www/errata33.html - diff

Return to errata33.html CVS log

Up to [local] / www

Diff for /www/errata33.html between version 1.75 and 1.76

version 1.75, 2017/03/28 06:41:18

version 1.76, 2017/06/26 17:18:57

Line 86

022: SECURITY FIX: May 5, 2004

All architectures

Pathname validation problems have been found in

<a href="http://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>,

<a href="https://man.openbsd.org/OpenBSD-3.3/cvs.1">cvs(1)</a>,

allowing malicious clients to create files outside the repository, allowing

malicious servers to overwrite files outside the local CVS tree on

the client and allowing clients to check out files outside the CVS

Line 99

021: RELIABILITY FIX: March 17, 2004

All architectures

A missing check for a NULL-pointer dereference has been found in

<a href="http://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>.

<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>.

A remote attacker can use the bug to cause an OpenSSL application to crash;

this may lead to a denial of service.

Line 110

020: RELIABILITY FIX: March 17, 2004

All architectures

Defects in the payload validation and processing functions of

<a href="http://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a>

have been discovered. An attacker could send malformed ISAKMP messages and

cause isakmpd to crash or to loop endlessly. This patch fixes these problems

and removes some memory leaks.

Line 122

019: SECURITY FIX: March 13, 2004

All architectures

Due to a bug in the parsing of Allow/Deny rules for

<a href="http://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)'s</a>

access module, using IP addresses without a netmask on big endian 64-bit

platforms causes the rules to fail to match. This only affects sparc64.

Line 164

015: SECURITY FIX: February 5, 2004

All architectures

A reference counting bug exists in the

<a href="http://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/shmat.2">shmat(2)</a>

system call that could be used by an attacker to write to kernel memory

under certain circumstances.

Line 175

014: SECURITY FIX: January 15, 2004

All architectures

Several message handling flaws in

<a href="http://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/isakmpd.8">isakmpd(8)</a>

have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs.

Line 186

All architectures

An improper bounds check makes it possible for a local user to cause a crash

by passing the

<a href="http://man.openbsd.org/OpenBSD-3.3/semctl.2">semctl(2)</a> and

<a href="https://man.openbsd.org/OpenBSD-3.3/semctl.2">semctl(2)</a> and

<a href="http://man.openbsd.org/OpenBSD-3.3/semop.2">semop(2)</a> functions

<a href="https://man.openbsd.org/OpenBSD-3.3/semop.2">semop(2)</a> functions

certain arguments.

Line 197

012: RELIABILITY FIX: November 20, 2003

All architectures

It is possible for a local user to cause a crash via

<a href="http://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.

<a href="https://man.openbsd.org/OpenBSD-3.3/sysctl.3">sysctl(3)</a> with certain arguments.

A source code patch exists which remedies this problem.</a>

Line 207

i386 only

It is possible for a local user to execute arbitrary code resulting in escalation of

privileges due to a stack overrun in

<a href="http://man.openbsd.org/OpenBSD-3.3/compat_ibcs2.8">compat_ibcs2(8)</a>.

<a href="https://man.openbsd.org/OpenBSD-3.3/compat_ibcs2.8">compat_ibcs2(8)</a>.

A source code patch exists which remedies this problem.</a>

Line 224

All architectures

A user with write permission to <tt>httpd.conf</tt> or a <tt>.htaccess</tt>

file can crash

<a href="http://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/httpd.8">httpd(8)</a>

or potentially run arbitrary code as the user <tt>www</tt> (although it

is believed that ProPolice will prevent code execution).

Line 244

All architectures

The use of certain ASN.1 encodings or malformed public keys may allow an

attacker to mount a denial of service attack against applications linked with

<a href="http://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>.

<a href="https://man.openbsd.org/OpenBSD-3.3/ssl.3">ssl(3)</a>.

This does not affect OpenSSH.

A source code patch exists which remedies this problem.</a>

Line 253

006: SECURITY FIX: September 24, 2003

All architectures

Three cases of potential access to freed memory have been found in

<a href="http://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>.

<a href="https://man.openbsd.org/OpenBSD-3.3/pf.4">pf(4)</a>.

At least one of them could be used to panic pf with active scrub rules remotely.

A source code patch exists which remedies this problem.</a>

Line 262

005: SECURITY FIX: September 17, 2003

All architectures

A buffer overflow in the address parsing in

<a href="http://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/sendmail.8">sendmail(8)</a>

may allow an attacker to gain root privileges.

A source code patch exists which remedies this problem.</a>

Line 291

002: RELIABILITY FIX: August 20, 2003

All architectures

An improper bounds check in the

<a href="http://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a>

<a href="https://man.openbsd.org/OpenBSD-3.3/semget.2">semget(2)</a>

system call can allow a local user to cause a kernel panic.

A source code patch exists which remedies this problem.</a>

Line 300

001: SECURITY FIX: August 4, 2003

All architectures

An off-by-one error exists in the C library function

<a href="http://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>.

<a href="https://man.openbsd.org/OpenBSD-3.3/realpath.3">realpath(3)</a>.

Since this same bug resulted in a root compromise in the wu-ftpd ftp server

it is possible that this bug may allow an attacker to gain escalated privileges

on OpenBSD.