OpenBSD 3.0 Security Advisories
*************** *** 193,235 ****
-
!
- April 11, 2002: The mail(1) was interpreting tilde escapes even when invoked in non-interactive mode. As mail(1) is called as root from cron, this can lead to a local root compromise. !
- March 19, 2002: Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rexecd(8) and rshd(8) daemons to execute a shell from a password database entry for a different user. Similarly, atrun(8) may change to the wrong home directory when running jobs. !
- March 13, 2002: A potential double free() exists in the zlib library; this is not exploitable on OpenBSD. The kernel also contains a copy of zlib; it is not currently known if the kernel zlib is exploitable. !
- March 8, 2002: An off-by-one check in OpenSSH's channel forwarding code may allow a local user to gain super-user privileges. !
- January 21, 2002: A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account. !
- January 17, 2002: There is a security hole in sudo(8) that can be exploited when the Postfix sendmail replacement is installed that may allow an attacker on the local host to gain root privileges. !
- November 28, 2001: An attacker can trick a machine running the lpd daemon into creating new files in the root directory from a machine with remote line printer access. !
- November 13, 2001: The vi.recover script can be abused in such a way as to cause arbitrary zero-length files to be removed. !
- November 13, 2001: pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. !
- November 12, 2001: A security hole that may allow an attacker to partially authenticate if -- and only if -- the administrator has enabled KerberosV.
-
!
- April 11, 2002: The mail(1) was interpreting tilde escapes even when invoked in non-interactive mode. As mail(1) is called as root from cron, this can lead to a local root compromise. !
- March 19, 2002: Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rexecd(8) and rshd(8) daemons to execute a shell from a password database entry for a different user. Similarly, atrun(8) may change to the wrong home directory when running jobs. !
- March 13, 2002: A potential double free() exists in the zlib library; this is not exploitable on OpenBSD. The kernel also contains a copy of zlib; it is not currently known if the kernel zlib is exploitable. !
- March 8, 2002: An off-by-one check in OpenSSH's channel forwarding code may allow a local user to gain super-user privileges. !
- January 21, 2002: A race condition between the ptrace(2) and execve(2) system calls allows an attacker to modify the memory contents of suid/sgid processes which could lead to compromise of the super-user account. !
- January 17, 2002: There is a security hole in sudo(8) that can be exploited when the Postfix sendmail replacement is installed that may allow an attacker on the local host to gain root privileges. !
- November 28, 2001: An attacker can trick a machine running the lpd daemon into creating new files in the root directory from a machine with remote line printer access. !
- November 13, 2001: The vi.recover script can be abused in such a way as to cause arbitrary zero-length files to be removed. !
- November 13, 2001: pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting in a crash. !
- November 12, 2001: A security hole that may allow an attacker to partially authenticate if -- and only if -- the administrator has enabled KerberosV.
www@openbsd.org
! $OpenBSD: security.html,v 1.202 2002/04/11 18:39:22 millert Exp $