| |||||||||||||
A second remote hole for OpenBSDA second remote hole for OpenBSDPosted Mar 15, 2007 0:32 UTC (Thu) by ajross (subscriber, #4563)In reply to: A second remote hole for OpenBSD by drag Parent article: A second remote hole for OpenBSD
I know I promised not to post again. But now you're starting to post explicit misinformation. Please be careful to get things correct. Maybe you amisinterpreted the argument I was making? The point here is to judge the Linux kernel by the same standard as OpenBSD uses for their (IMHO) ridiculous slogan, not to enumerate other (obviously important) kinds of flaws, and not for the purpose of flaming about platforms, but as an exercise to show use useless a metric "Only N holes" is. http://secunia.com/advisories/13232/[1] From the description: "Multiple vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to ...". How exactly does this qualify as a "remote hole?" OpenBSD's metric is specifically about network-exploitable vulnerabilities, not local root exploits. http://secunia.com/advisories/14713/[2] This is another local vulnerabilty. It's clearly not a "remote hole". You can't compromise a system remotely via bluetooth; the bug is that you can achieve root locally by exploing a bug with the syscall handlers. http://secunia.com/advisories/16406/[3] This was never verified as anything but a DoS, so by OpenBSD's own standards (silly ones, of course, which is my whole point) it doesn't count. The bug in the OpenBSD IPv6 code was not termed a remote hole until someone wrote an exploit, so clearly it's not fair to tag Linux with a different standard. I'm sorry, but every one of those vulnerabilities would be rejected by the OpenBSD team as part of their "Only N holes" metric. Are you starting to agree with me now that it's perhaps not as informative a slogan as you might have originally thought?
(Log in to post comments)
A second remote hole for OpenBSD Posted Mar 15, 2007 1:03 UTC (Thu) by drag (subscriber, #31333) [Link] Oh, ok. :)
(see? It is possible to have a rational discussion.)
A second remote hole for OpenBSD Posted Mar 15, 2007 3:52 UTC (Thu) by tetromino (subscriber, #33846) [Link] IMHO, you have misinterpreted the advisories.
http://secunia.com/advisories/13232/[1] refers to the first part of the advisory (note the [1]), which is a true remote exploit:
"Stefan Esser has reported multiple vulnerabilities within the smb filesystem (smbfs) implementation that are caused due to various types of errors when handling server responses.
Successful exploitation requires that a malicious person has control over a smb server or is able to intercept and manipulate traffic."
The "local users" refers to the second part of the advisory (the unix_dgram_recvmsg() issue). For some reason, Secunia's summary blurb only describes the second part. Go figure.
http://secunia.com/advisories/14713/[2]
"A signedness error in the "bluez_sock_create()" function when creating bluetooth sockets can potentially be exploited to gain root privileges on a vulnerable system."
If I'm reading this right, a malicious user can take over a server by crafting malicious bluetooth packets, in other words, that's a remote root. (Remember, bluetooth devices can be very long-range: http://www.smallnetbuilder.com/content/view/24256/98/)
A second remote hole for OpenBSD Posted Mar 15, 2007 16:17 UTC (Thu) by bronson (subscriber, #4806) [Link] Because OpenBSD ships with neither SMBFS nor Bluetooth enabled by default, these remote holes would not count against it. Therefore, they should not count against Linux. As ajross was saying, you need to compare apples to apples.
Personally, I think pretty much any measurement against OpenBSD's default install is meaningless. Nobody runs it! "Only 12 remote holes in a fully-provisioned OpenBSD LAMP setup!" would be a much better statistic.
|
|||||||||||||