A vulnerability in the way OpenBSD handles IPv6 data packets exposes systems running the traditionally secure open-source operating system to serious attack.
A memory corruption vulnerability error exists in the OpenBSD code that handles IPv6 packets, Core Security Technologies said in an alert published Tuesday. Exploiting the flaw could let an attacker commandeer a vulnerable system, according to Core, which said it discovered the issue and crafted sample exploit code.
"This vulnerability allows attackers to gain complete control of the target system, bypassing all the operating system's security mechanisms," Core said in a statement Wednesday. Core deems the issue "critical." Security-monitoring company Secunia rates it "highly critical."
OpenBSD is one of several operating systems based on the Berkeley Software Distribution, or BSD. The most popular BSD descendents are FreeBSD, PCBSD and NetBSD, with OpenBSD coming in fourth, according to the BSDstats project.
OpenBSD is mostly known for its security enhancements and is used for firewalls, intrusion detection systems and other applications. Google is among OpenBSD users and backers. The OpenBSD team likes to tout that only a few remotely exploitable vulnerabilities have been found in the code in a decade.
A security update was issued last week to deal with the OpenBSD issue, which affects
multiple releases of the operating system.
Default installations of OpenBSD are vulnerable as IPv6 is enabled and the system does not filter inbound packets, Core said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become more scarce.
To exploit the vulnerability, an attacker must have the ability to send malicious IPv6 packets to the target system or be on the same network, Symantec said in an alert. The Cupertino, Calif., security company raised its ThreatCon to level 2 because of the issue, which means attacks are expected.
As a work-around for users who can not apply the OpenBSD patch or who do not need to process or route IPv6 traffic on their systems, all inbound IPv6 packets can be blocked by using Openness' firewall.
The good thing is all OpenBSD users are computer experts which can find the bug in the source code and re-compile the networking stack. So it is not a big threat for the open source community, unlike evil Microsoft :)
To make sure its okay and to fix the problem you need to be an expert.
Its sort of like when people complain about a bug found in MS products, most people who know what they are doing are not vulnerable or fixed the problem.
I had mentioned before how, frustrated I am with the new Linux builds.
They have become so fractured, man thinking about Vista and its various versions is nothing compared to all the Linux builds and all the various problems that arise between them.
Be it as simple as updating your video driver or spending hours trying to tweak wine so you can run your game again.
So sure its nice that the experts can recompile there stack and avoid the issue, but thats really not the point now is it.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Its sort of like when people complain about a bug found in MS products, most people who know what they are doing are not vulnerable or fixed the problem.
I had mentioned before how, frustrated I am with the new Linux builds.
They have become so fractured, man thinking about Vista and its various versions is nothing compared to all the Linux builds and all the various problems that arise between them.
Be it as simple as updating your video driver or spending hours trying to tweak wine so you can run your game again.
So sure its nice that the experts can recompile there stack and avoid the issue, but thats really not the point now is it.
Even the best OS's fail .. what is it now.. twice in 10 years. ;-)
Good job OpenBSD team! Your security record is VERY impresive.