===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.202
retrieving revision 1.203
diff -c -r1.202 -r1.203
*** www/security.html 2002/04/11 18:39:22 1.202
--- www/security.html 2002/04/16 18:33:08 1.203
***************
*** 184,189 ****
--- 184,204 ----
+
+
+ OpenBSD 3.1 Security Advisories
+ These are the OpenBSD 3.1 advisories -- all these problems are solved
+ in OpenBSD current and the
+ patch branch.
+
+
+
+
+
+
+
OpenBSD 3.0 Security Advisories
***************
*** 193,235 ****
! - April 11, 2002:
The mail(1) was interpreting tilde escapes even when invoked
in non-interactive mode. As mail(1) is called as root from cron,
this can lead to a local root compromise.
!
- March 19, 2002:
Under certain conditions, on systems using YP with netgroups in
the password database, it is possible for the rexecd(8) and rshd(8)
daemons to execute a shell from a password database entry for a
different user. Similarly, atrun(8) may change to the wrong
home directory when running jobs.
!
- March 13, 2002:
A potential double free() exists in the zlib library;
this is not exploitable on OpenBSD.
The kernel also contains a copy of zlib; it is not
currently known if the kernel zlib is exploitable.
!
- March 8, 2002:
An off-by-one check in OpenSSH's channel forwarding code
may allow a local user to gain super-user privileges.
!
- January 21, 2002:
A race condition between the ptrace(2) and execve(2) system calls
allows an attacker to modify the memory contents of suid/sgid
processes which could lead to compromise of the super-user account.
!
- January 17, 2002:
There is a security hole in sudo(8) that can be exploited
when the Postfix sendmail replacement is installed that may
allow an attacker on the local host to gain root privileges.
!
- November 28, 2001:
An attacker can trick a machine running the lpd daemon into
creating new files in the root directory from a machine with
remote line printer access.
!
- November 13, 2001:
The vi.recover script can be abused in such a way as
to cause arbitrary zero-length files to be removed.
!
- November 13, 2001:
pf(4) was incapable of dealing with certain ipv6 icmp packets,
resulting in a crash.
!
- November 12, 2001:
A security hole that may allow an attacker to partially authenticate
if -- and only if -- the administrator has enabled KerberosV.
--- 208,250 ----
! - April 11, 2002:
The mail(1) was interpreting tilde escapes even when invoked
in non-interactive mode. As mail(1) is called as root from cron,
this can lead to a local root compromise.
!
- March 19, 2002:
Under certain conditions, on systems using YP with netgroups in
the password database, it is possible for the rexecd(8) and rshd(8)
daemons to execute a shell from a password database entry for a
different user. Similarly, atrun(8) may change to the wrong
home directory when running jobs.
!
- March 13, 2002:
A potential double free() exists in the zlib library;
this is not exploitable on OpenBSD.
The kernel also contains a copy of zlib; it is not
currently known if the kernel zlib is exploitable.
!
- March 8, 2002:
An off-by-one check in OpenSSH's channel forwarding code
may allow a local user to gain super-user privileges.
!
- January 21, 2002:
A race condition between the ptrace(2) and execve(2) system calls
allows an attacker to modify the memory contents of suid/sgid
processes which could lead to compromise of the super-user account.
!
- January 17, 2002:
There is a security hole in sudo(8) that can be exploited
when the Postfix sendmail replacement is installed that may
allow an attacker on the local host to gain root privileges.
!
- November 28, 2001:
An attacker can trick a machine running the lpd daemon into
creating new files in the root directory from a machine with
remote line printer access.
!
- November 13, 2001:
The vi.recover script can be abused in such a way as
to cause arbitrary zero-length files to be removed.
!
- November 13, 2001:
pf(4) was incapable of dealing with certain ipv6 icmp packets,
resulting in a crash.
!
- November 12, 2001:
A security hole that may allow an attacker to partially authenticate
if -- and only if -- the administrator has enabled KerberosV.
***************
*** 794,800 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.202 2002/04/11 18:39:22 millert Exp $