Contributed by jose on from the overflows? dept.
"Any one aware of OpenBSD-Current's status in regards to these suggested exploits as noted on security wire:Bear in mind that most of this is just speculation, but does anyone have any info to chare? CERT's not been terribly forthcoming. I already voiced my suspicions (check one of the links above). Thanks.*CERT WARNS OF POTENTIAL FOR TCP/IP EXPLOIT
CERT last week warned of exploits that may be circulating in the underground that could take advantage of vulnerabilities in the Linux, OpenBSD and FreeBSD implementations of TCP/IP. Without providing any additional details, CERT cautioned users to remain vigilant. "We are particularly concerned about these types of vulnerabilities because they have the potential to be exploited even if the target machine has no open ports," CERT says.http://lists.netsys.com/pipermail/full-disclosure/2002-September/001667.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001668.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001664.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001643.html "
(Comments are closed)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Too Lazy to get an Account () on
I guess his point was that arp, netstat, et al, are _applications_, and the way they are coded to parse options is not necessarily related to the kernel-level TCP/IP stack. You can change these apps to parse options in any crazy way you want without impacting how they talk to the stack.
Rule #1: correlation does not imply causation.
By Dom De Vitto () dom-at-devitto.com@gov.uk. on mailto:dom-at-devitto.com@gov.uk.
Meanwhile some MS sales monkey emails a link to this site to his customer and, ch-ching!! that's another linux shop converted, and a tidy sales commission too.
By Dom De Vitto () dom-at-devitto.com@gov.uk. on mailto:dom-at-devitto.com@gov.uk.
It just lucky that I trust Theo and Linus to actually tell folks the truth, poor of MS folk just get empty promises.
By Anonymous Coward () on
Linux, FreeBSD, and OpenBSD's TCP stacks are quite different -- especially Linux -vs- BSD. And why isnt Solaris vulnerable? Why not NetBSD? NetBSD's TCP stack is _really_ close to OpenBSD's.
Those "blackhat hackers" names sound fictional -- please tell me if you know otherwise, I'd be interested...
Comments
By Noryungi () n o r y u n g i @ y a h o o . c o m on http://www.noneofyourbusiness.com
Yup.
Seems strange that OpenBSD is affected and not NetBSD, given the fact these two were very closely related, not so long ago...
On the other hand, NetBSD has released half a dozen security advisories in a couple of days -- but they seem to be un-related to this mysterious TCP/IP vulnerability.
Personally, I still think it's nothing but rumors... until proven otherwise, with some serious evaluation of the problem.
Comments
By Gimlet () on
NetBSD is just not as visible than the other three, IMHO.
By Anonymous Coward () on
By SKULL () on
Hmm, fourth hand rumors. Not much to work with.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Sorry, but IPC is about as trustable as leaving a dog alone in a house with a cat made entirely of bacon. You are creating a world of pain if you make a binary handle your TCP traffic -- not to mention that if TCP-work it's done between processes w/o kernel intervention, you are going to have to rewrite every network-enabled app in existance.
This is only scratching the surface of the issues involved here.... AaH the headaches!
Network code belongs in the kernel.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
The Hurd is a very smart design, imho. I'm looking forward to someday being able to use it. I just got a new laptop with lots of cutting-edge features which aren't really support in Linux (or OpenBSD) yet so I have to muck around with compiling new kernels to get stuff to work. I was wondering to myself, "why should the mouse driver be in the kernel?" It makes no sense, but if you agree that the mouse driver shouldn't be there.... then a lot of things which are there shouldn't be there.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
That must be quite a cat to be made entirely out of bacon.
Comments
By Gimlet () on
>That must be quite a cat to be made entirely out of bacon.
Would that be a house made out of Milk Bones?
By S/Kanker () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By W () on
I'm not kidding.
Comments
By ~el8 () on
You're right: there's an underground world out there that doesn't release an advisory on bugtraq.
Oh, that exploit is for true and works on Solaris, NetBSD, OpenBSD, FreeBSD, Linux 2.4 and Darwin.
How could I say that ?
Maybe because I wrote it ?
Comments
By W () on
Comments
By Anonymous Coward () on
Comments
By W () on
Comments
By Anonymous Coward () on
Comments
By W () on
By Free Bird () on
Yeah right.
You're fake, and the same thing probably goes for those exploits.
Oh, and BTW: Why isn't Linux 2.2 vulnerable?
By Anonymous Coward () on
Comments
By W () on
By ~el8 () on
No Win9X.
WinXP/2000 are vulnerable because of the TCP/IP parts from FreeBSD.
Comments
By W () on
By Free Bird () on
IOW: You don't know what you're talking about!
Comments
By ~el8 () on
-> http://info.iet.unipi.it/~luigi/
"Some of my code apparently has also made it into Windows XP."
Comments
By Free Bird () on
Comments
By SUPERCOOLDUDE () on
By Anonymous Coward () on
Comments
By W () on
HEH HEH HEH HEH.
By W () on
HEH HEH HEH HEH.
By RC () on
What you are talking about is called 0day. But don't be fooled by your own paranoia... It's not that everything is exploitable, and it's not that you can't proactively protect yourself.
I happen to remember a piece of (commerical) software that will kill & restart a service as soon as it acts badly, and ban the IP the cause it, for a configurable ammount of time. They ran software with known exploits, and still no-one could break-in. With some luck, someone managed to break in once, but that bug was fixed since.
Can't recall the name or company, but I'd like to know if someone else does.
Even if you don't buy the software, this example tells you exactly how to secure your machine... You run software with known exploit scripts available, and see if precautions you've put in place will negate any software exploits.
My method would be at that point (where nothing short of a serious kernel bug could result in Root) if OpenBSD only had TCP/UDP port ACLs, so I could give certain (non-Root) users access only to certain ports. Until that gets added to the OpenBSD code base, I'll be running things like Tripwire, monitoring processes, and Root logins, so I'll at least know when someone does exploit services running as Root.
I think, once TCP/UDP port ACLs are introduced, the security of any single piece of software won't even matter. (at least for myself, and whoever my current employer is :-) )
Comments
By Anonymous Coward () on
why not use nat and pf with user/group authentication?
Comments
By RC () on
It adds quite a bit more overhead to every communication.
There are several pieces of software that hard-code the port into the data.
By W () on
Cool. I'd like to get my hands on that one.
Comments
By Anonymous Coward () on
[]`s
Comments
By Anonymous Coward () on
there's been talk about auto-generating deny rules in the past, generally w/ statements about the DoS potentials (someone spoofs ip of your important machines, like your workstation, and gets the firewall to block that, you're screwed).
systrace can already log to syslog. you could have something parse syslog messages to block ips. whether this is feasible/realistic/appropriate will depend on your setup, otherwise a user running logger may really fuck you up.
Comments
By Jeroen () on
But the future looks bright: IPv6
By Dom De Vitto () dom-at-devitto.com@gov.uk. on mailto:dom-at-devitto.com@gov.uk.
Secondly just about everyone (since the ping-of-death days) has sent every concievable random illegal packet to various IP stacks to see what breaks.
Thirdly, just because someone says that they have a mate, who stood next to a bloke on the train who knew a guy who said he woz a really e1it3 h4x0r and could break into any linux (*bsd, *ms, vax, bla, bla) box and delete it. c00l. I believe em, yea.
Wot a load of bollox. And it was even posted to a full disclosure list WITHOUT ANY EVIDENCE OR EVEN VAUGE TECHNICAL DETAILS.
Don't you think that's odd ???
Last time that happened after a few weeks of scarmongering, posted, and then recalled press stories, before folks worked out that some MS sales guy is pissing himself laughing at us.....
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org
Comments
By Anonymous Coward () on
By Walter Mitty () none on none
Comments
By I Really Need to get an Account () on
By Anonymous Coward () on
* NO supporting facts
* MY friend told me so
* the last email in the list is OBVIOUSLY meant to mock all the others
* The snippet that looks like a quote of a story about CERT isn't referenced and is probably crap.
I can't believe this even showed up on the OpenBSD Journal page.
This is sufficient for me to just stop reading this site altogether.
Comments
By Skull () on
Comments
By Anonymous Coward () on
mmm... To be more slashdot-like? To create "controversy" and add some "heat" to the usually slow and calm discussions?
I don't know...
By W () on
By Sean () askshant@alloyant.com on mailto:askshant@alloyant.com