Bugtraq mailing list archives

Re: OpenBSD Exploit

From: Christian Ruediger Bahls <christian () IT-NETSERVICE DE>
Date: Mon, 6 Nov 2000 13:29:08 +0100

sorry but i couldn't resist to answer

1st of all this isn't a remotely exploitable vulnerability
   -you need a shell-account on the target machine
   -you need physical access to the console to use DDB
    (this isn't a secure system at all.. as you could always
     use a "rescue"-disk to boot the system with your own root-shell)

2nd of all sysctl -w ddb.panic=0 is allways a good choice on a
    production-system

i do understand that there are some hidden vulnerabilities in OpenBSD
but i would appreciate to get this information from OpenBSD .. and most
important: after they fixed it ..

Yours ..

--
Christian Bahls
Networking Dep.
iT-netservice GmbH
Leipzig, Germany

Current thread:

OpenBSD Exploit rloxley (Nov 06)
- Re: OpenBSD Exploit Brett Lymn (Nov 07)
- Re: OpenBSD Exploit Artur Grabowski (Nov 07)
- Re: OpenBSD Exploit Christian Ruediger Bahls (Nov 07)
  - Re: OpenBSD Exploit Jose Nazario (Nov 07)
- Re: OpenBSD Exploit cripto (Nov 09)
- <Possible follow-ups>
- OpenBSD Exploit rloxley (Nov 09)