Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exploit Discovered for OpenBSD

Posted by samzenpus on from the patch-it-up dept.

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

2 of 338 comments (clear)

  1. OpenBSD Website by Anonymous Coward · · Score: 5, Informative

    From the OPENBSD Website:
    Only two remote holes in the default install, in more than 10 years!

    At least they don't hide it.

  2. Re:Well done, the OpenBSD team. by TheRaven64 · · Score: 5, Informative
    Note that many Sendmail and Apache exploits do not affect OpenBSD, for two reasons:
    1. The kernel contains a lot of exploit mitigation stuff, that may well turn an arbitrary code execution into a DoS.
    2. OpenBSD doesn't actually include Sendmail or Apache, it includes forks of both. These are heavily audited by the OpenBSD guys, and not all of the changes are merged upstream.
    When a new category of bug is found in OpenBSD, the entire tree is searched for occurrences of it. This often means that seemingly innocuous changes in something like OpenBSD's httpd turn out to have fixed things that are later found to be security holes.

    --
    I am TheRaven on Soylent News