|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: OpenBSD Exploit
From: Christian Ruediger Bahls (christian
IT-NETSERVICE.DE)Date: Mon Nov 06 2000 - 06:29:08 CST
- Next message: Lance Vavricka: "Re: dos on quake1 servers"
- Previous message: Rogier Wolff: "Re: vulnerability in mail.local"
- In reply to: rloxley: "OpenBSD Exploit"
- Next in thread: Jose Nazario: "Re: OpenBSD Exploit"
- Next in thread: Artur Grabowski: "Re: OpenBSD Exploit"
- Reply: Christian Ruediger Bahls: "Re: OpenBSD Exploit"
- Reply: Jose Nazario: "Re: OpenBSD Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
sorry but i couldn't resist to answer
1st of all this isn't a remotely exploitable vulnerability
-you need a shell-account on the target machine
-you need physical access to the console to use DDB
(this isn't a secure system at all.. as you could always
use a "rescue"-disk to boot the system with your own root-shell)
2nd of all sysctl -w ddb.panic=0 is allways a good choice on a
production-system
i do understand that there are some hidden vulnerabilities in OpenBSD
but i would appreciate to get this information from OpenBSD .. and most
important: after they fixed it ..
Yours ..
-- Christian Bahls Networking Dep. iT-netservice GmbH Leipzig, Germany
- Next message: Lance Vavricka: "Re: dos on quake1 servers"
- Previous message: Rogier Wolff: "Re: vulnerability in mail.local"
- In reply to: rloxley: "OpenBSD Exploit"
- Next in thread: Jose Nazario: "Re: OpenBSD Exploit"
- Next in thread: Artur Grabowski: "Re: OpenBSD Exploit"
- Reply: Christian Ruediger Bahls: "Re: OpenBSD Exploit"
- Reply: Jose Nazario: "Re: OpenBSD Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]