| version 1.6, 2001/12/11 22:00:50 |
version 1.7, 2002/01/18 17:41:57 |
|
|
| <a name=all></a> |
<a name=all></a> |
| <li><h3><font color=#e00000>All architectures</font></h3> |
<li><h3><font color=#e00000>All architectures</font></h3> |
| <ul> |
<ul> |
| |
<a name=sudo> |
| |
<li><font color=#009000><strong>019: SECURITY FIX: January 17, 2002</strong></fo |
| |
nt><br> |
| |
If the Postfix sendmail replacement is installed on a system an |
| |
attacker may be able to gain root privileges on the local host via |
| |
sudo(8) which runs the mailer as root with an environment inherited |
| |
from the invoking user. While this is a bug in sudo it is not |
| |
believed to be possible to exploit when sendmail (the mailer that |
| |
ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes |
| |
the mailer an environment that is not subject to influence from the |
| |
invoking user. |
| |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/019_sudo.patch">A |
| |
source code patch exists which remedies the problem</a>. |
| |
<p> |
| <a name=lpd2> |
<a name=lpd2> |
| <li><font color=#009000><strong>017: SECURITY FIX: November 28, 2001</strong></font><br> |
<li><font color=#009000><strong>017: SECURITY FIX: November 28, 2001</strong></font><br> |
| A security issue exists in the lpd daemon that may allow an attacker |
A security issue exists in the lpd daemon that may allow an attacker |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata29.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www