From owner-doc-jp-work@jp.FreeBSD.org Tue Sep 23 22:29:43 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h8NDThC72140;
	Tue, 23 Sep 2003 22:29:43 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from delta.allbsd.org (p61064-adsao12honb4-acca.tokyo.ocn.ne.jp [220.96.143.64])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id h8NDTgJ72133
	for <doc-jp-work@jp.FreeBSD.org>; Tue, 23 Sep 2003 22:29:42 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from localhost (alph.allbsd.org [192.168.0.10])
	by delta.allbsd.org (8.12.9/8.12.6) with ESMTP id h8NDKF9q087007
	for <doc-jp-work@jp.FreeBSD.org>; Tue, 23 Sep 2003 22:20:17 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Message-Id: <20030923.221946.67905094.hrs@eos.ocn.ne.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200309172237.h8HMbuvK078935@freefall.freebsd.org>
References: <200309172237.h8HMbuvK078935@freefall.freebsd.org>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 3.3 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Tue_Sep_23_22:19:46_2003_987)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Tue, 23 Sep 2003 22:19:46 +0900
X-Sequence: doc-jp-work 705
Subject: [doc-jp-work 705] Re: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory
 FreeBSD-SA-03:12.openssh [REVISED]
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hrs@eos.ocn.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030902

----Next_Part(Tue_Sep_23_22:19:46_2003_987)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 03:12 $B$H(B 03:13 $B$G$9!#(B
 $B$$$m$$$m3NG'$7$F$$$?$iCY$/$J$C$F$7$^$$$^$7$?!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>

----Next_Part(Tue_Sep_23_22:19:46_2003_987)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="03:12"

FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-03:12 (2003-09-16)
 * OpenSSH buffer management error
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED]
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 17 Sep 2003 15:37:56 -0700 (PDT)
  Message-Id: <200309172237.h8HMbuvK078935@freefall.freebsd.org>
  X-Sequence: announce-jp 1177

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r$*$3$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-03:12                                            Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       OpenSSH $B$K$*$1$k%P%C%U%!4IM}$N%(%i!<(B
                (OpenSSH buffer management error)

$BJ,N`(B:           core, ports
$B%b%8%e!<%k(B:     openssh, ports_openssh, openssh-portable
$B9pCNF|(B:         2003-09-16
$B%/%l%8%C%H(B:     The OpenSSH Project <openssh@openssh.org>
$B1F6AHO0O(B:       4.0-RELEASE $B$r4^$`!"$=$l0J9_$N$9$Y$F$N(B FreeBSD $B%j%j!<%9(B
                $B=$@5F|$h$jA0$N(B FreeBSD 4-STABLE
                openssh-3.6.1_3 $B$h$jA0$N(B openssh $B$N(B port
                openssh-portable-3.6.1p2_3 $B$h$jA0$N(B openssh-portable $B$N(B port
$B=$@5F|(B:         2003-09-17 16:24:02 UTC (RELENG_4, 4.9-PRERELEASE)
                2003-09-17 14:46:58 UTC (RELENG_5_1, 5.1-RELEASE-p4)
                2003-09-17 14:50:14 UTC (RELENG_5_0, 5.0-RELEASE-p13)
                2003-09-17 14:51:09 UTC (RELENG_4_8, 4.8-RELEASE-p6)
                2003-09-17 14:51:37 UTC (RELENG_4_7, 4.7-RELEASE-p16)
                2003-09-17 14:52:08 UTC (RELENG_4_6, 4.6-RELEASE-p19)
                2003-09-17 14:52:42 UTC (RELENG_4_5, 4.5-RELEASE-p31)
                2003-09-17 14:57:32 UTC (RELENG_4_4, 4.4-RELEASE-p41)
                2003-09-17 14:58:56 UTC (RELENG_4_3, 4.3-RELEASE-p37)
                2003-09-17 16:07:48 UTC (ports/security/openssh)
                2003-09-17 16:07:48 UTC (ports/security/openssh-portable)
CVE:            CAN-2003-0693, CAN-2003-0695, CAN-2003-0682
FreeBSD $B$K8GM-$+(B:       NO


0.   $B2~D{MzNr(B - Revision History

v1.0  2003-09-16  $B=iHG8x3+(B
v1.1  2003-09-17  sshd $B$N:F5/F0<j=g$K$"$C$?8m5-$N=$@5(B
                  $B%P%C%U%!4IM}$N%(%i!<$r$5$i$K(B 1 $B8D=$@5(B


I.   $BGX7J(B - Background

OpenSSH is a free version of the SSH protocol suite of network
connectivity tools.  OpenSSH encrypts all traffic (including
passwords) to effectively eliminate eavesdropping, connection
hijacking, and other network-level attacks. Additionally, OpenSSH
provides a myriad of secure tunneling capabilities, as well as a
variety of authentication methods. `ssh' is the client application,
while `sshd' is the server.

OpenSSH $B$O(B SSH $B%W%m%H%3%k72$r;H$C$?!"%U%j!<$GMxMQ$G$-$k(B
$B%M%C%H%o!<%/@\B3MQ%D!<%k$G$9!#(BOpenSSH $B$O(B ($B%Q%9%o!<%I$r4^$`(B)
$B$9$Y$F$N%H%i%U%#%C%/$r0E9f2=$9$k$3$H$G!"EpD0$d@\B3$N>h$C<h$j!"(B
$B$=$NB>$N%M%C%H%o!<%/%l%Y%k$N967b$r8z2LE*$KL5NO2=$7$^$9!#(B
$B$^$?(B OpenSSH $B$K$O!"?tB?$/$N%;%-%e%"$J%H%s%M%k$r:n@.$9$k5!G=!"(B
$BK-IY$JG'>ZJ}K!$X$NBP1~$H$$$C$?FCD'$,$"$j$^$9!#(B
`ssh' $B$,%/%i%$%"%s%H%"%W%j%1!<%7%g%s$G!"(B`sshd' $B$,%5!<%P$G$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

Several operations within OpenSSH require dynamic memory allocation
or reallocation.  Examples are: the receipt of a packet larger
than available space in a currently allocated buffer; creation of
additional channels beyond the currently allocated maximum; and
allocation of new sockets beyond the currently allocated maximum.
Many of these operations can fail either due to `out of memory' or
due to explicit checks for ridiculously sized requests.  However, the
failure occurs after the allocation size has already been updated, so
that the bookkeeping data structures are in an inconsistent state (the
recorded size is larger than the actual allocation).  Furthermore,
the detection of these failures causes OpenSSH to invoke several
`fatal_cleanup' handlers, some of which may then attempt to use these
inconsistent data structures.  For example, a handler may zero and
free a buffer in this state, and as a result memory outside of the
allocated area will be overwritten with NUL bytes.

OpenSSH $B$NFbIt$G$*$3$J$o$l$k=hM}$K$O!"%a%b%j$NF0E*$J3d$jEv$F$d(B
$B:F3d$jEv$F$,I,MW$K$J$k$b$N$,J#?t$"$j$^$9!#$3$l$O$?$H$($P!"(B
$B3d$jEv$F$i$l$F$$$k%P%C%U%!$N6u$-NN0h$h$j$bBg$-$$%Q%1%C%H$r(B
$B<u?.$7$?;~!"3d$jEv$F$i$l$F$$$k:GBg%A%c%M%k?t$h$j$bB?$/$N%A%c%M%k$r(B
$B$5$i$K@8@.$9$k;~!"3d$jEv$F$i$l$F$$$k:GBg%=%1%C%H?t$h$j$b(B
$BB?$/$N%=%1%C%H$r?75,$K3d$jEv$F$k;~$J$I$G$9!#(B
$B$3$l$i$N=hM}$NB?$/$O!"%a%b%jITB-!"$b$7$/$O0[>o$J$[$IBg$-$$3d$jEv$FMW5a$K(B
$BBP$9$k%A%'%C%/$,860x$G!"=hM}$,@.8y$7$J$$>l9g$,$"$j$^$9!#(B
$B$7$+$7!"$3$N=hM}$N<:GT$O3d$jEv$F%5%$%:$,99?7$5$l$?8e$KH/@8$9$k$?$a!"(B
$B3d$jEv$F4IM}MQ$N%G!<%?9=B$BN$O!"@09g$N$H$l$F$$$J$$(B ($B5-O?$5$l$F$$$k(B
$B%5%$%:$,!"<B:]$N3d$jEv$F%5%$%:$h$j$bBg$-$$(B) $B>uBV$K$J$j$^$9!#(B
$B$5$i$K!"$3$N$h$&$J=hM}$N<:GT$O(B OpenSSH $B$K$h$C$F8!=P$5$l(B `fatal_cleanup' $B$H$$$&(B
$B%O%s%I%i$,8F$S=P$5$l$k$N$G$9$,!"$3$N%O%s%I%i$NCf$K$O!"$=$N@09g$N(B
$B$H$l$F$$$J$$%G!<%?9=B$BN$rMxMQ$7$h$&$H$9$k$b$N$,$"$j$^$9!#(B
$B$?$H$($P$"$k%O%s%I%i$O!"$=$N$h$&$J>u67$K$J$k$H$=$N%P%C%U%!$r(B 0 $B$G(B
$B>e=q$-$7$F!"%P%C%U%!$r3+J|$7$^$9!#$3$l$O7k2L$H$7$F!"3d$jEv$i$l$?(B
$B%a%b%jNN0h$N30B&$r(B NUL $B%P%$%H$G>e=q$-$9$k$3$H$K$J$j$^$9!#(B


III. $B1F6AHO0O(B - Impact

A remote attacker can cause OpenSSH to crash.  The bug is not believed
to be exploitable for code execution on FreeBSD.

$B%j%b!<%H$N967b<T$O!"(BOpenSSH $B$r%/%i%C%7%e$5$;$k$3$H$,$G$-$k2DG=@-$,(B
$B$"$j$^$9!#$?$@$7$3$N%P%0$O!"(BFreeBSD $B>e$GG$0U$N%3!<%I$r<B9T$9$kL\E*$G(B
$B0-MQ$G$-$k$b$N$G$O$J$$$H9M$($i$l$F$$$^$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

Do one of the following:

$B<!$N$$$:$l$+$R$H$D$K=>$C$F$/$@$5$$!#(B

1) Disable the base system sshd by executing the following command as
   root:

   root $B8"8B$G<!$N%3%^%s%I$r<B9T$7!"%Y!<%9%7%9%F%`$K4^$^$l$k(B
   sshd $B$rL58z$K$9$k!#(B

   # kill `cat /var/run/sshd.pid`

   Be sure that sshd is not restarted when the system is restarted
   by adding the following line to the end of /etc/rc.conf:

   $B%7%9%F%`$,:F5/F0$7$?;~$K(B sshd $B$,:F5/F0$7$J$$$h$&$K!"(B
   /etc/rc.conf $B$K<!$N9T$rDI2C$9$k!#(B

   sshd_enable="NO"

   AND

   $B$=$7$F!"(B

   Deinstall the openssh or openssh-portable ports if you have one of
   them installed.

   openssh $B$b$7$/$O(B openssh-portable $B$N(B port $B$,%$%s%9%H!<%k$5$l$F$$$l$P!"(B
   $B$=$l$i$r%"%s%$%s%9%H!<%k$9$k!#(B


V.   $B2r7h:v(B - Solution

Do one of the following:

$B<!$N$$$:$l$+$R$H$D$K=>$C$F$/$@$5$$!#(B

[For OpenSSH included in the base system]
[$B%Y!<%9%7%9%F%`$K4^$^$l$k(B OpenSSH $B$N>l9g(B]

1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1,
   RELENG_4_8, or RELENG_4_7 security branch dated after
   the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or
   4.7-RELEASE-p15, respectively).

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r(B $B:G?7$N(B 4-STABLE$B!"(B
   $B$b$7$/$O=$@5F|0J9_$N(B RELENG_5_1 (5.1-RELEASE-p3)$B!"(B
   RELENG_4_8 (4.8-RELEASE-p5)$B!"(BRELENG_4_7 (4.7-RELEASE-p15)
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) FreeBSD systems prior to the correction date:
2) $B=$@5F|$h$jA0$N(B FreeBSD $B%7%9%F%`$N>l9g(B:

The following patches have been verified to apply to FreeBSD 4.x and
FreeBSD 5.x systems prior to the correction date.

$B0J2<$N=$@5%Q%C%A$O!"=$@5F|$h$jA0$N(B FreeBSD 5.x$B!"(BFreeBSD 4.x $B%7%9%F%`$K(B
$BE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

Download the appropriate patch and detached PGP signature from the following
locations, and verify the signature using your PGP utility.

$B0J2<$N>l=j$+$iBP1~$9$k=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
PGP $B=pL>$r8!>Z$7$^$9!#(B

[FreeBSD 4.3 and 4.4]
[FreeBSD 4.3 $B$*$h$S(B 4.4]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch.asc

[FreeBSD 4.5]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc

[FreeBSD 4.6 and later, FreeBSD 5.0 and later]
[FreeBSD 4.6 $B$H$=$l0J9_!"$*$h$S(B FreeBSD 5.0 $B$H$=$l0J9_(B]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc

Execute the following commands as root:
root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9!#(B

# cd /usr/src
# patch < /path/to/sshd.patch
# cd /usr/src/secure/lib/libssh
# make depend && make all install
# cd /usr/src/secure/usr.sbin/sshd
# make depend && make all install
# cd /usr/src/secure/usr.bin/ssh
# make depend && make all install

 ($BLuCm(B: /path/to/sshd.patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

Be sure to restart `sshd' after updating.

$B99?78e$K$O!"I,$:(B sshd $B$r:F5/F0$7$F$/$@$5$$!#(B

# kill `cat /var/run/sshd.pid`
# /usr/sbin/sshd

[For the OpenSSH ports]
[OpenSSH $B$N(B port $B$N>l9g(B]

$B<!$N$$$:$l$+$R$H$D$K=>$C$F$/$@$5$$!#(B

1) Upgrade your entire ports collection and rebuild the OpenSSH port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B OpenSSH $B$N(B port $B$r:F9=C[$9$k!#(B

2) Deinstall the old package and install a new package obtained from
the following directory:

2) $B8E$$(B ($BLuCm(B: OpenSSH $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7!"(B
   $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i(B
   $B<hF@$7$F%$%s%9%H!<%k$9$k!#(B

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/

[other platforms]
Packages are not automatically generated for other platforms at this
time due to lack of build resources.

[$B$=$NB>$N%W%i%C%H%U%)!<%`(B]
$B8=;~E@$G$O$=$NB>$N%"!<%-%F%/%A%cMQ$N(B package $B$O<+F0@8@.$5$l$F$$$^$;$s!#(B
$B$3$l$O!"9=C[$N$?$a$N%^%7%s%j%=!<%9$,ITB-$7$F$$$k$?$a$G$9!#(B

3) Download a new port skeleton for the openssh or openssh-portable
port from:

3) openssh $B$"$k$$$O(B openssh-portable $B$N?7$7$$(B port $B%9%1%k%H%s$r(B
   $B0J2<$N>l=j$+$i%@%&%s%m!<%I$7!"$=$l$r;H$C$F(B port $B$r:F9=C[$9$k!#(B

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K$*$3$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$&!#(B
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9!#(B
   $B$^$?!"(Bportcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9!#(B

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz

Be sure to restart `sshd' after updating.

$B99?78e$K$O!"I,$:(B sshd $B$r:F5/F0$7$F$/$@$5$$!#(B

# kill `cat /var/run/sshd.pid`
# test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start


VI.  $B=$@5$N>\:Y(B - Correction details

The following list contains the revision numbers of each file that was
corrected in the FreeBSD base system and ports collection.

FreeBSD $B%Y!<%9%7%9%F%`$*$h$S(B FreeBSD Ports Collection $B$K$*$$$F!"(B
$B:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O0J2<$N$H$*$j$G$9!#(B

Branch                                                           Revision
$B%V%i%s%A(B                                                         $B%j%S%8%g%s(B
  Path
  $B%Q%9L>(B
- -------------------------------------------------------------------------
[Base system]
[$B%Y!<%9%7%9%F%`(B]
RELENG_4
  src/crypto/openssh/buffer.c                                 1.1.1.1.2.7
  src/crypto/openssh/channels.c                              1.1.1.1.2.10
  src/crypto/openssh/deattack.c                               1.1.1.1.2.5
  src/crypto/openssh/misc.c                                   1.1.1.1.2.3
  src/crypto/openssh/session.c                                   1.4.2.18
  src/crypto/openssh/ssh-agent.c                                 1.2.2.11
  src/crypto/openssh/version.h                               1.1.1.1.2.12
RELENG_5_1
  src/UPDATING                                                  1.251.2.5
  src/crypto/openssh/buffer.c                                 1.1.1.6.4.2
  src/crypto/openssh/channels.c                                  1.15.2.1
  src/crypto/openssh/deattack.c                               1.1.1.5.4.1
  src/crypto/openssh/misc.c                                   1.1.1.4.2.1
  src/crypto/openssh/session.c                                   1.40.2.1
  src/crypto/openssh/ssh-agent.c                                 1.18.2.1
  src/crypto/openssh/version.h                                   1.20.2.2
  src/sys/conf/newvers.sh                                        1.50.2.6
RELENG_5_0
  src/UPDATING                                                 1.229.2.19
  src/crypto/openssh/buffer.c                                 1.1.1.6.2.2
  src/crypto/openssh/channels.c                                  1.13.2.1
  src/crypto/openssh/deattack.c                               1.1.1.5.2.1
  src/crypto/openssh/misc.c                                   1.1.1.3.2.1
  src/crypto/openssh/session.c                                   1.38.2.1
  src/crypto/openssh/ssh-agent.c                                 1.16.2.1
  src/crypto/openssh/version.h                                   1.18.2.2
  src/sys/conf/newvers.sh                                       1.48.2.14
RELENG_4_8
  src/UPDATING                                              1.73.2.80.2.8
  src/crypto/openssh/buffer.c                             1.1.1.1.2.4.4.2
  src/crypto/openssh/channels.c                           1.1.1.1.2.8.2.1
  src/crypto/openssh/deattack.c                           1.1.1.1.2.4.4.1
  src/crypto/openssh/misc.c                               1.1.1.1.2.2.4.1
  src/crypto/openssh/session.c                               1.4.2.17.2.1
  src/crypto/openssh/ssh-agent.c                             1.2.2.10.2.1
  src/crypto/openssh/version.h                           1.1.1.1.2.10.2.2
  src/sys/conf/newvers.sh                                   1.44.2.29.2.7
RELENG_4_7
  src/UPDATING                                             1.73.2.74.2.19
  src/crypto/openssh/buffer.c                             1.1.1.1.2.4.2.2
  src/crypto/openssh/channels.c                           1.1.1.1.2.7.2.1
  src/crypto/openssh/deattack.c                           1.1.1.1.2.4.2.1
  src/crypto/openssh/misc.c                               1.1.1.1.2.2.2.1
  src/crypto/openssh/session.c                               1.4.2.16.2.1
  src/crypto/openssh/ssh-agent.c                              1.2.2.8.2.1
  src/crypto/openssh/version.h                            1.1.1.1.2.9.2.2
  src/sys/conf/newvers.sh                                  1.44.2.26.2.18
RELENG_4_6
  src/UPDATING                                             1.73.2.68.2.47
  src/crypto/openssh/buffer.c                             1.1.1.1.2.3.4.3
  src/crypto/openssh/channels.c                           1.1.1.1.2.6.2.2
  src/crypto/openssh/deattack.c                           1.1.1.1.2.3.4.2
  src/crypto/openssh/misc.c                               1.1.1.1.2.1.4.2
  src/crypto/openssh/session.c                               1.4.2.12.2.2
  src/crypto/openssh/ssh-agent.c                              1.2.2.7.4.2
  src/crypto/openssh/version.h                            1.1.1.1.2.8.2.3
  src/sys/conf/newvers.sh                                  1.44.2.23.2.36
RELENG_4_5
  src/UPDATING                                             1.73.2.50.2.48
  src/crypto/openssh/buffer.c                             1.1.1.1.2.3.2.2
  src/crypto/openssh/channels.c                           1.1.1.1.2.5.2.2
  src/crypto/openssh/deattack.c                           1.1.1.1.2.3.2.1
  src/crypto/openssh/scp.c                                1.1.1.1.2.4.2.1
  src/crypto/openssh/session.c                               1.4.2.11.2.1
  src/crypto/openssh/ssh-agent.c                              1.2.2.7.2.1
  src/crypto/openssh/version.h                            1.1.1.1.2.7.2.3
  src/sys/conf/newvers.sh                                  1.44.2.20.2.32
RELENG_4_4
  src/UPDATING                                             1.73.2.43.2.49
  src/crypto/openssh/buffer.c                             1.1.1.1.2.2.4.2
  src/crypto/openssh/channels.c                           1.1.1.1.2.4.4.2
  src/crypto/openssh/deattack.c                           1.1.1.1.2.2.4.1
  src/crypto/openssh/scp.c                                1.1.1.1.2.3.4.1
  src/crypto/openssh/session.c                                1.4.2.8.4.2
  src/crypto/openssh/ssh-agent.c                              1.2.2.6.4.1
  src/crypto/openssh/version.h                            1.1.1.1.2.5.2.4
  src/sys/conf/newvers.sh                                  1.44.2.17.2.40
RELENG_4_3
  src/UPDATING                                             1.73.2.28.2.36
  src/crypto/openssh/buffer.c                             1.1.1.1.2.2.2.2
  src/crypto/openssh/channels.c                           1.1.1.1.2.4.2.2
  src/crypto/openssh/deattack.c                           1.1.1.1.2.2.2.1
  src/crypto/openssh/scp.c                                1.1.1.1.2.3.2.1
  src/crypto/openssh/session.c                                1.4.2.8.2.2
  src/crypto/openssh/ssh-agent.c                              1.2.2.6.2.1
  src/crypto/openssh/version.h                            1.1.1.1.2.4.2.4
  src/sys/conf/newvers.sh                                  1.44.2.14.2.26
[Ports]
  ports/security/openssh-portable/Makefile                           1.75
  ports/security/openssh-portable/files/patch-buffer.c                1.2
  ports/security/openssh-portable/files/patch-deattack.c              1.1
  ports/security/openssh-portable/files/patch-misc.c                  1.3
  ports/security/openssh-portable/files/patch-session.c              1.16
  ports/security/openssh-portable/files/patch-ssh-agent.c             1.1
  ports/security/openssh/Makefile                                   1.122
  ports/security/openssh/files/patch-buffer.c                         1.2
  ports/security/openssh/files/patch-deattack.c                       1.1
  ports/security/openssh/files/patch-misc.c                           1.3
  ports/security/openssh/files/patch-session.c                       1.15
  ports/security/openssh/files/patch-ssh-agent.c                      1.1
- -------------------------------------------------------------------------

Branch                       Version string
$B%V%i%s%A(B                     $B%P!<%8%g%sJ8;zNs(B
- -------------------------------------------------------------------------
HEAD                         OpenSSH_3.6.1p1 FreeBSD-20030917
RELENG_4                     OpenSSH_3.5p1 FreeBSD-20030917
RELENG_5_1                   OpenSSH_3.6.1p1 FreeBSD-20030917
RELENG_4_8                   OpenSSH_3.5p1 FreeBSD-20030917
RELENG_4_7                   OpenSSH_3.4p1 FreeBSD-20030917
RELENG_4_6                   OpenSSH_3.4p1 FreeBSD-20030917
RELENG_4_5                   OpenSSH_2.9 FreeBSD localisations 20030917
RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20030917
RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20030917
- -------------------------------------------------------------------------

To view the version string of the OpenSSH server, execute the
following command:

sshd $B%5!<%P$N%P!<%8%g%sJ8;zNs$rI=<($9$k$K$O!"<!$N%3%^%s%I$r<B9T$7$^$9!#(B

  % /usr/sbin/sshd -\?

The version string is also displayed when a client connects to the
server.

$B%P!<%8%g%sJ8;zNs$O!"%/%i%$%"%s%H$,%5!<%P$K@\B3$7$?;~$K$bI=<($5$l$^$9!#(B

To view the version string of the OpenSSH client, execute the
following command:

OpenSSH $B%/%i%$%"%s%H$N%P!<%8%g%sJ8;zNs$rI=<($9$k$K$O!"(B
$B<!$N%3%^%s%I$r<B9T$7$^$9!#(B

  % /usr/bin/ssh -V


VII. $B;29M;qNA(B - References

<URL:http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html>

<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682>


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html ($B1QJ8(B)
 http://www.FreeBSD.org/doc/ja_JP.eucJP/books/handbook/mirrors.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B

$hrs: announce-jp/FreeBSD-SA/03:12,v 1.5 2003/09/23 13:13:40 hrs Exp $

----Next_Part(Tue_Sep_23_22:19:46_2003_987)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="03:13"

FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-03:13.sendmail (2003-09-17)
 * a third sendmail header parsing buffer overflow
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 17 Sep 2003 15:38:19 -0700 (PDT)
  Message-Id: <200309172238.h8HMcJuT079015@freefall.freebsd.org>
  X-Sequence: announce-jp 1178

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r$*$3$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-03:13.sendmail                                   Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:       sendmail $B%X%C%@2r@O$K$*$1$k(B 3 $B8DL\$N%P%C%U%!%*!<%P%U%m!<LdBj(B
                (a third sendmail header parsing buffer overflow)

$BJ,N`(B:           contrib
$B%b%8%e!<%k(B:     contrib_sendmail
$B9pCNF|(B:         2003-09-17
$B%/%l%8%C%H(B:     Michal Zalewski <lcamtuf@dione.ids.pl>
                Todd C. Miller <Todd.Miller@courtesan.com>
$B1F6AHO0O(B:       All releases of FreeBSD
                FreeBSD 4-STABLE prior to the correction date
$B=$@5F|(B:         2003-09-17 15:18:20 UTC (RELENG_4, 4.9-PRERELEASE)
                2003-09-17 20:19:00 UTC (RELENG_5_1, 5.1-RELEASE-p5)
                2003-09-17 20:19:22 UTC (RELENG_5_0, 5.0-RELEASE-p14)
                2003-09-17 20:19:52 UTC (RELENG_4_8, 4.8-RELEASE-p7)
                2003-09-17 20:20:08 UTC (RELENG_4_7, 4.7-RELEASE-p17)
                2003-09-17 20:20:31 UTC (RELENG_4_6, 4.6-RELEASE-p20)
                2003-09-17 20:20:54 UTC (RELENG_4_5, 4.5-RELEASE-p32)
                2003-09-17 20:21:15 UTC (RELENG_4_4, 4.4-RELEASE-p42)
                2003-09-17 20:21:40 UTC (RELENG_4_3, 4.3-RELEASE-p38)
                2003-09-17 20:22:03 UTC (RELENG_3)
FreeBSD $B$K8GM-$+(B:       NO


I.   $BGX7J(B - Background

FreeBSD includes sendmail(8), a general purpose internetwork mail
routing facility, as the default Mail Transfer Agent (MTA).

FreeBSD $B$G$O!"%G%U%)%k%H$N(B Mail Transfer Agent (MTA) $B$H$7$F!"(B
$BHFMQ$N%M%C%H%o!<%/4V%a!<%kG[Aw%=%U%H%&%'%"$N$R$H$D$G$"$k(B
sendmail(8) $B$r:NMQ$7$F$$$^$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

A buffer overflow that may occur during header parsing was identified.

$B%X%C%@2r@O;~$K%P%C%U%!%*!<%P%U%m!<$r5/$3$92DG=@-$N$"$kLdBj$,(B
$BH/8+$5$l$^$7$?!#(B

NOTE WELL:  This issue is distinct from the issue described in
`FreeBSD-SA-03:04.sendmail' and `FreeBSD-SA-03:07.sendmail', although
the impact is very similar.

$B=EMW(B: $B1F6AHO0O$OHs>o$K;w$F$$$^$9$,!"$3$l$O(B FreeBSD-SA-03:04.sendmail 
      $B$*$h$S(B FreeBSD-SA-03:07.sendmail $B$G@bL@$5$l$F$$$kLdBj$H$O!"JL$NLdBj$G$9!#(B


III. $B1F6AHO0O(B - Impact

An attacker could create a specially crafted message that may cause
sendmail to execute arbitrary code with the privileges of the user
running sendmail, typically root.  The malicious message might be
handled (and the vulnerability triggered) by the initial sendmail MTA,
by any relaying sendmail MTA, or by the delivering sendmail process.

$B967b<T$O!"FC<l$J:Y9)$r;\$7$?%a%C%;!<%8$r:n@.$9$k$3$H$G!"(B
sendmail $B$r5/F0$7$?%f!<%6(B ($BDL>o$O(B root) $B$N8"8B$G!"(Bsendmail $B$K(B
$BG$0U$N%3!<%I$r<B9T$5$;$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9!#(B
$B$3$N0-0U$"$k%a%C%;!<%8$O!":G=i$K%a!<%k$r<u$1<h$k(B sendmail MTA$B!"(B
$B%j%l!<$r$*$3$J$&(B sendmail MTA$B!"(Bsendmail $B$NG[Aw%W%m%;%9$J$I$K$h$C$F(B
$BG[Aw=hM}$,$*$3$J$o$l$^$9$,!"$=$N$h$&$J(B sendmail $B$,4XM?$9$k!"(B
$B$9$Y$F$N2aDx$G$3$N%;%-%e%j%F%#>e$N<eE@$,0-MQ$5$l$k4m81@-$,$"$j$^$9!#(B


IV.  $B2sHrJ}K!(B - Workaround

Disable sendmail by executing the following commands as root:

$B<!$N%3%^%s%I$r(B root $B8"8B$G<B9T$7!"(Bsendmail $B$rL58z$K$7$^$9!#(B

  # sh /etc/rc.sendmail stop
  # chmod 0 /usr/libexec/sendmail/sendmail

Be sure that sendmail is not restarted when the system is restarted
by adding the following line to the end of /etc/rc.conf:

$B%7%9%F%`$,:F5/F0$7$?;~$K(B sendmail $B$,:F5/F0$7$J$$$h$&$K!"(B
/etc/rc.conf $B$K<!$N9T$rDI2C$7$^$9!#(B

  sendmail_enable="NO"
  sendmail_submit_enable="NO"
  sendmail_outbound_enable="NO"


V.   $B2r7h:v(B - Solution

Do one of the following:
$B<!$N$$$:$l$+$R$H$D$K=>$C$F$/$@$5$$!#(B

1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1,
RELENG_4_8, or RELENG_4_7 security branch dated after the correction
date.

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r(B $B:G?7$N(B 4-STABLE$B!"(B
   $B$b$7$/$O=$@5F|0J9_$N(B RELENG_5_1$B!"(BRELENG_4_8$B!"(BRELENG_4_7
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) To patch your present system:
2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

The following patch has been verified to apply to FreeBSD 5.1, 4.8,
and 4.7 systems.

$B0J2<$N=$@5%Q%C%A$O!"(BFreeBSD 5.1$B!"(BFreeBSD 4.8$B!"(BFreeBSD 4.7 $B%7%9%F%`$K(B
$BE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$^$9!#(B

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#(B

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch.asc

b) Execute the following commands as root:
b) root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libsm
# make obj && make depend && make
# cd /usr/src/lib/libsmutil
# make obj && make depend && make
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install

 ($BLuCm(B: /path/to/patch $B$NItJ,$O=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

c) Restart sendmail.  Execute the following command as root.
c) sendmail $B$r:F5/F0$7$^$9!#(B  root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$F$/$@$5$$!#(B

# /bin/sh /etc/rc.sendmail restart


VI.  $B=$@5$N>\:Y(B - Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

Branch                                                           Revision
$B%V%i%s%A(B                                                         $B%j%S%8%g%s(B
  Path
  $B%Q%9L>(B
- -------------------------------------------------------------------------
RELENG_4
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.14
RELENG_5_1
  src/UPDATING                                                  1.251.2.6
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.17.2.1
  src/contrib/sendmail/src/version.c                         1.1.1.19.2.1
  src/sys/conf/newvers.sh                                        1.50.2.7
RELENG_5_0
  src/UPDATING                                                 1.229.2.20
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.14.2.3
  src/contrib/sendmail/src/version.c                         1.1.1.16.2.2
  src/sys/conf/newvers.sh                                       1.48.2.15
RELENG_4_8
  src/UPDATING                                              1.73.2.80.2.9
  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.12.2.2
  src/contrib/sendmail/src/version.c                     1.1.1.3.2.14.2.2
  src/sys/conf/newvers.sh                                   1.44.2.29.2.8
RELENG_4_7
  src/UPDATING                                             1.73.2.74.2.20
  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.10.2.3
  src/contrib/sendmail/src/version.c                     1.1.1.3.2.12.2.2
  src/sys/conf/newvers.sh                                  1.44.2.26.2.19
RELENG_4_6
  src/UPDATING                                             1.73.2.68.2.48
  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.8.2.3
  src/contrib/sendmail/src/version.c                      1.1.1.3.2.9.2.2
  src/sys/conf/newvers.sh                                  1.44.2.23.2.37
RELENG_4_5
  src/UPDATING                                             1.73.2.50.2.49
  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.4.3
  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.4.2
  src/sys/conf/newvers.sh                                  1.44.2.20.2.33
RELENG_4_4
  src/UPDATING                                             1.73.2.43.2.50
  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.2.3
  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.2.2
  src/sys/conf/newvers.sh                                  1.44.2.17.2.41
RELENG_4_3
  src/UPDATING                                             1.73.2.28.2.37
  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.4.2.3
  src/contrib/sendmail/src/version.c                      1.1.1.3.2.4.2.2
  src/sys/conf/newvers.sh                                  1.44.2.14.2.27
RELENG_3
  src/contrib/sendmail/src/parseaddr.c                        1.1.1.2.2.3
  src/contrib/sendmail/src/version.c                          1.1.1.2.2.3
- -------------------------------------------------------------------------


VII. $B;29M;qNA(B - References

<URL: http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694 >


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html ($B1QJ8(B)
 http://www.FreeBSD.org/doc/ja_JP.eucJP/books/handbook/mirrors.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B

$hrs: announce-jp/FreeBSD-SA/03:13,v 1.3 2003/09/23 13:13:40 hrs Exp $

----Next_Part(Tue_Sep_23_22:19:46_2003_987)----
