=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v retrieving revision 1.189 retrieving revision 1.190 diff -u -r1.189 -r1.190 --- www/security.html 2001/12/04 02:53:13 1.189 +++ www/security.html 2002/01/07 19:20:31 1.190 @@ -200,6 +200,12 @@
  • November 13, 2001: The vi.recover script can be abused in such a way as to cause arbitrary zero-length files to be removed. +
  • November 13, 2001: + pf(4) was incapable of dealing with certain ipv6 icmp packets, + resulting in a crash. +
  • November 12, 2001: + A security hole that may allow an attacker to partially authenticate + if -- and only if -- the administrator has enabled KerberosV.

    @@ -217,6 +223,9 @@ An attacker can trick a machine running the lpd daemon into creating new files in the root directory from a machine with remote line printer access. +

  • November 13, 2001: + The vi.recover script can be abused in such a way as + to cause arbitrary zero-length files to be removed.
  • September 11, 2001: A security hole exists in uuxqt(8) that may allow an attacker to gain root privileges. @@ -422,10 +431,13 @@ vulnerable to a very tricky exploit. procfs is not mounted by default. (patch included). -
  • Nov 9, 1999: - Any user could change interface media configurations, resulting in - a localhost denial of service attack. +
  • Dec 4, 1999: + Sendmail permitted any user to cause a aliases file wrap, + thus exposing the system to a race where the aliases file + did not exist. (patch included). +
  • Dec 4, 1999: + Various bugs in poll(2) may cause a kernel crash.
  • Dec 2, 1999: A buffer overflow in the RSAREF code included in the USA version of libssl, is possibly exploitable in @@ -433,10 +445,9 @@ (patch included).
     Update: Turns out that this was not exploitable in any of the software included in OpenBSD 2.6. -
  • Dec 4, 1999: - Sendmail permitted any user to cause a aliases file wrap, - thus exposing the system to a race where the aliases file - did not exist. +
  • Nov 9, 1999: + Any user could change interface media configurations, resulting in + a localhost denial of service attack. (patch included). @@ -534,22 +545,25 @@ problem in bootpd(8). (patch included).
  • Nov 13, 1998: There is a remote machine lockup bug in the TCP decoding kernel. (patch included). +
  • August 31, 1998: A benign looking resolver + buffer overflow bug was re-introduced accidentally (patches included). +
  • Aug 2, 1998: + chpass(1) has a file descriptor leak which allows an + attacker to modify /etc/master.passwd. +
  • July 15, 1998: Inetd had a file descriptor leak.
  • Jul 2, 1998: setuid and setgid processes should not be executed with fd slots 0, 1, or 2 free. (patch included). -
  • August 31, 1998: A benign looking resolver buffer overflow bug was re-introduced accidentally (patches included).
  • June 6, 1998: Further problems with the X libraries (patches included). -
  • June 4, 1998: on non-Intel i386 machines, any user - can use pctr(4) to crash the machine.
  • May 17, 1998: kill(2) of setuid/setgid target processes too permissive (4th revision patch included).
  • May 11, 1998: mmap() permits partial bypassing of immutable and append-only file flags. (patch included). -
  • May 1, 1998: Buffer overflow in xterm and Xaw - (CERT advisory VB-98.04) (patch included).
  • May 5, 1998: Incorrect handling of IPSEC packets if IPSEC is enabled (patch included). +
  • May 1, 1998: Buffer overflow in xterm and Xaw + (CERT advisory VB-98.04) (patch included).

    @@ -584,8 +598,6 @@

  • Feb 13, 1998: Setuid coredump & Ruserok() flaw (patch included).
  • Feb 9, 1998: MIPS ld.so flaw (patch included). -
  • Dec 10, 1997: Intel P5 f00f lockup - (patch included).

    @@ -736,7 +748,7 @@ OpenBSD www@openbsd.org
    -$OpenBSD: security.html,v 1.189 2001/12/04 02:53:13 millert Exp $ +$OpenBSD: security.html,v 1.190 2002/01/07 19:20:31 mpech Exp $