=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata34.html,v retrieving revision 1.83 retrieving revision 1.84 diff -u -r1.83 -r1.84 --- www/errata34.html 2017/03/28 06:41:18 1.83 +++ www/errata34.html 2017/06/26 17:18:57 1.84 @@ -84,10 +84,10 @@ 035: SECURITY FIX: December 13, 2004   All architectures
On systems running -isakmpd(8) +isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting -ipsec(4) +ipsec(4) credentials on a socket.
@@ -97,11 +97,11 @@ 034: RELIABILITY FIX: November 10, 2004   All architectures
Due to a bug in -lynx(1) +lynx(1) it is possible for pages such as this to cause -lynx(1) +lynx(1) to exhaust memory and then crash when parsing such pages.
@@ -110,7 +110,7 @@
  • 033: RELIABILITY FIX: November 10, 2004   All architectures
    -    pppd(8) +pppd(8) contains a bug that allows an attacker to crash his own connection, but it cannot be used to deny service to other users.
    @@ -131,7 +131,7 @@ 031: SECURITY FIX: September 20, 2004   All architectures
    Eilko Bos reported that radius authentication, as implemented by -login_radius(8), +login_radius(8), was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled. @@ -156,7 +156,7 @@
  • 029: SECURITY FIX: September 10, 2004   All architectures
    -httpd(8) +httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious @@ -172,7 +172,7 @@ As reported by Vafa Izadinia -bridge(4) +bridge(4) with IPsec processing enabled can be crashed remotely by a single ICMP echo traversing the bridge.
    @@ -203,7 +203,7 @@ 025: SECURITY FIX: June 12, 2004   All architectures
    Multiple vulnerabilities have been found in -    httpd(8) +httpd(8) / mod_ssl. CAN-2003-0020, CAN-2003-0987, @@ -219,7 +219,7 @@ As disclosed by Thomas Walpuski -isakmpd(8) +isakmpd(8) is still vulnerable to unauthorized SA deletion. An attacker can delete IPsec tunnels at will.
    @@ -230,7 +230,7 @@ 023: SECURITY FIX: June 9, 2004   All architectures
    Multiple remote vulnerabilities have been found in the -cvs(1) +cvs(1) server that allow an attacker to crash the server or possibly execute arbitrary code with the same privileges as the CVS server program.
    @@ -241,7 +241,7 @@ 022: SECURITY FIX: May 30, 2004   All architectures
    A flaw in the Kerberos V -kdc(8) +kdc(8) server could result in the administrator of a Kerberos realm having the ability to impersonate any principal in any other realm which has established a cross-realm trust with their realm. The flaw is due to @@ -256,7 +256,7 @@ 021: SECURITY FIX: May 20, 2004   All architectures
    A heap overflow in the -cvs(1) +cvs(1) server has been discovered that can be exploited by clients sending malformed requests, enabling these clients to run arbitrary code with the same privileges as the CVS server program. @@ -284,7 +284,7 @@ 018: RELIABILITY FIX: May 5, 2004   All architectures
    Under load "recent model" -gdt(4) +gdt(4) controllers will lock up.
    @@ -294,7 +294,7 @@ 017: SECURITY FIX: May 5, 2004   All architectures
    Pathname validation problems have been found in -    cvs(1), +cvs(1), allowing malicious clients to create files outside the repository, allowing malicious servers to overwrite files outside the local CVS tree on the client and allowing clients to check out files outside the CVS @@ -307,7 +307,7 @@ 016: RELIABILITY FIX: March 17, 2004   All architectures
    A missing check for a NULL-pointer dereference has been found in -ssl(3). +ssl(3). A remote attacker can use the bug to cause an OpenSSL application to crash; this may lead to a denial of service.
    @@ -318,7 +318,7 @@ 015: RELIABILITY FIX: March 17, 2004   All architectures
    Defects in the payload validation and processing functions of -isakmpd(8) +isakmpd(8) have been discovered. An attacker could send malformed ISAKMP messages and cause isakmpd to crash or to loop endlessly. This patch fixes these problems and removes some memory leaks. @@ -330,7 +330,7 @@ 014: SECURITY FIX: March 13, 2004   All architectures
    Due to a bug in the parsing of Allow/Deny rules for -httpd(8)'s +httpd(8)'s access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.
    @@ -372,7 +372,7 @@ 010: SECURITY FIX: February 5, 2004   All architectures
    A reference counting bug exists in the -shmat(2) +shmat(2) system call that could be used by an attacker to write to kernel memory under certain circumstances.
    @@ -383,7 +383,7 @@ 009: SECURITY FIX: January 13, 2004   All architectures
    Several message handling flaws in -isakmpd(8) +isakmpd(8) have been reported by Thomas Walpuski. These allow an attacker to delete arbitrary SAs. The patch also includes a reliability fix for a filedescriptor leak that causes problems when a crypto card is installed. @@ -396,8 +396,8 @@   All architectures
    An improper bounds check makes it possible for a local user to cause a crash by passing the -semctl(2) and -semop(2) functions +semctl(2) and +semop(2) functions certain arguments.
    @@ -407,7 +407,7 @@ 007: RELIABILITY FIX: November 20, 2003   All architectures
    It is possible for a local user to cause a crash via -    sysctl(3) with certain arguments. +sysctl(3) with certain arguments.
    A source code patch exists which remedies this problem. @@ -416,10 +416,10 @@ 006: SECURITY FIX: November 17, 2003   i386 only
    It may be possible for a local user to overrun the stack in -compat_ibcs2(8).
    +compat_ibcs2(8).
    ProPolice catches this, turning a potential privilege escalation into a denial of service. iBCS2 emulation does not need to be enabled via -sysctl(8) +sysctl(8) for this to happen.
    @@ -438,7 +438,7 @@   All architectures
    A user with write permission to httpd.conf or a .htaccess file can crash -    httpd(8) +httpd(8) or potentially run arbitrary code as the user www (although it is believed that ProPolice will prevent code execution).
    @@ -458,7 +458,7 @@   All architectures
    The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with -ssl(3). +ssl(3). This does not affect OpenSSH.
    A source code patch exists which remedies this problem.