View Single Post
  #1   (View Single Post)  
Old 4th March 2011
c_moriarty c_moriarty is offline
Port Guard
 
Join Date: Mar 2011
Posts: 10
Default NetBSD being a secure OS, yet having a large list of vulnerabilities in its software.

I know that in the NetBSD Guide, it says that NetBSD is a secure operating system, and I've never read anywhere on the internet that it isn't...
But with a huge list of vulnerabilites in its software and nothing being done (at least quickly) to patch them, how secure could it possibly be?
This is what I get when I run pkg_admin audit or audit-packages:
Code:
Package python26-2.6.6nb6 has a sensitive-information-exposure vulnerability, see http://secunia.com/advisories/43463/
Package pango-1.28.3 has a denial-of-service vulnerability, see http://secunia.com/advisories/42934/
Package evince-2.30.3nb5 has a buffer-overflow vulnerability, see https://bugzilla.gnome.org/show_bug.cgi?id=640923
Package samba-3.0.37nb5 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
Package samba-3.0.37nb5 has a sensitive-information-exposure vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0926
Package samba-3.0.37nb5 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728
Package automake14-1.4.6 has a insecure-file-permissions vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029
Package rpm-2.5.4nb6 has a privilege-escalation vulnerability, see http://secunia.com/advisories/40028/
Package suse_base-10.0nb5 has a privilege-escalation vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
Package suse_freetype2-10.0nb5 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
Package suse_freetype2-10.0nb5 has a buffer-overflow vulnerability, see http://secunia.com/advisories/41738/
Package suse_freetype2-10.0nb5 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/41958/
Package suse_libpng-10.0nb4 has a information-disclosure vulnerability, see http://secunia.com/advisories/35346/
Package suse_libpng-10.0nb4 has a unknown-impact vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Package suse_libpng-10.0nb4 has a remote-system-access vulnerability, see http://secunia.com/advisories/40302/
Package suse_libtiff-10.0nb4 has a denial-of-service vulnerability, see http://secunia.com/advisories/40422/
Package suse_gtk2-10.0nb4 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
Package suse_openssl-10.0nb5 has a signature-spoofing vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
Package suse_openssl-10.0nb5 has a signature-spoofing vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
Package suse_openssl-10.0nb5 has a session-hijack vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
Package suse_openssl-10.0nb5 has a man-in-the-middle-attack vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00000.html
Package suse_openssl-10.0nb5 has a unknown-impact vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Package suse_openssl-10.0nb5 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
Package suse_openssl-10.0nb5 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
Package suse_openssl-10.0nb5 has a remote-security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
Package ns-flash-9.0.289 has a remote-system-access vulnerability, see http://www.adobe.com/support/security/bulletins/apsb10-14.html
Package ns-flash-9.0.289 has a remote-system-access vulnerability, see http://www.adobe.com/support/security/bulletins/apsb10-16.html
Package ns-flash-9.0.289 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
Package ns-flash-9.0.289 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
Package ns-flash-9.0.289 has a multiple-vulnerabilities vulnerability, see http://www.adobe.com/support/security/bulletins/apsb11-02.html
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
Package qt4-libs-4.7.1nb1 has a sensitive-information-exposure vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
Package qt4-libs-4.7.1nb1 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621
Package qt4-libs-4.7.1nb1 has a denial-of-service vulnerability, see http://secunia.com/advisories/40588/
Package ffmpeg-20090611nb8 has a multiple-vulnerabilities vulnerability, see http://secunia.com/advisories/36805/
Package ffmpeg-20090611nb8 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429
Package ffmpeg-20090611nb8 has a denial-of-service vulnerability, see http://secunia.com/advisories/43197/
Package vlc-1.0.6nb5 has a denial-of-service vulnerability, see http://www.videolan.org/security/sa1007.html
Package vlc-1.0.6nb5 has a remote-system-access vulnerability, see http://www.videolan.org/security/sa1102.html
Reply With Quote