| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Small data analysis based on August/September GLSAs : |
| 5 |
|
| 6 |
55 GLSAs |
| 7 |
21 of which are buffer overflows (38%) |
| 8 |
5 are buffer overflows affecting daemons (9%) |
| 9 |
14 are buffer overflows affecting client software (25%) |
| 10 |
2 can potentially affect both servers and clients (4%) |
| 11 |
|
| 12 |
So almost one third of our current vulnerabilities are buffer overflows |
| 13 |
affecting client software. These require the attacker to make you |
| 14 |
load/read/open a malicious document/image/playlist. It's not because we |
| 15 |
haven't seen much viruses for Linux that we shouldn't worry about this |
| 16 |
attack vector. Restricting ssp to daemons and +s programs is not very |
| 17 |
useful. A client-based vulnerability can be used together with a recent |
| 18 |
root escalation kernel vuln to compromise a machine completely. Weakest |
| 19 |
link. |
| 20 |
|
| 21 |
- -- |
| 22 |
Koon |
| 23 |
-----BEGIN PGP SIGNATURE----- |
| 24 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 25 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 26 |
|
| 27 |
iD8DBQFBUonOvcL1obalX08RArGJAKCShMubWvGlGqHLW/CFMZfHCz6q8ACgifMc |
| 28 |
LCX6C/NkPGumUILK4idOG6E= |
| 29 |
=yJgM |
| 30 |
-----END PGP SIGNATURE----- |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-dev@g.o mailing list |
Archives