Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Vulnerabilty

Posted by timothy on from the pretty-damn-obscure dept.

*no comment* writes "Normally vulnerability reports on slashdot wouldn't make it because there are so many. This one however is for the normally very secure OpenBSD. Someone can crash an OpenBSD bridge using a newly discovered ICMP exploit. More can be read here. This shouldn't affect most people as this only affects people that use OBSD as a bridge."

5 of 55 comments (clear)

  1. Still not really news by pilybaby · · Score: 4, Interesting

    Normally vulnerability reports on slashdot wouldn't make it because there are so many

    This might be unusual but it's really not that big a news. I suppose it shows that even the best are not infallible. Nice to see it's already been patched =).

  2. Why'zit a 'Reliability' fix, not a 'Security' fix? by Anonymous Coward · · Score: 2, Interesting

    Here:

    http://openbsd.org/errata.html

    "All architectures

    016: RELIABILITY FIX: August 26, 2004

    As reported by Vafa Izadinia bridge(4)
    with IPsec processing enabled can be crashed
    remotely by a single ICMP echo traversing the
    bridge.

    A source code patch exists which remedies this problem.

    015: RELIABILITY FIX: August 25, 2004

    Improved verification of ICMP errors
    in order to minimize the impact of ICMP attacks
    against TCP.

    http://www.ietf.org/internet-drafts/draft-gont-i cm p-payload-00.txt

    A source code patch exists which remedies this problem."

    Nevertheless, I still like its excellent record
    in security stat's... OpenBSD, here I come...

  3. Re:Are you kidding me? by merdark · · Score: 1, Interesting

    Funny, I haven't been affected by even one microsoft vulnerability. I think slashdot overinflates the microsoft vulnerabilities.

    The biggest microsoft vulnerability is the users. You could simply put up a page with instructions on how to install a backdoor prgram and many clueless users would go right ahead and do it so long as you promised great riches.

    The only reason slashdot makes a big deal about microsoft vulnerabilities is because slashdot is pro linux and anit-microsoft. You want proof that slashdot is anti-microsoft?

    Well, the slashdot microsoft icon is the windows icons, but with all the windows broken. No what fantasy world you live in, you cannot argue that that is not blatently anti-microsoft .

  4. Where are mod points when I need them? by cipher+chort · · Score: 2, Interesting

    Clearly the parent has been in the security or networking business for more than a few years.

    In fact, I recall when RH7.0 came out and was followed almost immediately by 7.1 because of so many remote holes. I've seen several friends have their Linux boxes rooted, and I'm moderator on a Linux forum where we get at least one person a week (some times one a day) asking how they can repair their system because it was cracked.

    On the other hand, none of my OpenBSD boxes have ever been cracked... come to think of it, none of my Windows or Mac boxes ever have been, either.

    --
    Someone is WRONG on the Internet!
  5. Re:Are you kidding me? by j-turkey · · Score: 2, Interesting
    Airplanes used to have very little security, and people would even smoke on them. Cars originally had no seat belts, and even when they did, wearing them was not mandatory for the longest time. Moterbike riders didn't used to wear, or have to wear, helments. These are all absurd things *now*, but at the time people did not realize it.

    I know that this is completely offtopic...but I find our seatbelt and helmet laws patently absurd. Your example here is poor, since your view is not universally accepted. It comes down to the argument of who owns your body -- you or the goverment. I choose to wear seatbelts and helmets. I believe that not using them is just plain dumb...but I neither want this forced on me, nor do I believe it should be forced on anyone else.

    --

    -Turkey