| 1 |
On Sat, May 2, 2009 at 1:14 PM, Nitin Kanaskar <nitinvk04@×××××.com> wrote: |
| 2 |
|
| 3 |
> Ok - I am not clear about the terminology - |
| 4 |
> packages, versions... |
| 5 |
> But i need to install gentoo 2004/2005 - if this |
| 6 |
> is right. I am a graduate student doing research on |
| 7 |
> vulnerabilities, exploits and IDS. Hence I am looking |
| 8 |
> for older gentoo installations which i know have |
| 9 |
> some vulnerabilities. |
| 10 |
> If i have to build whole OS from source, I am willing |
| 11 |
> to do that - but could not find any resource on that |
| 12 |
> old stuff. |
| 13 |
> |
| 14 |
> Hope I am clear about why I am looking for |
| 15 |
> such old stuff. |
| 16 |
|
| 17 |
|
| 18 |
i hope you are already a subscriber of the great mailing list: |
| 19 |
full-disclosure |
| 20 |
i dont think gentoo/portage is the easiest software to look at for old |
| 21 |
vulnerabilities, reason is, portage will syncronise with current 'version' |
| 22 |
so you probably want to look at older version of the portage package or |
| 23 |
older version of some other software. |
| 24 |
|
| 25 |
if you prefer to go toward some other software, checkout |
| 26 |
insecure.org(nmap's former official website) there is a section for |
| 27 |
mailing lists and |
| 28 |
links to that full disclosure list with archives. High volume list, |
| 29 |
vulnerabilites are disclosed about all kinds of software (90% linux software |
| 30 |
and some of other OSes). |
| 31 |
|
| 32 |
Good luck! |
Archives