Slashdot Mirror


Remotely Crash OpenBSD

*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

3 of 407 comments (clear)

  1. Does this count? by DNAspark99 · · Score: 5, Interesting

    Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?

    --

    --
    Society has traditionally always tried to find scapegoats for its problems. Well, here I am.
    1. Re:Does this count? by Richard_at_work · · Score: 5, Interesting

      IPv6 is available in the base install, but you have to actually have an IPv6 address assigned that people can get to to exploit this issue. Its really a non issue for the 99% of people running OpenBSD out there, but for some, like myself, its time to upgrade.

  2. Patch for production systems? by agentZ · · Score: 5, Interesting

    I know that the problem has been fixed in -current, but I run a production box that I refuse to bring up to -current. There's no patch or even a mention of this problem on the errata page.

    What's a sane admin to do?