Discussion in 'Computer Security' started by, Feb 14, 2004.

  1. Guest

    37 M$ advisories and only 4 Linux

    Q: How can Linux be as insecure as M$ ?
    A: It cant

    Microsoft Windows ASN.1 Library Integer Handling Vulnerability

    February 10, 2004

    Microsoft Windows Internet Naming Service Buffer Overflow

    February 10, 2004

    Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow

    January 13, 2004

    Microsoft MDAC Function Broadcast Response Buffer Overrun

    January 13, 2004

    Linux Kernel do_mremap Function Boundary Condition Vulnerability

    January 5, 2004 Internet Explorer Patch Buffer Overflow Vulnerability

    December 23, 2003

    RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

    December 9, 2003

    Yahoo! Messenger YAuto.DLL Open Buffer Overflow Vulnerability

    December 9, 2003

    Microsoft Windows Workstation Service Remote Buffer Overflow

    November 11, 2003

    Microsoft Internet Explorer Self Executing HTML Arbitrary Code
    Execution Vulnerability

    November 10, 2003

    Atrium Software Mercur Mailserver POP3 AUTH Remote Buffer Overflow

    November 3, 2003

    Microsoft Messenger Service Buffer Overrun Vulnerability

    October 16, 2003

    Microsoft Exchange Server Buffer Overflow Vulnerability

    October 16, 2003

    Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

    October 13, 2003

    OpenSSL ASN.1 Parsing Vulnerabilities

    October 6, 2003

    Sun Solaris SAdmin Client Credentials Remote Administrative Access

    September 16, 2003

    Multiple Microsoft RPC DCOM Subsystem Vulnerabilities

    September 10, 2003

    Pam_SMB Remote Buffer Overflow Vulnerability

    September 2, 2003

    Microsoft Data Access Components ODBC Buffer Overflow Vulnerability

    August 26, 2003

    Multiple Oracle XDB FTP / HTTP Services Buffer Overflow

    August 11, 2003

    Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability

    July 16, 2003

    Cisco IOS Malicious IPV4 Packet Sequence Denial Of Service

    July 16, 2003

    University of Minnesota Gopherd GSisText Buffer Overflow Vulnerability

    July 14, 2003

    CCBill WhereAmI.CGI Remote Arbitrary Command Execution Vulnerability

    July 3, 2003

    InterSystems Cache Insecure Default Permissions Vulnerability

    July 1, 2003

    Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow

    June 25, 2003

    Symantec Security Check ActiveX Buffer Overflow

    June 25, 2003

    Multiple Sun Database Functions Buffer Overflow Vulnerabilities

    June 23, 2003

    PMachine Lib.Inc.PHP Remote Include Command Execution Vulnerability

    June 16, 2003

    Sun Management Center Change Manager PamVerifier Buffer Overflow

    June 2, 2003

    FastTrack P2P Supernode Packet Handler Buffer Overflow Vulnerability

    May 27, 2003

    IBM AIX Multiple Unspecified Security Vulnerabilities

    May 19, 2003

    Internet Explorer file:// Request Zone Bypass Vulnerability

    May 12, 2003

    Apache Mod_Auth_Any Remote Command Execution Vulnerability

    May 5, 2003

    Cisco CatOS Authentication Bypass Vulnerability

    April 28, 2003

    Snort TCP Packet Reassembly Integer Overflow Vulnerability

    April 21, 2003

    Oracle E-Business Suite RRA/FNDFS Arbitrary File Disclosure

    April 14, 2003

    Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities

    April 7, 2003

    Sendmail Address Prescan Memory Corruption Vulnerability

    March 31, 2003

    Sun XDR Library xdrmem_getbytes() Integer Overflow Vulnerability

    March 24, 2003

    Microsoft Windows 2000 WebDAV / ntdll.dll Buffer Overflow

    March 17, 2003

    Samba SMB/CIFS Packet Assembling Buffer Overflow Vulnerability

    March 17, 2003

    Sendmail Header Processing Buffer Overflow Vulnerability

    March 3, 2003

    Cisco IOS OSPF Neighbor Buffer Overflow Vulnerability

    February 26, 2003

    IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability

    February 18, 2003

    Opera Cross Domain Scripting Vulnerability

    February 10, 2003

    Microsoft Windows Locator Service Buffer Overflow Vulnerability

    January 27, 2003

    ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow

    January 21, 2003

    Half-Life Client Server Message Format String Vulnerability

    January 20, 2003

    Longshine Wireless Access Point Devices Information Disclosure

    January 13, 2003

    Perl-HTTPd File Disclosure Vulnerability

    January 6, 2003

    Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability

    December 16, 2002

    Cobalt RaQ4 Administrative Interface Command Execution Vulnerability

    December 9, 2002

    Lib CGI Include Buffer Overflow Vulnerability

    December 2, 2002

    Microsoft Data Access Components RDS Buffer Overflow Vulnerability

    November 20, 2002

    TCPDump / LIBPCap Trojan Horse Vulnerability

    November 18, 2002

    Macromedia JRun Oversized URI Buffer Overflow Vulnerability

    November 11, 2002

    Multiple Microsoft IIS Vulnerabilities

    November 4, 2002

    Multiple Vendor kadmind Remote Buffer Overflow Vulnerability

    October 28, 2002

    Linux-HA Heartbeat Remote Buffer Overflow Vulnerability

    October 21, 2002

    Sendmail Trojan Horse Vulnerability

    October 14, 2002

    Multiple Microsoft SQL Server Vulnerabilities

    October 7, 2002

    Multiple OpenVMS WASD HTTP Server Vulnerabilities

    September 30, 2002

    Microsoft Virtual Machine Multiple JDBC Vulnerabilities

    September 23, 2002

    Apache_mod_ssl Worm Alert

    September 13, 2002

    Multiple Cisco VPN 3000 Vulnerabilities

    September 9, 2002

    Microsoft Terminal Services Advanced Client buffer overflow allows
    malicious code execution

    September 3, 2002

    Microsoft File Transfer Manager ActiveX Control Buffer Overflow

    August 28, 2002

    Microsoft Content Management Server flaws allow system compromise

    August 19, 2002

    Microsoft SQL Server MDAC Buffer Overflow Compromise

    August 11, 2002

    Microsoft SQL Server Resolution Service buffer overflows allow
    arbitrary code execution

    August 5, 2002

    PHP multipart/form-data POST parsing error allows arbitrary code

    July 22, 2002

    Sun ONE (iPlanet) Web Server search buffer overflow allows arbitrary

    July 15, 2002

    OpenSSH daemon challenge-response allows DoS or remote compromise

    July 9, 2002

    Apache HTTP Server chunk encoding stack overflow

    June 18, 2002

    Microsoft IIS HTR Chunked Encoding heap overflow allows arbitrary code

    June 17, 2002

    Microsoft Windows RAS phonebook buffer overflow allows code execution

    June 17, 2002

    ISC Bind 9.x vulnerability allows Domain Name Server Denial-of-Service

    June 6, 2002

    Sun Solaris SNMP components allows remote execution of code with root

    June 4, 2002

    Microsoft Exchange Server 2000 Store Service allows DoS

    June 3, 2002


    May 21, 2002

    RedHat sharutils package uudecode flaw allows elevated privileges

    May 20, 2002

    MSN Chat Control buffer overflow allows remote code execution

    May 9, 2002

    Sun Solaris admintool buffer overflow in PRODVERS argument allows root

    May 6, 2002

    Multiple Vulnerabilities Discovered In Microsoft Internet Information

    April 11, 2002

    CiscoSecure ACS flaw allows arbitrary code execution

    April 4, 2002

    Microsoft SQL Server Extended Procedure Function Buffer Overflow

    March 28, 2002

    Zlib compression library double free bug could allow arbitrary code

    March 11, 2002

    Microsoft Virtual Machine multiple flaws allow malicious control

    March 4, 2002

    Multiple Buffer Overflows in PHP allow remote access to server

    February 28, 2002

    Microsoft Commerce Server 2000 Unchecked Buffer in AuthFilter

    February 21, 2002

    Multiple SNMP vulnerabilities in multiple products

    February 13, 2002

    ISS BlackICE ping flood buffer overflow allows code execution

    February 4, 2002

    CDE dtspcd Buffer Overflow

    January 29, 2002

    Linux rsync I/O errors allow DoS or root access

    January 25, 2002

    Symantec Enterprise Security Solutions check for susceptibility to the
    Microsoft UPnP Buffer Overflow and DoS vulnerabilities

    December 20, 2001

    Buffer Overflow in System V Derived Login

    December 14, 2001

    Malformed Microsoft Excel or PowerPoint documents bypass Microsoft
    macro security features

    October 4, 2001

    Multi-vendor Unicode IDS bypass

    September 7, 2001

    Update: Symantec Customer Security Advisory for the CodeRed Worm

    July 31, 2001

    Symantec Enterprise Security Solutions protect against the Microsoft
    Windows IIS Index Server ISAPI System-level Remote Access Buffer

    June 20, 2001

    Symantec Enterprise Security Solutions protect against the sadmind/IIS
    worm and associated exploits

    May 11, 2001

    Symantec Enterprise Security Solutions protect against Microsoft
    Windows 2000 IIS 5.0 system-level remote access buffer overflow

    May 2, 2001

    Increased Risk in China/US Hacking Activity

    April 30, 2001

    Incorrect Mime Header Vulnerability (MSIE)

    April 13, 2001

    Lion worm and its propagation methods are detected and prevented by
    Symantec products

    March 26, 2001

    Fraudulent Digital Certificate (Verisign)

    March 24, 2001

    Symantec security products address BIND vulnerabilities.

    February 13, 2001

    Lotus Domino Denial of Service Malformed HTML Email

    February 8, 2001

    Ramen WORM propagation methods are detected by Symantec security

    January 24, 2001

    How Symantec Addresses Microsoft Compromise

    October 31, 2000

    Widespread Exploitation of Common
    Vulnerabilities Reported

    October 19, 200
    , Feb 14, 2004
    1. Advertisements

  2. Jbob

    Jbob Guest

    <> wrote in message
    > 37 M$ advisories and only 4 Linux
    > Q: How can Linux be as insecure as M$ ?
    > A: It cant

    Funny but I've got 13 alerts in my inbox now from Redhat Linux just for this
    year(2004) alone. I'm not gonna go count how many I got last year. Not
    good for your argument!
    Jbob, Feb 14, 2004
    1. Advertisements

  3. <> wrote in message
    > 37 M$ advisories and only 4 Linux
    > Q: How can Linux be as insecure as M$ ?
    > A: It cant

    Hmm. Let's count those again.. (from the last year only - couldn't be
    bothered to go back further)

    MS (OS only) 4 + 1 untested rumour

    MS (NT4 compatability mode) 1

    MS (Layered products) 7 + 1 untested rumour

    Cock-up by third-party developer trying to patch MS layered product 1

    Random Windows program 10

    Linux or Linux-based layered product 16

    Completely different OS 19

    Makes slightly different reading, no? It's also incomplete, and fails to
    represent the relative seriousness of each outbreak (c.f. chaos caused by
    unpatched MS clients/virus carriers, and updating most *nix SSL

    There are also a vast number of omissions.. particularly from the MS side of


    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Feb 14, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. totojepast
    Jul 31, 2003
  2. Thomas Kuborn

    Cisco advisories

    Thomas Kuborn, Jun 18, 2004, in forum: Cisco
    Thomas Kuborn
    Jun 18, 2004
  3. Pete Finnigan

    3 new Oracle security advisories just released

    Pete Finnigan, Feb 19, 2004, in forum: Computer Security
    Pete Finnigan
    Feb 19, 2004
  4. D70 service advisories

    , Oct 6, 2006, in forum: Digital Photography
    Oct 6, 2006
  5. D70 service advisories

    , Oct 6, 2006, in forum: Digital Photography

Share This Page