1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Small data analysis based on August/September GLSAs : |
5 |
|
6 |
55 GLSAs |
7 |
21 of which are buffer overflows (38%) |
8 |
5 are buffer overflows affecting daemons (9%) |
9 |
14 are buffer overflows affecting client software (25%) |
10 |
2 can potentially affect both servers and clients (4%) |
11 |
|
12 |
So almost one third of our current vulnerabilities are buffer overflows |
13 |
affecting client software. These require the attacker to make you |
14 |
load/read/open a malicious document/image/playlist. It's not because we |
15 |
haven't seen much viruses for Linux that we shouldn't worry about this |
16 |
attack vector. Restricting ssp to daemons and +s programs is not very |
17 |
useful. A client-based vulnerability can be used together with a recent |
18 |
root escalation kernel vuln to compromise a machine completely. Weakest |
19 |
link. |
20 |
|
21 |
- -- |
22 |
Koon |
23 |
-----BEGIN PGP SIGNATURE----- |
24 |
Version: GnuPG v1.2.4 (GNU/Linux) |
25 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
26 |
|
27 |
iD8DBQFBUonOvcL1obalX08RArGJAKCShMubWvGlGqHLW/CFMZfHCz6q8ACgifMc |
28 |
LCX6C/NkPGumUILK4idOG6E= |
29 |
=yJgM |
30 |
-----END PGP SIGNATURE----- |
31 |
|
32 |
-- |
33 |
gentoo-security@g.o mailing list |