===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.189
retrieving revision 1.190
diff -c -r1.189 -r1.190
*** www/security.html 2001/12/04 02:53:13 1.189
--- www/security.html 2002/01/07 19:20:31 1.190
***************
*** 200,205 ****
--- 200,211 ----
November 13, 2001:
The vi.recover script can be abused in such a way as
to cause arbitrary zero-length files to be removed.
+ November 13, 2001:
+ pf(4) was incapable of dealing with certain ipv6 icmp packets,
+ resulting in a crash.
+ November 12, 2001:
+ A security hole that may allow an attacker to partially authenticate
+ if -- and only if -- the administrator has enabled KerberosV.
***************
*** 217,222 ****
--- 223,231 ----
An attacker can trick a machine running the lpd daemon into
creating new files in the root directory from a machine with
remote line printer access.
+
November 13, 2001:
+ The vi.recover script can be abused in such a way as
+ to cause arbitrary zero-length files to be removed.
September 11, 2001:
A security hole exists in uuxqt(8) that may allow an
attacker to gain root privileges.
***************
*** 422,431 ****
vulnerable to a very tricky exploit. procfs is not
mounted by default.
(patch included).
! Nov 9, 1999:
! Any user could change interface media configurations, resulting in
! a localhost denial of service attack.
(patch included).
Dec 2, 1999:
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
--- 431,443 ----
vulnerable to a very tricky exploit. procfs is not
mounted by default.
(patch included).
! Dec 4, 1999:
! Sendmail permitted any user to cause a aliases file wrap,
! thus exposing the system to a race where the aliases file
! did not exist.
(patch included).
+ Dec 4, 1999:
+ Various bugs in poll(2) may cause a kernel crash.
Dec 2, 1999:
A buffer overflow in the RSAREF code included in the
USA version of libssl, is possibly exploitable in
***************
*** 433,442 ****
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! Dec 4, 1999:
! Sendmail permitted any user to cause a aliases file wrap,
! thus exposing the system to a race where the aliases file
! did not exist.
(patch included).
--- 445,453 ----
(patch included).
Update: Turns out that this was not exploitable
in any of the software included in OpenBSD 2.6.
! Nov 9, 1999:
! Any user could change interface media configurations, resulting in
! a localhost denial of service attack.
(patch included).
***************
*** 534,555 ****
problem in bootpd(8). (patch included).
Nov 13, 1998: There is a remote machine lockup
bug in the TCP decoding kernel. (patch included).
Jul 2, 1998: setuid and setgid processes
should not be executed with fd slots 0, 1, or 2 free.
(patch included).
- August 31, 1998: A benign looking resolver buffer overflow bug was re-introduced accidentally (patches included).
June 6, 1998: Further problems with the X
libraries (patches included).
- June 4, 1998: on non-Intel i386 machines, any user
- can use pctr(4) to crash the machine.
May 17, 1998: kill(2) of setuid/setgid target
processes too permissive (4th revision patch included).
May 11, 1998: mmap() permits partial bypassing
of immutable and append-only file flags. (patch included).
- May 1, 1998: Buffer overflow in xterm and Xaw
- (CERT advisory VB-98.04) (patch included).
May 5, 1998: Incorrect handling of IPSEC packets
if IPSEC is enabled (patch included).
--- 545,569 ----
problem in bootpd(8). (patch included).
Nov 13, 1998: There is a remote machine lockup
bug in the TCP decoding kernel. (patch included).
+ August 31, 1998: A benign looking resolver
+ buffer overflow bug was re-introduced accidentally (patches included).
+ Aug 2, 1998:
+ chpass(1) has a file descriptor leak which allows an
+ attacker to modify /etc/master.passwd.
+ July 15, 1998: Inetd had a file descriptor leak.
Jul 2, 1998: setuid and setgid processes
should not be executed with fd slots 0, 1, or 2 free.
(patch included).
June 6, 1998: Further problems with the X
libraries (patches included).
May 17, 1998: kill(2) of setuid/setgid target
processes too permissive (4th revision patch included).
May 11, 1998: mmap() permits partial bypassing
of immutable and append-only file flags. (patch included).
May 5, 1998: Incorrect handling of IPSEC packets
if IPSEC is enabled (patch included).
+ May 1, 1998: Buffer overflow in xterm and Xaw
+ (CERT advisory VB-98.04) (patch included).
***************
*** 584,591 ****
Feb 13, 1998: Setuid coredump & Ruserok()
flaw (patch included).
Feb 9, 1998: MIPS ld.so flaw (patch included).
- Dec 10, 1997: Intel P5 f00f lockup
- (patch included).
--- 598,603 ----
***************
*** 736,742 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.189 2001/12/04 02:53:13 millert Exp $