Security Watch

Keeping Track of patches and hacks in the IT security world.

Hole Found in OpenBSD

The open-source operating system OpenBSD has a critical remote kernel buffer overflow vulnerability in its IPv6 protocol stack that can allow for a remote attacker to take over the system with malformed e-mail, Core Security Technologies disclosed on March 13.

CoreLabs, Core Security's research arm, discovered the flaw, which bypasses all system security mechanisms. The flaw allows for an attacker to insert arbitrary code at the kernel level of a targeted system.

OpenBSD is considered to be the safest operating system out there by some.

"For over a decade the OpenBSD team has done a superb job leading the way in the development of a very secure, free, general-purpose operating system," Iván Arce, chief technology officer at Core Security, was quoted as saying in a release. "However, 100 percent bullet-proof security is an unattainable goal and security-conscious users should be aware of that and remain prepared to quickly deploy fixes and workarounds should a serious problem like this surface."

Core Security discovered the vulnerability in the code of the operating system that was developed to process IPv6 (Internet Protocol version 6) packets. According to the security company, this "illustrates the possible perils in the implementation of relatively new and complex protocols, even in the most secure operating systems."

Besides making the system vulnerable to complete takeover, the vulnerability can also subject targeted systems to remote denial of service attacks due to failed attempts to exploit the vulnerability, which can be triggered by sending a specially-crafted IPv6 fragmented packet.

Because OpenBSD systems' default kernel has IPv6 enabled and does not filter inbound IPv6 packets, it is vulnerable, although successful attacks require direct access to the local network or IPv6 connectivity to it.

According to CoreLabs, the vulnerability affects these versions:

"OpenBSD 4.1, prior to February 26, 2006OpenBSD 4.0OpenBSD 3.9OpenBSD 3.8OpenBSD 3.6OpenBSD 3.1All other versions of OpenBSD that support the IPv6 protocol stack are also believed to be vulnerable."

OpenBSD users are advised to immediately apply the source-code patch and recompile the kernel. Pre-compiled kernel binaries for OpenBSD 4.1, 4.0 and 3.9 are available at OpenBSD's site.

The patch is available here.

Those users who can't patch right away or who don't need to process or route IPv6 traffic on their systems are advised to block all IPv6 packets with OpenBSD's firewall.