DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD Security

NetBSD Security Securing NetBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd September 2011
albator albator is offline
Shell Scout
 
Join Date: Jul 2011
Posts: 98
Default tracking vulnerabilities

Quote:
Originally Posted by rocket357 View Post
How many of the vulnerabilities are in core NetBSD? Do some research...
I wanted to check the evolution of these numbers, and went to these two sites but couldn't find the information. Could you tell me where to find it please?
Thanks
Reply With Quote
  #2   (View Single Post)  
Old 22nd September 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by albator View Post
I wanted to check the evolution of these numbers, and went to these two sites but couldn't find the information. Could you tell me where to find it please?
Thanks
CERT's website seems to have changed drastically since I used it last, but here's the National Vulnerability Database Search page (which you can use to search CERT alerts, too):

http://web.nvd.nist.gov/view/vuln/search

Looks like this is the current list (past 3 months only):

OpenBSD - 1
NetBSD - 1
FreeBSD - 2
Solaris - 38
Windows - 47
Linux - 64
Mac OS X - 72

Edit - The same vulnerability is listed for OpenBSD and NetBSD. It was fixed in OpenBSD 3.8, which came out November 1, 2005. It was fixed in NetBSD on August 19, 2011 (the day it was reported).

Not to get on a soapbox or anything, but that's why I use OpenBSD. They actively hunt the codebase for bugs and fix them no matter how trivial they appear to be, because you never know when that simple "off by one" bug can turn into a security nightmare six years later.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 22nd September 2011 at 07:21 PM.
Reply With Quote
  #3   (View Single Post)  
Old 22nd September 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The counts alone are meaningless. I went to look at the 1 OpenBSD vulnerability reported in the last three months. CVE-2011-2895 was reported in August of this year, but if I understand what it says, it applies to versions of OpenBSD before 3.8.

OK. The most recent applicable release, therefore, would be 3.7. 3.7 was end-of-life and no longer supported as of 19 May 2005.

----

It's the same vulnerability for NetBSD, by the way. However it doesn't mention applicable releases.
Reply With Quote
  #4   (View Single Post)  
Old 22nd September 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by jggimi View Post
It's the same vulnerability for NetBSD, by the way. However it doesn't mention applicable releases.
It was fixed in NetBSD-5.0 on the day it was reported. See my earlier post's edit.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote
  #5   (View Single Post)  
Old 22nd September 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by albator View Post
I wanted to check the evolution of these numbers...
This discussion has been broken away from its parent thread as that discussion was over five months old.

Although the subject is similar, the initial question posted in this thread has a new direction when compared to that of the OP. The initial question here should have been started in a new thread.

Most members at this site search the archives for previously posted information. As such, threads should be kept on a single topic as directed by whoever started the thread. Mining the archives for information is simplified if we limit the direction threads take. Help other members by keeping this in mind.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenOffice 3.2.1 closes two vulnerabilities J65nko News 0 7th June 2010 06:50 PM
ClamAV 0.96.1 fixes DoS vulnerabilities J65nko News 0 25th May 2010 08:41 PM
PostgreSQL developers fix vulnerabilities J65nko News 0 17th May 2010 01:58 PM
PF and Stateful Tracking Options mfaridi OpenBSD Security 9 15th April 2010 09:05 AM
Tracking OpenBSD snapshots with some simple sh scripts J65nko Guides 3 2nd December 2009 04:55 AM


All times are GMT. The time now is 06:36 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick