=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.88 retrieving revision 1.89 diff -c -r1.88 -r1.89 *** www/errata30.html 2016/03/21 05:46:19 1.88 --- www/errata30.html 2016/03/22 10:54:42 1.89 *************** *** 87,93 **** 036: SECURITY FIX: November 14, 2002 All architectures
A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
--- 87,93 ---- 036: SECURITY FIX: November 14, 2002 All architectures
A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
*************** *** 98,104 **** 035: SECURITY FIX: November 6, 2002 All architectures
Incorrect argument checking in the ! getrlimit(2) system call may allow an attacker to crash the kernel.
A source code patch exists which remedies this problem. --- 98,104 ---- 035: SECURITY FIX: November 6, 2002 All architectures
Incorrect argument checking in the ! getrlimit(2) system call may allow an attacker to crash the kernel.
A source code patch exists which remedies this problem. *************** *** 107,113 **** 034: SECURITY FIX: November 6, 2002 All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell, ! smrsh(8), and execute arbitrary commands with the privileges of his own account.
A source code patch exists which remedies this problem. --- 107,113 ---- 034: SECURITY FIX: November 6, 2002 All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell, ! smrsh(8), and execute arbitrary commands with the privileges of his own account.
A source code patch exists which remedies this problem. *************** *** 116,122 **** 033: SECURITY FIX: October 21, 2002 All architectures
A buffer overflow can occur in the ! kadmind(8) daemon, leading to possible remote crash or exploit.
A source code patch exists which remedies this problem. --- 116,122 ---- 033: SECURITY FIX: October 21, 2002 All architectures
A buffer overflow can occur in the ! kadmind(8) daemon, leading to possible remote crash or exploit.
A source code patch exists which remedies this problem. *************** *** 125,131 **** 032: SECURITY FIX: October 7, 2002 All architectures
Incorrect argument checking in the ! setitimer(2) system call may allow an attacker to write to kernel memory.
A source code patch exists which remedies this problem.

--- 125,131 ---- 032: SECURITY FIX: October 7, 2002 All architectures
Incorrect argument checking in the ! setitimer(2) system call may allow an attacker to write to kernel memory.
A source code patch exists which remedies this problem.

*************** *** 133,139 **** 031: SECURITY FIX: August 11, 2002 All architectures
An insufficient boundary check in the ! select(2) system call allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
--- 133,139 ---- 031: SECURITY FIX: August 11, 2002 All architectures
An insufficient boundary check in the ! select(2) system call allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
*************** *** 143,151 **** 030: SECURITY FIX: July 30, 2002 All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
A source code patch exists which remedies this problem. --- 143,151 ---- 030: SECURITY FIX: July 30, 2002 All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
A source code patch exists which remedies this problem. *************** *** 156,162 **** 029: SECURITY FIX: July 29, 2002 All architectures
A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
A source code patch exists which remedies this problem. --- 156,162 ---- 029: SECURITY FIX: July 29, 2002 All architectures
A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
A source code patch exists which remedies this problem. *************** *** 167,173 **** 028: SECURITY FIX: July 29, 2002 All architectures
A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
A source code patch exists which remedies this problem. --- 167,173 ---- 028: SECURITY FIX: July 29, 2002 All architectures
A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
A source code patch exists which remedies this problem. *************** *** 176,182 **** 027: RELIABILITY FIX: July 5, 2002 All architectures
Receiving IKE payloads out of sequence can cause ! isakmpd(8) to crash.
A source code patch exists which remedies this problem.
--- 176,182 ---- 027: RELIABILITY FIX: July 5, 2002 All architectures
Receiving IKE payloads out of sequence can cause ! isakmpd(8) to crash.
A source code patch exists which remedies this problem.
*************** *** 185,191 ****

026: SECURITY FIX: June 27, 2002 All architectures
! The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.

--- 185,191 ----

026: SECURITY FIX: June 27, 2002 All architectures
! The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.

*************** *** 233,239 ****

020: SECURITY FIX: April 25, 2002 All architectures
! A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
A source code patch exists which remedies this problem.

--- 233,239 ----

*************** *** 241,247 **** 019: SECURITY FIX: April 22, 2002 All architectures
A local user can gain super-user privileges due to a buffer overflow ! in sshd(8) if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled --- 241,247 ---- 019: SECURITY FIX: April 22, 2002 All architectures
A local user can gain super-user privileges due to a buffer overflow ! in sshd(8) if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled *************** *** 252,258 ****

018: SECURITY FIX: April 11, 2002 All architectures
! mail(1) will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
--- 252,258 ----

018: SECURITY FIX: April 11, 2002 All architectures
! mail(1) will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
*************** *** 262,268 ****

017: RELIABILITY FIX: March 26, 2002 All architectures
! isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check.
--- 262,268 ----

017: RELIABILITY FIX: March 26, 2002 All architectures
! isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check.
*************** *** 273,286 **** All architectures
Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the ! rexecd(8) and ! rshd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, ! atrun(8) may change to the wrong home directory when running ! at(1) jobs.
A source code patch exists which remedies this problem. --- 273,286 ---- All architectures
Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the ! rexecd(8) and ! rshd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, ! atrun(8) may change to the wrong home directory when running ! at(1) jobs.
A source code patch exists which remedies this problem. *************** *** 290,296 **** All architectures
Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD ! free(3) function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
--- 290,296 ---- All architectures
Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD ! free(3) function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
*************** *** 377,383 ****

006: SECURITY FIX: November 13, 2001 All architectures
! pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
--- 377,383 ----

006: SECURITY FIX: November 13, 2001 All architectures
! pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
*************** *** 412,418 ****

002: SECURITY FIX: November 12, 2001 All architectures
! sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:

002: SECURITY FIX: November 12, 2001 All architectures
! sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: