(B, mtr $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

2) $B0J2<$N>l=j$+$i?7$7$$(B package $B$rF~<j$7$F%$%s%9%H!<%k$9$k(B.  

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz

 $BCm(B: $B=$@5$5$l$?(B package $B$,8x3+$5$l$k$^$G(B, $B?tF|$+$+$k$+$bCN$l$^$;$s(B.  

3) $B0J2<$N>l=j$+$i(B mtr $B$N(B $B?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I$7(B, 
   $B$=$l$rMxMQ$7$F(B mtr $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

http://www.freebsd.org/ports/

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

----Next_Part(Sat_Mar_25_23:15:06_2000_737)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="sa0010.txt.new"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:10.orville-write
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Wed, 15 Mar 2000 09:37:57 -0800 (PST)
  Message-Id: <20000315173757.8949337BEBE@hub.freebsd.org>
  X-Sequence: announce-jp 401

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:10                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	orville-write port contains local root compromise.

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     orville-write
$B9pCNF|(B:         2000-03-15
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         2000-03-09
FreeBSD $B$K8GM-$+(B:   Yes

I.   $BGX7J(B - Background

Orville-write is a replacement for the write(1) command, which
provides improved control over message delivery and other features.

orville-write $B$O(B, write(1) $B$NBeBX%3%^%s%I$G(B, 
$B%a%C%;!<%8G[Aw@)8f$J$I(B, $B$h$j9bEY$J5!G=$rDs6!$9$k$b$N$G$9(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

One of the commands installed by the port is incorrectly installed
with setuid root permissions. The 'huh' command should not have any
special privileges since it is intended to be run by the local user to
view his saved messages.

$B$3$N(B port $B$G%$%s%9%H!<%k$5$l$k%3%^%s%I$N$R$H$D$K(B, root $B$G(B setuid $B$5$l$?(B
$B5v2DB0@-$GITE,@Z$K%$%s%9%H!<%k$5$l$F$7$^$&$b$N$,$"$j$^$9(B.  
'huh' $B%3%^%s%I$O(B, $B5-O?$5$l$?%a%C%;!<%8$r1\Mw$9$k$?$a$K(B
$B%m!<%+%k%f!<%6$K$h$C$F<B9T$5$l$k%3%^%s%I$G$9(B.  
$B$=$N$?$a(B, $B$=$b$=$bFCJL$J8"8B$r;}$D$Y$-$b$N$G$O$"$j$^$;$s(B.  

The orville-write port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3100 third-party applications in a ready-to-install
format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
this problem.

orville-write $B$N(B port $B$O(B, $B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B, 
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.  
$B$=$l$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9(B.  FreeBSD 4.0-RELEASE $B$K4^$^$l$k(B
Ports Collection $B$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit of
the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

A local user can exploit a buffer overflow in the 'huh' utility to
obtain root privileges.

$B%m!<%+%k%f!<%6$O(B, 'huh' $B%f!<%F%#%j%F%#$KB8:_$9$k%P%C%U%!%*!<%P%U%m!<LdBj$r(B
$B0-MQ$7$F(B root $B8"8B$rF@$k$3$H$,$G$-$^$9(B.  

If you have not chosen to install the orville-write port/package, then
your system is not vulnerable.

orville-write $B$N(B port $B$b$7$/$O(B package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B, 
$B%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.  

IV.  $BBP1~:v(B - Workaround

Remove the orville-write port if you have installed it.

orville-write $B$N(B port $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O(B, 
$B$=$l$r:o=|$7$F$/$@$5$$(B.  

V.   $B=$@5=hCV(B - Solution

Remove the setuid bit from the huh utility, by executing the following
command as root:

chmod u-s /usr/local/bin/huh

It is not necessary to reinstall the orville-write port, although this
can be done in one of the following ways if desired:

huh $B%f!<%F%#%j%F%#$N(B setuid $B%S%C%H$rL58z$K$7$F$/$@$5$$(B.  
$B$=$l$K$O(B, root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.  

chmod u-s /usr/local/bin/huh

orville-write $B$N(B port $B$r:F%$%s%9%H!<%k$9$kI,MW$O$"$j$^$;$s$,(B, 
$B<!$N$$$:$l$+$NJ}K!$G:F%$%s%9%H!<%k$9$k$3$H$,$G$-$^$9(B.  

1) Upgrade your entire ports collection and rebuild the orville-write port.

2) Reinstall a new package dated after the correction date, obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz

Note: it may be several days before the updated packages are available.

3) download a new port skeleton for the orville-write port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz


1) Ports Collection $BA4BN$r99?7$7$F(B, orville-write $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

2) $B0J2<$N>l=j$+$i?7$7$$(B package $B$rF~<j$7$F%$%s%9%H!<%k$9$k(B.  

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz

 $BCm(B: $B=$@5$5$l$?(B package $B$,8x3+$5$l$k$^$G(B, $B?tF|$+$+$k$+$bCN$l$^$;$s(B.  

3) $B0J2<$N>l=j$+$i(B orville-write $B$N(B $B?7$7$$(B port $B%9%1%k%H%s$r%@%&%s%m!<%I$7(B, 
   $B$=$l$rMxMQ$7$F(B orville-write $B$N(B port $B$r:F%3%s%Q%$%k$9$k(B.  

http://www.freebsd.org/ports/

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz

----Next_Part(Sat_Mar_25_23:15:06_2000_737)----
