| version 1.97, 2017/03/28 04:04:52 |
version 1.98, 2017/03/28 06:41:18 |
|
|
| <font color="#009000"><strong>036: SECURITY FIX: November 14, 2002</strong></font> |
<font color="#009000"><strong>036: SECURITY FIX: November 14, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A buffer overflow in |
A buffer overflow in |
| <a href="http://man.openbsd.org/?query=named&sektion=8">named(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/named.8">named(8)</a> |
| could allow an attacker to execute code with the privileges of named. |
could allow an attacker to execute code with the privileges of named. |
| On OpenBSD, named runs as a non-root user in a chrooted environment |
On OpenBSD, named runs as a non-root user in a chrooted environment |
| which mitigates the effects of this bug.<br> |
which mitigates the effects of this bug.<br> |
|
|
| <font color="#009000"><strong>035: SECURITY FIX: November 6, 2002</strong></font> |
<font color="#009000"><strong>035: SECURITY FIX: November 6, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Incorrect argument checking in the |
Incorrect argument checking in the |
| <a href="http://man.openbsd.org/?query=getrlimit&sektion=2">getrlimit(2)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/getrlimit.2">getrlimit(2)</a> |
| system call may allow an attacker to crash the kernel.<br> |
system call may allow an attacker to crash the kernel.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/035_kernresource.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>034: SECURITY FIX: November 6, 2002</strong></font> |
<font color="#009000"><strong>034: SECURITY FIX: November 6, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An attacker can bypass the restrictions imposed by sendmail's restricted shell, |
An attacker can bypass the restrictions imposed by sendmail's restricted shell, |
| <a href="http://man.openbsd.org/?query=smrsh&sektion=8">smrsh(8)</a>, |
<a href="http://man.openbsd.org/OpenBSD-3.0/smrsh.8">smrsh(8)</a>, |
| and execute arbitrary commands with the privileges of his own account.<br> |
and execute arbitrary commands with the privileges of his own account.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>033: SECURITY FIX: October 21, 2002</strong></font> |
<font color="#009000"><strong>033: SECURITY FIX: October 21, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A buffer overflow can occur in the |
A buffer overflow can occur in the |
| <a href="http://man.openbsd.org/?query=kadmind&sektion=8">kadmind(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/kadmind.8">kadmind(8)</a> |
| daemon, leading to possible remote crash or exploit.<br> |
daemon, leading to possible remote crash or exploit.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>032: SECURITY FIX: October 7, 2002</strong></font> |
<font color="#009000"><strong>032: SECURITY FIX: October 7, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Incorrect argument checking in the |
Incorrect argument checking in the |
| <a href="http://man.openbsd.org/?query=setitimer&sektion=2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.<br> |
<a href="http://man.openbsd.org/OpenBSD-3.0/setitimer.2">setitimer(2)</a> system call may allow an attacker to write to kernel memory.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/032_kerntime.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
|
|
| <font color="#009000"><strong>031: SECURITY FIX: August 11, 2002</strong></font> |
<font color="#009000"><strong>031: SECURITY FIX: August 11, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An insufficient boundary check in the |
An insufficient boundary check in the |
| <a href="http://man.openbsd.org/?query=select&sektion=2">select(2)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/select.2">select(2)</a> |
| system call allows an attacker to overwrite kernel memory and execute arbitrary |
system call allows an attacker to overwrite kernel memory and execute arbitrary |
| code in kernel context.<br> |
code in kernel context.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch"> |
|
|
| <font color="#009000"><strong>030: SECURITY FIX: July 30, 2002</strong></font> |
<font color="#009000"><strong>030: SECURITY FIX: July 30, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the |
Several remote buffer overflows can occur in the SSL2 server and SSL3 client of the |
| <a href="http://man.openbsd.org/?query=ssl&sektion=8">ssl(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/ssl.8">ssl(8)</a> |
| library, as in the ASN.1 parser code in the |
library, as in the ASN.1 parser code in the |
| <a href="http://man.openbsd.org/?query=crypto&sektion=3">crypto(3)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/crypto.3">crypto(3)</a> |
| library, all of them being potentially remotely exploitable.<br> |
library, all of them being potentially remotely exploitable.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/030_ssl.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>029: SECURITY FIX: July 29, 2002</strong></font> |
<font color="#009000"><strong>029: SECURITY FIX: July 29, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A buffer overflow can occur in the |
A buffer overflow can occur in the |
| <a href="http://man.openbsd.org/?query=xdr_array&sektion=3">xdr_array(3)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/xdr_array.3">xdr_array(3)</a> |
| RPC code, leading to possible remote crash.<br> |
RPC code, leading to possible remote crash.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_xdr.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>028: SECURITY FIX: July 29, 2002</strong></font> |
<font color="#009000"><strong>028: SECURITY FIX: July 29, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A race condition exists in the |
A race condition exists in the |
| <a href="http://man.openbsd.org/?query=pppd&sektion=8">pppd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/pppd.8">pppd(8)</a> |
| daemon which may cause it to alter the file permissions of an arbitrary file.<br> |
daemon which may cause it to alter the file permissions of an arbitrary file.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <font color="#009000"><strong>027: RELIABILITY FIX: July 5, 2002</strong></font> |
<font color="#009000"><strong>027: RELIABILITY FIX: July 5, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Receiving IKE payloads out of sequence can cause |
Receiving IKE payloads out of sequence can cause |
| <a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> to crash.<br> |
<a href="http://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a> to crash.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/027_isakmpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/027_isakmpd.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <br> |
<br> |
|
|
| <li id="ktrace"> |
<li id="ktrace"> |
| <font color="#009000"><strong>026: SECURITY FIX: June 27, 2002</strong></font> |
<font color="#009000"><strong>026: SECURITY FIX: June 27, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The kernel would let any user <a href="http://man.openbsd.org/?query=ktrace&sektion=2">ktrace(2)</a> set[ug]id processes.<br> |
The kernel would let any user <a href="http://man.openbsd.org/OpenBSD-3.0/ktrace.2">ktrace(2)</a> set[ug]id processes.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/026_ktrace.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/026_ktrace.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
|
|
| <li id="sudo2"> |
<li id="sudo2"> |
| <font color="#009000"><strong>020: SECURITY FIX: April 25, 2002</strong></font> |
<font color="#009000"><strong>020: SECURITY FIX: April 25, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A bug in <a href="http://man.openbsd.org/?query=sudo&sektion=8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
A bug in <a href="http://man.openbsd.org/OpenBSD-3.0/sudo.8">sudo(8)</a> may allow an attacker to corrupt the heap by specifying a custom prompt.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/020_sudo.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
|
|
| <font color="#009000"><strong>019: SECURITY FIX: April 22, 2002</strong></font> |
<font color="#009000"><strong>019: SECURITY FIX: April 22, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A local user can gain super-user privileges due to a buffer overflow |
A local user can gain super-user privileges due to a buffer overflow |
| in <a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
in <a href="http://man.openbsd.org/OpenBSD-3.0/sshd.8">sshd(8)</a> |
| if AFS has been configured on the system or if |
if AFS has been configured on the system or if |
| KerberosTgtPassing or AFSTokenPassing has been enabled |
KerberosTgtPassing or AFSTokenPassing has been enabled |
| in the sshd_config file. Ticket and token passing is not enabled |
in the sshd_config file. Ticket and token passing is not enabled |
|
|
| <li id="mail"> |
<li id="mail"> |
| <font color="#009000"><strong>018: SECURITY FIX: April 11, 2002</strong></font> |
<font color="#009000"><strong>018: SECURITY FIX: April 11, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| <a href="http://man.openbsd.org/?query=mail&sektion=1">mail(1)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/mail.1">mail(1)</a> |
| will process tilde escapes even in non-interactive mode. |
will process tilde escapes even in non-interactive mode. |
| This can lead to a local root compromise. |
This can lead to a local root compromise. |
| <br> |
<br> |
|
|
| <li id="isakmpd"> |
<li id="isakmpd"> |
| <font color="#009000"><strong>017: RELIABILITY FIX: March 26, 2002</strong></font> |
<font color="#009000"><strong>017: RELIABILITY FIX: March 26, 2002</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| <a href="http://man.openbsd.org/?query=isakmpd&sektion=8">isakmpd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/isakmpd.8">isakmpd(8)</a> |
| will crash when receiving a zero length IKE packet due to a too-late length check. |
will crash when receiving a zero length IKE packet due to a too-late length check. |
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/017_isakmpd.patch"> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Under certain conditions, on systems using YP with netgroups in the password |
Under certain conditions, on systems using YP with netgroups in the password |
| database, it is possible for the |
database, it is possible for the |
| <a href="http://man.openbsd.org/?query=rexecd&sektion=8">rexecd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/rexecd.8">rexecd(8)</a> |
| and |
and |
| <a href="http://man.openbsd.org/?query=rshd&sektion=8">rshd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/rshd.8">rshd(8)</a> |
| daemons to execute the shell from a different user's password entry. |
daemons to execute the shell from a different user's password entry. |
| Due to a similar problem, |
Due to a similar problem, |
| <a href="http://man.openbsd.org/?query=atrun&sektion=8">atrun(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/atrun.8">atrun(8)</a> |
| may change to the wrong home directory when running |
may change to the wrong home directory when running |
| <a href="http://man.openbsd.org/?query=at&sektion=1">at(1)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/at.1">at(1)</a> |
| jobs.<br> |
jobs.<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Under some circumstances the zlib compression library can free dynamically |
Under some circumstances the zlib compression library can free dynamically |
| allocated memory twice. This is not a security issue on OpenBSD since the BSD |
allocated memory twice. This is not a security issue on OpenBSD since the BSD |
| <a href="http://man.openbsd.org/?query=free&sektion=3">free(3)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/free.3">free(3)</a> |
| function detects this. |
function detects this. |
| There is also a kernel zlib component that may be used by pppd and IPsec. |
There is also a kernel zlib component that may be used by pppd and IPsec. |
| The feasibility of attacking the kernel this way is currently unknown.<br> |
The feasibility of attacking the kernel this way is currently unknown.<br> |
|
|
| <li id="pf"> |
<li id="pf"> |
| <font color="#009000"><strong>006: SECURITY FIX: November 13, 2001</strong></font> |
<font color="#009000"><strong>006: SECURITY FIX: November 13, 2001</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| <a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/pf.4">pf(4)</a> |
| was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. |
was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. |
| <br> |
<br> |
| <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch"> |
|
|
| <li id="sshd"> |
<li id="sshd"> |
| <font color="#009000"><strong>002: SECURITY FIX: November 12, 2001</strong></font> |
<font color="#009000"><strong>002: SECURITY FIX: November 12, 2001</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| <a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a> |
<a href="http://man.openbsd.org/OpenBSD-3.0/sshd.8">sshd(8)</a> |
| is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: |
is being upgraded from OpenSSH 3.0 to OpenSSH 3.0.2 to fix a few problems: |
| <p> |
<p> |
| <ul> |
<ul> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata30.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www