Core Security Issues Advisory

BOSTON -- Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today issued an advisory disclosing a remote kernel buffer overflow vulnerability in the open source operating system, OpenBSD. This vulnerability allows attackers to gain complete control of the target system bypassing all the operating system's security mechanisms.

CoreLabs, the research arm of Core Security, discovered the critical flaw, which enables an attacker to exploit vulnerable systems by adding arbitrary code at the kernel level of the targeted operating system. This attack subverts any and all security mechanisms within the system.

OpenBSD is an open source operating system that is recognized for its focus on security as a distinguishing feature. However, Core Security warns end users that even the most secure operating systems have vulnerabilities from time to time, including serious ones such as this latest discovery.

The vulnerability was discovered in the code of the operating system, which was developed to process Internet Protocol version 6 (IPv6) packets. This illustrates the possible perils in the implementation of relatively new and complex protocols, even in the most secure operating systems.

"For over a decade the OpenBSD team has done a superb job leading the way in the development of a very secure, free, general-purpose operating system," said Iván Arce, CTO at Core Security Technologies. "However, 100% bullet-proof security is an unattainable goal and security-conscious users should be aware of that and remain prepared to quickly deploy fixes and workarounds should a serious problem like this surface."

Core Security Technologies