===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.125
retrieving revision 1.126
diff -c -r1.125 -r1.126
*** www/security.html 2000/05/25 07:39:27 1.125
--- www/security.html 2000/05/25 16:44:37 1.126
***************
*** 204,233 ****
! - May 25, 2000:
xlockmore has a bug which a localhost attacker can use to gain
access to the encrypted root password hash (which is normally
encoded using blowfish (see
crypt(3))
(patch included).
!
- Jan 20, 2000:
Systems running with procfs enabled and mounted are
vulnerable to a very tricky exploit. procfs is not
mounted by default.
(patch included).
!
- Nov 9, 1999:
Any user could change interface media configurations, resulting in
a localhost denial of service attack.
(patch included).
!
- Dec 2, 1999:
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! - Dec 4, 1999:
Sendmail permitted any user to cause a aliases file wrap,
thus exposing the system to a race where the aliases file
did not exist.
--- 204,233 ----
! - Jan 20, 2000:
Systems running with procfs enabled and mounted are
vulnerable to a very tricky exploit. procfs is not
mounted by default.
(patch included).
!
- Nov 9, 1999:
Any user could change interface media configurations, resulting in
a localhost denial of service attack.
(patch included).
!
- Dec 2, 1999:
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! - Dec 4, 1999:
Sendmail permitted any user to cause a aliases file wrap,
thus exposing the system to a race where the aliases file
did not exist.
***************
*** 520,526 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.125 2000/05/25 07:39:27 deraadt Exp $