FWIS3

In memory of our guiding lights - Russ, Mike and Charlie - “To be a star, you must shine your own light, follow your own path, and don't worry about the darkness, for that is when the stars shine brightest”
https://fwis3.com/

Sigma's gonna love this one...

https://fwis3.com/viewtopic.php?f=15&t=1666

Page 1 of 1

Sigma's gonna love this one...

PostPosted: Fri Jan 22, 2016 10:15 pm
by Cyborg Girl
The Ping of Death returns on FreeBSD:

http://news.softpedia.com/news/attacker ... 9297.shtml

According to the research team, if an attacker sends a ping to our FreeBSD box but creates a malicious packet with an SCTP header of a different size than 12 bytes, it offsets values inside the operating system's computations, causing a kernel panic, which resets the machine. This is a DoS (Denial of Service) attack and is often employed with other exploits to break into vulnerable machines.


Not sure about the rest of the kernel, but holy cow, that's a horrific lack of exception handling right there.

Re: Sigma's gonna love this one...

PostPosted: Fri Jan 22, 2016 11:01 pm
by Sigma_Orionis
Meh, seems to be the new normal

Look at the latest UDP mess with the Linux Kernel


https://cve.mitre.org/cgi-bin/cvename.c ... -2015-5364
https://cve.mitre.org/cgi-bin/cvename.c ... -2015-5366

Re: Sigma's gonna love this one...

PostPosted: Fri Jan 22, 2016 11:11 pm
by Cyborg Girl
@Sigma

Those are nasty, but IMO - at least from how I read it - not as nasty. More complicated cause, fancier exploit. Whereas the BSD one is basing offsets on possibly bogus data from a completely untrusted source, which is just plain bonkers.

I'll agree that modern OS security leaves a lot to be desired, though. :(

Re: Sigma's gonna love this one...

PostPosted: Sat Jan 23, 2016 12:27 am
by Sigma_Orionis
Oh I'm not saying those bugs in the Linux Kernel are worse. Just that it seems the new normal. Remember one thing, software is one of the few things done at a large scale that's still requires a lot of work by hand. No matter how many abstraction layers you dump on it. There's still plenty of places to screw up. As a matter of fact I think it gets worse the more layers you have. Since BSD is less used than Linux, it probably has a lot more dirty corners. Like the Mac users that used to proudly point that they didn't have to worry about Malware because OS/X was better than Windows. And nowadays they discover that Apple is just as bad as Microsoft when it comes to bugs and fixing them.

Sort of explains why Linus Torvalds has such a short fuse

http://lkml.iu.edu/hypermail/linux/kern ... 02866.html

Re: Sigma's gonna love this one...

PostPosted: Sat Jan 23, 2016 1:22 am
by Cyborg Girl
Methinks Torvalds went to the Buddy Rich School of Management.

Re: Sigma's gonna love this one...

PostPosted: Sat Jan 23, 2016 3:23 am
by grapes
He doesn't like shiny functions?

Re: Sigma's gonna love this one...

PostPosted: Sat Jan 23, 2016 3:57 am
by Cyborg Girl
@grapes, see here:

https://en.wikipedia.org/wiki/Buddy_Rich#The_Bus_Tapes

Torvalds' style seems kind of similar.
All times are UTC [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/