Critical Vulnerability Discovered In OpenBSD

The vulnerability exists in the kernel of OpenBSD, a free, Unix-like operating system designed with an emphasis on security, and stems from how the OS handles IPv6 traffic, according to Ivan Arce, CTO at Core Security, the Boston-based penetration testing vendor that discovered the flaw.

OpenBSD versions 3.1, 3.6, 3.8, 3.9, 4.0, and 4.1 (released Feb. 26th, 2006) are vulnerable, and OpenBSD.org has released a patch for the vulnerability.

Hackers could exploit the flaw to trigger a buffer overflow in kernel memory, which would pave the way for remote code execution and allow for a complete compromise of the affected machine, Arce said.

But in order to exploit the flaw, an attacker would need to be on the same network as the target system, or be able to send fragmented IPv6 packets to the network, he added.

In OpenBSD, IPv6 is enabled by default, so even organizations that have OpenBSD installed but don't use IPv6 are at risk, Arce said.

The flaw underscores the challenges organizations face when implementing IPv6, Arce said. "IPv6 is a complex protocol, and there may be implementation problems that can result in security issues," he said.

Although a proof concept for the vulnerability has been published, Arce said he isn't aware of any exploits circulating in the wild.

Symantec gave the vulnerability its highest rating of 10, while Secunia said it was 'highly critical', its second highest rating. The National Vulnerability Database, a National Institute Of Standards and Technology initiative that publishes threat ratings using the Common Vulnerability Scoring System, gave it a score of 7 on a 10-point scale.