Velocity Reviews

Velocity Reviews (
-   Computer Security (
-   -   SYMANTEC SECURITY ADVISORIES ( 02-14-2004 02:04 PM

37 M$ advisories and only 4 Linux

Q: How can Linux be as insecure as M$ ?
A: It cant

Microsoft Windows ASN.1 Library Integer Handling Vulnerability

February 10, 2004

Microsoft Windows Internet Naming Service Buffer Overflow

February 10, 2004

Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow

January 13, 2004

Microsoft MDAC Function Broadcast Response Buffer Overrun

January 13, 2004

Linux Kernel do_mremap Function Boundary Condition Vulnerability

January 5, 2004 Internet Explorer Patch Buffer Overflow Vulnerability

December 23, 2003

RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

December 9, 2003

Yahoo! Messenger YAuto.DLL Open Buffer Overflow Vulnerability

December 9, 2003

Microsoft Windows Workstation Service Remote Buffer Overflow

November 11, 2003

Microsoft Internet Explorer Self Executing HTML Arbitrary Code
Execution Vulnerability

November 10, 2003

Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow

November 3, 2003

Microsoft Messenger Service Buffer Overrun Vulnerability

October 16, 2003

Microsoft Exchange Server Buffer Overflow Vulnerability

October 16, 2003

Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

October 13, 2003

OpenSSL ASN.1 Parsing Vulnerabilities

October 6, 2003

Sun Solaris SAdmin Client Credentials Remote Administrative Access

September 16, 2003

Multiple Microsoft RPC DCOM Subsystem Vulnerabilities

September 10, 2003

Pam_SMB Remote Buffer Overflow Vulnerability

September 2, 2003

Microsoft Data Access Components ODBC Buffer Overflow Vulnerability

August 26, 2003

Multiple Oracle XDB FTP / HTTP Services Buffer Overflow

August 11, 2003

Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability

July 16, 2003

Cisco IOS Malicious IPV4 Packet Sequence Denial Of Service

July 16, 2003

University of Minnesota Gopherd GSisText Buffer Overflow Vulnerability

July 14, 2003

CCBill WhereAmI.CGI Remote Arbitrary Command Execution Vulnerability

July 3, 2003

InterSystems Cache Insecure Default Permissions Vulnerability

July 1, 2003

Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow

June 25, 2003

Symantec Security Check ActiveX Buffer Overflow

June 25, 2003

Multiple Sun Database Functions Buffer Overflow Vulnerabilities

June 23, 2003

PMachine Lib.Inc.PHP Remote Include Command Execution Vulnerability

June 16, 2003

Sun Management Center Change Manager PamVerifier Buffer Overflow

June 2, 2003

FastTrack P2P Supernode Packet Handler Buffer Overflow Vulnerability

May 27, 2003

IBM AIX Multiple Unspecified Security Vulnerabilities

May 19, 2003

Internet Explorer file:// Request Zone Bypass Vulnerability

May 12, 2003

Apache Mod_Auth_Any Remote Command Execution Vulnerability

May 5, 2003

Cisco CatOS Authentication Bypass Vulnerability

April 28, 2003

Snort TCP Packet Reassembly Integer Overflow Vulnerability

April 21, 2003

Oracle E-Business Suite RRA/FNDFS Arbitrary File Disclosure

April 14, 2003

Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities

April 7, 2003

Sendmail Address Prescan Memory Corruption Vulnerability

March 31, 2003

Sun XDR Library xdrmem_getbytes() Integer Overflow Vulnerability

March 24, 2003

Microsoft Windows 2000 WebDAV / ntdll.dll Buffer Overflow

March 17, 2003

Samba SMB/CIFS Packet Assembling Buffer Overflow Vulnerability

March 17, 2003

Sendmail Header Processing Buffer Overflow Vulnerability

March 3, 2003

Cisco IOS OSPF Neighbor Buffer Overflow Vulnerability

February 26, 2003

IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability

February 18, 2003

Opera Cross Domain Scripting Vulnerability

February 10, 2003

Microsoft Windows Locator Service Buffer Overflow Vulnerability

January 27, 2003

ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow

January 21, 2003

Half-Life Client Server Message Format String Vulnerability

January 20, 2003

Longshine Wireless Access Point Devices Information Disclosure

January 13, 2003

Perl-HTTPd File Disclosure Vulnerability

January 6, 2003

Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability

December 16, 2002

Cobalt RaQ4 Administrative Interface Command Execution Vulnerability

December 9, 2002

Lib CGI Include Buffer Overflow Vulnerability

December 2, 2002

Microsoft Data Access Components RDS Buffer Overflow Vulnerability

November 20, 2002

TCPDump / LIBPCap Trojan Horse Vulnerability

November 18, 2002

Macromedia JRun Oversized URI Buffer Overflow Vulnerability

November 11, 2002

Multiple Microsoft IIS Vulnerabilities

November 4, 2002

Multiple Vendor kadmind Remote Buffer Overflow Vulnerability

October 28, 2002

Linux-HA Heartbeat Remote Buffer Overflow Vulnerability

October 21, 2002

Sendmail Trojan Horse Vulnerability

October 14, 2002

Multiple Microsoft SQL Server Vulnerabilities

October 7, 2002

Multiple OpenVMS WASD HTTP Server Vulnerabilities

September 30, 2002

Microsoft Virtual Machine Multiple JDBC Vulnerabilities

September 23, 2002

Apache_mod_ssl Worm Alert

September 13, 2002

Multiple Cisco VPN 3000 Vulnerabilities

September 9, 2002

Microsoft Terminal Services Advanced Client buffer overflow allows
malicious code execution

September 3, 2002

Microsoft File Transfer Manager ActiveX Control Buffer Overflow

August 28, 2002

Microsoft Content Management Server flaws allow system compromise

August 19, 2002

Microsoft SQL Server MDAC Buffer Overflow Compromise

August 11, 2002

Microsoft SQL Server Resolution Service buffer overflows allow
arbitrary code execution

August 5, 2002

PHP multipart/form-data POST parsing error allows arbitrary code

July 22, 2002

Sun ONE (iPlanet) Web Server search buffer overflow allows arbitrary

July 15, 2002

OpenSSH daemon challenge-response allows DoS or remote compromise

July 9, 2002

Apache HTTP Server chunk encoding stack overflow

June 18, 2002

Microsoft IIS HTR Chunked Encoding heap overflow allows arbitrary code

June 17, 2002

Microsoft Windows RAS phonebook buffer overflow allows code execution

June 17, 2002

ISC Bind 9.x vulnerability allows Domain Name Server Denial-of-Service

June 6, 2002

Sun Solaris SNMP components allows remote execution of code with root

June 4, 2002

Microsoft Exchange Server 2000 Store Service allows DoS

June 3, 2002


May 21, 2002

RedHat sharutils package uudecode flaw allows elevated privileges

May 20, 2002

MSN Chat Control buffer overflow allows remote code execution

May 9, 2002

Sun Solaris admintool buffer overflow in PRODVERS argument allows root

May 6, 2002

Multiple Vulnerabilities Discovered In Microsoft Internet Information

April 11, 2002

CiscoSecure ACS flaw allows arbitrary code execution

April 4, 2002

Microsoft SQL Server Extended Procedure Function Buffer Overflow

March 28, 2002

Zlib compression library double free bug could allow arbitrary code

March 11, 2002

Microsoft Virtual Machine multiple flaws allow malicious control

March 4, 2002

Multiple Buffer Overflows in PHP allow remote access to server

February 28, 2002

Microsoft Commerce Server 2000 Unchecked Buffer in AuthFilter

February 21, 2002

Multiple SNMP vulnerabilities in multiple products

February 13, 2002

ISS BlackICE ping flood buffer overflow allows code execution

February 4, 2002

CDE dtspcd Buffer Overflow

January 29, 2002

Linux rsync I/O errors allow DoS or root access

January 25, 2002

Symantec Enterprise Security Solutions check for susceptibility to the
Microsoft UPnP Buffer Overflow and DoS vulnerabilities

December 20, 2001

Buffer Overflow in System V Derived Login

December 14, 2001

Malformed Microsoft Excel or PowerPoint documents bypass Microsoft
macro security features

October 4, 2001

Multi-vendor Unicode IDS bypass

September 7, 2001

Update: Symantec Customer Security Advisory for the CodeRed Worm

July 31, 2001

Symantec Enterprise Security Solutions protect against the Microsoft
Windows IIS Index Server ISAPI System-level Remote Access Buffer

June 20, 2001

Symantec Enterprise Security Solutions protect against the sadmind/IIS
worm and associated exploits

May 11, 2001

Symantec Enterprise Security Solutions protect against Microsoft
Windows 2000 IIS 5.0 system-level remote access buffer overflow

May 2, 2001

Increased Risk in China/US Hacking Activity

April 30, 2001

Incorrect Mime Header Vulnerability (MSIE)

April 13, 2001

Lion worm and its propagation methods are detected and prevented by
Symantec products

March 26, 2001

Fraudulent Digital Certificate (Verisign)

March 24, 2001

Symantec security products address BIND vulnerabilities.

February 13, 2001

Lotus Domino Denial of Service Malformed HTML Email

February 8, 2001

Ramen WORM propagation methods are detected by Symantec security

January 24, 2001

How Symantec Addresses Microsoft Compromise

October 31, 2000

Widespread Exploitation of Common
Vulnerabilities Reported

October 19, 200

Jbob 02-14-2004 04:55 PM


<> wrote in message
> 37 M$ advisories and only 4 Linux
> Q: How can Linux be as insecure as M$ ?
> A: It cant

Funny but I've got 13 alerts in my inbox now from Redhat Linux just for this
year(2004) alone. I'm not gonna go count how many I got last year. Not
good for your argument!

Hairy One Kenobi 02-14-2004 06:07 PM

<> wrote in message
> 37 M$ advisories and only 4 Linux
> Q: How can Linux be as insecure as M$ ?
> A: It cant

Hmm. Let's count those again.. (from the last year only - couldn't be
bothered to go back further)

MS (OS only) 4 + 1 untested rumour

MS (NT4 compatability mode) 1

MS (Layered products) 7 + 1 untested rumour

Cock-up by third-party developer trying to patch MS layered product 1

Random Windows program 10

Linux or Linux-based layered product 16

Completely different OS 19

Makes slightly different reading, no? It's also incomplete, and fails to
represent the relative seriousness of each outbreak (c.f. chaos caused by
unpatched MS clients/virus carriers, and updating most *nix SSL

There are also a vast number of omissions.. particularly from the MS side of


Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

All times are GMT. The time now is 08:52 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.