===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.417
retrieving revision 1.418
diff -u -r1.417 -r1.418
--- www/security.html 2014/07/28 16:48:23 1.417
+++ www/security.html 2014/08/20 01:10:04 1.418
@@ -21,44 +21,44 @@
For security advisories for specific releases, click below:
-2.0,
-2.1,
-2.2,
-2.3,
-2.4,
-2.5,
-2.6,
-2.7,
-2.8,
-2.9,
-3.0,
-3.1,
-3.2,
-3.3,
-3.4,
-3.5,
-3.6,
+2.0,
+2.1,
+2.2,
+2.3,
+2.4,
+2.5,
+2.6,
+2.7,
+2.8,
+2.9,
+3.0,
+3.1,
+3.2,
+3.3,
+3.4,
+3.5,
+3.6,
-3.7,
-3.8,
-3.9,
-4.0,
-4.1,
-4.2,
-4.3,
-4.4,
-4.5,
-4.6,
-4.7,
-4.8,
-4.9,
-5.0,
-5.1,
-5.2,
-5.3,
+3.7,
+3.8,
+3.9,
+4.0,
+4.1,
+4.2,
+4.3,
+4.4,
+4.5,
+4.6,
+4.7,
+4.8,
+4.9,
+5.0,
+5.1,
+5.2,
+5.3,
-5.4,
-5.5.
+5.4,
+5.5.
@@ -220,1636 +220,7 @@
Advisories
-
-OpenBSD 5.5 Security Advisories
-These are the OpenBSD 5.5 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- March 15, 2014:
- Memory corruption happens during
- ICMP reflection handling. ICMP reflection is disabled by default.
-
- April 7, 2014:
- Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
- heartbeat extension (RFC6520) which can result in a leak of memory contents.
-
- April 9, 2014: ftp(1) defect,
- failure to check the server hostname when connecting to an https
- website, allowing any trusted CA-signed certificate to impersonate
- any other website.
-
- April 12, 2014:
- A use-after-free race condition in OpenSSL's read buffer may permit
- an attacker to inject data from one connection into another.
-
- May 1, 2014:
- An attacker can trigger generation of an SSL alert which could
- cause a null pointer dereference.
-
- May 24, 2014:
- X Font Service Protocol & Font metadata file handling issues
- in libXfont.
-
- June 5, 2014:
- Sendmail was not properly closing file descriptions
- before executing programs.
-
- June 6, 2014:
- This patch contains a number of SSL library fixes.
-
-
-
-OpenBSD 5.4 Security Advisories
-These are the OpenBSD 5.4 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-OpenBSD 5.3 and earlier releases are not supported anymore. The following
-paragraphs only list advisories issued while they were maintained; these
-releases are likely to be affected by the advisories for more recent releases.
-
-
-
-
-OpenBSD 5.3 Security Advisories
-These are the OpenBSD 5.3 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 5.2 Security Advisories
-These are the OpenBSD 5.2 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 5.1 Security Advisories
-These are the OpenBSD 5.1 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 5.0 Security Advisories
-These are the OpenBSD 5.0 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.9 Security Advisories
-These are the OpenBSD 4.9 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.8 Security Advisories
-These are the OpenBSD 4.8 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- February 16, 2011:
- PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
- not correctly handled on little-endian systems (alpha, amd64, arm, i386,
- mips64el, vax). Other address types (bare addresses "10.1.1.1" and
- prefixes "10.1.1.1/30") are not affected.
-
- February 11, 2011:
- An incorrectly formatted ClientHello handshake message could cause
- OpenSSL to parse past the end of the message. An attacker could use
- this flaw to trigger an invalid memory access, causing a crash of an
- application linked to OpenSSL. As well, certain applications may expose
- the contents of parsed OCSP extensions, specifically the OCSP nonce
- extension.
-
- Applications are only affected if they act as a server and call
- SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed
- that nothing in the base OS uses this. Apache httpd started using this
- in v2.3.3; this is newer than the version in ports.
- - December 17, 2010:
- Insufficent initialization of the pf rule structure in the ioctl
- handler may allow userland to modify kernel memory. By default root
- privileges are needed to add or modify pf rules.
-
-
-
-
-
-OpenBSD 4.7 Security Advisories
-These are the OpenBSD 4.7 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- February 16, 2011:
- PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
- not correctly handled on little-endian systems (alpha, amd64, arm, i386,
- mips64el, vax). Other address types (bare addresses "10.1.1.1" and
- prefixes "10.1.1.1/30") are not affected.
-
- February 11, 2011:
- An incorrectly formatted ClientHello handshake message could cause
- OpenSSL to parse past the end of the message. An attacker could use
- this flaw to trigger an invalid memory access, causing a crash of an
- application linked to OpenSSL. As well, certain applications may expose
- the contents of parsed OCSP extensions, specifically the OCSP nonce
- extension.
-
- Applications are only affected if they act as a server and call
- SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed
- that nothing in the base OS uses this. Apache httpd started using this
- in v2.3.3; this is newer than the version in ports.
- - December 17, 2010:
- Insufficent initialization of the pf rule structure in the ioctl
- handler may allow userland to modify kernel memory. By default root
- privileges are needed to add or modify pf rules.
-
- April 23, 2010:
- The combination of pfsync and IPSEC may crash the kernel.
-
- April 14, 2010:
- In TLS connections, certain incorrectly formatted records can
- cause an OpenSSL client or server to crash due to a read
- attempt at NULL.
-
-
-
-
-
-OpenBSD 4.6 Security Advisories
-These are the OpenBSD 4.6 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.5 Security Advisories
-These are the OpenBSD 4.5 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.4 Security Advisories
-These are the OpenBSD 4.4 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.3 Security Advisories
-These are the OpenBSD 4.3 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-OpenBSD 4.2 Security Advisories
-These are the OpenBSD 4.2 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-
-
-
-
-OpenBSD 4.1 Security Advisories
-These are the OpenBSD 4.1 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- April 3, 2008:
- sshd(8) could possibly allow hijacking of X11-forwarded connections.
-
- March 30, 2008:
- sshd(8) could allow arbitrary commands to be executed via ~/.ssh/rc
- when a sshd_config(5) ForceCommand directive was in effect.
-
- March 7, 2008:
- Command prompt parsing buffer overflow in ppp.
-
- Feb 8, 2008:
- Multiple vulnerabilities in X.Org.
-
- Oct 10, 2007:
- The SSL_get_shared_ciphers() function in OpenSSL contains
- an off-by-one overflow.
-
- Oct 9, 2007:
- Fix stack corruption problem in dhcpd(8).
-
- Jul 9, 2007:
- Fix possible heap overflow in file(1).
-
- Apr 27, 2007:
- IPv6 type 0 route headers can be used to mount a DoS attack
- against hosts and networks.
-
- Apr 27, 2007:
- Multiple vulnerabilities in X.Org.
-
- Apr 27, 2007:
- Incorrect mbuf handling for ICMP6 packets.
-
-
-
-
-OpenBSD 4.0 Security Advisories
-These are the OpenBSD 4.0 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- Oct 10, 2007:
- The SSL_get_shared_ciphers() function in OpenSSL contains an
- off-by-one overflow.
-
- Oct 9, 2007:
- Fix stack corruption problem in dhcpd(8).
-
- Jul 9, 2007:
- Fix possible heap overflow in file(1).
-
- Apr 23, 2007:
- IPv6 type 0 route headers can be used to mount a DoS attack
- against hosts and networks.
-
- Apr 4, 2007:
- Multiple vulnerabilities in X.Org.
-
- Mar 7, 2007:
- Incorrect mbuf handling for ICMP6 packets.
-
- Jan 3, 2007:
- Insufficient validation in vga(4) may allow an attacker to gain
- root privileges on some i386 systems.
-
- Nov 19, 2006:
- ld.so(1) fails to properly sanitize the environment.
-
- Nov 4, 2006:
- Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support,
- found by Chris Evans.
-
- Nov 4, 2006:
- Several problems have been found in OpenSSL.
-
- Nov 4, 2006:
- httpd(8) does not sanitize the Expect header from an HTTP request
- when it is reflected back in an error message, which might allow
- cross-site scripting (XSS) style attacks.
-
-
-
-
-
-OpenBSD 3.9 Security Advisories
-These are the OpenBSD 3.9 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- Apr 23, 2007:
- IPv6 type 0 route headers can be used to mount a DoS attack
- against hosts and networks.
-
- Apr 4, 2007:
- Multiple vulnerabilities in X.Org.
-
- Mar 7, 2007:
- Incorrect mbuf handling for ICMP6 packets.
-
- Jan 3, 2007:
- Insufficient validation in vga(4) may allow an attacker to gain
- root privileges on some i386 systems.
-
- Nov 19, 2006:
- ld.so(1) fails to properly sanitize the environment.
-
- Oct 12, 2006:
- Fix 2 security bugs found in OpenSSH.
-
- Oct 7, 2006:
- Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support,
- found by Chris Evans.
-
- Oct 7, 2006:
- Several problems have been found in OpenSSL.
-
- Oct 7, 2006:
- httpd(8) does not sanitize the Expect header from an HTTP request
- when it is reflected back in an error message, which might allow
- cross-site scripting (XSS) style attacks.
-
- Sep 8, 2006:
- Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is
- possible for an attacker to construct an invalid signature which
- OpenSSL would accept as a valid PKCS#1 v1.5 signature.
-
- Sep 8, 2006:
- Two Denial of Service issues have been found with BIND.
-
- Sep 2, 2006:
- Due to the failure to correctly validate LCP configuration option
- lengths, it is possible for an attacker to send LCP packets via an
- sppp(4) connection causing the kernel to panic.
-
- Aug 25, 2006:
- A problem in isakmpd(8) caused IPsec to run partly without replay
- protection.
-
- Aug 25, 2006:
- It is possible to cause the kernel to panic when more than the default
- number of sempahores have been allocated.
-
- Aug 25, 2006:
- Due to an off-by-one error in dhcpd(8) it is possible to cause dhcpd(8)
- to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier
- option.
-
- Aug 25, 2006:
- A potential denial of service problem has been found in sendmail.
-
- Jul 30, 2006:
- httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer
- overflow.
-
- Jun 15, 2006:
- A potential denial of service problem has been found in sendmail.
-
- May 2, 2006:
- A buffer overflow exists in the Render extension of the X server.
-
- Mar 25, 2006:
- A race condition has been reported to exist in the handling by sendmail
- of asynchronous signals.
-
-
-
-
-
-OpenBSD 3.8 Security Advisories
-These are the OpenBSD 3.8 advisories -- all these problems are solved
-in OpenBSD current and the
-patch branch.
-
-
-
-- Oct 12, 2006:
- Fix 2 security bugs found in OpenSSH.
-
- Oct 7, 2006:
- Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support,
- found by Chris Evans.
-
- Oct 7, 2006:
- Several problems have been found in OpenSSL.
-
- Oct 7, 2006:
- httpd(8) does not sanitize the Expect header from an HTTP request
- when it is reflected back in an error message, which might allow
- cross-site scripting (XSS) style attacks.
-
- Sep 8, 2006:
- Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is
- possible for an attacker to construct an invalid signature which
- OpenSSL would accept as a valid PKCS#1 v1.5 signature.
-
- Sep 8, 2006:
- Two Denial of Service issues have been found with BIND.
-
- Sep 2, 2006:
- Due to the failure to correctly validate LCP configuration option
- lengths, it is possible for an attacker to send LCP packets via an
- sppp(4) connection causing the kernel to panic.
-
- Aug 25, 2006:
- A problem in isakmpd(8) caused IPsec to run partly without replay
- protection.
-
- Aug 25, 2006:
- It is possible to cause the kernel to panic when more than the default
- number of sempahores have been allocated.
-
- Aug 25, 2006:
- Due to an off-by-one error in dhcpd(8) it is possible to cause dhcpd(8)
- to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier
- option.
-
- Aug 25, 2006:
- A potential denial of service problem has been found in sendmail.
-
- Jul 30, 2006:
- httpd(8)'s mod_rewrite has a potentially exploitable off-by-one buffer
- overflow.
-
- Jun 15, 2006:
- A potential denial of service problem has been found in sendmail.
-
- May 2, 2006:
- A buffer overflow exists in the Render extension of the X server.
-
- Mar 25, 2006:
- A race condition has been reported to exist in the handling by sendmail
- of asynchronous signals.
-
- Feb 12, 2006:
- Josh Bressers has reported a weakness in OpenSSH caused due to the
- insecure use of the system(3) function in scp(1) when performing copy
- operations using filenames that are supplied by the user from the
- command line.
-
- Jan 5, 2006:
- Do not allow users to trick suid programs into re-opening files via
- /dev/fd.
-
- Jan 5, 2006:
- A buffer overflow has been found in the Perl interpreter with the
- sprintf function which may be exploitable under certain conditions.
-
-
-
-
-
-OpenBSD 3.7 Security Advisories
-These are the OpenBSD 3.7 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.7 is no longer being maintained,
-you should update your machine.
-
-
-
-- May 2, 2006:
- A buffer overflow exists in the Render extension of the X server.
-
- Mar 25, 2006:
- A race condition has been reported to exist in the handling by sendmail
- of asynchronous signals.
-
- Feb 12, 2006:
- Josh Bressers has reported a weakness in OpenSSH caused due to the
- insecure use of the system(3) function in scp(1) when performing copy
- operations using filenames that are supplied by the user from the
- command line.
-
- Jan 5, 2006:
- Do not allow users to trick suid programs into re-opening files via
- /dev/fd.
-
- Jan 5, 2006:
- A buffer overflow has been found in the Perl interpreter with the
- sprintf function which may be exploitable under certain conditions.
-
- Jul 21, 2005:
- Fix another buffer overflow in the zlib library that may be exploitable.
-
- Jul 6, 2005:
- Fix a buffer overflow in the zlib library that may be exploitable.
-
- Jun 20, 2005:
- Fix a race condition in sudo(8) that could allow a user
- to run arbitrary commands.
-
- Jun 7, 2005:
- Fix a buffer overflow, memory leaks, and NULL pointer
- dereference in cvs(1).
-
-
-
-
-
-OpenBSD 3.6 Security Advisories
-These are the OpenBSD 3.6 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.6 is no longer being maintained,
-you should update your machine.
-
-
-
-- Jul 21, 2005:
- Fix another buffer overflow in the zlib library that may be exploitable.
-
- Jul 6, 2005:
- Fix a buffer overflow in the zlib library that may be exploitable.
-
- Jun 20, 2005:
- Fix a race condition in sudo(8) that could allow a user
- to run arbitrary commands.
-
- Apr 28, 2005:
- Fix a buffer overflow, memory leaks, and NULL pointer
- dereference in cvs(1).
-
- Mar 30, 2005:
- Due to buffer overflows in telnet(1), a malicious
- server or man-in-the-middle attack could allow
- execution of arbitrary code with the privileges of
- the user invoking telnet(1).
-
- Mar 16, 2005:
- More stringent checking should be done in the copy(9)
- functions to prevent their misuse.
-
- Feb 28, 2005:
- More stringent checking should be done in the copy(9)
- functions to prevent their misuse.
-
- Jan 12, 2005:
- httpd(8)'s mod_include module fails to properly validate
- the length of user supplied tag strings prior to copying
- them to a local buffer, causing a buffer overflow.
-
- Dec 14, 2004:
- On systems running isakmpd(8) it is possible for a local
- user to cause kernel memory corruption and system panic by
- setting ipsec(4) credentials on a socket.
-
-
-
-
-
-OpenBSD 3.5 Security Advisories
-These are the OpenBSD 3.5 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.5 is no longer being maintained,
-you should update your machine.
-
-
-
-- Apr 28, 2005:
- Fix a buffer overflow, memory leaks, and NULL pointer
- dereference in cvs(1).
-
- Mar 30, 2005:
- Due to buffer overflows in telnet(1), a malicious
- server or man-in-the-middle attack could allow
- execution of arbitrary code with the privileges of
- the user invoking telnet(1).
-
- Mar 16, 2005:
- More stringent checking should be done in the copy(9)
- functions to prevent their misuse.
-
- Feb 28, 2005:
- More stringent checking should be done in the copy(9)
- functions to prevent their misuse.
-
- Jan 12, 2005:
- httpd(8)'s mod_include module fails to properly validate
- the length of user supplied tag strings prior to copying
- them to a local buffer, causing a buffer overflow.
-
- Dec 14, 2004:
- On systems running isakmpd(8) it is possible for a local
- user to cause kernel memory corruption and system panic by
- setting ipsec(4) credentials on a socket.
-
- Sep 20, 2004:
- Radius-based authentication is vulnerable to spoofed replies.
-
- Sep 16, 2004:
- The Xpm library has vulnerabilities when parsing malicious images.
-
- Sep 10, 2004:
- httpd(8)'s mod_rewrite module can be made to write one zero byte in
- an arbitrary memory position outside of a char array, causing a DoS
- or possibly buffer overflows.
-
- Jun 12, 2004:
- Multiple vulnerabilities have been found in httpd(8) / mod_ssl.
-
- Jun 10, 2004:
- isakmpd(8) still has issues with unauthorized SA deletion,
- an attacker can delete IPsec tunnels at will.
-
- Jun 9, 2004:
- Multiple remote vulnerabilities have been found in the cvs(1)
- server which can be used by CVS clients to crash or execute
- arbitrary code on the server.
-
- May 30, 2004:
- kdc(8) performs inadequate checking of request fields, leading
- to the possibility of principal impersonation from other
- Kerberos realms if they are trusted with a cross-realm trust.
-
- May 26, 2004:
- xdm(1) ignores the requestPort resource and creates a
- listening socket regardless of the setting in xdm-config.
-
- May 20, 2004:
- A buffer overflow in the cvs(1) server has been found,
- which can be used by CVS clients to execute arbitrary code on
- the server.
-
- May 13, 2004:
- Integer overflow problems were found in procfs, allowing
- reading of arbitrary kernel memory.
-
- May 5, 2004:
- Pathname validation problems have been found in cvs(1),
- allowing clients and servers access to files outside the
- repository or local CVS tree.
-
-
-
-
-
-
-OpenBSD 3.4 Security Advisories
-These are the OpenBSD 3.4 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.4 is no longer being maintained,
-you should update your machine.
-
-
-- Dec 14, 2004:
- On systems running isakmpd(8) it is possible for a local
- user to cause kernel memory corruption and system panic by
- setting ipsec(4) credentials on a socket.
-
- Sep 16, 2004:
- The Xpm library has vulnerabilities when parsing malicious images.
-
- Sep 10, 2004:
- httpd(8)'s mod_rewrite module can be made to write one zero byte in
- an arbitrary memory position outside of a char array, causing a DoS
- or possibly buffer overflows.
-
- Jun 12, 2004:
- Multiple vulnerabilities have been found in httpd(8) / mod_ssl.
-
- Jun 10, 2004:
- isakmpd(8) still has issues with unauthorized SA deletion,
- an attacker can delete IPsec tunnels at will.
-
- Jun 9, 2004:
- Multiple remote vulnerabilities have been found in the cvs(1)
- server which can be used by CVS clients to crash or execute
- arbitrary code on the server.
-
- May 30, 2004:
- kdc(8) performs inadequate checking of request fields, leading
- to the possibility of principal impersonation from other
- Kerberos realms if they are trusted with a cross-realm trust.
-
- May 20, 2004:
- A buffer overflow in the cvs(1) server has been found,
- which can be used by CVS clients to execute arbitrary code on
- the server.
-
- May 13, 2004:
- Integer overflow problems were found in procfs, allowing
- reading of arbitrary kernel memory.
-
- May 5, 2004:
- Pathname validation problems have been found in cvs(1),
- allowing clients and servers access to files outside the
- repository or local CVS tree.
-
- March 17, 2004:
- A missing check for a NULL-pointer dereference may allow a
- remote attacker to crash applications using OpenSSL.
-
- March 17, 2004:
- Defects in the payload validation and processing functions of
- isakmpd have been discovered. An attacker could send malformed
- ISAKMP messages and cause isakmpd to crash or to loop endlessly.
-
- March 13, 2004:
- Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s
- access module, using IP addresses without a netmask on big endian
- 64-bit platforms causes the rules to fail to match.
-
- February 8, 2004:
- An IPv6 MTU handling problem exists that could be used by an
- attacker to cause a denial of service attack.
-
- February 5, 2004:
- A reference counting bug in shmat(2) could be used to write to
- kernel memory under certain circumstances.
-
- January 13, 2004:
- Several message handling flaws in isakmpd(8) have been reported
- by Thomas Walpuski.
-
- November 17, 2003:
- It may be possible for a local user to overrun the stack in
- compat_ibcs2(8) and cause a kernel panic.
-
- November 1, 2003:
- The use of certain ASN.1 encodings or malformed public keys may
- allow an attacker to mount a denial of service attack against
- applications linked with ssl(3).
-
-
-
-
-
-OpenBSD 3.3 Security Advisories
-These are the OpenBSD 3.3 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.3 is no longer being maintained,
-you should update your machine.
-
-
-- May 5, 2004:
- Pathname validation problems have been found in cvs(1),
- allowing clients and servers access to files outside the
- repository or local CVS tree.
-
- March 17, 2004:
- A missing check for a NULL-pointer dereference may allow a
- remote attacker to crash applications using OpenSSL.
-
- March 17, 2004:
- Defects in the payload validation and processing functions of
- isakmpd have been discovered. An attacker could send malformed
- ISAKMP messages and cause isakmpd to crash or to loop endlessly.
-
- March 13, 2004:
- Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s
- access module, using IP addresses without a netmask on big endian
- 64-bit platforms causes the rules to fail to match.
-
- February 8, 2004:
- An IPv6 MTU handling problem exists that could be used by an
- attacker to cause a denial of service attack.
-
- February 5, 2004:
- A reference counting bug in shmat(2) could be used to write to
- kernel memory under certain circumstances.
-
- January 15, 2004:
- Several message handling flaws in isakmpd(8) have been reported
- by Thomas Walpuski.
-
- November 17, 2003:
- It may be possible for a local user to execute arbitrary code
- resulting in escalation of privileges due to a stack overrun
- in compat_ibcs2(8).
-
- October 1, 2003:
- The use of certain ASN.1 encodings or malformed public keys may
- allow an attacker to mount a denial of service attack against
- applications linked with ssl(3).
-
- September 24, 2003:
- Access of freed memory in pf(4) could be used to
- remotely panic a machine using scrub rules.
-
- September 17, 2003:
- A buffer overflow in the address parsing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- September 16, 2003:
- OpenSSH versions prior to 3.7 contains a buffer management error
- that is potentially exploitable.
-
- September 10, 2003:
- Root may be able to reduce the security level by taking advantage of
- an integer overflow when the semaphore limits are made very large.
-
- August 20, 2003:
- An improper bounds check in the kernel may allow a local user
- to panic the kernel.
-
- August 4, 2003:
- An off-by-one error exists in the C library function realpath(3)
- may allow an attacker to gain escalated privileges.
-
-
-
-
-
-
-
-OpenBSD 3.2 Security Advisories
-These are the OpenBSD 3.2 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.2 is no longer being maintained,
-you should update your machine.
-
-
-- October 1, 2003:
- The use of certain ASN.1 encodings or malformed public keys may
- allow an attacker to mount a denial of service attack against
- applications linked with ssl(3). This does not affect OpenSSH.
-
- September 24, 2003:
- Access of freed memory in pf(4) could be used to
- remotely panic a machine using scrub rules.
-
- September 17, 2003:
- A buffer overflow in the address parsing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- September 16, 2003:
- OpenSSH versions prior to 3.7 contains a buffer management error
- that is potentially exploitable.
-
- August 25, 2003:
- Fix for a potential security issue in
- sendmail(8) with respect to DNS maps.
-
- August 4, 2003:
- An off-by-one error exists in the C library function realpath(3)
- may allow an attacker to gain escalated privileges.
-
- March 31, 2003:
- A buffer overflow in the address parsing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- March 24, 2003:
- A cryptographic weaknesses in the Kerberos v4 protocol can be
- exploited on Kerberos v5 as well.
-
- March 19, 2003:
- OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack
- designed by Czech researchers Klima, Pokorny and Rosa.
-
- March 18, 2003:
- Various SSL and TLS operations in OpenSSL are vulnerable to
- timing attacks.
-
- March 5, 2003:
- A buffer overflow in lprm(1) may allow an attacker to elevate
- privileges to user daemon.
-
- March 3, 2003:
- A buffer overflow in the envelope comments processing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- February 25, 2003:
- httpd(8) leaks file inode numbers via ETag header as well as
- child PIDs in multipart MIME boundary generation. This could
- lead, for example, to NFS exploitation because it uses inode
- numbers as part of the file handle.
-
- February 22, 2003:
- In ssl(8) an information leak can occur via timing by performing
- a MAC computation even if incorrect block cipher padding has
- been found, this is a countermeasure. Also, check for negative
- sizes, in allocation routines.
-
- January 20, 2003:
- A double free exists in cvs(1) that could lead to privilege
- escalation for cvs configurations where the cvs command is
- run as a privileged user.
-
- November 14, 2002:
- A buffer overflow exists in named(8) that could lead to a
- remote crash or code execution as user named in a chroot jail.
-
- November 6, 2002:
- A logic error in the pool kernel memory allocator could cause
- memory corruption in low-memory situations, causing the system
- to crash.
-
- November 6, 2002:
- An attacker can bypass smrsh(8)'s restrictions and execute
- arbitrary commands with the privileges of his own account.
-
- November 6, 2002:
- Network bridges running pf with scrubbing enabled could cause
- mbuf corruption, causing the system to crash.
-
- October 21, 2002:
- A buffer overflow can occur in the kadmind(8) daemon, leading
- to possible remote crash or exploit.
-
-
-
-
-
-
-OpenBSD 3.1 Security Advisories
-These are the OpenBSD 3.1 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.1 is no longer being maintained,
-you should update your machine.
-
-
-
-- March 31, 2003:
- A buffer overflow in the address parsing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- March 24, 2003:
- A cryptographic weaknesses in the Kerberos v4 protocol can be
- exploited on Kerberos v5 as well.
-
- March 19, 2003:
- OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack
- designed by Czech researchers Klima, Pokorny and Rosa.
-
- March 18, 2003:
- Various SSL and TLS operations in OpenSSL are vulnerable to
- timing attacks.
-
- March 4, 2003:
- A buffer overflow in lprm(1) may allow an attacker to gain
- root privileges.
-
- March 3, 2003:
- A buffer overflow in the envelope comments processing in
- sendmail(8) may allow an attacker to gain root privileges.
-
- February 23, 2003:
- In ssl(8) an information leak can occur via timing by performing
- a MAC computation even if incorrect block cipher padding has
- been found, this is a countermeasure. Also, check for negative
- sizes, in allocation routines.
-
- January 20, 2003:
- A double free exists in cvs(1) that could lead to privilege
- escalation for cvs configurations where the cvs command is
- run as a privileged user.
-
- November 14, 2002:
- A buffer overflow exists in named(8) that could lead to a
- remote crash or code execution as user named in a chroot jail.
-
- November 6, 2002:
- Incorrect argument checking in the getitimer(2) system call
- may allow an attacker to crash the system.
-
- November 6, 2002:
- An attacker can bypass smrsh(8)'s restrictions and execute
- arbitrary commands with the privileges of his own account.
-
- October 21, 2002:
- A buffer overflow can occur in the kadmind(8) daemon, leading
- to possible remote crash or exploit.
-
- October 2, 2002:
- Incorrect argument checking in the setitimer(2) system call
- may allow an attacker to write to kernel memory.
-
- August 11, 2002:
- An insufficient boundary check in the select system call
- allows an attacker to overwrite kernel memory and execute arbitrary code
- in kernel context.
-
- July 30, 2002:
- Several remote buffer overflows can occur in the SSL2 server and SSL3
- client of the ssl(8) library, as in the ASN.1 parser code in the
- crypto(3) library, all of them being potentially remotely
- exploitable.
-
- July 29, 2002:
- A buffer overflow can occur in the xdr_array(3) RPC code, leading to
- possible remote crash.
-
- July 29, 2002:
- A race condition exists in the pppd(8) daemon which may cause it to
- alter the file permissions of an arbitrary file.
-
- July 5, 2002:
- Receiving IKE payloads out of sequence can cause isakmpd(8) to
- crash.
-
- June 27, 2002:
- The kernel would let any user ktrace set[ug]id processes.
-
- June 26, 2002:
- A buffer overflow can occur in the .htaccess parsing code in
- mod_ssl httpd module, leading to possible remote crash or exploit.
-
- June 25, 2002:
- A potential buffer overflow in the DNS resolver has been found.
-
- June 24, 2002:
- All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an
- input validation error that can result in an integer overflow and
- privilege escalation.
-
- June 19, 2002:
- A buffer overflow can occur during the interpretation of chunked
- encoding in httpd(8), leading to possible remote crash.
-
- May 22, 2002:
- Under certain conditions, on systems using YP with netgroups
- in the password database, it is possible that sshd(8) does
- ACL checks for the requested user name but uses the password
- database entry of a different user for authentication. This
- means that denied users might authenticate successfully
- while permitted users could be locked out.
-
- May 8, 2002:
- A race condition exists that could defeat the kernel's
- protection of fd slots 0-2 for setuid processes.
-
- April 25, 2002:
- A bug in sudo may allow an attacker to corrupt the heap.
-
- April 22, 2002:
- A local user can gain super-user privileges due to a buffer
- overflow in sshd(8) if AFS has been configured on the system
- or if KerberosTgtPassing or AFSTokenPassing has been enabled
- in the sshd_config file.
-
-
-
-
-
-
-OpenBSD 3.0 Security Advisories
-These are the OpenBSD 3.0 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch for 3.0 is no longer being maintained,
-you should update your machine.
-
-
-
-- November 14, 2002:
- A buffer overflow exists in named(8) that could lead to a
- remote crash or code execution as user named in a chroot jail.
-
- November 6, 2002:
- Incorrect argument checking in the getitimer(2) system call
- may allow an attacker to crash the system.
-
- November 6, 2002:
- An attacker can bypass smrsh(8)'s restrictions and execute
- arbitrary commands with the privileges of his own account.
-
- October 21, 2002:
- A buffer overflow can occur in the kadmind(8) daemon, leading
- to possible remote crash or exploit.
-
- October 7, 2002:
- Incorrect argument checking in the setitimer(2) system call
- may allow an attacker to write to kernel memory.
-
- August 11, 2002:
- An insufficient boundary check in the select and poll system calls
- allows an attacker to overwrite kernel memory and execute arbitrary code
- in kernel context.
-
- July 30, 2002:
- Several remote buffer overflows can occur in the SSL2 server and SSL3
- client of the ssl(8) library, as in the ASN.1 parser code in the
- crypto(3) library, all of them being potentially remotely
- exploitable.
-
- July 29, 2002:
- A buffer overflow can occur in the xdr_array(3) RPC code, leading to
- possible remote crash.
-
- July 29, 2002:
- A race condition exists in the pppd(8) daemon which may cause it to
- alter the file permissions of an arbitrary file.
-
- July 5, 2002:
- Receiving IKE payloads out of sequence can cause isakmpd(8) to
- crash.
-
- June 27, 2002:
- The kernel would let any user ktrace set[ug]id processes.
-
- June 25, 2002:
- A potential buffer overflow in the DNS resolver has been found.
-
- June 24, 2002:
- All versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an
- input validation error that can result in an integer overflow and
- privilege escalation.
-
- June 24, 2002:
- A buffer overflow can occur in the .htaccess parsing code in
- mod_ssl httpd module, leading to possible remote crash or exploit.
-
- June 19, 2002:
- A buffer overflow can occur during the interpretation of chunked
- encoding in httpd(8), leading to possible remote crash.
-
- May 8, 2002:
- A race condition exists that could defeat the kernel's
- protection of fd slots 0-2 for setuid processes.
-
- April 25, 2002:
- A bug in sudo may allow an attacker to corrupt the heap.
-
- April 22, 2002:
- A local user can gain super-user privileges due to a buffer
- overflow in sshd(8) if AFS has been configured on the system
- or if KerberosTgtPassing or AFSTokenPassing has been enabled
- in the sshd_config file.
-
- April 11, 2002:
- The mail(1) was interpreting tilde escapes even when invoked
- in non-interactive mode. As mail(1) is called as root from cron,
- this can lead to a local root compromise.
-
- March 19, 2002:
- Under certain conditions, on systems using YP with netgroups in
- the password database, it is possible for the rexecd(8) and rshd(8)
- daemons to execute a shell from a password database entry for a
- different user. Similarly, atrun(8) may change to the wrong
- home directory when running jobs.
-
- March 13, 2002:
- A potential double free() exists in the zlib library;
- this is not exploitable on OpenBSD.
- The kernel also contains a copy of zlib; it is not
- currently known if the kernel zlib is exploitable.
-
- March 8, 2002:
- An off-by-one check in OpenSSH's channel forwarding code
- may allow a local user to gain super-user privileges.
-
- January 21, 2002:
- A race condition between the ptrace(2) and execve(2) system calls
- allows an attacker to modify the memory contents of suid/sgid
- processes which could lead to compromise of the super-user account.
-
- January 17, 2002:
- There is a security hole in sudo(8) that can be exploited
- when the Postfix sendmail replacement is installed that may
- allow an attacker on the local host to gain root privileges.
-
- November 28, 2001:
- An attacker can trick a machine running the lpd daemon into
- creating new files in the root directory from a machine with
- remote line printer access.
-
- November 13, 2001:
- The vi.recover script can be abused in such a way as
- to cause arbitrary zero-length files to be removed.
-
- November 13, 2001:
- pf(4) was incapable of dealing with certain ipv6 icmp packets,
- resulting in a crash.
-
- November 12, 2001:
- A security hole that may allow an attacker to partially authenticate
- if -- and only if -- the administrator has enabled KerberosV.
-
-
-
-
-
-
-OpenBSD 2.9 Security Advisories
-These are the OpenBSD 2.9 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch. for 2.9 is no longer being maintained,
-you should update your machine.
-
-
-
-
-- June 25, 2002:
- A potential buffer overflow in the DNS resolver has been found.
-
- May 8, 2002:
- A race condition exists that could defeat the kernel's
- protection of fd slots 0-2 for setuid processes.
-
- April 25, 2002:
- A bug in sudo may allow an attacker to corrupt the heap.
-
- April 22, 2002:
- A local user can gain super-user privileges due to a buffer
- overflow in sshd(8) if AFS has been configured on the system
- or if KerberosTgtPassing or AFSTokenPassing has been enabled
- in the sshd_config file.
-
- April 11, 2002:
- The mail(1) was interpreting tilde escapes even when invoked
- in non-interactive mode. As mail(1) is called as root from cron,
- this can lead to a local root compromise.
-
- March 13, 2002:
- A potential double free() exists in the zlib library;
- this is not exploitable on OpenBSD.
- The kernel also contains a copy of zlib; it is not
- currently known if the kernel zlib is exploitable.
-
- March 8, 2002:
- An off-by-one check in OpenSSH's channel forwarding code
- may allow a local user to gain super-user privileges.
-
- January 21, 2002:
- A race condition between the ptrace(2) and execve(2) system calls
- allows an attacker to modify the memory contents of suid/sgid
- processes which could lead to compromise of the super-user account.
-
- January 17, 2002:
- There is a security hole in sudo(8) that can be exploited
- when the Postfix sendmail replacement is installed that may
- allow an attacker on the local host to gain root privileges.
-
- November 28, 2001:
- An attacker can trick a machine running the lpd daemon into
- creating new files in the root directory from a machine with
- remote line printer access.
-
- November 13, 2001:
- The vi.recover script can be abused in such a way as
- to cause arbitrary zero-length files to be removed.
-
- September 11, 2001:
- A security hole exists in uuxqt(8) that may allow an
- attacker to gain root privileges.
-
- August 29, 2001:
- A security hole exists in lpd(8) that may allow an
- attacker to gain root privileges if lpd is running.
-
- August 21, 2001:
- A security hole exists in sendmail(8) that may allow an
- attacker on the local host to gain root privileges.
-
- July 30, 2001:
- A kernel buffer overflow in the NFS code can be used to execute
- arbitrary code by users with mount privileges (only root by
- default).
-
- June 15, 2001:
- A race condition in the kernel can lead to local root compromise.
-
- June 12, 2001:
- sshd(8) allows users to delete arbitrary files named "cookies"
- if X11 forwarding is enabled. X11 forwarding is disabled
- by default.
-
- May 30, 2001:
- Programs using the fts routines can be tricked into changing
- into the wrong directory.
-
- May 29, 2001:
- Sendmail signal handlers contain unsafe code,
- leading to numerous race conditions.
-
-
-
-
-
-
-OpenBSD 2.8 Security Advisories
-These are the OpenBSD 2.8 advisories -- all these problems are solved
-in OpenBSD current. The
-patch branch. for 2.8 is no longer being maintained,
-you should update your machine.
-
-
-
-
-- September 11, 2001:
- A security hole exists in uuxqt(8) that may allow an
- attacker to gain root privileges.
-
- August 29, 2001:
- A security hole exists in lpd(8) that may allow an
- attacker to gain root privileges if lpd is running.
-
- August 21, 2001:
- A security hole exists in sendmail(8) that may allow an
- attacker on the local host to gain root privileges.
-
- June 15, 2001:
- A race condition in the kernel can lead to local root compromise.
-
- May 30, 2001:
- Programs using the fts routines can be tricked into changing
- into the wrong directory.
-
- May 29, 2001:
- Sendmail signal handlers contain unsafe code,
- leading to numerous race conditions.
-
- Apr 23, 2001:
- IPF contains a serious bug with its handling of fragment caching.
-
- Apr 23, 2001:
- ftpd(8) contains a potential DoS relating to glob(3).
-
- Apr 10, 2001:
- The glob(3) library call contains multiple buffer overflows.
-
- Mar 18, 2001:
- The readline library creates history files with permissive modes based on the user's umask.
-
- Mar 2, 2001:
- Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
-
- Mar 2, 2001:
- The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
-
- Feb 22, 2001:
- a non-exploitable buffer overflow was fixed in sudo(8).
-
- Jan 29, 2001:
- merge named(8) with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities.
-
- Jan 22, 2001:
- rnd(4) did not use all of its input when written to.
-
- Dec 22, 2000:
- xlock(1)'s authentication was re-done to authenticate via a named pipe. (patch and new xlock binaries included).
-
- Dec 18, 2000:
- Procfs contains numerous overflows. Procfs is not used by default in OpenBSD. (patch included).
-
- Dec 10, 2000:
- Another problem exists in KerberosIV libraries (patch included).
-
- Dec 7, 2000:
- A set of problems in KerberosIV exist (patch included).
-
- Dec 4, 2000:
- A single-byte buffer overflow exists in ftpd (patch included).
-
-
-
-
-
-
-OpenBSD 2.7 Security Advisories
-These are the OpenBSD 2.7 advisories -- all these problems are solved
-in OpenBSD current. Obviously, all the
-OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
-
-
-
-- Mar 18, 2001:
- The readline library creates history files with permissive modes based on the user's umask.
-
- Feb 22, 2001:
- a buffer overflow was fixed in sudo(8).
-
- Dec 4, 2000:
- A single-byte buffer overflow exists in ftpd (patch included).
-
- Nov 10, 2000:
- Hostile servers can force OpenSSH clients to do agent or X11 forwarding.
- (patch included)
-
- Oct 26, 2000:
- X11 libraries have 2 potential overflows in xtrans code.
- (patch included)
-
- Oct 18, 2000:
- Apache mod_rewrite and mod_vhost_alias modules could expose files
- on the server in certain configurations if used.
- (patch included)
-
- Oct 10, 2000:
- The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS,
- TERMPATH and TERMCAP environment variables as it should.
- (patch included)
-
- Oct 6, 2000:
- There are printf-style format string bugs in several privileged
- programs. (patch included)
-
- Oct 6, 2000:
- libcurses honored terminal descriptions in the $HOME/.terminfo
- directory as well as in the TERMCAP environment variable for
- setuid and setgid applications.
- (patch included)
-
- Oct 6, 2000:
- A format string vulnerability exists in talkd(8).
- (patch included)
-
- Oct 3, 2000:
- A format string vulnerability exists in the pw_error() function of the
- libutil library, yielding localhost root through chpass(1).
- (patch included)
-
- Sep 18, 2000:
- Bad ESP/AH packets could cause a crash under certain conditions.
- (patch included)
-
- Aug 16, 2000:
- A format string vulnerability (localhost root) exists in xlock(1).
- (patch included)
-
- July 14, 2000:
- Various bugs found in X11 libraries have various side effects, almost
- completely denial of service in OpenBSD.
- (patch included)
-
- July 5, 2000:
- Just like pretty much all the other unix ftp daemons
- on the planet, ftpd had a remote root hole in it.
- Luckily, ftpd was not enabled by default.
- The problem exists if anonymous ftp is enabled.
- (patch included)
-
- July 5, 2000:
- Mopd, very rarely used, contained some buffer overflows.
- (patch included)
-
- June 28, 2000:
- libedit would check for a .editrc file in the current
- directory. Not known to be a real security issue, but a patch
- is available anyways.
- (patch included)
-
- June 24, 2000:
- A serious bug in dhclient(8) could allow strings from a
- malicious dhcp server to be executed in the shell as root.
- (patch included)
-
- June 9, 2000:
- A serious bug in isakmpd(8) policy handling wherein
- policy verification could be completely bypassed in isakmpd.
- (patch included)
-
- June 6, 2000:
- The non-default flag UseLogin in /etc/sshd_config is broken,
- should not be used, and results in security problems on
- other operating systems.
-
- May 26, 2000:
- The bridge(4) learning flag may be bypassed.
- (patch included)
-
- May 25, 2000:
- Improper use of ipf keep-state rules can result
- in firewall rules being bypassed. (patch included)
-
-
-
-
-
-
-
-OpenBSD 2.6 Security Advisories
-These are the OpenBSD 2.6 advisories -- all these problems are solved
-in OpenBSD current. Obviously, all the
-OpenBSD 2.5 advisories listed below are fixed in OpenBSD 2.6.
-
-
-
-- May 26, 2000:
- SYSV semaphore support contained an undocumented system call
- which could wedge semaphore-using processes from exiting. (patch included)
-
- May 25, 2000:
- Improper use of ipf keep-state rules can result
- in firewall rules being bypassed. (patch included)
-
- May 25, 2000:
- xlockmore has a bug which a localhost attacker can use to gain
- access to the encrypted root password hash (which is normally
- encoded using blowfish (see
-
- crypt(3))
- (patch included).
-
- Jan 20, 2000:
- Systems running with procfs enabled and mounted are
- vulnerable to a very tricky exploit. procfs is not
- mounted by default.
- (patch included).
-
- Dec 4, 1999:
- Sendmail permitted any user to cause an aliases file wrap,
- thus exposing the system to a race where the aliases file
- did not exist.
- (patch included).
-
- Dec 4, 1999:
- Various bugs in poll(2) may cause a kernel crash.
-
- Dec 2, 1999:
- A buffer overflow in the RSAREF code included in the
- USA version of libssl, is possibly exploitable in
- httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
- (patch included).
- Update: Turns out that this was not exploitable
- in any of the software included in OpenBSD 2.6.
- - Nov 9, 1999:
- Any user could change interface media configurations, resulting in
- a localhost denial of service attack.
- (patch included).
-
-
-
-
-
-
-OpenBSD 2.5 Security Advisories
-These are the OpenBSD 2.5 advisories -- all these problems are solved
-in OpenBSD current. Obviously, all the
-OpenBSD 2.4 advisories listed below are fixed in OpenBSD 2.5.
-
-
-
-- Aug 30, 1999:
- In cron(8), make sure argv[] is NULL terminated in the
- fake popen() and run sendmail as the user, not as root.
- (patch included).
-
- Aug 12, 1999: The procfs and fdescfs
- filesystems had an overrun in their handling of uio_offset
- in their readdir() routines. (These filesystems are not
- enabled by default). (patch included).
-
- Aug 9, 1999: Stop profiling (see profil(2))
- when we execve() a new process. (patch included).
-
- Aug 6, 1999: Packets that should have
- been handled by IPsec may be transmitted as cleartext.
- PF_KEY SA expirations may leak kernel resources.
- (patch included).
-
- Aug 5, 1999: In /etc/rc, use mktemp(1) for
- motd re-writing and change the find(1) to use -execdir
- (patch included).
-
- Jul 30, 1999: Do not permit regular
- users to chflags(2) or fchflags(2) on character or block devices
- which they may currently be the owner of (patch included).
-
- Jul 27, 1999: Cause groff(1) to be invoked
- with the -S flag, when called by nroff(1) (patch included).
-
-
-
-
-
-
-OpenBSD 2.4 Security Advisories
-These are the OpenBSD 2.4 advisories -- all these problems are solved
-in OpenBSD current. Obviously, all the
-OpenBSD 2.3 advisories listed below are fixed in OpenBSD 2.4.
-
-
-
-- Mar 22, 1999: The nfds argument for poll(2) needs
- to be constrained, to avoid kvm starvation (patch included).
-
- Mar 21, 1999: A change in TSS handling stops
- another kernel crash case caused by the crashme
- program (patch included).
-
- Feb 25, 1999: An unbounded increment on the
- nlink value in FFS and EXT2FS filesystems can cause a system crash.
- (patch included).
-
- Feb 23, 1999: Yet another buffer overflow
- existed in ping(8). (patch included).
-
- Feb 19, 1999: ipintr() had a race in use of
- the ipq, which could permit an attacker to cause a crash.
- (patch included).
-
- Feb 17, 1999: A race condition in the
- kernel between accept(2) and select(2) could permit an attacker
- to hang sockets from remote.
- (patch included).
-
- Feb 17, 1999: IP fragment assembly can
- bog the machine excessively and cause problems.
- (patch included).
-
- Feb 12, 1999: i386 T_TRCTRAP handling and
- DDB interacted to possibly cause a crash.
- (patch included).
-
- Feb 11, 1999: TCP/IP RST handling was sloppy.
- (patch included).
-
- Nov 27, 1998: There is a remotely exploitable
- problem in bootpd(8). (patch included).
-
- Nov 19, 1998: There is a possibly locally
- exploitable problem relating to environment variables in termcap
- and curses. (patch included).
-
- Nov 13, 1998: There is a remote machine lockup
- bug in the TCP decoding kernel. (patch included).
-
-
-
-
-
-
-OpenBSD 2.3 Security Advisories
-These are the OpenBSD 2.3 advisories -- all these problems are solved
-in OpenBSD current. Obviously, all the
-OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.
-
-
-
-- Nov 27, 1998: There is a remotely exploitable
- problem in bootpd(8). (patch included).
-
- Nov 13, 1998: There is a remote machine lockup
- bug in the TCP decoding kernel. (patch included).
-
- August 31, 1998: A benign looking resolver
- buffer overflow bug was re-introduced accidentally (patches included).
-
- Aug 2, 1998:
- chpass(1) has a file descriptor leak which allows an
- attacker to modify /etc/master.passwd.
-
- July 15, 1998: Inetd had a file descriptor leak.
-
- Jul 2, 1998: setuid and setgid processes
- should not be executed with fd slots 0, 1, or 2 free.
- (patch included).
-
- June 6, 1998: Further problems with the X
- libraries (patches included).
-
- May 17, 1998: kill(2) of setuid/setgid target
- processes too permissive (4th revision patch included).
-
- May 11, 1998: mmap() permits partial bypassing
- of immutable and append-only file flags. (patch included).
-
- May 5, 1998: Incorrect handling of IPSEC packets
- if IPSEC is enabled (patch included).
-
- May 1, 1998: Buffer overflow in xterm and Xaw
- (CERT advisory VB-98.04) (patch included).
-
-
-
-
-
-
-OpenBSD 2.2 Security Advisories
-These are the OpenBSD 2.2 advisories. All these problems are solved
-in OpenBSD 2.3. Some of these problems
-still exist in other operating systems. (The supplied patches are for
-OpenBSD 2.2; they may or may not work on OpenBSD 2.1).
-
-
-
-- May 5, 1998: Incorrect handling of IPSEC
- packets if IPSEC is enabled (patch included).
-
- May 1, 1998: Buffer overflow in xterm
- and Xaw (CERT advisory VB-98.04) (patch included).
-
- Apr 22, 1998: Buffer overflow in uucpd
- (patch included).
-
- Apr 22, 1998: Buffer mismanagement in lprm
- (patch included).
-
- Mar 31, 1998: Overflow in ping -R (patch included).
-
- Mar 30, 1998: Overflow in named fake-iquery
- (patch included).
-
- Mar 2, 1998: Accidental NFS filesystem
- export (patch included).
-
- Feb 26, 1998: Read-write mmap() flaw.
- Revision 3 of the patch is available here
-
- Feb 19, 1998: Sourcerouted Packet
- Acceptance.
- A patch is available here.
-
- Feb 13, 1998: Setuid coredump & Ruserok()
- flaw (patch included).
-
- Feb 9, 1998: MIPS ld.so flaw (patch included).
-
-
-
-
-
-
-OpenBSD 2.1 Security Advisories
-These are the OpenBSD 2.1 advisories. All these problems are solved
-in OpenBSD 2.2. Some of these problems still
-exist in other operating systems. (If you are running OpenBSD 2.1, we
-would strongly recommend an upgrade to the newest release, as this
-patch list only attempts at fixing the most important security
-problems. In particular, OpenBSD 2.2 fixes numerous localhost
-security problems. Many of those problems were solved in ways which
-make it hard for us to provide patches).
-
-
-
-
-
-
-
-
-OpenBSD 2.0 Security Advisories
-These are the OpenBSD 2.0 advisories. All these problems are solved
-in OpenBSD 2.1. Some of these problems still
-exist in other operating systems. (If you are running OpenBSD 2.0, we
-commend you for being there back in the old days!, but you're really
-missing out if you don't install a new version!)
-
-
-
-
+Please refer to the links at the top of this page.
Watching our Changes