--- 52,58 ---- A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership.
! A source code patch exists which remedies the problem.
***************
*** 64,70 ****
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
! A source code patch exists which remedies the problem
--- 64,70 ----
some UUCP commands are run as root (and daemon) from cron it is possible
to leverage compromise of the UUCP user to gain root.
! A source code patch exists which remedies the problem.
***************
*** 75,81 ****
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
! A source code patch exists which remedies the problem
--- 75,81 ----
access (ie: listed in either /etc/hosts.lpd or /etc/hosts.equiv)
may be used to mount an attack.
! A source code patch exists which remedies the problem.
***************
*** 83,89 ****
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
! A source code patch exists which remedies the problem
--- 83,89 ----
that may allow an attacker on the local host to gain root privileges by
specifying out-of-bounds debug parameters.
! A source code patch exists which remedies the problem.
***************
*** 93,99 ****
privileges can initiate this attack. In default installs, only super-user has
mount privileges. The kern.usermount sysctl(3) controls whether other users have mount privileges.
! A source code patch exists which remedies the problem
! A source code patch exists which remedies the problem.
www@openbsd.org
!
$OpenBSD: errata29.html,v 1.2 2001/11/14 01:38:00 millert Exp $