Thank God, someone else on this mailing list that understands what's going on.
You have my praise!
On Wed, Oct 04, 2000 at 10:09:21PM -0400, Kurth Bemis wrote:
> At 10:01 PM 10/4/2000 -0400, Kenneth E. Lussier wrote:
>
> ah! i see the error in your ways.....(i think) :-)
>
> did you search for openBSD? if so on a lot of postings they say - this
> problem was fixed in openbsd 6 months ago...that could make them show up in
> a search.....
>
> look at this
>
> http://www.openbsd.org/security.html#27
>
> thats all the security listing for ver 2.7. a lot of things on that list
> aren't installed by default....i'm not quite sure what they mean by
> default.....you can DL and install the bare minimum and it totals ~50 megs.....
>
> anyways look at this too..
>
> http://www.openbsd.org/errata.html
>
> hope that this helps...
>
> ~kurth
>
> >I have a simple question. Several people today have mentioned that
> >OpenBSD is more secure. I won't get into that. But, several people made
> >the claim that there hasn't been a single remote exploit in OpenBSD in
> >over three years. I've heard this claim a lot out of the OpenBSD folks.
>
> with the default install - a lot of what you listed below is add on
> software.....lets look at it...
>
> >So, I was parusing Security Foucus, and I decided to do a little search
> >for OpenBSD. Below are the results of that search. Three quarters of
> >these are remote (and I'm not counting DoS). Am I missing something, or
> >are the OpenBSD folks just not looking??
> >
> >Kenny
> >
> >
> > 2000-10-04: Multiple Vendor BSD libutil pw_error() Format String
> >Vulnerability
> > 2000-10-04: Multiple Vendor BSD fstat Format String Vulnerability
> > 2000-09-30: scp File Create/Overwrite Vulnerability
> > 2000-09-26: Multiple Vendor lpr Format String Vulnerability
> > 2000-09-17: OpenBSD "empty" AH/ESP Packet Remote Denial of Service
> >Vulnerability
> > 2000-08-25: Multiple Vendor mgetty Symbolic Link Traversal
> >Vulnerability
> > 2000-08-17: X-Chat Command Execution Via URLs Vulnerability
> > 2000-08-15: xlockmore User Supplied Format String Vulnerability
> > 2000-08-08: Multiple Vendor mopd User Inputted Data Used as Format
> >String Vulnerability
> > 2000-08-08: Multiple Vendor mopd Buffer Overflow Vulnerability
> > 2000-07-11: BB4 Technologies Big Brother Directory Traversal
> >Vulnerability
> > 2000-07-09: LPRng Incorrect Installation Permissions Vulnerability
> > 2000-07-05: Multiple Vendor ftpd setproctitle() Format String
> >Vulnerability
> > 2000-06-11: BB4 Big Brother CGI File Creation Vulnerability
> > 2000-06-08: OpenSSH UseLogin Vulnerability
> > 2000-06-01: Multiple Vendor *BSD Denial of Service Vulnerability
> > 2000-05-29: Xlockmore 4.16 Buffer Overflow Vulnerability
> > 2000-05-29: Multiple Vendor BSD Semaphore IPC Denial Of Service
> >Vulnerability
> > 2000-05-10: Matt Wright FormMail Environmental Variables Disclosure
> >Vulnerability
> > 2000-02-24: SSH client xauth Vulnerability
> > 2000-01-21: Multiple Vendor BSD /proc File Sytem Vulnerability
> > 2000-01-19: Multiple Vendor BSD make /tmp Race Condition Vulnerability
> > 1999-09-05: Multiple Vendor setsockopt() Denial of Service
> >Vulnerability
> > 1999-08-09: Multiple Vendor profil(2) Vulnerability
> > 1999-07-02: BSD UFS Secure Level 1 Vulnerability
> > 1999-02-17: Multiple Vendor Lsof Buffer Overflow Vulnerability
> > 1998-12-21: Multiple Vendor TCP/IP Implementations Vulnerability
> > 1998-04-21: Multiple Vendor BNU uucpd Buffer Overflow Vulnerability
> > 1997-09-01: Multiple Vendor vacation(1) Vulnerability
> >
> >**********************************************************
> >To unsubscribe from this list, send mail to
> >[EMAIL PROTECTED] with the following text in the
> >*body* (*not* the subject line) of the letter:
> >unsubscribe gnhlug
> >**********************************************************
>
> Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
>
> [EMAIL PROTECTED]
> http://www.usaexpress.net/kurth
> ICQ - 6624050
> Call Sign - N1TYW
> PGP key available - http://www.usaexpress.net/kurth/pgp
>
> Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
> (http://www.distributed.net)
>
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
--
Tony Lambiris [[EMAIL PROTECTED]]
OpenBSD: Because I care. [www.openbsd.org]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
