OpenBSD: 33-year security vulnerability

One OpenBSD developer has encountered a vulnerability that has been in the operating system for no less than 33 years.

Swiss developer Marc Balmer reported in May that he had discovered a rather surprising security flaw in the OpenBSD operating system. The error sparked interest primarily because it turned out to have a history of 25 years, meaning it had been found in the code of the popular operating system for more than two decades. In addition, the vulnerability has been shown to affect all BSD-based systems, even Mac OS X. However, the curious 25-year-old security flaw hasn’t remained a top notch for long, at least for its age.

These days, Otto Moerbeek, an OpenBSD developer, has encountered a vulnerability that has existed for no less than 33 years. All this means that the bug was still included in the sixth version system released in 1975 and has been lurking there ever since. The vulnerability identified by Moerbeek has so far been detected in Sparc64-compatible OpenBSD.

The 33-year-old vulnerability was discovered under interesting circumstances. Moerbeek has received an announcement that Sparc64 platform, the latest malloc Compiling a large C ++ application is not possible due to internal translation errors. Since Moerbeek was just busy testing malloc, he was able to recognize the problem relatively quickly. This is because the new malloc takes a more stringent approach to buffer overflow failures than before, and has made a significant contribution to filtering out old vulnerabilities. Following the discovery of the security flaw, Moerbeek made the enhanced code available to address the vulnerability.