Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote Exploit Discovered for OpenBSD

Posted by samzenpus on from the patch-it-up dept.

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

2 of 338 comments (clear)

  1. Moo by Chacham · · Score: 0, Offtopic

    See! I told you ipv6 was evil!

    An IP for everyone. Bah!

    --
    Have you read my journal today?
  2. Re:Well done, the OpenBSD team. by Anonymous Coward · · Score: -1, Offtopic

    2007-02-28: OpenBSD team indicates that the bug results in corruption of mbuf chains and that only IPv6 code uses that mbuf code, there is no user data in the mbuf header fields that become corrupted and it would be surprising to be able to run arbitrary code using a bug so deep in the mbuf code. The bug simply leads to corruption of the mbuf chain.

    2007-03-05: Core develops proof of concept code that demonstrates remote code execution in the kernel context by exploiting the mbuf overflow.

    Could this be a sign of overconfidence in the Linux community?