022: RELIABILITY FIX: March 10, 2020 All architectures
Missing input validation in sysctl(2) can be used to crash the kernel.
023: RELIABILITY FIX: March 13, 2020 All architectures
Local outbound UDP broadcast or multicast packets sent by a spliced socket can crash the kernel.
#security
Missing input validation in sysctl(2) can be used to crash the kernel.
023: RELIABILITY FIX: March 13, 2020 All architectures
Local outbound UDP broadcast or multicast packets sent by a spliced socket can crash the kernel.
#security
HackTheBox released OpenKeyS - an OpenBSD machine. https://forum.hackthebox.eu/discussion/3629/official-openkeys-discussion
#security #ctf
#security #ctf
Self-host a password manager on OpenBSD
https://www.tumfatig.net/20210105/self-host-a-password-manager-on-openbsd/
#security #password
https://www.tumfatig.net/20210105/self-host-a-password-manager-on-openbsd/
#security #password
How to Compile OpenVAS on OpenBSD.
The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network...
https://cromwell-intl.com/open-source/compiling-openvas-on-openbsd.html
#openvas #security
The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network...
https://cromwell-intl.com/open-source/compiling-openvas-on-openbsd.html
#openvas #security
Block spammers/abusive IPs with Pf-badhost in OpenBSD. A 'must have' security tool!
Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.
https://www.undeadly.org/cgi?action=article;sid=20210119113425
#network #security
Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.
https://www.undeadly.org/cgi?action=article;sid=20210119113425
#network #security
OpenBSD Authentication Bypass | HTTP Header Tampering | Kernel OS Local Root Exploit
Summary. User - This machine is running an OpenBSD httpd site which has a login portal with only a sign-in feature working. Upon research, it was found to have a vulnerability that exposes the user’s private key enabling us to login using SSH. Root - A local exploit was found for openbsd; executing which gave me the root!
https://medium.com/bugbountywriteup/htb-openkeys-writeup-531264648200
#security
Summary. User - This machine is running an OpenBSD httpd site which has a login portal with only a sign-in feature working. Upon research, it was found to have a vulnerability that exposes the user’s private key enabling us to login using SSH. Root - A local exploit was found for openbsd; executing which gave me the root!
https://medium.com/bugbountywriteup/htb-openkeys-writeup-531264648200
#security