version 1.189, 2001/12/04 02:53:13 |
version 1.190, 2002/01/07 19:20:31 |
|
|
<li><a href=errata.html#vi.recover>November 13, 2001: |
<li><a href=errata.html#vi.recover>November 13, 2001: |
The vi.recover script can be abused in such a way as |
The vi.recover script can be abused in such a way as |
to cause arbitrary zero-length files to be removed.</a> |
to cause arbitrary zero-length files to be removed.</a> |
|
<li><a href=errata.html#pf>November 13, 2001: |
|
pf(4) was incapable of dealing with certain ipv6 icmp packets, |
|
resulting in a crash.</a> |
|
<li><a href=errata.html#sshd>November 12, 2001: |
|
A security hole that may allow an attacker to partially authenticate |
|
if -- and only if -- the administrator has enabled KerberosV.</a> |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
An attacker can trick a machine running the lpd daemon into |
An attacker can trick a machine running the lpd daemon into |
creating new files in the root directory from a machine with |
creating new files in the root directory from a machine with |
remote line printer access.</a> |
remote line printer access.</a> |
|
<li><a href=errata29.html#vi.recover>November 13, 2001: |
|
The vi.recover script can be abused in such a way as |
|
to cause arbitrary zero-length files to be removed.</a> |
<li><a href=errata29.html#uucp>September 11, 2001: |
<li><a href=errata29.html#uucp>September 11, 2001: |
A security hole exists in uuxqt(8) that may allow an |
A security hole exists in uuxqt(8) that may allow an |
attacker to gain root privileges.</a> |
attacker to gain root privileges.</a> |
|
|
vulnerable to a very tricky exploit. procfs is not |
vulnerable to a very tricky exploit. procfs is not |
mounted by default. |
mounted by default. |
(patch included).</a> |
(patch included).</a> |
<li><a href=errata26.html#ifmedia>Nov 9, 1999: |
<li><a href=errata26.html#sendmail>Dec 4, 1999: |
Any user could change interface media configurations, resulting in |
Sendmail permitted any user to cause a aliases file wrap, |
a localhost denial of service attack. |
thus exposing the system to a race where the aliases file |
|
did not exist. |
(patch included).</a> |
(patch included).</a> |
|
<li><a href=errata26.html#poll>Dec 4, 1999: |
|
Various bugs in poll(2) may cause a kernel crash.</a> |
<li><a href=errata26.html#sslUSA>Dec 2, 1999: |
<li><a href=errata26.html#sslUSA>Dec 2, 1999: |
A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
USA version of libssl, is possibly exploitable in |
USA version of libssl, is possibly exploitable in |
|
|
(patch included).<br></a> |
(patch included).<br></a> |
<strong>Update:</strong> Turns out that this was not exploitable |
<strong>Update:</strong> Turns out that this was not exploitable |
in any of the software included in OpenBSD 2.6. |
in any of the software included in OpenBSD 2.6. |
<li><a href=errata26.html#sendmail>Dec 4, 1999: |
<li><a href=errata26.html#ifmedia>Nov 9, 1999: |
Sendmail permitted any user to cause a aliases file wrap, |
Any user could change interface media configurations, resulting in |
thus exposing the system to a race where the aliases file |
a localhost denial of service attack. |
did not exist. |
|
(patch included).</a> |
(patch included).</a> |
</ul> |
</ul> |
|
|
|
|
problem in bootpd(8). (patch included).</a> |
problem in bootpd(8). (patch included).</a> |
<li><a href=errata23.html#tcpfix>Nov 13, 1998: There is a remote machine lockup |
<li><a href=errata23.html#tcpfix>Nov 13, 1998: There is a remote machine lockup |
bug in the TCP decoding kernel. (patch included).</a> |
bug in the TCP decoding kernel. (patch included).</a> |
|
<li><a href=errata23.html#resolver>August 31, 1998: A benign looking resolver |
|
buffer overflow bug was re-introduced accidentally (patches included).</a> |
|
<li><a href=errata23.html#chpass>Aug 2, 1998: |
|
chpass(1) has a file descriptor leak which allows an |
|
attacker to modify /etc/master.passwd.</a> |
|
<li><a href=errata23.html#inetd>July 15, 1998: Inetd had a file descriptor leak.</a> |
<li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
<li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
should not be executed with fd slots 0, 1, or 2 free. |
should not be executed with fd slots 0, 1, or 2 free. |
(patch included).</a> |
(patch included).</a> |
<li><a href=errata23.html#resolver>August 31, 1998: A benign looking resolver buffer overflow bug was re-introduced accidentally (patches included).</a> |
|
<li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X |
<li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X |
libraries (patches included).</a> |
libraries (patches included).</a> |
<li><a href=errata23.html#pctr>June 4, 1998: on non-Intel i386 machines, any user |
|
can use pctr(4) to crash the machine.</a> |
|
<li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
<li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
processes too permissive (4th revision patch included).</a> |
processes too permissive (4th revision patch included).</a> |
<li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing |
<li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing |
of immutable and append-only file flags. (patch included).</a> |
of immutable and append-only file flags. (patch included).</a> |
<li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
|
(CERT advisory VB-98.04) (patch included).</a> |
|
<li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
<li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
if IPSEC is enabled (patch included).</a> |
if IPSEC is enabled (patch included).</a> |
|
<li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
|
(CERT advisory VB-98.04) (patch included).</a> |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
<li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok() |
<li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok() |
flaw (patch included).</a> |
flaw (patch included).</a> |
<li><a href=errata22.html#ldso>Feb 9, 1998: MIPS ld.so flaw (patch included).</a> |
<li><a href=errata22.html#ldso>Feb 9, 1998: MIPS ld.so flaw (patch included).</a> |
<li><a href=errata22.html#f00f>Dec 10, 1997: Intel P5 f00f lockup |
|
(patch included).</a> |
|
</ul> |
</ul> |
|
|
<p> |
<p> |