=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.38 retrieving revision 1.39 diff -c -r1.38 -r1.39 *** www/errata30.html 2003/02/16 11:35:43 1.38 --- www/errata30.html 2003/03/06 21:44:07 1.39 *************** *** 1,8 **** !
!
!
!
!
!
!
!
!
!
!
!
!
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
--- 184,248 ----
A source code patch exists which remedies the problem.
! mail(1)
will process tilde escapes even in non-interactive mode.
This can lead to a local root compromise.
A source code patch exists which remedies the problem.
! isakmpd(8)
will crash when receiving a zero length IKE packet due to a too-late length check.
A source code patch exists which remedies the problem.
Under certain conditions, on systems using YP with netgroups in the password
database, it is possible for the
! rexecd(8)
and
! rshd(8)
daemons to execute the shell from a different user's password entry.
Due to a similar problem,
! atrun(8)
may change to the wrong home directory when running
! at(1)
jobs.
A source code patch exists which remedies the problem.
Under some circumstances the zlib compression library can free dynamically
allocated memory twice. This is not a security issue on OpenBSD since the BSD
! free(3)
function detects this.
There is also a kernel zlib component that may be used by pppd and IPsec.
The feasibility of attacking the kernel this way is currently unknown.
A source code patch exists which remedies the problem.
A local user can gain super-user privileges due to an off-by-one check
in the channel forwarding code of OpenSSH.
A source code patch exists which remedies the problem.
The wrong filedescriptors are released when pipe(2) failed.
A source code patch exists which remedies the problem.
A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.
A source code patch exists which remedies the problem.
If the Postfix sendmail replacement is installed on a system an
attacker may be able to gain root privileges on the local host via
sudo(8) which runs the mailer as root with an environment inherited
***************
*** 254,266 ****
A source code patch exists which remedies the problem.
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.
A source code patch exists which remedies the problem.
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
--- 254,266 ----
A source code patch exists which remedies the problem.
Systems running with IP-in-IP encapsulation can be made to crash by
malformed packets.
A source code patch exists which remedies the problem.
A security issue exists in the lpd daemon that may allow an attacker
to create arbitrary new files in the root directory. Only machines
with line printer access (ie: listed in either /etc/hosts.lpd or
***************
*** 270,292 ****
A source code patch exists which remedies the problem.
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
A source code patch exists which remedies the problem.
! pf(4)
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
A source code patch exists which remedies the problem.
! sshd(8)
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
--- 270,292 ----
A source code patch exists which remedies the problem.
A security issue exists in the vi.recover script that may allow an attacker
to remove arbitrary zero-length files, regardless of ownership.
A source code patch exists which remedies the problem.
! pf(4)
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
A source code patch exists which remedies the problem.
! sshd(8)
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:
***************
*** 311,317 ****
This is the second version of this patch.
i386
i386
alpha
mac68k
sparc
sparc64
alpha
mac68k
sparc
sparc64
amiga
hp300
mvme68k
macppc
amiga
hp300
mvme68k
macppc
!
The 3.0 CD2 was created with an error which means that the instructions
for booting this architecture will not work. Instead, to boot the
***************
*** 405,411 ****
boot cd:,OFWBOOT /3.0/macppc/bsd.rd
Execution of Altivec instructions will crash the kernel.
--- 405,411 ----
boot cd:,OFWBOOT /3.0/macppc/bsd.rd
Execution of Altivec instructions will crash the kernel.
***************
*** 414,420 ****
vax
--- 414,420 ----
vax
***************
*** 442,449 ****
! www@openbsd.org
!
$OpenBSD: errata30.html,v 1.38 2003/02/16 11:35:43 jufi Exp $
--- 442,449 ----
! www@openbsd.org
!
$OpenBSD: errata30.html,v 1.39 2003/03/06 21:44:07 naddy Exp $