Remote Exploit Discovered for OpenBSD

An anonymous reader writes "OpenBSD is known for its security policies, and for its boast of "only one remote exploit in over 10 years". Well, make that two, because Core Security has found a remotely exploitable buffer overflow in the OpenBSD kernel. Upgrade your firewalls as soon as possible."

WHOA WTF

[inode_buddha]

freakin rare event, hell must have frozen over! /me takes a snapshot of the moment and feels badly for all the BSD-folk

Heh

[cyberbob2351]

From TFA:

Remotely Exploitable: Yes
Locally Exploitable: No

That right there is the biggest slap in the face! Everyone should have the freedom to fux0r their own machine!

Opensource my ass...

It's a feature

[andy314159pi]

Vulnerability Description
The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in:
1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or;
2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)

I think they just found the Windows2003 Server Emulator.

That's a relief

[Anonymous Coward]

haha
luckily i'am running Windows so no remote exploits for me, take that OpenBSD !!!1@#x"3eleventy !

Re:WHOA WTF

[Anonymous Coward]

/me takes a snapshot of the moment and feels badly for all the BSD-folk

Yeah, us BSD folks are horrified when a bug is found. You Linux pups seem to think bugs are normal events.

(Yeah, I'm trolling, which is why this is anonymous.)

Obligatory

[Anonymous Coward]

It was as if several dozen antiquated nameservers suddenly cried out in pain"

OpenBSD - now TWICE as insecure

[Anonymous Coward]

Wow, OpenBSD's security rating just went from "999,999" on a scale of 1 to a million to "999,998" on a scale of 1 to a million.

Re:Well done, the OpenBSD team.

[Leto-II]

Could this be a sign of overconfidence in the Linux community?

Not really, since this has nothing to do with Linux. It's OpenBSD, not Linux.

Holy Cow, an OpenBSD Vuln?

[Anonymous Coward]

Thank GOD I run the company webserver on NT!

Amiga : ZERO exploits !!

[Anonymous Coward]

Amiga : ZERO exploits !! About as many users !!

Re:Moo

[noz]

See! I told you ipv6 was evil!

You mean ipv666 don't you?

Re:Moo

[BrainInAJar]

An IP for everyone. Bah!

why, That's Communism!

Time to make a list...

[Anonymous Coward]

-The Sox won the world series
-The Pope died
-Mac got Intel chips
-The Berlin Wall came down
-I out-lived 4 cats
-Man walked on the moon
-I got laid
and...
-BSD had a hole

Re:Well done, the OpenBSD team.

[VGPowerlord]

The team and Microsoft should take a leaf out of your book.

What team, the A Team? Should take out Microsoft?

I love it when a plan comes together.

Re:Well done, the OpenBSD team.

[TheDarkener]

...Microsoft should take a leaf out of your book.
 
Uhh, they did. TCP/IP stack.
 
Of course, you can't ever say a leaf made the tree...

Re:Well done, the OpenBSD team.

[Tom]

It is when basically the only thing your OS does "in the default install" is allow SSH logins.

Which is more remote access than a default install of Windos contains. ;-)

Ok, make that "more intentional remote access"...

Re:Time to make a list...

[bytesex]

Do the facts that you got laid and that BSD had a hole have anything to do with each other ? Just asking - kids these days...

Re:WHOA WTF

[Misch]

It was 81 degrees F in New Jersey [wunderground.com] yesterday, so hell didn't freeze over.

Re:Heh

[bean123456789]

Opensource my ass...

I believe I speak for everybody when I say no.