OpenBSD open to remote kernel vulnerability


OpenBSD open to remote kernel vulnerability

Dennis Fisher, Executive Editor

Several recent versions of the popular OpenBSD operating system contain a remotely exploitable buffer overrun vulnerability that security experts say could give attackers complete control over vulnerable machines.

The flaw was found in OpenBSD's kernel and involves the way the OS handles certain kinds of IPv6 packets, according to the researchers at Core Security Technologies Inc. who discovered the problem. The vulnerability affects versions 3.1, 3.6, 3.8, 3.9, 4.0 and 4.1 of OpenBSD. Also, all other versions that support the IPv6 stack are thought to be vulnerable.


Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

OpenBSD team has released a patch and a workaround for the flaw . Because this is a kernel-level vulnerability, administrators will need to rebuild their kernels after installing the patch.

In order to exploit the flaw, an attacker need only be able to send fragmented IPv6 packets to a target system. This requires direct access to the target network, however the attacker's machine does not need to have its own IPv6 stack in order to make the exploit work, Core said. Users who don't need to route IPv6 traffic can block those packets using OpenBSD's native firewall.

Ivan Arce, chief technology officer of Boston-based Core, said that once an attacker knows what he is looking for, exploiting this vulnerability is trivial.

"It was difficult for us to spot and figure out what was going on because the kernel was crashing in a bunch of different places because the memory was corrupted," Arce said. "Once we figured it out, it's not difficult to exploit."

This is the first IPv6-related vulnerability that leads to a remote system compromise that Core has seen, Arce said, but it's unlikely to be the last.

"It's a complex protocol and some of the implementations are difficult," he said. "When things are that complex, it's likely you will run into security vulnerabilities as well."