Slashdot Mirror


DJB Announces 44 Security Holes In *nix Software

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

7 of 983 comments (clear)

  1. All you need is one more hole... by Nom+du+Keyboard · · Score: 5, Funny
    After 300 hours of work and an A average on the exams, I expect to fail the course.

    All you need to do is find one more hole, this one in the campus records department, and exploit it for improving your grade. If you have an "A" average otherwise, another "A" will look right in place. It's the "D" average people suddenly getting "A"s and "B"s that draw suspicion.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  2. Hmm... by excaliber19 · · Score: 4, Funny

    Perhaps Microsoft should try this strategy. Im sure the kids would thoroughly enjoy that assignment! They'd have bugs coming out the wazoo! A's for everyone!

  3. Where's the gumpf? by caluml · · Score: 4, Funny

    Hey! I've found remote roots in OpenSSH, Apache, and Bind. If you run the file below, you can get root.

    [ Part 2, Text/PLAIN (charset: unknown-8bit) 95 lines. ]
    [ Unable to print this part. ]

  4. But you have already found 10 bugs!!! by jgbustos · · Score: 5, Funny

    Why take for granted that the number of bugs to be found was expressed in base-10? Why not base-2?

  5. Re:Don't just take this lying down, IMO by Saint+Stephen · · Score: 5, Funny

    My algorithms class was like this. I aced every test but didn't complete the Travelling Salesman program successfully. I got an "incomplete" and had to come to summer school. Boy was I mad at the time but I see now why they did it. All or nothing.

  6. Re:ah, buffer overflows... by symbolic · · Score: 4, Funny

    If you can always remember to wipe your butt, you can always remembers to watch your buffer lengths.

    Well, there's the problem!

  7. Re:Misleading Title by Chris+Burke · · Score: 4, Funny

    Ahh, this is such stuff that pointless flamewars are made on.

    No it isn't, you moron!

    --

    The enemies of Democracy are