Remotely Crash OpenBSD

*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

Maybe time to drop this "securitier than thou" ?

[Tom7]

With the attitude those guys have, it's almost as amusing to hear about an OpenBSD exploit than a WinXP one!

OpenBSD crashes: how could it have been prevented?

[Debian+Troll's+Best]

This is a serious issue especially given the large number of OpenBSD firewall machines which are in service across the internet. While possibly not a direct security threat, remote crash exploits are obviously highly disruptive and in today's networked economy, highly costly in terms of lost productivity. It's good to see, however, the rapid response of th BSD community to this threat.

I was talking with some of my colleagues in network security this morning about the OpenBSD exploit and means by which future exploits may be avoided. One suggestion which was raised was that the OpenBSD 'ports' system may be to blame. After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen. Debian's apt-get system for example does not require 'ports' to work properly, and therefore may be immune from this type of exploit. Is this a possible solution? I look forward to hearing the community's responses!

holes

[relrelrel]

"Only one remote hole in the default install, in more than 7 years!" -openbsd.org

but a billion local holes in default install...