| version 1.202, 2002/04/11 18:39:22 |
version 1.203, 2002/04/16 18:33:08 |
|
|
| <dl> |
<dl> |
| |
|
| <li> |
<li> |
| |
<a name=31></a> |
| |
|
| |
<h3><font color=#e00000>OpenBSD 3.1 Security Advisories</font></h3> |
| |
These are the OpenBSD 3.1 advisories -- all these problems are solved |
| |
in <a href=anoncvs.html>OpenBSD current</a> and the |
| |
<a href=stable.html>patch branch</a>. |
| |
|
| |
<p> |
| |
<ul> |
| |
<li>None yet. |
| |
</ul> |
| |
|
| |
<p> |
| |
|
| |
<li> |
| <a name=30></a> |
<a name=30></a> |
| |
|
| <h3><font color=#e00000>OpenBSD 3.0 Security Advisories</font></h3> |
<h3><font color=#e00000>OpenBSD 3.0 Security Advisories</font></h3> |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href=errata.html#mail>April 11, 2002: |
<li><a href=errata30.html#mail>April 11, 2002: |
| The mail(1) was interpreting tilde escapes even when invoked |
The mail(1) was interpreting tilde escapes even when invoked |
| in non-interactive mode. As mail(1) is called as root from cron, |
in non-interactive mode. As mail(1) is called as root from cron, |
| this can lead to a local root compromise.</a> |
this can lead to a local root compromise.</a> |
| <li><a href=errata.html#approval>March 19, 2002: |
<li><a href=errata30.html#approval>March 19, 2002: |
| Under certain conditions, on systems using YP with netgroups in |
Under certain conditions, on systems using YP with netgroups in |
| the password database, it is possible for the rexecd(8) and rshd(8) |
the password database, it is possible for the rexecd(8) and rshd(8) |
| daemons to execute a shell from a password database entry for a |
daemons to execute a shell from a password database entry for a |
| different user. Similarly, atrun(8) may change to the wrong |
different user. Similarly, atrun(8) may change to the wrong |
| home directory when running jobs.</a> |
home directory when running jobs.</a> |
| <li><a href=errata.html#zlib>March 13, 2002: |
<li><a href=errata30.html#zlib>March 13, 2002: |
| A potential double free() exists in the zlib library; |
A potential double free() exists in the zlib library; |
| this is not exploitable on OpenBSD. |
this is not exploitable on OpenBSD. |
| The kernel also contains a copy of zlib; it is not |
The kernel also contains a copy of zlib; it is not |
| currently known if the kernel zlib is exploitable.</a> |
currently known if the kernel zlib is exploitable.</a> |
| <li><a href=errata.html#openssh>March 8, 2002: |
<li><a href=errata30.html#openssh>March 8, 2002: |
| An off-by-one check in OpenSSH's channel forwarding code |
An off-by-one check in OpenSSH's channel forwarding code |
| may allow a local user to gain super-user privileges.</a> |
may allow a local user to gain super-user privileges.</a> |
| <li><a href=errata.html#ptrace>January 21, 2002: |
<li><a href=errata30.html#ptrace>January 21, 2002: |
| A race condition between the ptrace(2) and execve(2) system calls |
A race condition between the ptrace(2) and execve(2) system calls |
| allows an attacker to modify the memory contents of suid/sgid |
allows an attacker to modify the memory contents of suid/sgid |
| processes which could lead to compromise of the super-user account.</a> |
processes which could lead to compromise of the super-user account.</a> |
| <li><a href=errata.html#sudo>January 17, 2002: |
<li><a href=errata30.html#sudo>January 17, 2002: |
| There is a security hole in sudo(8) that can be exploited |
There is a security hole in sudo(8) that can be exploited |
| when the Postfix sendmail replacement is installed that may |
when the Postfix sendmail replacement is installed that may |
| allow an attacker on the local host to gain root privileges.</a> |
allow an attacker on the local host to gain root privileges.</a> |
| <li><a href=errata.html#lpd>November 28, 2001: |
<li><a href=errata30.html#lpd>November 28, 2001: |
| An attacker can trick a machine running the lpd daemon into |
An attacker can trick a machine running the lpd daemon into |
| creating new files in the root directory from a machine with |
creating new files in the root directory from a machine with |
| remote line printer access.</a> |
remote line printer access.</a> |
| <li><a href=errata.html#vi.recover>November 13, 2001: |
<li><a href=errata30.html#vi.recover>November 13, 2001: |
| The vi.recover script can be abused in such a way as |
The vi.recover script can be abused in such a way as |
| to cause arbitrary zero-length files to be removed.</a> |
to cause arbitrary zero-length files to be removed.</a> |
| <li><a href=errata.html#pf>November 13, 2001: |
<li><a href=errata30.html#pf>November 13, 2001: |
| pf(4) was incapable of dealing with certain ipv6 icmp packets, |
pf(4) was incapable of dealing with certain ipv6 icmp packets, |
| resulting in a crash.</a> |
resulting in a crash.</a> |
| <li><a href=errata.html#sshd>November 12, 2001: |
<li><a href=errata30.html#sshd>November 12, 2001: |
| A security hole that may allow an attacker to partially authenticate |
A security hole that may allow an attacker to partially authenticate |
| if -- and only if -- the administrator has enabled KerberosV.</a> |
if -- and only if -- the administrator has enabled KerberosV.</a> |
| </ul> |
</ul> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www