[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: [Todd.Miller<at>courtesan.com: localhost compromise in OpenBSD 2.9 and 3.0]
Mittente: Igor Falcomata'
Data: 11 Apr 2002 23:30:31 -0000
----- Forwarded message from "Todd C. Miller" <Todd.Miller<at>courtesan.com> -----

To: security-announce<at>openbsd.org
Subject: localhost compromise in OpenBSD 2.9 and 3.0
Date: Thu, 11 Apr 2002 13:03:34 -0600
From: "Todd C. Miller" <Todd.Miller<at>courtesan.com>

OpenBSD 3.0 and 2.9 contain a potential localhost root compromise,
found by Milos Urbanek.  Earlier versions of OpenBSD are not affected.

The mail(1) program will process tilde escapes even when it is not
in interactive mode.  Since mail(1) is called by the default cron(8)
jobs, this can lead to a localhost root compromise.

Patch for OpenBSD 3.0:
    href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch

Patch for OpenBSD 2.9:
    href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch

The 3.0-stable and 2.9-stable branches will be updated with this
patch later today.

----- End forwarded message -----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List




[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005