Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: mfuhr () DIMENSIONAL COM (Michael Fuhr)
Date: Mon, 27 Jul 1998 18:09:38 -0600
On Mon, Jul 27, 1998 at 04:00:49PM -0300, David Maxwell wrote:
Since this bug is explicitly marked confidential, and was only opened today, would it not have been reasonable to delay forwarding this. Given that the OpenBSD people are particularly enthusiastic about security auditing, I expect it will be fixed quickly.
In response to this, and in response to the person who privately called my forwarding of the bug report "lameness," I have this to say: The bug report was forwarded to some OpenBSD list to which I must have subscribed at one time. If the OpenBSD listfolk didn't want the bug known about then they should have kept it amongst the developers. The bug had already been made public in one forum; I simply brought it to the attention of this one. Apparently the moderator didn't have any qualms about approving it for distribution -- this list *is* about full disclosure, isn't it? I for one was appalled at the simplicity of the exploit in what's claimed to be one of the most secure operating systems around, especially since it doesn't appear to be a problem with the other BSDs. Black hats distribute these kind of exploits quickly. Let's make sure a few white hats know about them too. -- Michael Fuhr http://www.fuhr.net/~mfuhr/
Current thread:
- Re: small bug in 5/98 distribution Sun 4070627, (continued)
- Re: small bug in 5/98 distribution Sun 4070627 Brandon Hume (Jul 26)
- Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
- FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
- ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
- [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
- Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
- Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
- Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- CERT Vendor-Initiated Bulletin VB-98.07 - OpenVMS.LOGINOUT (fwd) Phillip R. Jaenke (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Timothy J Luoma (Jul 28)