Rob W wrote:
http://www.securityfocus.com/bid/16375 is minor but important enough to
report?
A way to remotly crash a OpenBSD box is minor?
From http://openbsd.org/security.html:
"Security information moves very fast in cracker circles. On the other
hand, our experience is that coding and releasing of proper security
fixes typically requires about an hour of work -- very fast fix
turnaround is possible. Thus we think that full disclosure helps the
people who really care about security."
It requires to qualify as a root explort/possible root explorit to get a
security announce?
Sorry, I don't get it.
"By sending carefully crafted sequence of IP packet fragments, a remote
attacker can cause a system running pf with a ruleset containing a
'scrub fragment crop' or 'scrub fragment drop-ovl' rule to crash."
1: Has this been verified to actually cause a panic on OpenBSD, or did
OpenBSD just add the fixes to pf in CVS for the benefit of other
operating systems?
2: How common is the use of those rules?
