Bugtraq mailing list archives

Re: Fwd: Any user can panic OpenBSD machine

From: perry () piermont com (Perry E. Metzger)
Date: Mon, 27 Jul 1998 23:21:20 -0400


"Angelos D. Keromytis" writes:

In message <19980727180938.41315 () dimensional com>, Michael Fuhr writes:


disclosure, isn't it?  I for one was appalled at the simplicity of the
exploit in what's claimed to be one of the most secure operating
systems around, especially since it doesn't appear to be a problem
with the other BSDs.


While I'll agree that this is a very lame bug (in the sense that it
shouldn't exist), one can hardly call it an exploit.


Dunno. If your ISP was running on OpenBSD it would be pretty damn
annoying.

Personally, I find the constant claims that OpenBSD is more secure
than FreeBSD and NetBSD annoying. We all do extensive security
work. This is just another example of a fairly common situation -- in
which OpenBSD has a bug that other BSDs don't. Sometimes it is the
other way around, too, but you'd think from the propaganda that it was
always, or even usually, OpenBSD that was the most secure system.

Perry

Current thread:

FW: Alert: Arbitrary code execution via email or news, (continued)
- - - FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
    - ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
    - [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
    - Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
    - Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
    - Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - CERT Vendor-Initiated Bulletin VB-98.07 - OpenVMS.LOGINOUT (fwd) Phillip R. Jaenke (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Timothy J Luoma (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 27)

(Thread continues...)