Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Remotely Exploitable Flaw in OpenBSD Found

I’ve got a lot of respect for OpenBSD, whose maintainers’ relentless focus on security has really paid off. Until today, the OpenBSD tagline was “only one remote hole in the default install in almost ten years.” Now, due to the discovery of a new critical vulnerability, that tagline must change to its current form: “Only two remote holes in the default install, in more than 10 years!”

Fortunately, this new vulnerability is fairly easy to mitigate and is fairly limited in scope to begin with. This page (look for the security fix dated March 7, 2007) provides some workarounds and a link to the patch that fixes the problem. If you’re already using OpenBSD’s pf firewalling functionality, then pf can easily be configured to block the traffic that triggers this vulnerability.

If you manage any OpenBSD-based systems, it would be prudent to configure pf and/or apply the patch to address this vulnerability.

Metadata and Navigation

Be social and share this post!