| version 1.125, 2000/05/25 07:39:27 |
version 1.126, 2000/05/25 16:44:37 |
|
|
| |
|
| <p> |
<p> |
| <ul> |
<ul> |
| <li><a href=errata.html#procfs>May 25, 2000: |
<li><a href=errata26.html#xlockmore>May 25, 2000: |
| xlockmore has a bug which a localhost attacker can use to gain |
xlockmore has a bug which a localhost attacker can use to gain |
| access to the encrypted root password hash (which is normally |
access to the encrypted root password hash (which is normally |
| encoded using blowfish (see |
encoded using blowfish (see |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&sektion=3"> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=crypt&sektion=3"> |
| crypt(3)</a>) |
crypt(3)</a>) |
| (patch included).</a> |
(patch included).</a> |
| <li><a href=errata.html#procfs>Jan 20, 2000: |
<li><a href=errata26.html#procfs>Jan 20, 2000: |
| Systems running with procfs enabled and mounted are |
Systems running with procfs enabled and mounted are |
| vulnerable to a very tricky exploit. procfs is not |
vulnerable to a very tricky exploit. procfs is not |
| mounted by default. |
mounted by default. |
| (patch included).</a> |
(patch included).</a> |
| <li><a href=errata.html#ifmedia>Nov 9, 1999: |
<li><a href=errata26.html#ifmedia>Nov 9, 1999: |
| Any user could change interface media configurations, resulting in |
Any user could change interface media configurations, resulting in |
| a localhost denial of service attack. |
a localhost denial of service attack. |
| (patch included).</a> |
(patch included).</a> |
| <li><a href=errata.html#sslUSA>Dec 2, 1999: |
<li><a href=errata26.html#sslUSA>Dec 2, 1999: |
| A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
| USA version of libssl, is possibly exploitable in |
USA version of libssl, is possibly exploitable in |
| httpd, ssh, or isakmpd, if SSL/RSA features are enabled. |
httpd, ssh, or isakmpd, if SSL/RSA features are enabled. |
| (patch included).<br></a> |
(patch included).<br></a> |
| <strong>Update:</strong> Turns out that this was not exploitable |
<strong>Update:</strong> Turns out that this was not exploitable |
| in any of the software included in OpenBSD 2.6. |
in any of the software included in OpenBSD 2.6. |
| <li><a href=errata.html#sendmail>Dec 4, 1999: |
<li><a href=errata26.html#sendmail>Dec 4, 1999: |
| Sendmail permitted any user to cause a aliases file wrap, |
Sendmail permitted any user to cause a aliases file wrap, |
| thus exposing the system to a race where the aliases file |
thus exposing the system to a race where the aliases file |
| did not exist. |
did not exist. |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www