OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Michael Fuhr (mfuhrDIMENSIONAL.COM)
Mon, 27 Jul 1998 18:09:38 -0600 

On Mon, Jul 27, 1998 at 04:00:49PM -0300, David Maxwell wrote:

> Since this bug is explicitly marked confidential, and was only opened today,
> would it not have been reasonable to delay forwarding this. Given that the
> OpenBSD people are particularly enthusiastic about security auditing, I expect
> it will be fixed quickly.

In response to this, and in response to the person who privately called
my forwarding of the bug report "lameness," I have this to say:  The
bug report was forwarded to some OpenBSD list to which I must have
subscribed at one time.  If the OpenBSD listfolk didn't want the bug
known about then they should have kept it amongst the developers.  The
bug had already been made public in one forum; I simply brought it to
the attention of this one.  Apparently the moderator didn't have any
qualms about approving it for distribution -- this list *is* about full
disclosure, isn't it?  I for one was appalled at the simplicity of the
exploit in what's claimed to be one of the most secure operating
systems around, especially since it doesn't appear to be a problem
with the other BSDs.

Black hats distribute these kind of exploits quickly.  Let's make sure a
few white hats know about them too.

--
Michael Fuhr
http://www.fuhr.net/~mfuhr/