Visit the Ironworks Gaming Website Email the Webmaster Graphics Library Rules and Regulations Help Support Ironworks Forum with a Donation to Keep us Online - We rely totally on Donations from members Donation goal Meter

Ironworks Gaming Radio

Ironworks Gaming Forum

Go Back   Ironworks Gaming Forum > Ironworks Gaming Forums > General Discussion > General Conversation Archives (11/2000 - 01/2005)

 
 
Thread Tools Search this Thread
Old 12-23-2004, 10:20 PM   #1
Thoran
Galvatron
 

Join Date: January 10, 2002
Location: Upstate NY
Age: 56
Posts: 2,109
Docbook to man Insecure temp file creation
LPRng Script Insecure temp file creation
Red Hat update for acroread
KDE Buffer Overflow Vlunerability
RPM Finder "web()" Buffer Overflow and Insecure File creation
Debian debmake insecure temp dir creation
Sybase ASE Three Unspecified Vulnerabilities
Fedora update for libtiff
Mandrake update for kdelibs
Mandrake update for logcheck
Mandrake update for krb5
SUSE update for samba
Mandrake update for mplayer
SurgeMail unspecified webmail security issue
2bgal "id album" SQL injection Vulnerability

6 are rated "Highly Critical", all are vulnerabilities or repairs for vulnerabilities in LINUX software or OS (except surgemail which is multiplatform).
Thoran is offline  
Old 12-24-2004, 03:33 AM   #2
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Which of those applies to the Linux OS? I count... none.
Of these 6 are distro-specific updates - meaning, the fix has already been made in the software before this, and that the fixed version has been landed in that distro's official package repositories. Given the nature of open source, it is highly likely that these were available in non-official repositories in the appropriate format before now. Also, for them to be called 'updates' on Secunia would seem to mean that this has been fixed before it has been made public.
The unspecified vulnerabilities have fixes: this is their very nature. Secunia has been told that holes have been plugged, but not been given the exact details.
So, that leaves 6 vulnerbilities, across multiple unrelated programs.
And let's see how serious they are...
LPRng Script.. : Less Critical, requires local system access (meaning it has to be done sitting right there at that machine, rather than - like most of the Windows flaws - somewhere on the internet).
RPM Finder: Moderately Critical, from remote. But, oh look, this is patched. 5 vulnerabilities, in unrelated programs.
debmake: Less Critical, local system, patched. 4 unpatched, still in unrelated programs.
kpdf buffer overflow: ok, highly critical. But this is also patched. Note that it would be extremely critical if there were exploits in the wild, but.. there aren't.
Docbook-to-Man: less critical
SQL injection: Less critical

Meaning, of all these, there are 3 unpatched. All of these are marked 'less critical', and require local access. Of the remaining 12, 6 were seemingly patched very quickly after they became known (Secunia publishes vulnerbilities a certain time after telling the vendor - a few weeks, I think). That leaves... 6 vulnerabilities in 6 different applications that are patched, but possibly took a while to come out.

Which means that you seem to be exagerating the seriousness of this a bit. Can you try to tell the whole story next time?
LennonCook is offline  
Old 12-24-2004, 04:11 AM   #3
Ziroc
Ironworks Webmaster

     
     Bow to the Meow

 

Join Date: January 4, 2001
Location: Lakeland, Florida
Age: 51
Posts: 11,720
Can we stop the 'my OS is better than yer OS' please? cannot 2 different OS'es exist? Let's stop this petty stuff. [img]smile.gif[/img]
__________________
Ziroc™
Ironworks Gaming Webmaster
www.ironworksgaming.com

The Great Escape Studios - 2D/3D Modeling
www.tgeweb.com & Ziroc's Facebook Page
Visit My Flickr Photo Album
Ziroc is offline  
Old 12-24-2004, 05:22 AM   #4
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Quote:
Originally posted by Ziroc:
Can we stop the 'my OS is better than yer OS' please? cannot 2 different OS'es exist? Let's stop this petty stuff. [img]smile.gif[/img]
Couldnt have said it better myself
I think we should have a ban on "Vulnerability to OS's" threads [img]tongue.gif[/img]
Hivetyrant is offline  
Old 12-24-2004, 07:55 AM   #5
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Ziroc:
cannot 2 different OS'es exist?
Sure. FreeBSD and Linux. [img]tongue.gif[/img] But I understand...

Quote:
Originally posted by Hivetyrant:
I think we should have a ban on "Vulnerability to OS's" threads [img]tongue.gif[/img]
Except that these things are important, and people need to be aware of them. To ban these threads would be to pretend that we live in an ideal, bug-free, secure world. But, we don't, and so pretending that would be detrimental to everyone except the malicious. And that, put simply, would not be good.
LennonCook is offline  
Old 12-24-2004, 09:29 AM   #6
Hivetyrant
Jack Burton
 

Join Date: August 24, 2002
Location: Aussie now in the US of A!
Age: 37
Posts: 5,403
Ok, but we dont need to be told when we are suseptable to attacks through Notepad.
I just think that only serious vulnerabilities should be diiscussed.
Mainly becuase there seem to be so many threads about them here lately. And I know that I am not the only one who is getting sick of them.
Hivetyrant is offline  
Old 12-24-2004, 12:28 PM   #7
Thoran
Galvatron
 

Join Date: January 10, 2002
Location: Upstate NY
Age: 56
Posts: 2,109
[img]smile.gif[/img] ... just pointing out that a running ticker of vulnerabilities biased to provide the illusion that M$ alternatives are somehow better is a bit ludicrous... we are all living in glass houses.

I also think it's downright dangerous to mislead people into believing that linux is not subject to as many flaws and vulnerabilities as Windows. People should choose an OS knowing that NONE of them are perfect, and only seeing Windows problems highlighted day after day is misleading at best... deceptive at worst. A ban would probably be a good idea, point people to sites like Secunia and tell them to do their own research.

Today's Secunia list, like yesterdays, was dominated by UNIX/LINUX sofware.
Thoran is offline  
Old 12-24-2004, 04:53 PM   #8
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Saying Linux is more secure isn't a myth. It's true and proven. Yes, proven - this has been researched.

Jarrad, any vulnerability is potentially serious. That one in Wordpad (not notepad [img]tongue.gif[/img] ) was especially serious, since it was a buffer overflow (meaning it can allow basically anything to happen that the OS lets that program do (which is, in all OS's, probably not what you think). But, I do try to limit it to only the serious flaws, in programs people are likely to have installed... if I didn't do that, my post count would either be alot higher, or reset for spamming. [img]tongue.gif[/img]
LennonCook is offline  
Old 12-25-2004, 01:58 AM   #9
Ziroc
Ironworks Webmaster

     
     Bow to the Meow

 

Join Date: January 4, 2001
Location: Lakeland, Florida
Age: 51
Posts: 11,720
Lennon, did I not just say chill it!?


NO software is EVER 100% safe. And never will be. ALL code has mistakes, ALL code has vulnerabilities. As long as there are people that seek them.

MMMkay? [img]smile.gif[/img] Now drop it, and Merry Christmas!
__________________
Ziroc™
Ironworks Gaming Webmaster
www.ironworksgaming.com

The Great Escape Studios - 2D/3D Modeling
www.tgeweb.com & Ziroc's Facebook Page
Visit My Flickr Photo Album
Ziroc is offline  
Old 12-25-2004, 06:01 AM   #10
LennonCook
Jack Burton
 

Join Date: November 10, 2001
Location: Bathurst & Orange, in constant flux
Age: 37
Posts: 5,452
Quote:
Originally posted by Ziroc:
Lennon, did I not just say chill it!?
Well, not in those exact words..


Quote:
NO software is EVER 100% safe. And never will be. ALL code has mistakes, ALL code has vulnerabilities. As long as there are people that seek them.
Except maybe Wordpad. Oh, wait... [img]tongue.gif[/img]

EDIT: Fixed quotes.

[ 12-25-2004, 05:33 PM: Message edited by: LennonCook ]
LennonCook is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Windows Library vulnerabilities: Exploits in the wild LennonCook General Conversation Archives (11/2000 - 01/2005) 0 12-23-2004 10:01 PM
MS Patch for Wordpad Vulnerabilities LennonCook General Conversation Archives (11/2000 - 01/2005) 3 12-16-2004 07:59 AM
Regarding two old Baldurdash fixes Malthaussen Baldurs Gate II: Shadows of Amn & Throne of Bhaal 2 11-29-2004 06:37 AM
Bugs + Fixes Darthiir Baldurs Gate II: Shadows of Amn & Throne of Bhaal 9 09-30-2002 09:53 AM
SoA + ToB + Baldurash fixes? Whailor Baldurs Gate II: Shadows of Amn & Throne of Bhaal 8 01-15-2002 12:04 PM


All times are GMT -4. The time now is 03:27 AM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved