www/errata30.html - diff

Return to errata30.html CVS log

Up to [local] / www

Diff for /www/errata30.html between version 1.94 and 1.95

version 1.94, 2016/08/15 02:22:06

version 1.95, 2016/10/16 19:11:29

Line 70

<hr>

You can also fetch a tar.gz file containing all the following patches</a>.

This file is updated once a day.

Line 94

could allow an attacker to execute code with the privileges of named.

On OpenBSD, named runs as a non-root user in a chrooted environment

which mitigates the effects of this bug.

A source code patch exists which remedies this problem.</a>

Line 103

Incorrect argument checking in the

<a href="http://man.openbsd.org/?query=getrlimit&sektion=2">getrlimit(2)</a>

system call may allow an attacker to crash the kernel.

A source code patch exists which remedies this problem.</a>

Line 112

An attacker can bypass the restrictions imposed by sendmail's restricted shell,

<a href="http://man.openbsd.org/?query=smrsh&sektion=8">smrsh(8)</a>,

and execute arbitrary commands with the privileges of his own account.

A source code patch exists which remedies this problem.</a>

Line 121

A buffer overflow can occur in the

<a href="http://man.openbsd.org/?query=kadmind&sektion=8">kadmind(8)</a>

daemon, leading to possible remote crash or exploit.

A source code patch exists which remedies this problem.</a>

Line 129

All architectures

Incorrect argument checking in the

<a href="http://man.openbsd.org/?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.

A source code patch exists which remedies this problem.</a>

Line 139

<a href="http://man.openbsd.org/?query=select&sektion=2">select(2)</a>

system call allows an attacker to overwrite kernel memory and execute arbitrary

code in kernel context.

A source code patch exists which remedies this problem.</a>

Line 150

library, as in the ASN.1 parser code in the

<a href="http://man.openbsd.org/?query=crypto&sektion=3">crypto(3)</a>

library, all of them being potentially remotely exploitable.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 161

A buffer overflow can occur in the

<a href="http://man.openbsd.org/?query=xdr_array&sektion=3">xdr_array(3)</a>

RPC code, leading to possible remote crash.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 172

A race condition exists in the

daemon which may cause it to alter the file permissions of an arbitrary file.

A source code patch exists which remedies this problem.</a>

Line 180

All architectures

Receiving IKE payloads out of sequence can cause

<a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> to crash.

A source code patch exists which remedies this problem.</a>

This is the second version of the patch.

Line 189

026: SECURITY FIX: June 27, 2002

All architectures

The kernel would let any user <a href="http://man.openbsd.org/?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.

A source code patch exists which remedies this problem.</a>

025: SECURITY FIX: June 25, 2002

All architectures

A potential buffer overflow in the DNS resolver has been found.

A source code patch exists which remedies this problem.</a>

Line 204

All architectures

All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation

error that can result in an integer overflow and privilege escalation.

This problem is fixed in <a href="http://www.openssh.com/openbsd.html">OpenSSH

This problem is fixed in <a href="https://www.openssh.com/openbsd.html">OpenSSH

3.4</a>, and a patch for the vulnerable releases is available as part of the

<a href="http://www.openssh.com/txt/preauth.adv">security advisory</a>.

<a href="https://www.openssh.com/txt/preauth.adv">security advisory</a>.

023: SECURITY FIX: June 24, 2002

All architectures

A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd

module, leading to possible remote crash or exploit.

A source code patch exists which remedies this problem.</a>

Line 221

All architectures

A buffer overflow can occur during the interpretation of chunked

encoding in the http daemon, leading to possible remote crash or exploit.

A source code patch exists which remedies this problem.</a>

Line 230

A race condition exists where an attacker could fill the file descriptor

table and defeat the kernel's protection of fd slots 0, 1, and 2 for a

setuid or setgid process.

A source code patch exists which remedies this problem.</a>

020: SECURITY FIX: April 25, 2002

All architectures

A bug in <a href="http://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.

A source code patch exists which remedies this problem.</a>

Line 249

KerberosTgtPassing or AFSTokenPassing has been enabled

in the sshd_config file. Ticket and token passing is not enabled

by default.

A source code patch exists which remedies this problem.</a>

Line 259

will process tilde escapes even in non-interactive mode.

This can lead to a local root compromise.

A source code patch exists which remedies this problem.</a>

Line 268

<a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a>

will crash when receiving a zero length IKE packet due to a too-late length check.

A source code patch exists which remedies this problem.</a>

Line 285

may change to the wrong home directory when running

jobs.

A source code patch exists which remedies this problem.</a>

Line 297

function detects this.

There is also a kernel zlib component that may be used by pppd and IPsec.

The feasibility of attacking the kernel this way is currently unknown.

A source code patch exists which remedies this problem.</a>

Line 305

All architectures

A local user can gain super-user privileges due to an off-by-one check

in the channel forwarding code of OpenSSH.

A source code patch exists which remedies this problem.</a>

013: RELIABILITY FIX: February 4, 2002

All architectures

The wrong filedescriptors are released when pipe(2) failed.

A source code patch exists which remedies this problem.</a>

Line 321

A race condition between the ptrace(2) and execve(2) system calls allows

an attacker to modify the memory contents of suid/sgid processes which

could lead to compromise of the super-user account.

A source code patch exists which remedies this problem.</a>

Line 335

ships with OpenBSD) is the mailer. As of version 1.6.5, sudo passes

the mailer an environment that is not subject to influence from the

invoking user.

A source code patch exists which remedies this problem.</a>

Line 343

All architectures

Systems running with IP-in-IP encapsulation can be made to crash by

malformed packets.

A source code patch exists which remedies this problem.</a>

Line 365

/etc/hosts.equiv) may be used to mount an attack and the attacker

must have root access on the machine. OpenBSD does not start lpd

in the default installation.

A source code patch exists which remedies this problem.</a>

Line 374

A security issue exists in the vi.recover script that may allow an attacker

to remove arbitrary zero-length files, regardless of ownership.

A source code patch exists which remedies this problem.</a>

Line 383

was incapable of dealing with certain ipv6 icmp packets, resulting in a crash.

A source code patch exists which remedies this problem.</a>

Line 391

Execution of Altivec instructions will crash the kernel.

A source code patch exists which remedies this problem.</a>

Line 400

Hifn7751 based cards may stop working on certain motherboards due to

DMA errors.

A source code patch exists which remedies this problem.</a>

Line 409

Access to a CD drive on the PCI ultrasparc machines results in a continuous stream

of bogus interrupt messages, causing great user anguish.

A source code patch exists which remedies this problem.</a>

Line 436

</ul>

Effectively an upgrade of OpenSSH 3.0 to OpenSSH 3.0.2.

A source code patch exists which remedies this problem.</a>

This is the second version of this patch.