RCE in OpenBSD

Posted on by Anon

https://www.cve.org/CVERecord?id=CVE-2024-29937
> RCE in OpenBSD NFS server
Imagine the damage it would do if anyone actually used the meme OS in production.

Tip Your Landlord Shirt $21.68

DMT Has Friends For Me Shirt $21.68

Tip Your Landlord Shirt $21.68
  1. 2 months ago
    Reply
    Anonymous

    What is RCE?

    • 2 months ago
      Reply
      Anonymous

      Remote
      Comething
      Exploit

    • 2 months ago
      Reply
      Anonymous

      Remote code execution.

      • 2 months ago
        Reply
        Anonymous

        Thanks, FBI.

    • 2 months ago
      Reply
      Anonymous

      Rectal Cavern Enjoyer

  2. 2 months ago
    Reply
    Anonymous

    Did they publish anything other than an easily faked youtube video?

    • 2 months ago
      Reply
      Anonymous

      That is a teaser trailer, and I also thought it was hilariously bad.

      • 2 months ago
        Reply
        Anonymous

        I wouldnt be surprised if theyre for real, but I also wouldn't be surprised if they are full of shit. People claim to do stuff all the time, and openBSD is pretty battle tested. Time will tell what the real story is.

      • 2 months ago
        Reply
        Anonymous

        >teaser trailer for a rce
        Heartbleed was a massive fricking mistake.

    • 2 months ago
      Reply
      Anonymous

      That is a teaser trailer, and I also thought it was hilariously bad.

      I wouldnt be surprised if theyre for real, but I also wouldn't be surprised if they are full of shit. People claim to do stuff all the time, and openBSD is pretty battle tested. Time will tell what the real story is.

      >https://t2.fi/schedule/2024/#speech5

      • 2 months ago
        Reply
        Anonymous

        >https://www.signedness.org/misc/

      • 2 months ago
        Reply
        Anonymous

        I'm assuming this only works over a local network if it does work. NFS is weird in general lol, prolly they are on to something. Doesn't make sense to me it would affect OpenBSD and not most linux distros though.

        • 2 months ago
          Reply
          Anonymous

          >Doesn't make sense to me it would affect OpenBSD and not most linux distros though.
          Aren't they completely separate implementations?

        • 2 months ago
          Reply
          Anonymous

          Linux has a more battle tested and audited implementation of NFS, considering how much more people use it.

  3. 2 months ago
    Reply
    Anonymous

    Only two remote holes in the default install, in a heck of a long time!

    • 2 months ago
      Reply
      Anonymous

      >heartbleed
      >holey for over a decade.
      It isn't by chance.

  4. 2 months ago
    Reply
    Anonymous

    Umm sweaty NFS is not enabled by default in the default install so it doesn't count :^)

  5. 2 months ago
    Reply
    Anonymous

    Daily reminder that OpenBSD approach to security is is just implement a bunch of esoteric meme mitigations without any kind of threat model behind.
    Any shit Linux box with MAC like AppArmor, SELinux or TOMOYO are way more secure.

  6. 2 months ago
    Reply
    Anonymous

    NFS is brain damage. It's never used in production apart from some neckbeard's "homelab". This is a nothingburger.

  7. 2 months ago
    Reply
    Anonymous

    ?feature=shared
    What's this terminal? Looks cool

    • 2 months ago
      Reply
      Anonymous

      Cool-retro-term

    • 2 months ago
      Reply
      Anonymous

      Why is the security scene so clownish that looks like they are characters in a show about hackers written by people that don't understand computers?

      • 2 months ago
        Reply
        Anonymous

        If you could rock that look at your day job wouldn't you jump at the chance?

  8. 2 months ago
    Reply
    Anonymous

    RED ALERT
    DEPLOY THE jerking off MONKEYS
    THIS IS NOT A DRILL

  9. 2 months ago
    Reply
    Anonymous

    Fake and gay.

  10. 2 months ago
    Reply
    Anonymous

    freebsd won

Your email address will not be published. Required fields are marked *