=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata30.html,v retrieving revision 1.97 retrieving revision 1.98 diff -c -r1.97 -r1.98 *** www/errata30.html 2017/03/28 04:04:52 1.97 --- www/errata30.html 2017/03/28 06:41:18 1.98 *************** *** 86,92 **** 036: SECURITY FIX: November 14, 2002 All architectures
A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
--- 86,92 ---- 036: SECURITY FIX: November 14, 2002 All architectures
A buffer overflow in ! named(8) could allow an attacker to execute code with the privileges of named. On OpenBSD, named runs as a non-root user in a chrooted environment which mitigates the effects of this bug.
*************** *** 97,103 **** 035: SECURITY FIX: November 6, 2002 All architectures
Incorrect argument checking in the ! getrlimit(2) system call may allow an attacker to crash the kernel.
A source code patch exists which remedies this problem. --- 97,103 ---- 035: SECURITY FIX: November 6, 2002 All architectures
Incorrect argument checking in the ! getrlimit(2) system call may allow an attacker to crash the kernel.
A source code patch exists which remedies this problem. *************** *** 106,112 **** 034: SECURITY FIX: November 6, 2002 All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell, ! smrsh(8), and execute arbitrary commands with the privileges of his own account.
A source code patch exists which remedies this problem. --- 106,112 ---- 034: SECURITY FIX: November 6, 2002 All architectures
An attacker can bypass the restrictions imposed by sendmail's restricted shell, ! smrsh(8), and execute arbitrary commands with the privileges of his own account.
A source code patch exists which remedies this problem. *************** *** 115,121 **** 033: SECURITY FIX: October 21, 2002 All architectures
A buffer overflow can occur in the ! kadmind(8) daemon, leading to possible remote crash or exploit.
A source code patch exists which remedies this problem. --- 115,121 ---- 033: SECURITY FIX: October 21, 2002 All architectures
A buffer overflow can occur in the ! kadmind(8) daemon, leading to possible remote crash or exploit.
A source code patch exists which remedies this problem. *************** *** 124,130 **** 032: SECURITY FIX: October 7, 2002 All architectures
Incorrect argument checking in the ! setitimer(2) system call may allow an attacker to write to kernel memory.
A source code patch exists which remedies this problem.

--- 124,130 ---- 032: SECURITY FIX: October 7, 2002 All architectures
Incorrect argument checking in the ! setitimer(2) system call may allow an attacker to write to kernel memory.
A source code patch exists which remedies this problem.

*************** *** 132,138 **** 031: SECURITY FIX: August 11, 2002 All architectures
An insufficient boundary check in the ! select(2) system call allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
--- 132,138 ---- 031: SECURITY FIX: August 11, 2002 All architectures
An insufficient boundary check in the ! select(2) system call allows an attacker to overwrite kernel memory and execute arbitrary code in kernel context.
*************** *** 142,150 **** 030: SECURITY FIX: July 30, 2002 All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
A source code patch exists which remedies this problem. --- 142,150 ---- 030: SECURITY FIX: July 30, 2002 All architectures
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the ! ssl(8) library, as in the ASN.1 parser code in the ! crypto(3) library, all of them being potentially remotely exploitable.
A source code patch exists which remedies this problem. *************** *** 155,161 **** 029: SECURITY FIX: July 29, 2002 All architectures
A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
A source code patch exists which remedies this problem. --- 155,161 ---- 029: SECURITY FIX: July 29, 2002 All architectures
A buffer overflow can occur in the ! xdr_array(3) RPC code, leading to possible remote crash.
A source code patch exists which remedies this problem. *************** *** 166,172 **** 028: SECURITY FIX: July 29, 2002 All architectures
A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
A source code patch exists which remedies this problem. --- 166,172 ---- 028: SECURITY FIX: July 29, 2002 All architectures
A race condition exists in the ! pppd(8) daemon which may cause it to alter the file permissions of an arbitrary file.
A source code patch exists which remedies this problem. *************** *** 175,181 **** 027: RELIABILITY FIX: July 5, 2002 All architectures
Receiving IKE payloads out of sequence can cause ! isakmpd(8) to crash.
A source code patch exists which remedies this problem.
--- 175,181 ---- 027: RELIABILITY FIX: July 5, 2002 All architectures
Receiving IKE payloads out of sequence can cause ! isakmpd(8) to crash.
A source code patch exists which remedies this problem.
*************** *** 184,190 ****

026: SECURITY FIX: June 27, 2002 All architectures
! The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.

--- 184,190 ----

026: SECURITY FIX: June 27, 2002 All architectures
! The kernel would let any user ktrace(2) set[ug]id processes.
A source code patch exists which remedies this problem.

*************** *** 232,238 ****

020: SECURITY FIX: April 25, 2002 All architectures
! A bug in sudo(8) may allow an attacker to corrupt the heap by specifying a custom prompt.
A source code patch exists which remedies this problem.

--- 232,238 ----

*************** *** 240,246 **** 019: SECURITY FIX: April 22, 2002 All architectures
A local user can gain super-user privileges due to a buffer overflow ! in sshd(8) if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled --- 240,246 ---- 019: SECURITY FIX: April 22, 2002 All architectures
A local user can gain super-user privileges due to a buffer overflow ! in sshd(8) if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled *************** *** 251,257 ****

018: SECURITY FIX: April 11, 2002 All architectures
! mail(1) will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
--- 251,257 ----

018: SECURITY FIX: April 11, 2002 All architectures
! mail(1) will process tilde escapes even in non-interactive mode. This can lead to a local root compromise.
*************** *** 261,267 ****

017: RELIABILITY FIX: March 26, 2002 All architectures
! isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check.
--- 261,267 ----

017: RELIABILITY FIX: March 26, 2002 All architectures
! isakmpd(8) will crash when receiving a zero length IKE packet due to a too-late length check.
*************** *** 272,285 **** All architectures
Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the ! rexecd(8) and ! rshd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, ! atrun(8) may change to the wrong home directory when running ! at(1) jobs.
A source code patch exists which remedies this problem. --- 272,285 ---- All architectures
Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the ! rexecd(8) and ! rshd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, ! atrun(8) may change to the wrong home directory when running ! at(1) jobs.
A source code patch exists which remedies this problem. *************** *** 289,295 **** All architectures
Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD ! free(3) function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
--- 289,295 ---- All architectures
Under some circumstances the zlib compression library can free dynamically allocated memory twice. This is not a security issue on OpenBSD since the BSD ! free(3) function detects this. There is also a kernel zlib component that may be used by pppd and IPsec. The feasibility of attacking the kernel this way is currently unknown.
*************** *** 376,382 ****

006: SECURITY FIX: November 13, 2001 All architectures
! pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
--- 376,382 ----

006: SECURITY FIX: November 13, 2001 All architectures
! pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.
*************** *** 411,417 ****

002: SECURITY FIX: November 12, 2001 All architectures
! sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems:

002: SECURITY FIX: November 12, 2001 All architectures
! sshd(8) is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: