version 1.14, 2006/09/09 03:30:07 |
version 1.15, 2006/09/09 13:05:53 |
|
|
<font color="#009000"><strong>014: SECURITY FIX: September 2, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>014: SECURITY FIX: September 2, 2006</strong></font> <i>All architectures</i><br> |
Due to the failure to correctly validate LCP configuration option lengths, |
Due to the failure to correctly validate LCP configuration option lengths, |
it is possible for an attacker to send LCP packets via an |
it is possible for an attacker to send LCP packets via an |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&apropos=0&sektion=4&manpath=OpenBSD+Current&arch=i386&format=html">sppp(4)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&sektion=4">sppp(4)</a> |
connection causing the kernel to panic. |
connection causing the kernel to panic. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a> |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a> |
<br> |
<br> |
|
|
<li><a name="isakmpd"></a> |
<li><a name="isakmpd"></a> |
<font color="#009000"><strong>013: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>013: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
A problem in |
A problem in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
caused IPsec to run partly without replay protection. If |
caused IPsec to run partly without replay protection. If |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">isakmpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8">isakmpd(8)</a> |
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. |
was acting as responder during SA negotiation, SA's with a replay window of size 0 were created. |
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the |
An attacker could reinject sniffed IPsec packets, which will be accepted without checking the |
replay counter. |
replay counter. |
|
|
<li><a name="dhcpd"></a> |
<li><a name="dhcpd"></a> |
<font color="#009000"><strong>011: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>011: SECURITY FIX: August 25, 2006</strong></font> <i>All architectures</i><br> |
Due to an off-by-one error in |
Due to an off-by-one error in |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a>, |
it is possible to cause |
it is possible to cause |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">dhcpd(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8">dhcpd(8)</a> |
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. |
to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option. |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a> |
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a> |
<br> |
<br> |
|
|
|
|
<li><a name="httpd"></a> |
<li><a name="httpd"></a> |
<font color="#009000"><strong>009: SECURITY FIX: July 30, 2006</strong></font> <i>All architectures</i><br> |
<font color="#009000"><strong>009: SECURITY FIX: July 30, 2006</strong></font> <i>All architectures</i><br> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s |
(8)</a> |
mod_rewrite has a potentially exploitable off-by-one buffer overflow. |
's mod_rewrite has a potentially exploitable off-by-one buffer overflow. |
|
The buffer overflow may result in a vulnerability which, in combination |
The buffer overflow may result in a vulnerability which, in combination |
with certain types of Rewrite rules in the web server configuration files, |
with certain types of Rewrite rules in the web server configuration files, |
could be triggered remotely. The default install is not affected by the |
could be triggered remotely. The default install is not affected by the |