=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.189 retrieving revision 1.190 diff -c -r1.189 -r1.190 *** www/security.html 2001/12/04 02:53:13 1.189 --- www/security.html 2002/01/07 19:20:31 1.190 *************** *** 200,205 **** --- 200,211 ----
  • November 13, 2001: The vi.recover script can be abused in such a way as to cause arbitrary zero-length files to be removed. +
  • November 13, 2001: + pf(4) was incapable of dealing with certain ipv6 icmp packets, + resulting in a crash. +
  • November 12, 2001: + A security hole that may allow an attacker to partially authenticate + if -- and only if -- the administrator has enabled KerberosV.

    *************** *** 217,222 **** --- 223,231 ---- An attacker can trick a machine running the lpd daemon into creating new files in the root directory from a machine with remote line printer access. +

  • November 13, 2001: + The vi.recover script can be abused in such a way as + to cause arbitrary zero-length files to be removed.
  • September 11, 2001: A security hole exists in uuxqt(8) that may allow an attacker to gain root privileges. *************** *** 422,431 **** vulnerable to a very tricky exploit. procfs is not mounted by default. (patch included). !
  • Nov 9, 1999: ! Any user could change interface media configurations, resulting in ! a localhost denial of service attack. (patch included).
  • Dec 2, 1999: A buffer overflow in the RSAREF code included in the USA version of libssl, is possibly exploitable in --- 431,443 ---- vulnerable to a very tricky exploit. procfs is not mounted by default. (patch included). !
  • Dec 4, 1999: ! Sendmail permitted any user to cause a aliases file wrap, ! thus exposing the system to a race where the aliases file ! did not exist. (patch included). +
  • Dec 4, 1999: + Various bugs in poll(2) may cause a kernel crash.
  • Dec 2, 1999: A buffer overflow in the RSAREF code included in the USA version of libssl, is possibly exploitable in *************** *** 433,442 **** (patch included).
    Update: Turns out that this was not exploitable in any of the software included in OpenBSD 2.6. !
  • Dec 4, 1999: ! Sendmail permitted any user to cause a aliases file wrap, ! thus exposing the system to a race where the aliases file ! did not exist. (patch included). --- 445,453 ---- (patch included).
    Update: Turns out that this was not exploitable in any of the software included in OpenBSD 2.6. !
  • Nov 9, 1999: ! Any user could change interface media configurations, resulting in ! a localhost denial of service attack. (patch included). *************** *** 534,555 **** problem in bootpd(8). (patch included).
  • Nov 13, 1998: There is a remote machine lockup bug in the TCP decoding kernel. (patch included).
  • Jul 2, 1998: setuid and setgid processes should not be executed with fd slots 0, 1, or 2 free. (patch included). -
  • August 31, 1998: A benign looking resolver buffer overflow bug was re-introduced accidentally (patches included).
  • June 6, 1998: Further problems with the X libraries (patches included). -
  • June 4, 1998: on non-Intel i386 machines, any user - can use pctr(4) to crash the machine.
  • May 17, 1998: kill(2) of setuid/setgid target processes too permissive (4th revision patch included).
  • May 11, 1998: mmap() permits partial bypassing of immutable and append-only file flags. (patch included). -
  • May 1, 1998: Buffer overflow in xterm and Xaw - (CERT advisory VB-98.04) (patch included).
  • May 5, 1998: Incorrect handling of IPSEC packets if IPSEC is enabled (patch included).

    --- 545,569 ---- problem in bootpd(8). (patch included).

  • Nov 13, 1998: There is a remote machine lockup bug in the TCP decoding kernel. (patch included). +
  • August 31, 1998: A benign looking resolver + buffer overflow bug was re-introduced accidentally (patches included). +
  • Aug 2, 1998: + chpass(1) has a file descriptor leak which allows an + attacker to modify /etc/master.passwd. +
  • July 15, 1998: Inetd had a file descriptor leak.
  • Jul 2, 1998: setuid and setgid processes should not be executed with fd slots 0, 1, or 2 free. (patch included).
  • June 6, 1998: Further problems with the X libraries (patches included).
  • May 17, 1998: kill(2) of setuid/setgid target processes too permissive (4th revision patch included).
  • May 11, 1998: mmap() permits partial bypassing of immutable and append-only file flags. (patch included).
  • May 5, 1998: Incorrect handling of IPSEC packets if IPSEC is enabled (patch included). +
  • May 1, 1998: Buffer overflow in xterm and Xaw + (CERT advisory VB-98.04) (patch included).

    *************** *** 584,591 ****

  • Feb 13, 1998: Setuid coredump & Ruserok() flaw (patch included).
  • Feb 9, 1998: MIPS ld.so flaw (patch included). -
  • Dec 10, 1997: Intel P5 f00f lockup - (patch included).

    --- 598,603 ---- *************** *** 736,742 **** OpenBSD www@openbsd.org
    ! $OpenBSD: security.html,v 1.189 2001/12/04 02:53:13 millert Exp $ --- 748,754 ---- OpenBSD www@openbsd.org
    ! $OpenBSD: security.html,v 1.190 2002/01/07 19:20:31 mpech Exp $