TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISSalert: Top 10 Vulnerabilities (fwd)





-- 
Scott Dier <dieman@ringworld.org> #nicnac@efnet 612.301.0265
http://www.ringworld.org/  finger:dieman@destiny.ringworld.org

Wait. Watch. Wonder.
	-J

http://sluggy.com/d/971226.html

---------- Forwarded message ----------
Date: Tue, 9 May 2000 14:07:02 -0500 (CDT)
From: Scott M. Dier <sdier@cs.umn.edu>
To: security@mail.nts.umn.edu
Cc: dieman@ringworld.org
Subject: Re: ISSalert: Top 10 Vulnerabilities (fwd)

On Tue, 9 May 2000, John Ladwig wrote:

[from ISSalert: Top 10 Vulenrabilities
> 10. Linux buffer overflows
[deleted text]

Many of these at the end (IMAP,wu-ftpd) should have been assoicated with
specific distributions of Linux. (grumble, old redhat,
grumble.. www.redhatisnotlinux.org )

Keep that in mind when auditing a linux system and you see this on the
list as number 10.  Many distributions take care of these security
problems and distribute fixes just as fast as many commercial
unices.  Nor are these exploits under #10 specific to all "Linux".

Most of it is plain and simple, keep on top of your applications and their
releases and what fixes exist out there.. you can run a linux box pretty
darned secure. Try to keep an eye out for applications you run and if they
have venurabilities for them.

-- 
Scott Dier <sdier@cs.umn.edu> 
Computer Science/ITLabs Systems Staff
University of Minnesota, Twin Cities