You can find information on vulnerable packages from the distribution's main site. I don't know about others, but Debian, for example, dedicates security.debian.org for this. Since the advisories are there you can check out which Debian GNU/Linux packages are vulnerable.
Of course, you can always use Bugtraq (www.securityfocus.com) for information on vulnerabilities and see the cross-relationships with GNU/Linux distributions (either the database or the advisories sent to the mailing list). Regards Javier Fernandez-Sanguino > -----Mensaje original----- > De: Arturo "Buanzo" Busleiman [mailto:[EMAIL PROTECTED]] > Enviado el: miercoles, 30 de enero de 2002 18:09 > Para: [EMAIL PROTECTED] > Asunto: Laboratory Setup Help (RS) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > =- To moderator -= > Moderator, my last post didn't go thru because you told me to > search the > archives. I did that, and found a couple of results, but I > kindly request > you to let this post pass, as my findings weren't exactly > what I needed. > *please* :) > =- EOM > > Hello world's pen-testers! > > I was employeed last month by a company who wants to setup a Pen-Test > laboratory that I will lead. The environment would be an homogeneous > GNU/Linux network. > > What I need is you to recommend versions of the following > packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc > > that are remotely exploitable for gaining shell access (or > the possibility > to execute commands on the remote system), AND some local exploits to > acquire root privileges. > > Of course, if you can lead me to specific documentation regarding the > exploits of those packages versions, I will greatly > appreciate it and be > most thankful. > > Thank you very much to all of you! > > Arturo "Buanzo" Busleiman > - -=( RareGaZz-Team Member )=- > GNU/Linux USERS, MP Ediciones > GNU's es_AR Translation Team Leader > Moderador de [EMAIL PROTECTED] > Turcin Soluciones Informaticas http://www.turcin.com.ar > http://www.buanzo.com.ar > PGP/GnuPG Public Key available at horowitz.surfnet.nl > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA > 4OvlZoAueBCUXWCCPTEwvTM= > =1Mku > -----END PGP SIGNATURE----- > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security > vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
