lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Nov 2003 11:11:44 -0800 (PST)
From: Thamer Al-Harbash <tmh@...tefang.com>
To: bugtraq@...urityfocus.com
Subject: Re: OpenBSD kernel holes ...


On Tue, 18 Nov 2003, Coleman Kane wrote:

> This does fall under reliability fix category, though, since it
> isn't really a security issue, the bug puts the system into one
> of its most secure states: halted. Well, that is as long as
> youve disabled the kdb, which you should have on a production
> box.

It's a denial of service attack then.

It's very simple really: the OpenBSD team graciously maintains
and develops a distribution of software. If one of the components
exhibits a security flaw in a reasonable configuration then it is
a security hole.

That's all there is to it. No need for PR damage control.

-- 
Thamer Al-Harbash
GPG Key fingerprint: D7F3 1E3B F329 8DD5 FAE3  03B1 A663 E359 D686 AA1F


Powered by blists - more mailing lists