Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Remotely Crash OpenBSD

CowboyNeal posted more than 10 years ago | from the even-the-best-of-us dept.

Security 407

*no comment* writes "If you are running OpenBSD on your IPv6 install, it might be time to upgrade to -current. (just kidding) There is, however, a way to crash OpenBSD 3.4 with a couple of simple IPv6 commands. Georgi Guninski, found the problem. To quote Theo, 'it is just a crash.'" It is unknown if the bug could be used to execute arbitrary code, but it does require patching a Linux kernel (or rolling your own network stack) to exploit.

cancel ×

407 comments

Sorry! There are no comments related to the filter you selected.

GNAA confirms: BSD is Dying (-1, Troll)

W32.Klez.A (656478) | more than 10 years ago | (#8195339)

GNAA confirms: BSD is dying
"Do not stand at my hard disk and forever weep.
I am not there; I do not sleep.
I am a thousand winds that blow.
I am the diamond glints on snow.
I am the sunlight on ripened grain.
I am the gentle autumn's rain.
When you reboot in the morning's hush
I am the swift uplifting rush
Of quiet birds in circled flight.
I am the soft stars that shine at night.
Do not stand at my hard disk and forever cry.
I am not there. "


GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

__vowov_ __vv___v_ ______vov_ ______vov__
_vow_wov _vow__wov _____vowov _____vowov_
_vow____ _voww_wov ____vowowv ____vowowv_
_vow_wov _vow_wwov ___vow_wov ___vow_wov_
_vow_wov _vow__wov __vow__wov __vow__wov_
__vowov_ _vow__wov _vow___wov _vow___wov_

_____GAY NIGGER ASSOCIATION of AMERICA_____


BE NIGGER!
BE GAY!
JOIN THE GNAA!

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. (Click Here [idge.net] to download the ~280MB MPEG off of BitTorrent)

Second, you need to succeed in posting a GNAA "first post" on slashdot.org [slashdot.org] , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

Fourth, remind Lindsay Felton about Batman touching my junk liberally.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.foxlink.net or irc.choopa.net as one of the EFNet servers. If these do not work, use irc.efnet.net.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here [nero-online.org] .

If you have mod points and would like to support GNAA, please moderate this post up.

This post by GNAA member Lysol [homesolutionsnews.com] , another soul proud of his nigger fag heritage.

Re:GNAA confirms: BSD is Dying (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195499)

Awesome timing, man. But you should have posted some pictures of that hot BSD chick...

Oh well... (5, Funny)

Seoulstriker (748895) | more than 10 years ago | (#8195340)

I think it's time to upgrade to windows.

Re:Oh well... (0, Offtopic)

justsomebody (525308) | more than 10 years ago | (#8195489)

Upgrade what,... maybe... your stress level???

Re:Oh well... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8195532)

HAHAH! THAT'S SO NOT FUNNY!

Re:Oh well... (-1, Offtopic)

justsomebody (525308) | more than 10 years ago | (#8195567)

Just as you CAPS!

Re:Oh well... (0)

Anonymous Coward | more than 10 years ago | (#8195587)

Ping of death, anybody?

So, (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195342)

How do them apples taste now?

THIS CONFIRMS ALL (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8195343)

*BSD IS DYING

Just Login from a Windows Box! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195347)

Extra point if you use Exploder!

Ya!

Propz to GNAA (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8195350)

[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD] When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project. Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it. FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile. It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics. So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project. Discussion I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly. From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished. There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want. Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress. Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers? Shouts To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad. To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when you get distracted by the politickers that they sideline you. The tireless work that you perform keeping the system clean and building is what provides the platform for the obsessives and the prima donnas to have their moments in the sun. In the end, we need you all; in order to go forwards we must first avoid going backwards. To the paranoid conspiracy theorists - yes, I work for Apple too. No, my resignation wasn't on Steve's direct orders, or in any way related to work I'm doing, may do, may not do, or indeed what was in the tea I had at lunchtime today. It's about real problems that the project faces, real problems that the project has brought upon itself. You can't escape them by inventing excuses about outside influence, the problem stems from within. To the politically obsessed - give it a break, if you can. No, the project isn't a lemonade stand anymore, but it's not a world-spanning corporate juggernaut either and some of the more grandiose visions going around are in need of a solid dose of reality. Keep it simple, stupid. To the grandstanders, the prima donnas, and anyone that thinks that they can hold the project to ransom for their own agenda - give it a break, if you can. When the current core were elected, we took a conscious stand against vigorous sanctions, and some of you have exploited that. A new core is going to have to decide whether to repeat this mistake or get tough. I hope they learn from our errors. Future I started work on FreeBSD because it was fun. If I'm going to continue, it has to be fun again. There are things I still feel obligated to do, and with any luck I'll find the time to meet those obligations. However I don't feel an obligation to get involved in the political mess the project is in right now. I tried, I burnt out. I don't feel that my efforts were worthwhile. So I won't be standing for election, I won't be shouting from the sidelines, and I probably won't vote in the next round of ballots. You could say I'm packing up my toys. I'm not going home just yet, but I'm not going to play unless you can work out how to make the project somewhere fun to be again.

ECFA - better than the GNAA because we do GOOD (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195354)

PLEASE KILL A DOG - Any dog. Support the Euthenasia for Canus Familiarous Assoc. today to benefit from the FULL BENEFITS of being a FULL TIME ECFA member.

Are you MAD?
Do you HATE DOGS?
Are you a MAD DOG HATER?

If you answered "yes" to any of the above questions, the ECFA is for you! The ECFA is the only animal humane group that supports the MAD KILLING OF DOGS.

Why kill dogs you ask? Because there are just TOO MANY of them. We don't have anything against the species, it's just that they are too overpopulated. Dog lovers from around the world spend LOADS of TIME attempting to save every member of this overcrowded species. To fix this imbalance, the overpopulated animals need to be eliminated. If the dog is not already in a home, or can be adopted in a short period of time... it's time to say goodbye.

Why MAD? Because they are costing us TAX DOLLARS to take care of? Over 100 million dollars is spent in the US each year alone on taking care of wild dogs. The health and safty concerns of this overpopulation are overwhelming. It is time to say goodbye.

We are looking forward to your membership. To join, first get a ECFA "first post" on slashdot.org. Then, give us a holler in our chatroom, #dogs on efnet. Then, simply post a sign outside your humane society for the humane destruction of dogs with euthanasia.

Crash and burn (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195355)

and then the devil rises.

Remember Murphy's Law! (-1, Redundant)

SIG TR0LL (749566) | more than 10 years ago | (#8195359)

Funny how Linux causes this (-1, Redundant)

ObviousGuy (578567) | more than 10 years ago | (#8195362)

You'd think that Linux problems would only affect itself, but apparently it's bad enough to crash BSD boxes as well.

So much for peaceful network coexistence.

Remotely? (-1, Redundant)

RetroGeek (206522) | more than 10 years ago | (#8195363)

require patching a Linux kernel (or rolling your own network stack) to exploit.

So if you patch YOUR kernel and/or roll YOUR own network stack, then you could be vulnerable to a remote attack.

What am I missing here?

Re:Remotely? (4, Informative)

Beolach (518512) | more than 10 years ago | (#8195379)

No, in order to perform an attack on an OpenBSD box with this vulnerability you need to patch a Linux Kernel or roll your own network stack.

Re:Remotely? (0)

Anonymous Coward | more than 10 years ago | (#8195382)

Yes, the attacker needs to modify their kernel to send out the specific packet (from what I quickly read)

Re:Remotely? (0)

Anonymous Coward | more than 10 years ago | (#8195385)

RTFA. you need to patch your kernel in order to EXPLOIT it, not to be exploited.
ps: it's only a 2 line patch to one file.

Re:Remotely? (1)

chatgris (735079) | more than 10 years ago | (#8195388)

I believe that you must roll your own Linux kernel or network stack in order to send the (correct? bad?) commands that cause openBSD's crash to occur.

Re:Remotely? (1)

Rydian (29123) | more than 10 years ago | (#8195395)

Actually you need to patch the linux kernel or write you own network stack to DO the remote attack against an OpenBSD box.

At least that's the way I read it.

Re:Remotely? (4, Informative)

athakur999 (44340) | more than 10 years ago | (#8195407)

No, the ATTACKER has to patch their Linux kernel in order to attack you. So if I knew you were running OpenBSD and using IPv6 and knew your IP address, I could patch my kernel and then try to connect to your box, causing you to crash.

Re:Remotely? (0)

Anonymous Coward | more than 10 years ago | (#8195462)

No, the ATTACKER has to patch their Linux kernel in order to attack you. So if I knew you were running OpenBSD and using IPv6 and knew your IP address, I could patch my kernel and then try to connect to your box, causing you to crash.

Damn. And people say that Windows is insecure. Jeez.

Re:Remotely? (0, Redundant)

justsomebody (525308) | more than 10 years ago | (#8195540)

Thanks, I feel like I was just promoted to people level.
Damn, and I was just geting used being geek level

Re:Remotely? (0)

Anonymous Coward | more than 10 years ago | (#8195548)

I love how the SIXTH person to respond to this post with essentially the same information as the other five gets modded up. How much you wanna bet the posts ahead of his get modded down as Redundant?

Re:Remotely? (0)

Anonymous Coward | more than 10 years ago | (#8195475)

You should read before posting.

Re:Remotely? (1)

thestarz (719386) | more than 10 years ago | (#8195480)

So if you patch YOUR kernel and/or roll YOUR own network stack, then you could be vulnerable to a remote attack.

No, your attacker has to patch his linux kernel or roll his own network stack in order to crash you. You don't have to do a thing. RTFS!

Re:Remotely? (3, Informative)

0racle (667029) | more than 10 years ago | (#8195509)

You appear to be missing the whole problem.

This is a problem with OpenBSD's IPv6 implimentation where if you send bad data, it looks like sending something larger then expected, then the kernel will crap out on you.

The rolling your own kernel OR build your wn network stack is whats required for the REMOTE host to send these bad packets to your system and crash it.

On an unrelated note, its a little disturbing to see this as i just rebooted a OBSD 3.3 system to upgrade to 3.4, but then again, I don't run IPv6.

What I would say is most suspect is Theo's reaction "Its just a crash." You would hope someone who started a project to create the worlds most secure OS would actually care there might be a problem.

Re:Remotely? (1)

JeffTL (667728) | more than 10 years ago | (#8195563)

Well, I guess Theo got hit by the reductionism bug...or perhaps what he means is "At least the system goes down rather than being compromised"

Re:Remotely? (1, Funny)

Anonymous Coward | more than 10 years ago | (#8195521)

No, the BSD has to patch the ATTACKERS IPv6 to crash THE packet linux victim ROLL YOUR OWN!

Does this count? (5, Interesting)

DNAspark99 (218197) | more than 10 years ago | (#8195365)

Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?

Re:Does this count? (5, Insightful)

inertia@yahoo.com (156602) | more than 10 years ago | (#8195453)

I don't think the IPv6 install is the default. Even if it is, 'it's just a crash' not a remote hole. So, yes they can still boast.

Re:Does this count? (1)

0racle (667029) | more than 10 years ago | (#8195550)

Well no, at the moment its "just a crash" because no ones looked into it to see if it will allow code to be executed, but yes I dont believe IPv6 is in the default install.

Re:Does this count? (5, Interesting)

Richard_at_work (517087) | more than 10 years ago | (#8195569)

IPv6 is available in the base install, but you have to actually have an IPv6 address assigned that people can get to to exploit this issue. Its really a non issue for the 99% of people running OpenBSD out there, but for some, like myself, its time to upgrade.

Re:Does this count? (1)

subk (551165) | more than 10 years ago | (#8195478)

Or can OpenBSD still boast "Only one remote hole in the default install, in more than 7 years!" ?

They'll just lower the number of years to the amount since the first one.

Re:Does this count? (0)

Anonymous Coward | more than 10 years ago | (#8195516)

Interesting question. Even if it was proved exploitable, I'm not sure an IP6 issue can truely count for anything yet.....

FUCK ALL ITALIANS! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8195368)

with their DEGO moustaches and GREASY hair!

Re:FUCK ALL ITALIANS! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195416)

It's "dago", you ignorant slice of turd.

Funny that... (-1)

Fnkmaster (89084) | more than 10 years ago | (#8195370)

Fixing a bug in OpenBSD requires patching a Linux kernel? What will they think of next?! Installing Outlook for fix a Solaris root exploit?

Re:Funny that... (0)

Anonymous Coward | more than 10 years ago | (#8195424)

RTFA. You need to patch the linux kernel to get it's network stack to send out the specific packet to crash openbsd.

Re:Funny that... (0)

Anonymous Coward | more than 10 years ago | (#8195429)

Exploiting the bug requires patching the Linux kernel.

Re:Funny that... (1)

maxwell demon (590494) | more than 10 years ago | (#8195469)

However, I guess patching a BSD kernel should work as well :-)

Re:Funny that... (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8195435)

What part of "to exploit" don't you understand?

Re:Funny that... (0)

Anonymous Coward | more than 10 years ago | (#8195447)

I believe that EXPLOITING (not patching) the vuln. requires patching you network stack (the post just assumes you are running Linux in true /. form)

Re:Funny that... (1)

__past__ (542467) | more than 10 years ago | (#8195468)

It's not as there hasn't been an Outlook (Express) version for Solaris, you know? I still sometimes use IE 5.0 on my Sun Ultra5, mostly for quick testing.

(On the other hand, as everybody knows, IE is an integral part of windows and could never work on Solaris, HP-UX or Mac OS, just as it would be impossible to create a Windows version without IE, like WinXP-PE)

this is bullshit (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195374)

mod -1 for being a troll post, openBSD is alive and well... and its not the linux kernel, its the BSD kernel you dumbshit.

Double standards? (5, Insightful)

Threni (635302) | more than 10 years ago | (#8195377)

I'm thinking that if someone from Microsoft stated "It's just a crash" the editors here would be just a touch more sarcastic...

Re:Double standards? (5, Funny)

Anonymous Coward | more than 10 years ago | (#8195461)

if someone from Microsoft stated "It's just a crash"

Yeah, but on Windows, how can you tell the difference?

(Admit it, you asked for it)

Re:Double standards? (2, Insightful)

jwthompson2 (749521) | more than 10 years ago | (#8195482)

"It's Just a crash" is among the dumbest things anyone could say about a bug. Not quite as bad as "It's just a remote root exploit" but very disturbing none the less. The only thing that seems to offer any reassurance is that it requires a patched kernel or custom stack to exploit but a person bent on bringing down a system *could* do these things without too much trouble I would think. My question is for a serious cracker wouldn't taking down a system in a manner like this be much more inviting if all they want to do is bring a system down?

Re:Double standards? (0, Redundant)

Temporal Outcast (581038) | more than 10 years ago | (#8195495)

How do you know its not sarcasm?

To me it sounds just that. Although I agree that there are instances of anti-MS bias, this is not one.

Besides, the reason MS gets made fun of is only because there's always "just a crash" - the reason OpenBSD doesn't get made fun of is because its so rare that it ever happens.

*shrug*

Maybe not... (1)

Simon Carr (1788) | more than 10 years ago | (#8195571)

There are days on this network where I wish the latest MS vulnerability was just a crash. 'member those great days? It may not even get reported because it would be such low key news.

Anyway, for this remote takedown to work, you also have to be running an IPV6 stack, right? At the moment that's a pretty small segment of techies.

Note: I am not an OpenBSD apologist... I am a Mac apologist.

Noticed this awhile ago... (0)

Anonymous Coward | more than 10 years ago | (#8195381)

I noticed this awhile ago. To fix the problem, it is believed that openbsd current is not vulnerable.

It's ok... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195383)


Noone important uses BSD anyways...

patching a Linux kernel? (0, Redundant)

DaHat (247651) | more than 10 years ago | (#8195392)

Why would you patch a Linux kernal for a BSD problem? That's like patching Windows due to a linux problem.

yay for comprehension (0)

Anonymous Coward | more than 10 years ago | (#8195443)

read. to cause the crash you need to use a remote system running the patched linux kernel

Re:patching a Linux kernel? (4, Informative)

Roofus (15591) | more than 10 years ago | (#8195446)

They are saying that to exploit would require a patch to the Linux kernel.

I like your way better though!

Re:patching a Linux kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195448)

You patch linux in order to exploit the problem on bsd.

Re:patching a Linux kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195459)

Jesus. Can nobody actually READ the entire story and then understand it before rushing to post? To quote: "but it does require patching a Linux kernel (or rolling your own network stack) to exploit." i.e. You have to patch your Linux kernel to generate the IPv6 packet OR write your own network stack to generate the IPv6 packet. This packet when sent to a vulnerable OpenBSD machine will crash it.

Re:patching a Linux kernel? (0)

name773 (696972) | more than 10 years ago | (#8195460)

Why would you patch a Linux kernal for a BSD problem?

to exploit it.

Re:patching a Linux kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195542)

I know you are, but what am I?

Patch for production systems? (5, Interesting)

agentZ (210674) | more than 10 years ago | (#8195401)

I know that the problem has been fixed in -current, but I run a production box that I refuse to bring up to -current. There's no patch or even a mention of this problem on the errata [openbsd.org] page.

What's a sane admin to do?

Re:Patch for production systems? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8195575)

Are you on an IP6 network? I'm betting you aren't....
But if you are just wait a little while for the fix.

Re:Patch for production systems? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195579)

Since there are legions of people recompiling their TCP stacks right now to crash your OpenBSD boxes, you may have to switch to Linux, since Linux has proven to be much more secure in a networked environment that OpenBSD.

Or you can wait... it seems likely a fix will come to -stable.

Re:Patch for production systems? (4, Informative)

Richard_at_work (517087) | more than 10 years ago | (#8195593)

Give it a little time. THey usually patch -current first to test it out, then backport the patches to -stable. Patching -current first saves time in the long run, in cases like this where its not really a MS level issue :) IF it was more serious, -stable would get the patch first, and then it would be ported into -current.

Oh wow (0, Insightful)

The Bungi (221687) | more than 10 years ago | (#8195406)

To quote Theo, 'it is just a crash.'

Maybe the next time Bashdork reports the new evil IE vulnerability that allows my desktop wallpaper to be changed by a hacker in Romania I'll se a quote like this one. "To quote [whomever], head of [whatever] at Microsoft, it's just a crash".

I'm sure.

Re:Oh wow (4, Insightful)

lxs (131946) | more than 10 years ago | (#8195488)

I'd rather have a box crashed than a box rooted. But maybe I'm just funny that way.

Re:Oh wow (1)

gpinzone (531794) | more than 10 years ago | (#8195547)

kay, give us the IP address of your BSD box while I patch my Linux kernel.

Is it just me.. (0, Redundant)

subk (551165) | more than 10 years ago | (#8195434)

..or should this read "If you are running IPv6 on your OpenBSD install.."

Lol. (-1, Troll)

anonymous coword (615639) | more than 10 years ago | (#8195436)

If this was on fark, the title would be

BSD Exploit discovred, Linux users laugh, Flamewar ensures!

ADMINS: DELETE PARENT NOW! (-1, Flamebait)

sheapshearer (746106) | more than 10 years ago | (#8195512)

If slashdot is going to promote the kind of material that his link is pointing to, then I'm going back to M$ Windows and using PC World as my source of tech information. If I were to say that his link contained material of an 'extremely sick' nature, it would only be an understatement!

hmmmm (0, Redundant)

rogabean (741411) | more than 10 years ago | (#8195452)

ya know after all the depenguinator and "upgrading" your linux box to BSD articles lately...i should have some sort of witty remark to this... but sadly i dont.

RTFA (5, Informative)

Anonymous Coward | more than 10 years ago | (#8195454)

You have to have a modified ipv6 stack in order to exploit this bug, not to fix it. I can remotely crash your ipv6 enabled openbsd if I modify my linux kernel. Capisce?

Re:RTFA (1)

Triumph The Insult C (586706) | more than 10 years ago | (#8195492)

si.

and, you have to: 1. know my ipv6 address or hostname and 2. be able to get your ipv6 packets to me

Slashdotted (5, Informative)

Anonymous Coward | more than 10 years ago | (#8195455)

Remote openbsd crash with ip6, yet still openbsd much better than windows

Systems affected:
tested on openbsd 3.4
not clear about netbsd
freebsd not vulnerable

Risk: Medium
Date: 4 February 2004

Legal Notice:
This Advisory is Copyright (c) 2004 Georgi Guninski.
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts
of it without the author's written permission - this especially applies to
so called "vulnerabilities databases" and securityfocus, microsoft, cert
and mitre.
If you want to link to this content use the URL:
http://www.guninski.com/obsdmtu.html
Anythi ng in this document may change without notice.

Disclaimer:
The information in this advisory is believed to be true though
it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.

Description:
It is possible to remotely crash openbsd 3.4 if the host receives icmpv6
and there is a listening tcp port.
quoting de raadt: "it is just a crash."
remote crash which screws the kernel.
unknown whether this may be exploited for code execution.

Details:
The problem is triggered by setting small ipv6 mtu and then doing tcp
connect.
How to reproduce:
Patch linux kernel 2.4.24 net/ipv6/icmp.c :

case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro

then:
ping6 openbsd
ssh -6 openbsd

Workaround:
It is believed that openbsd current is not vulnerable.
netbsd current also seems to have related changes.
check:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/neti net6/ip6_output.c [openbsd.org]
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netine t/tcp_output.c?sortby=date [netbsd.org]

Vendor status:
open, net and free bsd were notified Sun, 1 Feb 2004 16:35:56 +0200

Georgi Guninski
http://www.guninski.com

Re:Slashdotted (1)

Windfinder (469246) | more than 10 years ago | (#8195481)

Wow man, it's not even slashdotted yet. Jump the gun much??
Have a little faith in their poor server =)

Re:Slashdotted (0)

Anonymous Coward | more than 10 years ago | (#8195511)

No, I didn't. The page took a minute and a half to load for me.

Re:Slashdotted (2, Funny)

cgenman (325138) | more than 10 years ago | (#8195520)

His server is running on OpenBSD. It is only a matter of time before some smart a$$ crashes it.

Re:Slashdotted (0)

Anonymous Coward | more than 10 years ago | (#8195529)

Have a little faith in their poor server =)

Yeah, it's probably running something decent, like OpenBSD. Oh, wait...

do FreeBSD & OpenBSD use the same kernel? (0, Redundant)

xot (663131) | more than 10 years ago | (#8195471)

Pardon my ignorance..but do FreeBSD n Open BSD use the same kernel?If they do does that mean that this bug would affect FreeBSD as well?

Re:do FreeBSD & OpenBSD use the same kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195523)

If you click the posted link it will say "freebsd not vulnerable".

Re:do FreeBSD & OpenBSD use the same kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195544)

No. They are very different operating systems with common (though now somewhat distant) origins.

Re:do FreeBSD & OpenBSD use the same kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195552)

no, FreeBSD's kernel is different, NetBSD's and OpenBSD's are quite similar.

Re:do FreeBSD & OpenBSD use the same kernel? (0)

Anonymous Coward | more than 10 years ago | (#8195555)

Although there is cross pollination, NET, Free, and Open use different kernels

Maybe time to drop this "securitier than thou" ? (0, Troll)

Tom7 (102298) | more than 10 years ago | (#8195472)

With the attitude those guys have, it's almost as amusing to hear about an OpenBSD exploit than a WinXP one!

Re:Maybe time to drop this "securitier than thou" (1)

FuzzzyLogik (592766) | more than 10 years ago | (#8195549)

the difference is they fix it in a timely fashion...

Crash or Slash? (5, Funny)

Halthar (669785) | more than 10 years ago | (#8195485)

Great, now when I try and check the linked article and cant get there I am left wondering if it was Slashdotted or if someone crashed the servers using the exploit.

Hell, who knows, maybe this one is Google's fault too.

So this is why... (4, Funny)

Tomy (34647) | more than 10 years ago | (#8195487)

...my BSD is dying...

Mod Parent Troll Down, Please (0, Flamebait)

Anonymous Coward | more than 10 years ago | (#8195585)

Stupid trolls.

What are the chances.... (2, Funny)

Anonymous Coward | more than 10 years ago | (#8195491)

Now let's see ... what are the chances of finding both an OpenBSD server (an unpatched one at that) and IPv6 network in the same place? I think I'd better stick to plausible worries like lighting strikes, seatbelt failures, and choking to death on my turkey dinners.

See This Article for More OpenBSD Info (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195493)


Still another awful blow has struck what's left of the *BSD community, as a soon-to-be-released report by an independent commission doing a year-long study concludes: *BSD is dead and mummified. Here are some of the commission's findings:

Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.

Fact: Apple is quietly changing the base kernel for OS X from *BSD to Linux. Insiders report that Apple's technical leadership has grown tired of the licensing battles and is seeking a more modern license; they find Linux's license more appealing. Many Apple technology experts -- from OS developers all the way up to Steve Jobs -- find Linux to be a more advanced OS, which will enable Apple to release a more mature product. The frequent hallway arguments and fistfights among the *BSD developers Apple has hired has also contributed to the decision.

Fact: XFree86 is dropping support for *BSD. The remaining core group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."

Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)

Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."

Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."

Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. "It's just not reliable," said Christine McGee, VP of Technology for eBay, Inc. "Nor do we find it a very modern OS. I would recommend Linux to anyone contemplating a server OS, or maybe Windows, before I would recommend a BSD."

Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.

With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is dead and mummified.

OpenBSD crashes: how could it have been prevented? (1, Troll)

Debian Troll's Best (678194) | more than 10 years ago | (#8195496)

This is a serious issue especially given the large number of OpenBSD firewall machines which are in service across the internet. While possibly not a direct security threat, remote crash exploits are obviously highly disruptive and in today's networked economy, highly costly in terms of lost productivity. It's good to see, however, the rapid response of th BSD community to this threat.

I was talking with some of my colleagues in network security this morning about the OpenBSD exploit and means by which future exploits may be avoided. One suggestion which was raised was that the OpenBSD 'ports' system may be to blame. After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen. Debian's apt-get system for example does not require 'ports' to work properly, and therefore may be immune from this type of exploit. Is this a possible solution? I look forward to hearing the community's responses!

Re:OpenBSD crashes: how could it have been prevent (1)

GirTheRobot (689378) | more than 10 years ago | (#8195536)

regarding the second paragraph...YOU HAVE TO BE KIDDING!
I would mod this FUNNY...not insightful.

Re:OpenBSD crashes: how could it have been prevent (0)

Anonymous Coward | more than 10 years ago | (#8195551)

rofl, nice ;)

even better someone just modded it insightful, please stop before I spit the rest of my coffee over the monitor.

Re:OpenBSD crashes: how could it have been prevent (1)

jazman_777 (44742) | more than 10 years ago | (#8195561)

After all, if you need to add packages on a BSD system, 'ports' must be opened, and when ports are open on firewall boxes, bad things happen.

Ha ha ha, very funny.

Re:OpenBSD crashes: how could it have been prevent (1)

richie2000 (159732) | more than 10 years ago | (#8195574)

Good troll. Not quite Insightful, but still. :-)

(Moderators: The BSD ports system has slightly less than nothing to do with TCP/IP ports being open, closed or missing on firewall or other machines. It's just a homonym (no, it has absolutely nothing to do with gays [geometry.net] ).)

This explains why they run on Solaris! (-1, Troll)

anonymous coword (615639) | more than 10 years ago | (#8195530)

It is known for a Long time that the www.openbsd.org web server runs on solaris. I have always doubted their excuse for the bandwidth from sunsite. Surley they could co-located a OpenBSD server at sunsite, Now I know the real reason. OpenBSD's Security features are mostly academic and NOT READY for primtime in mission critical use, even the OpenBSD developers themselves wont use it as their main OS!

OpenBSD is still concidered a hobby security OS in the Security Industry by many. Most Military grade security systems run on Windows 2000, and is the most secure certified operating system. Sure the Applications such as IIS can be exploitable, the the Windows 2000 kernel has never been comprimised remotley. Microsoft has even challenaged hackers 10 million dollars to exploit Windows 2000 Military Security Edition!

So for now, as a Security Specialst who Specializes Windows security, I will keep using Windows, and I will use this toy security system on my isolated testing network.

Such misunderstanding on common hacking lingo (0, Flamebait)

0xfc (737668) | more than 10 years ago | (#8195539)

> To quote Theo, 'it is just a crash.'"

Yes, just a crash. Because you know he was trying like mad to get a remote exploit out of it. Some bugs are a d0s and others are simply not exploitable. Not so hard to understand how people use the phrase, "just a crash", with a disapointed puppy dog look because they cannot get mad props for dissing on Theo.

As for the people who did not understand patching your kernel so you can exploit the bug on openbsd.
HA!

Please continue using windows and being an end luser.

I consider this bug to be like an interesting post. Georgi will just get karma from it. Nothing more.

After all, who needs a bug to d0s someone from the face of the earth?

His way was just more elegant.

Re:Such misunderstanding on common hacking lingo (1)

stor (146442) | more than 10 years ago | (#8195590)

After all, who needs a bug to d0s someone from the face of the earth?

Exactly. All it takes is a fractal on the Google homepage or a link from /.

Cheers
Stor

kaka (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8195560)

I poop on you

Remote openbsd crash with ip6 (0)

Anonymous Coward | more than 10 years ago | (#8195570)

yet still openbsd much better than windows... cause we say so. What a dumb way of defending yourself, why brush off your bug by saying "At least we're not windows!". Why don't you own up to the fact that "Hey we found a bug, but since we're open source we can fix it right away"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>