> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Sunday, September 08, 2002 14:44 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: remote kernel exploits? > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey > > I've been hearing about this for the past year, but always shrugged > it off as fun-and-games at best or FUD at worst. A few days > ago, though, > I posed the question to a friend who has been a very reliable source > in the past concerning exploit rumors and security gossip (among > many other things, he was able to give me two week's warning about > the Apache chunked encoding hole). He said in no uncertain terms > that although he has no substantial information concerning the flaws, > the Linux kernel, FreeBSD/OpenBSD kernel, and possibly other kernels > contain remote vulnerabilities that were discovered independently by > both a Bindview employee and/or an individual using the nickname ~el8. > > The bugs are said to have something to do with integer manipulation in > the kernels' TCP/IP stacks. That's all he was able to offer > me, but was > very forward in saying that he has full confidence based on > conversations with others that these bugs do indeed exist. > > Now, there's always the chance I'll be wrong, but unless > someone wishes > to comment on the technical plausibility of these vulnerabilities, I > have several second-rate reasons as to why I believe these rumours > are most likely just figments of the imagination: > > - - I have not seen any incident reports on Incidents, or any other > mailing list for that matter. > > - - You'd think several high profile sites would've been > attacked already > with such devastating exploits, but I've seen no reports of this. In > fact, if the kids really did have such an exploit, you'd think they'd > tag their h4ndl3z all over high profile sites. But according > to Alldas, > high profile defacements have been virtually nonexistent in the last > year or so. > > - - Given the skill required to craft such an exploit, I'd think it > would be way out of the grasp of the kids. Since no researcher has > come forth with such a vulnerability, it's logical to conclude that > this does not exist. > > > Anyway, I'm very interested in hearing what others have to offer > concerning these rumors. Even if it's for reassurance ;>
It might be the case that this is the problem: http://www.openbsd.org/errata.html#scarg I know that a similar problem was fixed in FreeBSD a little later, but I can't find the correct pointer. Since this is a problem in the kernel, it might be remotely exploitable. Regards, Yonatan. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
