1 |
On Sat, May 2, 2009 at 1:14 PM, Nitin Kanaskar <nitinvk04@×××××.com> wrote: |
2 |
|
3 |
> Ok - I am not clear about the terminology - |
4 |
> packages, versions... |
5 |
> But i need to install gentoo 2004/2005 - if this |
6 |
> is right. I am a graduate student doing research on |
7 |
> vulnerabilities, exploits and IDS. Hence I am looking |
8 |
> for older gentoo installations which i know have |
9 |
> some vulnerabilities. |
10 |
> If i have to build whole OS from source, I am willing |
11 |
> to do that - but could not find any resource on that |
12 |
> old stuff. |
13 |
> |
14 |
> Hope I am clear about why I am looking for |
15 |
> such old stuff. |
16 |
|
17 |
|
18 |
i hope you are already a subscriber of the great mailing list: |
19 |
full-disclosure |
20 |
i dont think gentoo/portage is the easiest software to look at for old |
21 |
vulnerabilities, reason is, portage will syncronise with current 'version' |
22 |
so you probably want to look at older version of the portage package or |
23 |
older version of some other software. |
24 |
|
25 |
if you prefer to go toward some other software, checkout |
26 |
insecure.org(nmap's former official website) there is a section for |
27 |
mailing lists and |
28 |
links to that full disclosure list with archives. High volume list, |
29 |
vulnerabilites are disclosed about all kinds of software (90% linux software |
30 |
and some of other OSes). |
31 |
|
32 |
Good luck! |