| version 1.3, 2003/11/04 16:01:21 |
version 1.4, 2003/11/10 04:58:33 |
|
|
| <li><font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
<li><font color="#009000"><strong>010: RELIABILITY FIX: November 4, 2003</strong></font><br> |
| It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
It is possible for a local user to cause a system panic by executing a specially crafted binary with an invalid header. |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/010_exec.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=httpd></a> |
<a name=httpd></a> |
| <li><font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
<li><font color="#009000"><strong>009: RELIABILITY FIX: October 29, 2003</strong></font><br> |
|
|
| or potentially run arbitrary code as the user <tt>www</tt> (although it |
or potentially run arbitrary code as the user <tt>www</tt> (although it |
| is believed that ProPolice will prevent code execution). |
is believed that ProPolice will prevent code execution). |
| <br> |
<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/009_httpd.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=arp></a> |
<a name=arp></a> |
| <li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
<li><font color="#009000"><strong>008: RELIABILITY FIX: October 1, 2003</strong></font><br> |
| It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
It is possible for a local user to cause a system panic by flooding it with spoofed ARP |
| requests.<br> |
requests.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=asn1></a> |
<a name=asn1></a> |
| <li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
<li><font color="#009000"><strong>007: SECURITY FIX: October 1, 2003</strong></font><br> |
|
|
| attacker to mount a denial of service attack against applications linked with |
attacker to mount a denial of service attack against applications linked with |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=3">ssl(3)</a>. |
| This does not affect OpenSSH.<br> |
This does not affect OpenSSH.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=pfnorm></a> |
<a name=pfnorm></a> |
| <li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
<li><font color="#009000"><strong>006: SECURITY FIX: September 24, 2003</strong></font><br> |
| Three cases of potential access to freed memory have been found in |
Three cases of potential access to freed memory have been found in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf&sektion=4">pf(4)</a>. |
| At least one of them could be used to panic pf with active scrub rules remotely.<br> |
At least one of them could be used to panic pf with active scrub rules remotely.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| <p> |
<p> |
| <a name=sendmail></a> |
<a name=sendmail></a> |
| <li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
<li><font color="#009000"><strong>005: SECURITY FIX: September 17, 2003</strong></font><br> |
| A buffer overflow in the address parsing in |
A buffer overflow in the address parsing in |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> |
| may allow an attacker to gain root privileges.<br> |
may allow an attacker to gain root privileges.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch">A source code patch exists which remedies the problem</a>.<br> |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch"> |
| |
A source code patch exists which remedies the problem</a>.<br> |
| NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
NOTE: this is the <em>second</em> revision of the patch that fixes an additional |
| problem. |
problem. |
| <p> |
<p> |
|
|
| <li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
<li><font color="#009000"><strong>003: SECURITY FIX: September 10, 2003</strong></font><br> |
| Root may be able to reduce the security level by taking advantage of |
Root may be able to reduce the security level by taking advantage of |
| an integer overflow when the semaphore limits are made very large.<br> |
an integer overflow when the semaphore limits are made very large.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/003_sysvsem.patch"> |
| source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| <a name=semget></a> |
<a name=semget></a> |
| <li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
<li><font color="#009000"><strong>002: RELIABILITY FIX: August 20, 2003</strong></font><br> |
| An improper bounds check in the |
An improper bounds check in the |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=semget&sektion=2">semget(2)</a> |
| system call can allow a local user to cause a kernel panic.<br> |
system call can allow a local user to cause a kernel panic.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch"> |
| source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
| <a name=realpath></a> |
<a name=realpath></a> |
| <p> |
<p> |
| <li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
<li><font color="#009000"><strong>001: SECURITY FIX: August 4, 2003</strong></font><br> |
|
|
| Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
Since this same bug resulted in a root compromise in the wu-ftpd ftp server |
| it is possible that this bug may allow an attacker to gain escalated privileges |
it is possible that this bug may allow an attacker to gain escalated privileges |
| on OpenBSD.<br> |
on OpenBSD.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch">A |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch"> |
| source code patch exists which remedies the problem</a>. |
A source code patch exists which remedies the problem</a>. |
| <p> |
<p> |
| </ul> |
</ul> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www