Welcome to the most active Linux Forum on the web.
Go Back > Forums > Other *NIX Forums > *BSD
User Name
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.


  Search this Thread
Old 09-17-2002, 04:47 PM   #1
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
NetBSD vulnerabilities Sep 17, lotsa...

Those of you running Net' will want to look here if you didn't already: LAW.
Old 09-17-2002, 09:55 PM   #2
LQ Newbie
Registered: Aug 2002
Location: Atlanta
Posts: 9

Rep: Reputation: 0
These CERTS look particularly nasty, I'd hate to have a public NetBSD box right now. Hmmmm, I hope these don;t spill over into OpenBSD, there's still a lot of shared code between the two. That could spell disaster.
Old 09-24-2002, 03:54 PM   #3
LQ Newbie
Registered: Jul 2002
Posts: 17

Rep: Reputation: 0
NetBSD vulnerabilities fixed?

If you read the release notes for NetBSD 1.6, most of these vulnerabilities (maybe with the exception of 1) are fixed in 1.6. I wish other software vendors were like that about fixing bugs. "Hey, we found this bug in our software, but pgrade to the latest. Its fixed already!"
Old 10-14-2002, 03:31 PM   #4
Registered: May 2002
Location: Brooklyn, NY
Distribution: Slackware
Posts: 45

Rep: Reputation: 15
An update on this issue, some additional vulnerabilities have been just recently published that apply to 1.6. Most of them are not severe, however, since NetBSD defaults to having all services off. (Unlike most *nix, even openssh defaults to being off, though that is not one of the vulnerabilities this time. :-) ) Even OpenBSD boasts to having only one default setup in 6 years with a remote vunerability, not "all programs of OpenBSD". NetBSD's default setup is similarly safe, allowing the competant admin to install a release, update the system, and deploy without worrying about his box being rooted between installation and finding any security bugs that might exist.

NetBSD is actually a very secure operating system. The fact that they find vulnerabilities every now and then and publish them is a result of paying attention to security issues, not a result of the failed "security through obscurity" policy of many closed-source operating systems. NetBSD also warns you if you install a third party package with known vunerabilities. (I think the other BSDs do this too. FreeBSD does.)
Old 10-15-2002, 02:52 PM   #5
LQ Newbie
Registered: Jul 2002
Posts: 17

Rep: Reputation: 0
Thanks for the info. I have been impressed with way the BSDs handle security issues, and was just wanting to know if all known issues in 1.6 were fixed. It seems that all known security issues were fixed when 1.6 came out, but a couple more have been discovered since then. I guess we can look forward to a few security patches and 1.6.1 in the near future.
Old 10-15-2002, 04:59 PM   #6
Senior Member
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
There are and will always be insecure pieces of software cause the people developing software are just humans. Humans make mistakes ... code audits are nice but take up a lot of ressources!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Lotsa hardlinks - how do I find the others? humbletech99 Linux - General 6 11-27-2005 02:27 PM
IE Vulnerabilities, why not in other browsers? mandrakemikael Linux - Security 3 09-28-2004 12:43 PM
linux and xp on 2 sep drives help!!! jaymunee80 Linux - Newbie 5 07-29-2004 08:05 PM
Lotsa help please... bf84 Linux - Newbie 2 09-28-2003 08:48 AM
More BIND vulnerabilities jeremy Linux - Security 0 01-31-2001 09:29 PM > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 06:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration