mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 2 1 2
#44403 30/08/03 11:04 AM
Joined: Aug 2003
Posts: 4
J
Self-satisified door
Offline
Self-satisified door
J
Joined: Aug 2003
Posts: 4
Linux is not secure it has just as many holes in it as windows does if not more.
Heres a list of some more commonly known linux security holes:

1. The uml_net utility, part of the kernel-utils package in Red Hat Linux 8.0, was shipped with incorrect permissions.

a. Local users could control network interfaces, put interfaces into promiscuous mode, and add and remove arp entries and routes.

2. The "netfilter" firewall subsystem included with Linux kernel versions 2.4.x contains a vulnerability that may allow remote attackers to reach hosts that should be protected.

3. From the HP-UX security bulletins digest (HPSBUX0305-259): A problem has been reported in kermit which could allow access to account bin and group daemon privileges. Until a fix is available we recommend removing suid/sgid permissions from kermit. This will limit the functionality of kermit. Full functionality will be available only to the root user.

4. Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems.

a. An attacker who is able to control DNS responses could exploit arbitrary code or cause a denial of service on vulnerable systems. The attacker would need to be able to spoof DNS responses or control a DNS server that provides responses to a vulnerable system. Any code executed by the attacker would run with the privileges of the process that called the vulnerable resolver function, potentially root.

5. There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available.

a. A remote attacker may be able to crash the PPTP server or execute arbitrary code with the privileges of the PopTop server.

6. A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.

a. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition.

7. There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root.

a. Successful exploitation of this vulnerability may allow an attacker to gain the privileges of the sendmail daemon, typically root. Even vulnerable sendmail servers on the interior of a given network may be at risk since the vulnerability is triggered from the contents of a malicious email message.

8. Samba contains several buffer overflow vulnerabilitites. At least one of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.

a. An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service. The Samba daemon (smbd) runs with root privileges, so an attacker could gain complete control of a vulnerable system.


#44404 30/08/03 11:37 AM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Oh good. Another OS 'war' filled with non-facts and half-truths.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#44405 03/09/03 12:19 AM
Joined: Sep 2003
Posts: 4
V
Self-satisified door
Offline
Self-satisified door
V
Joined: Sep 2003
Posts: 4
Yep. Sad eh.


da' vorte[x]
#44406 31/10/03 04:49 AM
Joined: Jan 2003
Posts: 17
M
Pikka bird
Offline
Pikka bird
M
Joined: Jan 2003
Posts: 17
I think those Linux people are a joke. Windows will always be king. :tongue:

Obviously Linux is free, the bug fixers aren't getting paid. wink

#44407 31/10/03 05:17 AM
Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
As with most things, its a matter of choice. Insulting another's choice and trying to rekindle a flame war is pointless.


ParaBrat @#mIRCAide DALnet
Page 2 of 2 1 2

Link Copied to Clipboard