Be very, very concerned with any vulnerabilities that cause crashes. Someone may discover a way to control where the process points to, and now you have a way more serious issue.
For else old folks it would be like WinNuke. Back in the day of dial up your entire PC was front and center on the internet. Windows 95 had a vulnerability that anyone could BSOD you. When it came out basically any IRC or multiplayer interaction you could get BSOD’d by any rando on the internet.
I would be lying if I wasn’t occasionally on the sending end of these at the ripe old age of 12.
When that first showed in theaters in the bay area, people cheered and clapped when she was using Nmap and SSH Nuke. Non tech folks were probably a little confused.
It was a relatively recent exploit, I remember being at an RSA conference when the remote ssh exploit was announced and everyone’s pager started going off and people hustled out of there. Fun times!
I remember people started probing pretty quickly, too, which was a good warning that you couldn’t be complacent about things like that. If memory serves, we’d upgraded most of our servers to only support SSH-2 before this happened and since that included our public shell servers (.edu) nobody broke in to anything but we did have to badger some proprietary vendors for updates to devices which were fortunately on our restricted internal-only network.
Per http://www.openbsd.org, “Only two remote holes in the default install, in a heck of a long time!” I believe, at least one of these, was SSH related.
Yeah, people in the 90s really loved installing redhat 4 (not rhel 4, the old versions) and getting a vulnerable pop2/pop3/imapd running by default after installs. You would get hacked within the hour if not behind firewalls.
Very unfair of OpenBSD (and other security conscious OSes) to not compete on equal terms there.
That would be a huge problem.
I don’t care about DoS or crashes!