Remote Exploit Discovered for OpenBSD

← Back to Stories (view on slashdot.org)

Remote Exploit Discovered for OpenBSD

Posted by samzenpus on Wednesday March 14, 2007 @05:13PM from the patch-it-up dept.

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

19 of 338 comments (clear)

WHOA WTF by inode_buddha · 2007-03-14 17:19 · Score: 2, Funny

freakin rare event, hell must have frozen over! /me takes a snapshot of the moment and feels badly for all the BSD-folk

--
C|N>K
1. Re:WHOA WTF by Anonymous Coward · 2007-03-14 17:24 · Score: 1, Funny
  
  /me takes a snapshot of the moment and feels badly for all the BSD-folk
  
  Yeah, us BSD folks are horrified when a bug is found. You Linux pups seem to think bugs are normal events.
  
  (Yeah, I'm trolling, which is why this is anonymous.)
2. Re:WHOA WTF by Misch · 2007-03-15 02:09 · Score: 3, Funny
  
  It was 81 degrees F in New Jersey yesterday, so hell didn't freeze over.
  
  --
  
  --You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Heh by cyberbob2351 · 2007-03-14 17:20 · Score: 5, Funny

From TFA:

Remotely Exploitable: Yes
Locally Exploitable: No
That right there is the biggest slap in the face! Everyone should have the freedom to fux0r their own machine!

Opensource my ass...

--
for sale
I'm a self-modifying sig virus
1. Re:Heh by bean123456789 · 2007-03-15 04:27 · Score: 2, Funny
  
  Opensource my ass...
  
  I believe I speak for everybody when I say no.
It's a feature by andy314159pi · 2007-03-14 17:21 · Score: 4, Funny

Vulnerability Description
The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in:
1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or;
2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)

I think they just found the Windows2003 Server Emulator.
That's a relief by Anonymous Coward · 2007-03-14 17:22 · Score: 0, Funny

haha
luckily i'am running Windows so no remote exploits for me, take that OpenBSD !!!1@#x"3eleventy !
Obligatory by Anonymous Coward · 2007-03-14 17:26 · Score: 1, Funny

It was as if several dozen antiquated nameservers suddenly cried out in pain"
OpenBSD - now TWICE as insecure by Anonymous Coward · 2007-03-14 17:36 · Score: 3, Funny

Wow, OpenBSD's security rating just went from "999,999" on a scale of 1 to a million to "999,998" on a scale of 1 to a million.
Re:Well done, the OpenBSD team. by Leto-II · 2007-03-14 17:45 · Score: 5, Funny

Could this be a sign of overconfidence in the Linux community?

Not really, since this has nothing to do with Linux. It's OpenBSD, not Linux.

--
Do not anger the worm.
Holy Cow, an OpenBSD Vuln? by Anonymous Coward · 2007-03-14 17:49 · Score: 5, Funny

Thank GOD I run the company webserver on NT!
Amiga : ZERO exploits !! by Anonymous Coward · 2007-03-14 18:06 · Score: 2, Funny

Amiga : ZERO exploits !! About as many users !!
Re:Moo by noz · 2007-03-14 18:09 · Score: 4, Funny

See! I told you ipv6 was evil!
You mean ipv666 don't you?
Re:Moo by BrainInAJar · 2007-03-14 18:15 · Score: 3, Funny

An IP for everyone. Bah!

why, That's Communism!
Time to make a list... by Anonymous Coward · 2007-03-14 19:22 · Score: 5, Funny

-The Sox won the world series
-The Pope died
-Mac got Intel chips
-The Berlin Wall came down
-I out-lived 4 cats
-Man walked on the moon
-I got laid
and...
-BSD had a hole
1. Re:Time to make a list... by bytesex · 2007-03-15 01:05 · Score: 5, Funny
  
  Do the facts that you got laid and that BSD had a hole have anything to do with each other ? Just asking - kids these days...
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
Re:Well done, the OpenBSD team. by VGPowerlord · 2007-03-14 20:15 · Score: 2, Funny

The team and Microsoft should take a leaf out of your book.

What team, the A Team? Should take out Microsoft?

I love it when a plan comes together.

--
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Re:Well done, the OpenBSD team. by TheDarkener · 2007-03-14 20:15 · Score: 2, Funny

...Microsoft should take a leaf out of your book.

Uhh, they did. TCP/IP stack.

Of course, you can't ever say a leaf made the tree...

--
It is pitch black. You are likely to be eaten by a grue.
Re:Well done, the OpenBSD team. by Tom · 2007-03-14 20:39 · Score: 5, Funny

It is when basically the only thing your OS does "in the default install" is allow SSH logins. Which is more remote access than a default install of Windos contains. ;-)

Ok, make that "more intentional remote access"...

--
Assorted stuff I do sometimes: Lemuria.org