Slashdot Mirror


Remotely Crash OpenBSD

*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

29 of 407 comments (clear)

  1. GNAA confirms: BSD is Dying by W32.Klez.A · · Score: -1, Troll
    GNAA confirms: BSD is dying
    "Do not stand at my hard disk and forever weep.
    I am not there; I do not sleep.
    I am a thousand winds that blow.
    I am the diamond glints on snow.
    I am the sunlight on ripened grain.
    I am the gentle autumn's rain.
    When you reboot in the morning's hush
    I am the swift uplifting rush
    Of quiet birds in circled flight.
    I am the soft stars that shine at night.
    Do not stand at my hard disk and forever cry.
    I am not there. "


    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
    gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

    __vowov_ __vv___v_ ______vov_ ______vov__
    _vow_wov _vow__wov _____vowov _____vowov_
    _vow____ _voww_wov ____vowowv ____vowowv_
    _vow_wov _vow_wwov ___vow_wov ___vow_wov_
    _vow_wov _vow__wov __vow__wov __vow__wov_
    __vowov_ _vow__wov _vow___wov _vow___wov_

    _____GAY NIGGER ASSOCIATION of AMERICA_____


    BE NIGGER!
    BE GAY!
    JOIN THE GNAA!

    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

    Why not? It's quick and easy - only 3 simple steps!

    First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it. (Click Here to download the ~280MB MPEG off of BitTorrent)

    Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website

    Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
    Talk to one of the ops or any of the other members in the channel to sign up today!

    Fourth, remind Lindsay Felton about Batman touching my junk liberally.

    If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.foxlink.net or irc.choopa.net as one of the EFNet servers. If these do not work, use irc.efnet.net.
    If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.

    If you have mod points and would like to support GNAA, please moderate this post up.

    This post by GNAA member Lysol, another soul proud of his nigger fag heritage.

    1. Re:GNAA confirms: BSD is Dying by Anonymous Coward · · Score: -1, Troll

      Awesome timing, man. But you should have posted some pictures of that hot BSD chick...

    2. Re:GNAA confirms: BSD is Dying by Anonymous Coward · · Score: -1, Troll

      Its illegal to post pics of underage girls, sorry.

  2. So, by Anonymous Coward · · Score: -1, Troll

    How do them apples taste now?

  3. Just Login from a Windows Box! by Anonymous Coward · · Score: -1, Troll

    Extra point if you use Exploder!

    Ya!

  4. ECFA - better than the GNAA because we do GOOD by Anonymous Coward · · Score: -1, Troll

    PLEASE KILL A DOG - Any dog. Support the Euthenasia for Canus Familiarous Assoc. today to benefit from the FULL BENEFITS of being a FULL TIME ECFA member.

    Are you MAD?
    Do you HATE DOGS?
    Are you a MAD DOG HATER?

    If you answered "yes" to any of the above questions, the ECFA is for you! The ECFA is the only animal humane group that supports the MAD KILLING OF DOGS.

    Why kill dogs you ask? Because there are just TOO MANY of them. We don't have anything against the species, it's just that they are too overpopulated. Dog lovers from around the world spend LOADS of TIME attempting to save every member of this overcrowded species. To fix this imbalance, the overpopulated animals need to be eliminated. If the dog is not already in a home, or can be adopted in a short period of time... it's time to say goodbye.

    Why MAD? Because they are costing us TAX DOLLARS to take care of? Over 100 million dollars is spent in the US each year alone on taking care of wild dogs. The health and safty concerns of this overpopulation are overwhelming. It is time to say goodbye.

    We are looking forward to your membership. To join, first get a ECFA "first post" on slashdot.org. Then, give us a holler in our chatroom, #dogs on efnet. Then, simply post a sign outside your humane society for the humane destruction of dogs with euthanasia.

    1. Re:ECFA - better than the GNAA because we do GOOD by Anonymous Coward · · Score: -1, Troll

      Awww, those poor puppies. :(

  5. Crash and burn by Anonymous Coward · · Score: -1, Troll

    and then the devil rises.

  6. this is bullshit by Anonymous Coward · · Score: -1, Troll

    mod -1 for being a troll post, openBSD is alive and well... and its not the linux kernel, its the BSD kernel you dumbshit.

  7. It's ok... by Anonymous Coward · · Score: -1, Troll


    Noone important uses BSD anyways...

  8. Re:FUCK ALL ITALIANS! by Anonymous Coward · · Score: -1, Troll

    It's "dago", you ignorant slice of turd.

  9. Lol. by anonymous+coword · · Score: -1, Troll

    If this was on fark, the title would be

    BSD Exploit discovred, Linux users laugh, Flamewar ensures!

  10. Maybe time to drop this "securitier than thou" ? by Tom7 · · Score: 0, Troll

    With the attitude those guys have, it's almost as amusing to hear about an OpenBSD exploit than a WinXP one!

  11. See This Article for More OpenBSD Info by Anonymous Coward · · Score: -1, Troll


    Still another awful blow has struck what's left of the *BSD community, as a soon-to-be-released report by an independent commission doing a year-long study concludes: *BSD is dead and mummified. Here are some of the commission's findings:

    Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

    Fact: Apple is quietly changing the base kernel for OS X from *BSD to Linux. Insiders report that Apple's technical leadership has grown tired of the licensing battles and is seeking a more modern license; they find Linux's license more appealing. Many Apple technology experts -- from OS developers all the way up to Steve Jobs -- find Linux to be a more advanced OS, which will enable Apple to release a more mature product. The frequent hallway arguments and fistfights among the *BSD developers Apple has hired has also contributed to the decision.

    Fact: XFree86 is dropping support for *BSD. The remaining core group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."

    Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)

    Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

    Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."

    Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. "It's just not reliable," said Christine McGee, VP of Technology for eBay, Inc. "Nor do we find it a very modern OS. I would recommend Linux to anyone contemplating a server OS, or maybe Windows, before I would recommend a BSD."

    Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

    With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is dead and mummified.

  12. OpenBSD crashes: how could it have been prevented? by Debian+Troll's+Best · · Score: 1, Troll
    This is a serious issue especially given the large number of OpenBSD firewall machines which are in service across the internet. While possibly not a direct security threat, remote crash exploits are obviously highly disruptive and in today's networked economy, highly costly in terms of lost productivity. It's good to see, however, the rapid response of th BSD community to this threat.

    I was talking with some of my colleagues in network security this morning about the OpenBSD exploit and means by which future exploits may be avoided. One suggestion which was raised was that the OpenBSD 'ports' system may be to blame. After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen. Debian's apt-get system for example does not require 'ports' to work properly, and therefore may be immune from this type of exploit. Is this a possible solution? I look forward to hearing the community's responses!

  13. This explains why they run on Solaris! by anonymous+coword · · Score: -1, Troll

    It is known for a Long time that the www.openbsd.org web server runs on solaris. I have always doubted their excuse for the bandwidth from sunsite. Surley they could co-located a OpenBSD server at sunsite, Now I know the real reason. OpenBSD's Security features are mostly academic and NOT READY for primtime in mission critical use, even the OpenBSD developers themselves wont use it as their main OS!

    OpenBSD is still concidered a hobby security OS in the Security Industry by many. Most Military grade security systems run on Windows 2000, and is the most secure certified operating system. Sure the Applications such as IIS can be exploitable, the the Windows 2000 kernel has never been comprimised remotley. Microsoft has even challenaged hackers 10 million dollars to exploit Windows 2000 Military Security Edition!

    So for now, as a Security Specialst who Specializes Windows security, I will keep using Windows, and I will use this toy security system on my isolated testing network.

  14. kaka by Anonymous Coward · · Score: -1, Troll

    I poop on you

  15. Re:Patch for production systems? by Anonymous Coward · · Score: -1, Troll

    Since there are legions of people recompiling their TCP stacks right now to crash your OpenBSD boxes, you may have to switch to Linux, since Linux has proven to be much more secure in a networked environment that OpenBSD.

    Or you can wait... it seems likely a fix will come to -stable.

  16. Double Click and Crash! by anonymous+coword · · Score: -1, Troll

    For those who dont want to set up a Linux kernel, I have written a small Windows application for it. Since the BSD Zealots didnt like the fact that windows 2000 cant be remotley crash and modded my parent down, I thought I'd write a program to shock them. It only took about 15 minutes to write because the exploit was so glaring silly. You willl need Windows NT/2000/XP, Services For UNIX and the .net framework to run this program.

    Instructions
    Download
    Double click the icon
    Enter the IP address of the BSD box you want to crash

    Download by Clicking here

  17. Re:Does this count? by Anonymous Coward · · Score: -1, Troll

    A hole would imply gaining access.

    No, A hole would imply our president.

  18. fuck this by Anonymous Coward · · Score: -1, Troll

    No one uses motherfucking IPV6. IT IS A DEAD AND USELESS NERDY ASS FAG TECH. Until corp america moves over to ipv6(which will never happen), it will just be you fucking nerds playing with it and wasting your fucking time.

  19. Re:Propz to GNAA by Anonymous Coward · · Score: -1, Troll

    Sheesh. I enjoy browsing at -1 as much as the next guy, but if you're going to post at -1 at least make it formatted and concise. It's one thing to make a point at -1, it's another entirely just to spout what looks like white noise.

  20. holes by relrelrel · · Score: 0, Troll

    "Only one remote hole in the default install, in more than 7 years!" -openbsd.org

    but a billion local holes in default install...

    --
    --- any post that takes longer than 20 seconds to write, isn't worth writing
  21. Tired of remote exploits in your OpenBSD? Switch! by Anonymous Coward · · Score: -1, Troll

    Ever since switching to Apple OS X, I have had significantly less security vulnerabilities than when I used OpenBSD. On top of that, I have a way bigger selection of great applications, I have a GUI that BSD and Linux users can only dream about, and I am confident in the knowledge that I am protecting AMERICAN jobs and AMERICAN know how.

  22. Re:Does this count? by Anonymous Coward · · Score: -1, Troll

    So was it a hole in the default install or not?

    (I strongly suspect that the same person does Security PR for both Microsoft and OpenBSD.)

  23. That's preposterous! by EnderWiggin99 · · Score: -1, Troll

    You Are Smoking Crack.

  24. Re:Does this count? by Anonymous Coward · · Score: -1, Troll

    Not Flamebait. Presiment George Butch of the Untied Status of 'Merka IS an A-hole.

    And he's a fuckwad too.

    And, No. I'm not the original AC.

  25. *bsd IS DYING by Anonymous Coward · · Score: -1, Troll

    not news really, but I thought that you'd love to hear about it.

    This message has been confirmed by Netcraft.

  26. This dead bitch is getting smelly... by Anonymous Coward · · Score: -1, Troll

    Crash the corpse and get some good Tux action happening on your machines.