DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD Security

NetBSD Security Securing NetBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 4th March 2011
c_moriarty c_moriarty is offline
Port Guard
 
Join Date: Mar 2011
Posts: 10
Default NetBSD being a secure OS, yet having a large list of vulnerabilities in its software.

I know that in the NetBSD Guide, it says that NetBSD is a secure operating system, and I've never read anywhere on the internet that it isn't...
But with a huge list of vulnerabilites in its software and nothing being done (at least quickly) to patch them, how secure could it possibly be?
This is what I get when I run pkg_admin audit or audit-packages:
Code:
Package python26-2.6.6nb6 has a sensitive-information-exposure vulnerability, see http://secunia.com/advisories/43463/
Package pango-1.28.3 has a denial-of-service vulnerability, see http://secunia.com/advisories/42934/
Package evince-2.30.3nb5 has a buffer-overflow vulnerability, see https://bugzilla.gnome.org/show_bug.cgi?id=640923
Package samba-3.0.37nb5 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
Package samba-3.0.37nb5 has a sensitive-information-exposure vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0926
Package samba-3.0.37nb5 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728
Package automake14-1.4.6 has a insecure-file-permissions vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029
Package rpm-2.5.4nb6 has a privilege-escalation vulnerability, see http://secunia.com/advisories/40028/
Package suse_base-10.0nb5 has a privilege-escalation vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
Package suse_freetype2-10.0nb5 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
Package suse_freetype2-10.0nb5 has a buffer-overflow vulnerability, see http://secunia.com/advisories/41738/
Package suse_freetype2-10.0nb5 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/41958/
Package suse_libpng-10.0nb4 has a information-disclosure vulnerability, see http://secunia.com/advisories/35346/
Package suse_libpng-10.0nb4 has a unknown-impact vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Package suse_libpng-10.0nb4 has a remote-system-access vulnerability, see http://secunia.com/advisories/40302/
Package suse_libtiff-10.0nb4 has a denial-of-service vulnerability, see http://secunia.com/advisories/40422/
Package suse_gtk2-10.0nb4 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
Package suse_openssl-10.0nb5 has a signature-spoofing vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378
Package suse_openssl-10.0nb5 has a remote-denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379
Package suse_openssl-10.0nb5 has a signature-spoofing vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
Package suse_openssl-10.0nb5 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
Package suse_openssl-10.0nb5 has a session-hijack vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
Package suse_openssl-10.0nb5 has a man-in-the-middle-attack vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00000.html
Package suse_openssl-10.0nb5 has a unknown-impact vulnerability, see http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Package suse_openssl-10.0nb5 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
Package suse_openssl-10.0nb5 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
Package suse_openssl-10.0nb5 has a remote-security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
Package ns-flash-9.0.289 has a remote-system-access vulnerability, see http://www.adobe.com/support/security/bulletins/apsb10-14.html
Package ns-flash-9.0.289 has a remote-system-access vulnerability, see http://www.adobe.com/support/security/bulletins/apsb10-16.html
Package ns-flash-9.0.289 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
Package ns-flash-9.0.289 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
Package ns-flash-9.0.289 has a multiple-vulnerabilities vulnerability, see http://www.adobe.com/support/security/bulletins/apsb11-02.html
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4540
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4541
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4542
Package gimp-2.6.11nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4543
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
Package qt4-libs-4.7.1nb1 has a sensitive-information-exposure vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
Package qt4-libs-4.7.1nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
Package qt4-libs-4.7.1nb1 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621
Package qt4-libs-4.7.1nb1 has a denial-of-service vulnerability, see http://secunia.com/advisories/40588/
Package ffmpeg-20090611nb8 has a multiple-vulnerabilities vulnerability, see http://secunia.com/advisories/36805/
Package ffmpeg-20090611nb8 has a remote-system-access vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429
Package ffmpeg-20090611nb8 has a denial-of-service vulnerability, see http://secunia.com/advisories/43197/
Package vlc-1.0.6nb5 has a denial-of-service vulnerability, see http://www.videolan.org/security/sa1007.html
Package vlc-1.0.6nb5 has a remote-system-access vulnerability, see http://www.videolan.org/security/sa1102.html
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot copy large files to Flash Drive sharris FreeBSD General 6 30th July 2010 09:57 AM
Have problem transfer large file bigger 1GB bsdme2 FreeBSD General 9 14th January 2009 05:49 AM
Large MFS filesystems jggimi Guides 2 26th October 2008 05:17 PM
mirror device detached on large file copy lil_elvis2000 FreeBSD General 24 27th June 2008 02:56 PM
FreeBSD 7.0 Writing large amount to USB Disc cause kernel panic pvree FreeBSD General 1 13th June 2008 02:50 AM


All times are GMT. The time now is 10:20 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick