On 10/12/06, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote:
> Yeah, last time I checked you have to be able to log into m0n0wall and
> if you do you must be the admin, so why you would DoS your own firewall
> is well up to the admin I guess :-) Unless you can do something with
> the user accounts you can setup access to m0n0wall with that I'm not
> aware of.
Nope, no other user accounts are available, or even possible to
create. Since it's a local issue, you have to be logged in for it to
happen, and the only login has root privileges...yeah, who cares about
DoS if you have root privs already.
Aside from that, it's a reported issue in 6.0, and older versions are
unconfirmed. Historically, most 5.x and 6.x security-related bugs
haven't applied to 4.x.
There are a whole slew of ways for a local unprivileged user to DoS a
system, aside from bugs, which is why most OS's treat these things as
bugs/errata and not security issues. Linux did it first, now FreeBSD
seems to be following suit.