[SECURITY-L] localhost compromise in OpenBSD 2.9 and 3.0
Daniela Regina Barbetti Silva
daniela em ccuec.unicamp.br
Seg Abr 15 11:30:04 -03 2002
----- Forwarded message from "Todd C. Miller" <Todd.Miller em courtesan.com> -----
From: "Todd C. Miller" <Todd.Miller em courtesan.com>
Subject: [S] localhost compromise in OpenBSD 2.9 and 3.0
To: security-announce em openbsd.org
Date: Thu, 11 Apr 2002 13:03:34 -0600
OpenBSD 3.0 and 2.9 contain a potential localhost root compromise,
found by Milos Urbanek. Earlier versions of OpenBSD are not affected.
The mail(1) program will process tilde escapes even when it is not
in interactive mode. Since mail(1) is called by the default cron(8)
jobs, this can lead to a localhost root compromise.
Patch for OpenBSD 3.0:
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch
Patch for OpenBSD 2.9:
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch
The 3.0-stable and 2.9-stable branches will be updated with this
patch later today.
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L