| version 1.189, 2001/12/04 02:53:13 |
version 1.190, 2002/01/07 19:20:31 |
|
|
| <li><a href=errata.html#vi.recover>November 13, 2001: |
<li><a href=errata.html#vi.recover>November 13, 2001: |
| The vi.recover script can be abused in such a way as |
The vi.recover script can be abused in such a way as |
| to cause arbitrary zero-length files to be removed.</a> |
to cause arbitrary zero-length files to be removed.</a> |
| |
<li><a href=errata.html#pf>November 13, 2001: |
| |
pf(4) was incapable of dealing with certain ipv6 icmp packets, |
| |
resulting in a crash.</a> |
| |
<li><a href=errata.html#sshd>November 12, 2001: |
| |
A security hole that may allow an attacker to partially authenticate |
| |
if -- and only if -- the administrator has enabled KerberosV.</a> |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| An attacker can trick a machine running the lpd daemon into |
An attacker can trick a machine running the lpd daemon into |
| creating new files in the root directory from a machine with |
creating new files in the root directory from a machine with |
| remote line printer access.</a> |
remote line printer access.</a> |
| |
<li><a href=errata29.html#vi.recover>November 13, 2001: |
| |
The vi.recover script can be abused in such a way as |
| |
to cause arbitrary zero-length files to be removed.</a> |
| <li><a href=errata29.html#uucp>September 11, 2001: |
<li><a href=errata29.html#uucp>September 11, 2001: |
| A security hole exists in uuxqt(8) that may allow an |
A security hole exists in uuxqt(8) that may allow an |
| attacker to gain root privileges.</a> |
attacker to gain root privileges.</a> |
|
|
| vulnerable to a very tricky exploit. procfs is not |
vulnerable to a very tricky exploit. procfs is not |
| mounted by default. |
mounted by default. |
| (patch included).</a> |
(patch included).</a> |
| <li><a href=errata26.html#ifmedia>Nov 9, 1999: |
<li><a href=errata26.html#sendmail>Dec 4, 1999: |
| Any user could change interface media configurations, resulting in |
Sendmail permitted any user to cause a aliases file wrap, |
| a localhost denial of service attack. |
thus exposing the system to a race where the aliases file |
| |
did not exist. |
| (patch included).</a> |
(patch included).</a> |
| |
<li><a href=errata26.html#poll>Dec 4, 1999: |
| |
Various bugs in poll(2) may cause a kernel crash.</a> |
| <li><a href=errata26.html#sslUSA>Dec 2, 1999: |
<li><a href=errata26.html#sslUSA>Dec 2, 1999: |
| A buffer overflow in the RSAREF code included in the |
A buffer overflow in the RSAREF code included in the |
| USA version of libssl, is possibly exploitable in |
USA version of libssl, is possibly exploitable in |
|
|
| (patch included).<br></a> |
(patch included).<br></a> |
| <strong>Update:</strong> Turns out that this was not exploitable |
<strong>Update:</strong> Turns out that this was not exploitable |
| in any of the software included in OpenBSD 2.6. |
in any of the software included in OpenBSD 2.6. |
| <li><a href=errata26.html#sendmail>Dec 4, 1999: |
<li><a href=errata26.html#ifmedia>Nov 9, 1999: |
| Sendmail permitted any user to cause a aliases file wrap, |
Any user could change interface media configurations, resulting in |
| thus exposing the system to a race where the aliases file |
a localhost denial of service attack. |
| did not exist. |
|
| (patch included).</a> |
(patch included).</a> |
| </ul> |
</ul> |
| |
|
|
|
| problem in bootpd(8). (patch included).</a> |
problem in bootpd(8). (patch included).</a> |
| <li><a href=errata23.html#tcpfix>Nov 13, 1998: There is a remote machine lockup |
<li><a href=errata23.html#tcpfix>Nov 13, 1998: There is a remote machine lockup |
| bug in the TCP decoding kernel. (patch included).</a> |
bug in the TCP decoding kernel. (patch included).</a> |
| |
<li><a href=errata23.html#resolver>August 31, 1998: A benign looking resolver |
| |
buffer overflow bug was re-introduced accidentally (patches included).</a> |
| |
<li><a href=errata23.html#chpass>Aug 2, 1998: |
| |
chpass(1) has a file descriptor leak which allows an |
| |
attacker to modify /etc/master.passwd.</a> |
| |
<li><a href=errata23.html#inetd>July 15, 1998: Inetd had a file descriptor leak.</a> |
| <li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
<li><a href=errata23.html#fdalloc>Jul 2, 1998: setuid and setgid processes |
| should not be executed with fd slots 0, 1, or 2 free. |
should not be executed with fd slots 0, 1, or 2 free. |
| (patch included).</a> |
(patch included).</a> |
| <li><a href=errata23.html#resolver>August 31, 1998: A benign looking resolver buffer overflow bug was re-introduced accidentally (patches included).</a> |
|
| <li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X |
<li><a href=errata23.html#xlib>June 6, 1998: Further problems with the X |
| libraries (patches included).</a> |
libraries (patches included).</a> |
| <li><a href=errata23.html#pctr>June 4, 1998: on non-Intel i386 machines, any user |
|
| can use pctr(4) to crash the machine.</a> |
|
| <li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
<li><a href=errata23.html#kill>May 17, 1998: kill(2) of setuid/setgid target |
| processes too permissive (4th revision patch included).</a> |
processes too permissive (4th revision patch included).</a> |
| <li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing |
<li><a href=errata23.html#immutable>May 11, 1998: mmap() permits partial bypassing |
| of immutable and append-only file flags. (patch included).</a> |
of immutable and append-only file flags. (patch included).</a> |
| <li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
|
| (CERT advisory VB-98.04) (patch included).</a> |
|
| <li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
<li><a href=errata23.html#ipsec>May 5, 1998: Incorrect handling of IPSEC packets |
| if IPSEC is enabled (patch included).</a> |
if IPSEC is enabled (patch included).</a> |
| |
<li><a href=errata23.html#xterm-xaw>May 1, 1998: Buffer overflow in xterm and Xaw |
| |
(CERT advisory VB-98.04) (patch included).</a> |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| <li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok() |
<li><a href=errata22.html#ruserok>Feb 13, 1998: Setuid coredump & Ruserok() |
| flaw (patch included).</a> |
flaw (patch included).</a> |
| <li><a href=errata22.html#ldso>Feb 9, 1998: MIPS ld.so flaw (patch included).</a> |
<li><a href=errata22.html#ldso>Feb 9, 1998: MIPS ld.so flaw (patch included).</a> |
| <li><a href=errata22.html#f00f>Dec 10, 1997: Intel P5 f00f lockup |
|
| (patch included).</a> |
|
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www