OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Angelos D. Keromytis (angelosDSL.CIS.UPENN.EDU)
Mon, 27 Jul 1998 21:25:39 -0400 

-----BEGIN PGP SIGNED MESSAGE-----

To: Michael Fuhr <mfuhrDIMENSIONAL.COM>
Subject: Re: Fwd: Any user can panic OpenBSD machine
Cc: BUGTRAQNETSPACE.ORG
Date: 07/27/98, 21:25:36


In message <19980727180938.41315dimensional.com>, Michael Fuhr writes:
>
>disclosure, isn't it?  I for one was appalled at the simplicity of the
>exploit in what's claimed to be one of the most secure operating
>systems around, especially since it doesn't appear to be a problem
>with the other BSDs.

While I'll agree that this is a very lame bug (in the sense that it
shouldn't exist), one can hardly call it an exploit. It causes a
machine to crash, but we already know how to do that in 32 different
ways (and just as easy -- they don't even require a compiled program)
once you can login (and for some OSes, even without logging in :-)

I don't know why the person who complained did so, but I think he was
unjustified. You were right to point that this is a full disclosure
list.
- -Angelos

PS. The bug was fixed about 1 hour ago.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNb0okL0pBjh2h1kFAQGOvgP+P4gezPxGcXKdJ/CIZFH4u0HHQ88zt4/a
dH3I7ye15/atCz3sFQ31rsQao7YJ/KkTZw8ljJ2b5IoGCPvKC4CTMVV51RJ85hf7
yoRMKOJpa3nHlwHGojfi7cMW+JlazlLQWbuL+WnApk8Iw03CESrDl8FMYG5rjLjE
5ny8qh/YW8w=
=iCv8
-----END PGP SIGNATURE-----