Contributed by mk/reverse on from the patch-management dept.
Brad let us know that two new errata are out:
Errata text for the first entry:
Bugs in the tcp(4) stack can lead to memory exhaustion or processing of TCP segments with invalid SACK options and cause a system crash.
Errata text for the second entry:
Due to buffer overflows in telnet(1), a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking telnet(1).
(Comments are closed)
By Anonymous Coward (213.118.35.44) on
Comments
By tedu (64.173.147.27) on
By Otto Moerbeek (213.84.84.111) otto@drijf.net on http://www.drijf.net
W^X does offer protection against exploitation of various types of heap overflows, but not all. Direct code insertion into the heap will not work, since the heap is not excutable, but manipulation of function pointers in the heap, which point to (existing) code in the program or its libraries is still possible.
Comments
By Anthony Roberts (68.145.103.21) on
Comments
By tedu (64.173.147.27) on
Comments
By Anthony Roberts (68.145.103.21) on
By Anthony Roberts (68.145.103.21) on
In no way do I think W^X or ProPolice mitigate the need to be careful with buffer sizes (or integer overflows, etc). Not only because they're not perfect (as this patch demonstrates) but because they're not necessarily available on other platforms.
By Bert (68.50.4.145) thrashbluegrass@antisocial.com on
By Anonymous Coward (217.96.167.176) on
Comments
By Bert (216.175.250.42) thrashbluegrass@antisocial.com on
Like someone pulling the plug, or setting the box on fire.
You do realize that, in your trolling, you reveal your ignorance, right? Manipulating function pointers is something that is _supposed_ to happen inside of programs. What would you have OS developers do? Restrict all programs to printing const strings to stdout?
By tedu (69.227.45.201) on
By Anonymous Coward (213.118.35.44) on
By Chas (147.154.235.53) on
My underpowered x86 will crash to ddb when I run bittorrent on the internal NAT. Seems to happen about every 3-10 hours. I wonder how you get ddb info into sendbug?
Also, my two network interfaces are at ep1 and ep2. I wonder why they don't start at zero?
Comments
By SH (82.182.103.172) on
Comments
By Anonymous Coward (80.56.116.229) on
By Anonymous Coward (216.220.225.229) on
I always do scrub in all.
Comments
By henning (80.86.183.227) on
By kaip (217.30.177.41) on
Is there a problem with the security-announce@openbsd.org, or am I missing something? The last post to the security-announce is on 14 December 2004 regarding the pfkey vulnerability. There is nothing on this year's security fixes (httpd fix on 12 January 2005, locore fixes on 28 February and 16 March 2005 and the telnet fix on 30 March 2005)...
By Kevin (65.94.92.22) on