[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD on BUGTRAQ again.

To: John Wright <john@dryfish.org>
Subject: Re: OpenBSD on BUGTRAQ again.
From: Jan Johansson <jan@wenf.org>
Date: Mon, 6 Nov 2000 14:29:14 +0100
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20001106093305.A4219@dryfish.org>
User-Agent: Mutt/1.2.5i

I would not call that posting an exploit, and the guy shows in numerous
places he has no clue about what he is speaking of.

[..]
Next, there is the "Three years without a remote hole in the default
install". I hope this advisory breaks that aswell, because,
technically:

      * Log into the remote host
[..]

Logging in makes the "exploit" local. If the NFS statement means that
it can be used on an NFS server it may count as remote, however NFS is
not on by default.

[..]
        A very smart attacker will:
        
                * Crash the kernel
                * Assume the location of the box which crashed (@ the
                * colo)
                * Use DDB to gain god status
[..]

If someone has console access you often do not stand a chance.  And
frankly how hard is it to make a box go on it knees when you have a
shell?

The last discussion made me really aware of whats make OpenBSD
superior. Theo and friends found 600 (I think) format string BUGs. One
which showed exploitable so far, I am pretty certain Linux will be
putting out advisories on format string bugs many years from now. But
maybe someone should make a script that watches the CVS three and
sends out a notice to bugtraq. "The following bug has been fixed, it
is NOT known to be exploitable. A diff is attached." Now how is that
for full disclosure?

References:
- OpenBSD on BUGTRAQ again.
  - From: John Wright <john@dryfish.org>

Prev by Date: Re: File fingerprints / signatures
Next by Date: Re: File fingerprints / signatures
Prev by thread: Re: OpenBSD on BUGTRAQ again.
Next by thread: Re: OpenBSD on BUGTRAQ again.
Index(es):
- Date
- Thread