https://search.wikileaks.org/?q=freebsd Currently returns many pages similarly named... "Shell Code Database This page includes local links to a shellcode database discovered at shell-storm.org." (And a pentest report mention from much older HBGary. Plus some other unlikely miscellaneous hits.) As this is only part 1 of a supposedly multipart release of potentially new exploits, it makes sense to establish ongoing search and review of this dataset for any as yet unfixed exploits. Included as fyi on cc: questions@ and hackers@ . Discussion is likely better moved in reply to just security@ , with reporting of any actual unfixed exploits found to the FreeBSD Bugzilla tracker.
Dag-Erling Smørgrav
2017-Mar-08 15:52 UTC
WikiLeaks CIA Exploits: FreeBSD References Within
grarpamp <grarpamp at gmail.com> writes:> https://search.wikileaks.org/?q=freebsd > > Currently returns many pages similarly named... > > "Shell Code Database > This page includes local links to a shellcode > database discovered at shell-storm.org."That doesn't indicate a vulnerability. Shell code is what you use to exploit a remote code execution vulnerability once you've found it. It usually needs to be tailored to the target operating system, sometimes to the exact environment and to the application used to inject it, so it makes sense that a shell code database would reference FreeBSD.> [...] it makes sense to establish ongoing search and review of this > dataset for any as yet unfixed exploits.Note to anyone thinking of getting involved in this: depending on your jurisdiction and employment situation, downloading material from the CIA dump may be illegal and / or a firing offense. Simply browsing it online may or may not be safe; get legal advice before you do. IANAL. DES -- Dag-Erling Sm?rgrav - des at des.no
Steven Chamberlain
2017-Mar-13 22:06 UTC
arc4random weakness (was: WikiLeaks CIA Exploits: FreeBSD References Within)
From this document (TOP SECRET//SI//NOFORN): https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf version 1.0 said: | 8. (S//NF) [...] If RC4 is used, at least the first 1024 | bytes of the cryptostream must be discarded and may not be used and that is exactly what FreeBSD's libc and in-kernel arc4random implementations do. version 1.1 received input from another agency: | (C//SI//REL FVEY) Coordinated with NSA/CES. and a new requirement was introduced: | (TS//SI) 5.9: Added additional information about proper use of RC4. | 9. (TS//SI) Further than stated above, if RC4 is used the first 3072 | bytes of the cryptostream must be discarded and may not be used. I think you should take that to mean, the NSA has, or suspects someone else to have, a practical attack on RC4 when being used as FreeBSD does currently. The document seems 4-5 years old already as it prohibits use of RC4 at all from 2014 onward. Please consider switching to ChaCha20 in the long term (kern/182610), but right now, at least increase the amount of early keystream that is discarded. Many thanks, Regards, -- Steven Chamberlain steven at pyro.eu.org -------------- next part -------------- A non-text attachment was scrubbed... Name: arc4random.patch Type: text/x-diff Size: 1138 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170313/aab8cd51/attachment.patch> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: Digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170313/aab8cd51/attachment.sig>