forum.opennet.ru

Составление сообщения

Исходное сообщение

"Удалённая уязвимость в IPv6-стеке OpenBSD"
Отправлено Дон Ягон, 30-Окт-20 22:13

Тео про еррату, степень опасности, слоган и пр.:
"We've released the errata as security because it is possibly exploitable
or could cause a crash, and we have a rapid fix release process.  It was
released without even seeing any evidence of a remote crash, nor any
evidence of a remote exploit.  Incorrect code gets fixed, and if we
judge it important we release a fix to the public in expedited fashion,
and apparently get judged for doing so.
Now that the fix is released and deployed by most openbsd users, we
quickly become uncurious and head back to other work.  The only
conversations related to this are asking how we can harden the mbuf
layer to avoid similar issues in the future.
I guess many other operating systems would wait weeks or months to
collect all the "facts" and make a fancy disclosure, but we shipped
source and binary fixes in just over 24 hours.
So, is it a remote crash?  Possibly, but we'd like to see a packet
that causes it.
Next after that, is it a remote exploit?
I think it is fair to wait for facts."
Запасаемся попкорном и ждём продолжения (эксплоита?).

Исходное сообщение
"Удалённая уязвимость в IPv6-стеке OpenBSD" Отправлено Дон Ягон, 30-Окт-20 22:13
Тео про еррату, степень опасности, слоган и пр.: "We've released the errata as security because it is possibly exploitable or could cause a crash, and we have a rapid fix release process. It was released without even seeing any evidence of a remote crash, nor any evidence of a remote exploit. Incorrect code gets fixed, and if we judge it important we release a fix to the public in expedited fashion, and apparently get judged for doing so. Now that the fix is released and deployed by most openbsd users, we quickly become uncurious and head back to other work. The only conversations related to this are asking how we can harden the mbuf layer to avoid similar issues in the future. I guess many other operating systems would wait weeks or months to collect all the "facts" and make a fancy disclosure, but we shipped source and binary fixes in just over 24 hours. So, is it a remote crash? Possibly, but we'd like to see a packet that causes it. Next after that, is it a remote exploit? I think it is fair to wait for facts." Запасаемся попкорном и ждём продолжения (эксплоита?).

Ваше сообщение

Имя*:

EMail:

Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Тео про еррату, степень опасности, слоган и пр.:

> "We've released the errata as security because it is possibly exploitable 
> or could cause a crash, and we have a rapid fix release 
> process.  It was 
> released without even seeing any evidence of a remote crash, nor any 
 
> evidence of a remote exploit.  Incorrect code gets fixed, and if 
> we 
> judge it important we release a fix to the public in expedited 
> fashion, 
> and apparently get judged for doing so.

> Now that the fix is released and deployed by most openbsd users, 
> we 
> quickly become uncurious and head back to other work.  The only 
 
> conversations related to this are asking how we can harden the mbuf 
 
> layer to avoid similar issues in the future.

> I guess many other operating systems would wait weeks or months to 
 
> collect all the "facts" and make a fancy disclosure, but we shipped 
 
> source and binary fixes in just over 24 hours.

> So, is it a remote crash?  Possibly, but we'd like to 
> see a packet 
> that causes it.

> Next after that, is it a remote exploit?

> I think it is fair to wait for facts."

> Запасаемся попкорном и ждём продолжения (эксплоита?).

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру