version 1.563, 2006/09/09 03:04:22 |
version 1.564, 2006/09/09 13:05:53 |
|
|
<font color="#009000"><strong>009: SECURITY FIX: September 2, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>009: SECURITY FIX: September 2, 2006</strong></font> <i>All architectures</i><br> |
Due to the failure to correctly validate LCP configuration option lengths, |
Due to the failure to correctly validate LCP configuration option lengths, |
it is possible for an attacker to send LCP packets via an |
it is possible for an attacker to send LCP packets via an |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">sppp(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a> |
connection causing the kernel to panic. |
connection causing the kernel to panic. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a> |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a> |
<br> |
<br> |
|
|
<li><a name="isakmpd"></a> |
<li><a name="isakmpd"></a> |
<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
A problem in |
A problem in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
caused IPsec to run partly without replay protection. If |
caused IPsec to run partly without replay protection. If |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. |
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. |
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the |
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the |
replay counter. |
replay counter. |
|
|
<li><a name="dhcpd"></a> |
<li><a name="dhcpd"></a> |
<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
Due to an off-by-one error in |
Due to an off-by-one error in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>, |
it is possible to cause |
it is possible to cause |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> |
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. |
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a> |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a> |
<br> |
<br> |
|
|
|
|
<li><a name="httpd"></a> |
<li><a name="httpd"></a> |
<font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font> <i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s |
's mod_rewrite has a potentially exploitable off-by-one buffer overflow. |
mod_rewrite has a potentially exploitable off-by-one buffer overflow. |
The buffer overflow may result in a vulnerability which, in combination |
The buffer overflow may result in a vulnerability which, in combination |
with certain types of Rewrite rules in the web server configuration files, |
with certain types of Rewrite rules in the web server configuration files, |
could be triggered remotely. The default install is not affected by the |
could be triggered remotely. The default install is not affected by the |