Feeds

OpenBSD exploit gets serious

Gives crackers server access

  • alert
  • submit to reddit

Boost IT visibility and business value

An esoteric buffer overflow bug in OpenBSD has been upgraded in importance after it was discovered that, in certain conditions, it could allow a cracker to gain remote access to a server.

Users are recommended to apply a patch to fix the one-byte buffer overflow vulnerability present in an OpenBSD service called ftpd(8). The issue particularly affects non-anonymous FTP (File Transfer Protocol) servers, and administrators of these services are also been encouraged to use more secure transport mechanisms.

For a system to be vulnerable, ftpd must have been enabled by the administrator because by default OpenBSD ships with the service turned off - though it is a frequently used service.

The potential risk from the vulnerability is minimised by the fact that to exploit the problem a cracker must have write access to at least one directory.

These factors led to the importance of the bug to be downplayed at first. However the discovery, earlier this week, of a publicly available exploit of the vulnerability led OpenBSD developers to issue a fresh advisory on the issue.

The vulnerability affects OpenBSD versions through 2.8 and NetBSD, though it is not believed to affect FreeBSD.

OpenBSD administrators using ftpd are advised to disable the service and then apply the patch, available here, to their OpenBSD 2.8 source tree. ®

Application security programs and practises

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.