Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: OpenBSD Exploit
From: Christian Ruediger Bahls <christian () IT-NETSERVICE DE>
Date: Mon, 6 Nov 2000 13:29:08 +0100

sorry but i couldn't resist to answer

1st of all this isn't a remotely exploitable vulnerability
   -you need a shell-account on the target machine
   -you need physical access to the console to use DDB
    (this isn't a secure system at all.. as you could always
     use a "rescue"-disk to boot the system with your own root-shell)

2nd of all sysctl -w ddb.panic=0 is allways a good choice on a
    production-system

i do understand that there are some hidden vulnerabilities in OpenBSD
but i would appreciate to get this information from OpenBSD .. and most
important: after they fixed it ..

Yours ..

--
Christian Bahls
Networking Dep.
iT-netservice GmbH
Leipzig, Germany


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]