Remotely Crash OpenBSD
*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.
Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?
--
Society has traditionally always tried to find scapegoats for its problems. Well, here I am.
I know that the problem has been fixed in -current, but I run a production box that I refuse to bring up to -current. There's no patch or even a mention of this problem on the errata page.
What's a sane admin to do?
Not log ago there was an article about not only how ipv6 isnt needed, but that since its 'new' code, it has a lot of problems that have long since been worked out of ipv4. Is this an example of that? Should we worry?
I have to ask myself that with all of the decades of experience that has gone into ipv4 development and hacking and exploiting, are these fears justified? Have all the glitches in ipv4 been found? and if so isnt it trivial to avoid the same early mistakes in ipv6. Does this particular problem have a ipv4 analog? Is it even a stack theory issue? Is it just an implementation oversight?
Does anyone have any insight?
I thought Theo's comment sounded really arrogant, too. But you might note that the author quoted it with no context, so who knows whether it was in real life.
Now as for Microsoft, if MS patched something within... no, wait, it was patched before the bug came out... anyway, we'd cut them a bit more slack.
I hereby place the above post in the public domain.
What I've been wondering is if anyone has read any of the literature regarding OpenBSD's methodology. I recally it being expressly mentioned that they would rather have the machine crash than have it rooted. Which is a good idea if you cannot risk a break-in. They try to break-in, you crash, and now you're in a more secure state (off) than you were when they attacked you.
Who the heck is Spyder Inc? The TCP/IP stack in NT 3.1 was the STREAMS-based SpiderTCP 6 (IIRC) from Spider Systems Ltd. (I used to work for them). This in turn used some BSD code. This stack was replaced in NT 3.5, with a stack alledgedly written from scratch at Microsoft according to this .