[7424] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Joshua Cope)
Tue Jul 28 15:24:34 1998
Date: Tue, 28 Jul 1998 12:54:30 -0400
Reply-To: cope@star.enet.dec.com
From: Joshua Cope <cope@STAR.ENET.DEC.COM>
To: BUGTRAQ@NETSPACE.ORG
deraadt@CVS.OPENBSD.ORG wrote:
> However, this bug does not by itself provide anyone with a way to gain
> elevated priviledges and greater control of the system. That is what
> most of us normally call an 'exploit', or has the lingo changed
> recently?
If you consider denial-of-service an attack, then I consider anon-privileged system crasher an exploit. However, I agree
you that no Bugtraq reader should be "appalled" or even
surprised when the occasional buffer overflow, improper
typecast, etc. is found that crashes a system. (Heck, one even
shows up in good old OpenVMS now and then!)
> Also, please see
> www.openbsd.org/security.html
>
> for information on other security fixes which are far more important,
> yet strangely have not reached BUGTRAQ like this report did.
Bugtraq is for reporting new vulnerabilities, not rehashing those whichhave already been announced. In other words, you found 'em before
we did ;)
Joshua Cope
------------------------------------------------------------
The above opinions and information not necessarily those of
Digital Equipment Corporation or Compaq.
------------------------------------------------------------
