===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- www/errata34.html 2004/09/16 23:09:48 1.23
+++ www/errata34.html 2004/09/21 16:32:37 1.24
@@ -56,6 +56,17 @@
All architectures
+-
+031: SECURITY FIX: September 20, 2004
+Eilko Bos reported that radius authentication, as implemented by
+login_radius(8),
+was not checking the shared secret used for replies sent by the radius server.
+This could allow an attacker to spoof a reply granting access to the
+attacker. Note that OpenBSD does not ship with radius authentication enabled.
+
+
+A source code patch exists which remedies this problem.
+
-
030: SECURITY FIX: September 16, 2004
Chris Evans reported several flaws (stack and integer overflows) in the
@@ -462,7 +473,7 @@
www@openbsd.org
-
$OpenBSD: errata34.html,v 1.23 2004/09/16 23:09:48 brad Exp $
+
$OpenBSD: errata34.html,v 1.24 2004/09/21 16:32:37 millert Exp $