Remotely Crash OpenBSD
*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.
> To quote Theo, 'it is just a crash.'"
Yes, just a crash. Because you know he was trying like mad to get a remote exploit out of it. Some bugs are a d0s and others are simply not exploitable. Not so hard to understand how people use the phrase, "just a crash", with a disapointed puppy dog look because they cannot get mad props for dissing on Theo.
As for the people who did not understand patching your kernel so you can exploit the bug on openbsd.
HA!
Please continue using windows and being an end luser.
I consider this bug to be like an interesting post. Georgi will just get karma from it. Nothing more.
After all, who needs a bug to d0s someone from the face of the earth?
His way was just more elegant.
Stupid trolls.
It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.
I think CowboyNeil needs to check his Linux using head before reporting on BSD ever again.
It isn't a lie if you belive it.
Just a crash? Just a crash? Give me a break. If the machine goes down, you're hosed. How convenient.
What would the reaction be if s/OpenBSD/WinXP/g and the response was from Microsoft was "it's just a crash." Imagine. Oy.
You bastards!
what is interesting is that current is not affected. very often when a problem is fixed in current but not in stable. why ?
theo hides some fixes. i do not know if it is to keep an advantage over the other bsd projects or linux, but when a problem is detected, they only produce a patch for stable if there is an exploit around or rumour of an exploit.
no exploit ? it gets fixed in current only.
and theo hides it under something like "reliability fix" or alike when if you check the patch it's really a buffer overflow or something very obvious.
so we got people running openbsd stable with patches that should know that if they want to keep with openbsd they should track current, not stable with patches.
this is hypocrisy. the other bsd projects not only do not do such stupid things but they have to keep an eye on theo patches just to find out.
stupid
i have been part of the opensbd project. so i know pretty well how it works.
I find it hard to believe that anything taken out of context could be worse than what he says in context:
Granted, OpenBSD is his baby.
This doesn't make sense to me. If the release from a year ago had a hole, then you can't claim a record of releasing software with no holes. You can claim to have no known holes now, but how you can you say "We have had no holes for the last seven years" and then say "We didn't include the hole from a year ago in that count because it no longer exists".
In other words, if they "don't count root holes except in the head of the CVS tree", wasn't the telnet hole you cite once at the head of that tree? And wasn't that in the last seven years? So how can it not count?
I'd rather be lucky than good.