Slashdot Mirror

← Back to Stories (view on slashdot.org)

DJB Announces 44 Security Holes In *nix Software

Posted by timothy on from the extra-credit dept.

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

3 of 983 comments (clear)

  1. Re:Don't just take this lying down, IMO by Mr.+McGibby · · Score: 0, Flamebait

    And leave your elitist academic arrogant shit in the pissing match you call a profession.

    Academia just isn't as important to humanity as you think. Join the rest of us in the real world.

    No, no, and hell no. As a student, you are a student.

    TRANSLATION: I am professor, worship or die!

    --
    Mad Software: Rantings on Developing So
  2. Re:Misleading Title by slavemowgli · · Score: 0, Flamebait

    Fuck off, coward.

    --
    quidquid latine dictum sit altum videtur.
  3. Re:I can see it now... by raju1kabir · · Score: 1, Flamebait
    I think you mean qmail (of which he is the author)

    No, he means sendmail, which is full of holes (and which is why he is the author of qmail).

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS