=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata28.html,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- www/errata28.html 2016/03/21 05:46:19 1.77 +++ www/errata28.html 2016/03/22 10:54:42 1.78 @@ -85,7 +85,7 @@
  • 033: SECURITY FIX: September 11, 2001   All architectures
    -A security hole exists in uuxqt(8) +A security hole exists in uuxqt(8) that may allow an attacker to run arbitrary commands as user uucp and use this to gain root access. The UUCP execution daemon, uuxqt(8), has a bug in its command line @@ -99,7 +99,7 @@
  • 032: SECURITY FIX: August 29, 2001   All architectures
    -A security hole exists in lpd(8) +A security hole exists in lpd(8) that may allow an attacker with line printer access to gain root privileges. A machine must be running lpd to be vulnerable (OpenBSD does not start lpd by default). Only machines with line printer @@ -112,7 +112,7 @@
  • 031: SECURITY FIX: August 21, 2001   All architectures
    -A security hole exists in sendmail(8) +A security hole exists in sendmail(8) that may allow an attacker on the local host to gain root privileges by specifying out-of-bounds debug parameters.
    @@ -122,7 +122,7 @@
  • 030: SECURITY FIX: June 15, 2001   All architectures
    -A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process. +A race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process.
    A source code patch exists which remedies this problem. @@ -130,7 +130,7 @@
  • 029: SECURITY FIX: May 30, 2001   All architectures
    -Programs using the fts(3) +Programs using the fts(3) routines (such as rm, find, and most programs that take a -R flag) can be tricked into changing into the wrong directory if the parent dir is changed out from underneath it. This is similar to @@ -143,7 +143,7 @@
  • 028: SECURITY FIX: May 29, 2001   All architectures
    -The signal handlers in sendmail(8) contain code that is unsafe in the context of a signal handler. This leads to potentially serious race conditions. At the moment this is a theoretical attack only @@ -162,14 +162,14 @@
  • 026: SECURITY FIX: Apr 23, 2001   All architectures
    -ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
    +ftpd(8) has a potential DoS related to glob(3). This patch introduces a GLOB_LIMIT, eliminating the DoS. You must have 025_glob.patch installed before installing this patch.
    A source code patch exists which remedies this problem.

  • 025: SECURITY FIX: Apr 10, 2001   All architectures
    -glob(3) contains multiple buffer overflows.
    +glob(3) contains multiple buffer overflows.
    A source code patch exists which remedies this problem.

    @@ -178,7 +178,7 @@   All architectures
    The readline library shipped with OpenBSD allows history files creation with a permissive -umask(2). +umask(2). This can lead to the leakage of sensitive information in applications that use passwords and the like during user interaction (one such application is mysql).
    @@ -202,7 +202,7 @@ 021: SECURITY FIX: Feb 22, 2001   All architectures
    There is an exploitable heap corruption bug in -sudo. +sudo.
    A source code patch exists which remedies this problem. @@ -210,21 +210,21 @@

  • 020: IMPLEMENTATION FIX: Feb 15, 2001   All architectures
    -Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
    +Client side ident protocol was broken in libwrap, affecting anything using libwrap including tcpd. The effect of this was that libwrap would never retrieve and log ident values from remote hosts on connections.
    A source code patch exists which remedies this problem.

  • 019: IMPLEMENTATION FIX: Jan 31, 2001   All architectures
    -Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
    +Fix memory allocation in the PCI LANCE driver, le. A side effect of this is that OpenBSD under VMWare now works again.
    A source code patch exists which remedies this problem.

  • 018: SECURITY FIX: Jan 29, 2001   All architectures
    -Merge named +Merge named with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears that these were already impossible to exploit beforehand).
    @@ -233,7 +233,7 @@
  • 017: SECURITY FIX: Jan 22, 2001   All architectures
    -The     rnd(4) device does not use all of its input when data is written to it.
    +The rnd(4) device does not use all of its input when data is written to it.
    A source code patch exists which remedies this problem.

    @@ -273,7 +273,7 @@

  • 013: SECURITY FIX: Dec 18, 2000   All architectures
    -Procfs contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD.
    +Procfs contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD.
    A source code patch exists which remedies this problem.