version 1.25, 2001/06/09 16:39:02 |
version 1.26, 2001/08/08 21:06:32 |
|
|
<a name=ruserok></a> |
<a name=ruserok></a> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
<li><font color=#009000><strong>SECURITY FIX</strong></font><br> |
A combination localhost+remote host security problem exists if a |
A combination localhost+remote host security problem exists if a |
local user running a setuid binary causes a non-existant root .rhosts |
local user running a setuid binary causes a non-existent root .rhosts |
file to be created via a symbolic link with a specific kind of corefile, |
file to be created via a symbolic link with a specific kind of corefile, |
and then subsequently uses rsh/rlogin to enter the machine from remote. |
and then subsequently uses rsh/rlogin to enter the machine from remote. |
A similar exploit might also be possible using sshd which lacks any code |
A similar exploit might also be possible using sshd which lacks any code |
|
|
<ul> |
<ul> |
<a name=f00f></a> |
<a name=f00f></a> |
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br> |
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br> |
The Intel P5 F00F bug was discovered after the CDR's had already been |
The Intel P5 F00F bug was discovered after the CDRs had already been |
sent to the manufacturer. This problem permits any user who has an account |
sent to the manufacturer. This problem permits any user who has an account |
to lock your machine up using a 4-line program. The problem only affects |
to lock your machine up using a 4-line program. The problem only affects |
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, |
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, |