Bugtraq mailing list archives

Re: Fwd: Any user can panic OpenBSD machine

From: angelos () DSL CIS UPENN EDU (Angelos D. Keromytis)
Date: Mon, 27 Jul 1998 21:25:39 -0400


-----BEGIN PGP SIGNED MESSAGE-----

To: Michael Fuhr <mfuhr () DIMENSIONAL COM>
Subject: Re: Fwd: Any user can panic OpenBSD machine
Cc: BUGTRAQ () NETSPACE ORG
Date: 07/27/98, 21:25:36


In message <19980727180938.41315 () dimensional com>, Michael Fuhr writes:


disclosure, isn't it?  I for one was appalled at the simplicity of the
exploit in what's claimed to be one of the most secure operating
systems around, especially since it doesn't appear to be a problem
with the other BSDs.


While I'll agree that this is a very lame bug (in the sense that it
shouldn't exist), one can hardly call it an exploit. It causes a
machine to crash, but we already know how to do that in 32 different
ways (and just as easy -- they don't even require a compiled program)
once you can login (and for some OSes, even without logging in :-)

I don't know why the person who complained did so, but I think he was
unjustified. You were right to point that this is a full disclosure
list.
- -Angelos

PS. The bug was fixed about 1 hour ago.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNb0okL0pBjh2h1kFAQGOvgP+P4gezPxGcXKdJ/CIZFH4u0HHQ88zt4/a
dH3I7ye15/atCz3sFQ31rsQao7YJ/KkTZw8ljJ2b5IoGCPvKC4CTMVV51RJ85hf7
yoRMKOJpa3nHlwHGojfi7cMW+JlazlLQWbuL+WnApk8Iw03CESrDl8FMYG5rjLjE
5ny8qh/YW8w=
=iCv8
-----END PGP SIGNATURE-----

Current thread:

Re: small bug in 5/98 distribution Sun 4070627, (continued)
- - - Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
    - FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
    - ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
    - [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
    - Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
    - Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
    - Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
    - Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
    - CERT Vendor-Initiated Bulletin VB-98.07 - OpenVMS.LOGINOUT (fwd) Phillip R. Jaenke (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine Timothy J Luoma (Jul 28)
    - Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 28)

(Thread continues...)