FWIS3

In memory of our guiding lights - Russ, Mike and Charlie - “To be a star, you must shine your own light, follow your own path, and don't worry about the darkness, for that is when the stars shine brightest”

Skip to content

Sigma's gonna love this one...

Post a reply

Sigma's gonna love this one...

Postby Cyborg Girl » Fri Jan 22, 2016 10:15 pm

The Ping of Death returns on FreeBSD:

http://news.softpedia.com/news/attacker ... 9297.shtml

According to the research team, if an attacker sends a ping to our FreeBSD box but creates a malicious packet with an SCTP header of a different size than 12 bytes, it offsets values inside the operating system's computations, causing a kernel panic, which resets the machine. This is a DoS (Denial of Service) attack and is often employed with other exploits to break into vulnerable machines.


Not sure about the rest of the kernel, but holy cow, that's a horrific lack of exception handling right there.
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am
Top

Re: Sigma's gonna love this one...

Postby Sigma_Orionis » Fri Jan 22, 2016 11:01 pm

Meh, seems to be the new normal

Look at the latest UDP mess with the Linux Kernel


https://cve.mitre.org/cgi-bin/cvename.c ... -2015-5364
https://cve.mitre.org/cgi-bin/cvename.c ... -2015-5366
Sic Transit Gloria Mundi
User avatar
Sigma_Orionis
Resident Oppressed Latino
 
Posts: 4496
Joined: Mon May 27, 2013 2:19 am
Location: The "Glorious Socialist" Land of Chavez
Top

Re: Sigma's gonna love this one...

Postby Cyborg Girl » Fri Jan 22, 2016 11:11 pm

@Sigma

Those are nasty, but IMO - at least from how I read it - not as nasty. More complicated cause, fancier exploit. Whereas the BSD one is basing offsets on possibly bogus data from a completely untrusted source, which is just plain bonkers.

I'll agree that modern OS security leaves a lot to be desired, though. :(
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am
Top

Re: Sigma's gonna love this one...

Postby Sigma_Orionis » Sat Jan 23, 2016 12:27 am

Oh I'm not saying those bugs in the Linux Kernel are worse. Just that it seems the new normal. Remember one thing, software is one of the few things done at a large scale that's still requires a lot of work by hand. No matter how many abstraction layers you dump on it. There's still plenty of places to screw up. As a matter of fact I think it gets worse the more layers you have. Since BSD is less used than Linux, it probably has a lot more dirty corners. Like the Mac users that used to proudly point that they didn't have to worry about Malware because OS/X was better than Windows. And nowadays they discover that Apple is just as bad as Microsoft when it comes to bugs and fixing them.

Sort of explains why Linus Torvalds has such a short fuse

http://lkml.iu.edu/hypermail/linux/kern ... 02866.html
Sic Transit Gloria Mundi
User avatar
Sigma_Orionis
Resident Oppressed Latino
 
Posts: 4496
Joined: Mon May 27, 2013 2:19 am
Location: The "Glorious Socialist" Land of Chavez
Top

Re: Sigma's gonna love this one...

Postby Cyborg Girl » Sat Jan 23, 2016 1:22 am

Methinks Torvalds went to the Buddy Rich School of Management.
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am
Top

Re: Sigma's gonna love this one...

Postby grapes » Sat Jan 23, 2016 3:23 am

He doesn't like shiny functions?
User avatar
grapes
Resident News Hound
 
Posts: 749
Joined: Wed May 29, 2013 7:51 pm
Top

Re: Sigma's gonna love this one...

Postby Cyborg Girl » Sat Jan 23, 2016 3:57 am

@grapes, see here:

https://en.wikipedia.org/wiki/Buddy_Rich#The_Bus_Tapes

Torvalds' style seems kind of similar.
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am
Top
Post a reply

Return to Sci-Tech… and Stuff

Who is online

Users browsing this forum: No registered users and 10 guests

Powered by phpBB® Forum Software © phpBB Group