| version 1.25, 2001/06/09 16:39:02 |
version 1.26, 2001/08/08 21:06:32 |
|
|
| <a name=ruserok></a> |
<a name=ruserok></a> |
| <li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
| A combination localhost+remote host security problem exists if a |
A combination localhost+remote host security problem exists if a |
| local user running a setuid binary causes a non-existant root .rhosts |
local user running a setuid binary causes a non-existent root .rhosts |
| file to be created via a symbolic link with a specific kind of corefile, |
file to be created via a symbolic link with a specific kind of corefile, |
| and then subsequently uses rsh/rlogin to enter the machine from remote. |
and then subsequently uses rsh/rlogin to enter the machine from remote. |
| A similar exploit might also be possible using sshd which lacks any code |
A similar exploit might also be possible using sshd which lacks any code |
|
|
| <ul> |
<ul> |
| <a name=f00f></a> |
<a name=f00f></a> |
| <li><font color=#009000><strong>RELIABILITY FIX</strong></font><br> |
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br> |
| The Intel P5 F00F bug was discovered after the CDR's had already been |
The Intel P5 F00F bug was discovered after the CDRs had already been |
| sent to the manufacturer. This problem permits any user who has an account |
sent to the manufacturer. This problem permits any user who has an account |
| to lock your machine up using a 4-line program. The problem only affects |
to lock your machine up using a 4-line program. The problem only affects |
| Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, |
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata22.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www