[17517] in bugtraq
Re: OpenBSD Exploit
daemon@ATHENA.MIT.EDU (Christian Ruediger Bahls)
Mon Nov 6 13:17:09 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0011061322410.2141-100000@phase2.intern.it-netservice.de>
Date: Mon, 6 Nov 2000 13:29:08 +0100
Reply-To: Christian Ruediger Bahls <christian@IT-NETSERVICE.DE>
From: Christian Ruediger Bahls <christian@IT-NETSERVICE.DE>
X-To: rloxley <rloxley@HACKPHREAK.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001501c04702$54ee3d60$4063abd0@bob>
sorry but i couldn't resist to answer
1st of all this isn't a remotely exploitable vulnerability
-you need a shell-account on the target machine
-you need physical access to the console to use DDB
(this isn't a secure system at all.. as you could always
use a "rescue"-disk to boot the system with your own root-shell)
2nd of all sysctl -w ddb.panic=0 is allways a good choice on a
production-system
i do understand that there are some hidden vulnerabilities in OpenBSD
but i would appreciate to get this information from OpenBSD .. and most
important: after they fixed it ..
Yours ..
--
Christian Bahls
Networking Dep.
iT-netservice GmbH
Leipzig, Germany
