Remotely Exploitable Flaw in OpenBSD Found16 March 2007 · Filed in News
I’ve got a lot of respect for OpenBSD, whose maintainers’ relentless focus on security has really paid off. Until today, the OpenBSD tagline was “only one remote hole in the default install in almost ten years.” Now, due to the discovery of a new critical vulnerability, that tagline must change to its current form: “Only two remote holes in the default install, in more than 10 years!”
Fortunately, this new vulnerability is fairly easy to mitigate and is fairly limited in scope to begin with. This page (look for the security fix dated March 7, 2007) provides some workarounds and a link to the patch that fixes the problem. If you’re already using OpenBSD’s pf firewalling functionality, then pf can easily be configured to block the traffic that triggers this vulnerability.
If you manage any OpenBSD-based systems, it would be prudent to configure pf and/or apply the patch to address this vulnerability.Tags: BSD · Networking · Security · UNIX Previous Post: Virtual Security Concerns Next Post: VirtueDesktops to Cease Development