DJB Announces 44 Security Holes In *nix Software

generationxyu writes "D. J. Bernstein, better known as DJB, has announced the discovery of 44 security holes that were found by students in his course MCS 494: Unix Security Holes this fall at the University of Illinois at Chicago. Vulnerable programs of note include: CUPS, NASM, mpg123, MPlayer, xine-lib, and numerous others. Copies of the notification emails are here. The homework for the course was to find and exploit 10 previously undiscovered security holes in currently deployed Unix software. In a class of 25, 44 security holes seems a bit low. Most of the class failed. I was credited with bsb2ppm (actually libbsb) and jpegtoavi. After 300 hours of work and an A average on the exams, I expect to fail the course."

Re:Misleading Title

[SquadBoy]

RTFA in all the emails he gives full credit to the students.

James Longstreet and Tom Indelli, two students in my Fall 2004 UNIX
Security Holes course, have discovered a remotely exploitable security
hole in bsb2ppm, a program to convert BSB image files to PPM image
files. I'm publishing this notice, but all the discovery credits should
be assigned to Longstreet and Indelli.

Urban legend

[bharlan]

When an anecdote is a little too perfect (and this one is way over the top), then you need to google for it at site:snopes.com. http://www.snopes.com/college/exam/barometer.asp