I have a simple question. Several people today have mentioned that
OpenBSD is more secure. I won't get into that. But, several people made
the claim that there hasn't been a single remote exploit in OpenBSD in
over three years. I've heard this claim a lot out of the OpenBSD folks.
So, I was parusing Security Foucus, and I decided to do a little search
for OpenBSD. Below are the results of that search. Three quarters of
these are remote (and I'm not counting DoS). Am I missing something, or
are the OpenBSD folks just not looking??
Kenny
2000-10-04: Multiple Vendor BSD libutil pw_error() Format String
Vulnerability
2000-10-04: Multiple Vendor BSD fstat Format String Vulnerability
2000-09-30: scp File Create/Overwrite Vulnerability
2000-09-26: Multiple Vendor lpr Format String Vulnerability
2000-09-17: OpenBSD "empty" AH/ESP Packet Remote Denial of Service
Vulnerability
2000-08-25: Multiple Vendor mgetty Symbolic Link Traversal
Vulnerability
2000-08-17: X-Chat Command Execution Via URLs Vulnerability
2000-08-15: xlockmore User Supplied Format String Vulnerability
2000-08-08: Multiple Vendor mopd User Inputted Data Used as Format
String Vulnerability
2000-08-08: Multiple Vendor mopd Buffer Overflow Vulnerability
2000-07-11: BB4 Technologies Big Brother Directory Traversal
Vulnerability
2000-07-09: LPRng Incorrect Installation Permissions Vulnerability
2000-07-05: Multiple Vendor ftpd setproctitle() Format String
Vulnerability
2000-06-11: BB4 Big Brother CGI File Creation Vulnerability
2000-06-08: OpenSSH UseLogin Vulnerability
2000-06-01: Multiple Vendor *BSD Denial of Service Vulnerability
2000-05-29: Xlockmore 4.16 Buffer Overflow Vulnerability
2000-05-29: Multiple Vendor BSD Semaphore IPC Denial Of Service
Vulnerability
2000-05-10: Matt Wright FormMail Environmental Variables Disclosure
Vulnerability
2000-02-24: SSH client xauth Vulnerability
2000-01-21: Multiple Vendor BSD /proc File Sytem Vulnerability
2000-01-19: Multiple Vendor BSD make /tmp Race Condition Vulnerability
1999-09-05: Multiple Vendor setsockopt() Denial of Service
Vulnerability
1999-08-09: Multiple Vendor profil(2) Vulnerability
1999-07-02: BSD UFS Secure Level 1 Vulnerability
1999-02-17: Multiple Vendor Lsof Buffer Overflow Vulnerability
1998-12-21: Multiple Vendor TCP/IP Implementations Vulnerability
1998-04-21: Multiple Vendor BNU uucpd Buffer Overflow Vulnerability
1997-09-01: Multiple Vendor vacation(1) Vulnerability
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
