Contributed by Dengue on from the proactive-security dept.
pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.As usual, instructions for applying patches are included in the head of the patch. If you have any further questions, you should consult the FAQ .
(Comments are closed)
By Frank DENIS () j@4u.net on http://www.pureftpd.org
Maybe OpenBSD 2.9 should have been released 15 days laters. But well, Theo always makes new releases on time.
These errata show that OpenBSD isn't a perfect operating system, but that the code is reviewed and audited again and again to make it perfect some time.
Keep up the good work.
By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fstart%3D2001-06-10%26fromthread%3D0%26list%3D1%26end%3D2001-06-16%26mid%3D191107%26threads%3D0%26
This is a local root compromise. Any local user can gain root privileges on OpenBSD 2.8/2.9 by launching this exploit (similar to the one found on Linux 2.2.x kernels some times ago) .
So if you have untrusted accounts, keep a serious eye on your machine until an errata is released.