BeerCheeze
Rated XXX
|
 Posted: Sun, 11 Sep 2005 12:07:34 Post Subject: A little perspective on security. |
 |
|
I know MANY people really like to hound on MS for windows, saying how insecure it is, and that it is the worst software out there for security. However as someone who is an IT security professional I get to see the whole picture. I thought I would share a little glimpse of this picture with you folks. Not only so you might start to realize that Windows isn't as bad as you think, but even more importantly to open your eyes to see how wide the security gap really is. This is a blurb from a newletter I get from the SANS institute (http://www.sans.org)
Summary of the vulnerabilities reported this week:
==========================================================================
Platform # of Updates & Vulnerabilities
=====================================================
Windows 1
Third Party Windows Apps 7
Unix 1
Cross Platform 8
Web Application 21
Network Device 3 (#1, #2)
Widely Deployed Software
(1) MODERATE: Cisco IOS Firewall FTP and Telnet Authentication Proxy Overflow
Other Software
(2) HIGH: Barracuda Networks Spam Firewall Remote Command Execution
-- Windows
05.36.1 - Microsoft Internet Explorer Unspecified Remote Code Execution
-- Third Party Windows Apps
05.36.2 - ALZip ACE Archive File Name Buffer Overflow
05.36.3 - CSystems WebArchiveX ActiveX Component Arbitrary File Vulnerabilities
05.36.4 - Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
05.36.5 - AttachmateWRQ Reflection for Secure IT Windows Server Renamed Account Remote Login
05.36.6 - AttachmateWRQ Reflection for Secure IT Windows Server Access Restriction Bypass
05.36.7 - 3Com Network Supervisor Directory Traversal Vulnerability
05.36.8 - WhitSoft Development SlimFTPd Remote Denial of Service
-- Unix
05.36.9 - OpenTTD Multiple Unspecified Format String Vulnerabilities
-- Cross Platform
05.36.10 - Symantec Brightmail AntiSpam Deeply Nested Zip File Denial Of Service
05.36.11 - Symantec Brightmail AntiSpam Winmail.DAT Decomposer Denial of Service
05.36.12 - HP OpenView Event Correlation Services Unspecified Remote Privilege Escalation
05.36.13 - Squid Proxy SSLConnectTimeout Remote Denial Of Service
05.36.14 - Multiple Vendor Web Vulnerability Scanners HTML Injection
05.36.15 - NetMail Remote IMAP Heap Buffer Overflow
05.36.16 - OpenSSH DynamicForward Inadvertent GatewayPorts Activation
05.36.17 - OpenSSH GSSAPI Credential Disclosure Vulnerability
-- Web Application
05.36.18 - man2web Multiple Scripts Command Execution
05.36.19 - Land Down Under Events.PHP HTML Injection
05.36.20 - Feedback Form Perl Script CHFeedBack.PL Unauthorized Mail Relay
05.36.21 - Unclassified NewsBoard Description Field HTML Injection
05.36.22 - MAXdev MD-Pro Arbitrary Remote File Upload
05.36.23 - MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
05.36.24 - GuppY PrintFAQ.PHP Cross-Site Scripting
05.36.25 - GuppY Error.PHP HTML Injection
05.36.26 - MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting
05.36.27 - myBloggie login.php SQL Injection
05.36.28 - MAXdev MD-Pro Cross-Site Scripting
05.36.29 - SqWebMail HTML Email Script Tag Script Injection
05.36.30 - PBLang Bulletin Board System Multiple Remote Vulnerabilities
05.36.31 - Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities
05.36.32 - DownFile Multiple Cross-Site Scripting Vulnerabilities
05.36.33 - DownFile Administrator Unauthorized Access
05.36.34 - Greymatter Gm.CGI HTML Injection
05.36.35 - CMS Made Simple Cross-Site Scripting
05.36.36 - PHPGroupWare Main Screen Message Script Injection
05.36.37 - gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
05.36.38 - Phorum Register.PHP Cross-Site Scripting
-- Network Device
05.36.39 - Cisco IOS Firewall Authentication Proxy Buffer Overflow
05.36.40 - Barracuda Spam Firewall IMG.PL Remote Command Execution
05.36.41 - Barracuda Spam Firewall IMG.PL Remote Directory Traversal |
|
