version 1.91, 1998/04/22 14:52:49 |
version 1.92, 1998/04/22 14:55:30 |
|
|
<a name=rmjob></a> |
<a name=rmjob></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
An exploitable buffer mismanagement exists in a subroutine used by |
An exploitable buffer mismanagement exists in a subroutine used by |
lprm and lpd. The problem is only localhost exploitable if you |
lprm and lpd. The problem is exploitable by users on a particular |
have lpd enabled and <strong>/etc/printcap</strong> pointing at |
machine if there is an entry in <strong>/etc/printcap</strong> which |
a remote printer. |
points at a remote printer. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rmjob.patch> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |
<a name=uucpd></a> |
<a name=uucpd></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
A DNS-based vulnerability exists when uucpd is used. By default this ships |
A DNS-based vulnerability exists when uucpd is used. By default uucpd |
disabled in the system, but some sites may have enabled it. |
is not enabled in the OpenBSD releases, but some sites may have enabled it. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch> |
A patch is available which corrects this behaviour</a>. |
A patch is available which corrects this behaviour</a>. |
<p> |
<p> |