| version 1.367, 2001/12/31 01:25:54 |
version 1.368, 2002/01/18 17:41:57 |
|
|
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
| <ul> |
<ul> |
| |
<a name=sudo> |
| |
<li><font color=#009000><strong>011: SECURITY FIX: January 17, 2002</strong></font><br> |
| |
If the Postfix sendmail replacement is installed on a system an |
| |
attacker may be able to gain root privileges on the local host via |
| |
sudo(8) which runs the mailer as root with an environment inherited |
| |
from the invoking user. While this is a bug in sudo it is not |
| |
believed to be possible to exploit when sendmail (the mailer that |
| |
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes |
| |
the mailer an environment that is not subject to influence from the |
| |
invoking user. |
| |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/011_sudo.patch">A source code patch exists which remedies the problem</a>. |
| |
<p> |
| <a name=ipip> |
<a name=ipip> |
| <li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br> |
<li><font color=#009000><strong>010: RELIABILITY FIX: December 13, 2001</strong></font><br> |
| Systems running with IP-in-IP encapulation can be made to crash by |
Systems running with IP-in-IP encapulation can be made to crash by |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www