OpenBSD Journal

a Patch 005 available for 2.9

Contributed by Dengue on from the proactive-security dept.

Patch 005 has been released for OpenBSD 2.9. From errata.html :
pwd_mkdb(8) corrupts /etc/pwd.db when modifying an existing user.
As usual, instructions for applying patches are included in the head of the patch. If you have any further questions, you should consult the FAQ .

(Comments are closed)


Comments
  1. By Frank DENIS () j@4u.net on http://www.pureftpd.org

    So many important errata, so little time...
    Maybe OpenBSD 2.9 should have been released 15 days laters. But well, Theo always makes new releases on time.

    These errata show that OpenBSD isn't a perfect operating system, but that the code is reviewed and audited again and again to make it perfect some time.

    Keep up the good work.

  2. By Frank DENIS () j@pureftpd.org on http://www.pureftpd.org

    Maybe the filesystem races are pointless, but another race was just discovered :
    http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fstart%3D2001-06-10%26fromthread%3D0%26list%3D1%26end%3D2001-06-16%26mid%3D191107%26threads%3D0%26
    This is a local root compromise. Any local user can gain root privileges on OpenBSD 2.8/2.9 by launching this exploit (similar to the one found on Linux 2.2.x kernels some times ago) .
    So if you have untrusted accounts, keep a serious eye on your machine until an errata is released.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]