Slashdot Mirror
Four New Unpatched Windows Vulnerabilities
peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."
Hmmm, so windows has bugs in it. Surprise surprise. Merry Christmas everyone. In Soviet Russia, Windows Exploits you...oh wait...
My Favourite Meme
Vulnerable:
Windows NT
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4
Windows XP SP0
Windows XP SP1
Windows 2003
Not vulnerable:
Windows XP SP2
They'll do anything to get you to upgrade.
GETPKG - Package Management for Slackware
But does it have a faraday cage so the data doesnt escape? And.. Can it be compiled for SkyOs?
Could it be these bugs have been published before christmas on purpose? To allow sysadmins to defend against them over the holidays, when corporate computer use is at a minimum?
a time when many companies and home users are least prepared to deal with the problems.
....
Looks like I know what i'll be doing over the Xmas holiday. If not fixing the problem at work if it becomes a problem, but fixing the problem with my family as well.
But I guess this is only a problem if some genius releases a virus containing the exploit
Ah, this is yet another example of hack journalism. They missed another bug that I just had to fix on an XP box today It's a vunerability in the win.ini file- it runs a harmful program called 'Explorer.exe'. The best kind of horse to beat is a dead one...
so it's christmas eve 2004, i'm at the in-laws, just spent 3 hours adawaring, spybotting, esspee2ing from a cd burnt on the latest stage 1. go figure.
30 megs of critical/av signatures to be done over diallup another time
damn you micro$hite
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Demonstration of exploits:
c us/bugtraq/2004-12/0387.html c us/bugtraq/2004-12/0360.html c us/bugtraq/2004-12/0359.html
http://www.xfocus.net/flashsky/icoExp/index.html
http://www.derkeiler.com/Mailing-Lists/securityfo
http://www.derkeiler.com/Mailing-Lists/securityfo
http://www.derkeiler.com/Mailing-Lists/securityfo
(Source: http://www.heise.de/newsticker/meldung/54610 [German])
Will they allow me to install Linux once i 0wn the machine?
Please correct me if I got my facts wrong.
Knows where a person could find a pre-compiled, local only 2k/XP administrator access binary? Something that would just open a cmd.exe with the correct privileges, to say, install java on Firefox?
I'm not a script kiddy, just not patient enough to go through the 3 month process of maybe getting it approved to be installed by IT...
It might be a bad time if you had patches to apply, but since this is unlikely to happen anytime soon you might as well relax...
Nothing is more annoying about the holidays then going to visit family and friends and then being sucked into fixing their damn computers While everyone is drinking and having a good time we are the schmucks trying to figure out how to remove that damn proces from windows 98!
This year I wash my hands of it and am giving them a printout of a tutorial I found that has helped some friends. It is basic, but they do not bother me as much anymore:
Simple and easy ways to keep your computer safe and secure on the Internet
Why? Oh Why? they have to do it just one day before the starting of the holidays.
Its happening again this year also. Its very disheartening for all those admins who will be going on holidays to see the vulnerabilites just one day before the holidays and exploits the next day. I was admin couple of year ago and I know these conditions are living hell, when you will spend all your holidays thinking about your servers getting hacked or cracked.
Admins who have taken the backups will be in a better state though.
Merry Christmas... from all the people at Microsoft. Buffer overflows for everyone this year ;)
The OS itself should not be shout-down just by an user level privilege rights. If ie6 or any other application causes system crash under non-root privilege level, it is an OS fault, as the OS must guarant interprocess safetyness and security, etc.
Is this even news anymore?
The preceding message was based on actual events. Only the names, locations and events have been changed.
remember that test someone did where garbage code was thrown at IE and firefox in order to see how they held up and find things like buffer overflows which could be potentially exploited?
What ever happened with that? Were the bugs in firefox fixed? I remember that IE did well in that test, but I dont remember any specifics.
Anyone know?
-- 'The' Lord and Master Bitman On High, Master Of All
Stupid question, but does the LoadImage() one affect images which are viewed in FireFox or Thunderbird?
Why do they have to release this stuff JUST BEFORE we actually get time off? Are they deliberately being bastards to us Bastards who have to herd Redmondware amongst the other less sucky things?
At least I won't have to spend Christmas removing viruses, trojans and spyware from my Dad's computer. I bought him a Mac. Worth every penny in reduced aggro.
Oolite: Elite-like game. For Mac, Linux and Windows
Silent night, holey night,
All is calm, all is bright,
Round yon virgin PC and screen,
Holey computer, so exploitable and keen,
Sleep with spyware downloading,
Sleep with spyware downloading.
-=test-sig_0.1.5(NoWhitespaceVersion)=-
Just for the hell of it, i tried it with firefox and fedora core 3(updates and all). Resulted in total X lockup :\. I usually dont side with MS, and X lockups arent as bad security wise, but still :\.
Is it "the company" or "The Company"?
Life is just nature's way of keeping meat fresh.
Depending on the reaction you'll get, you can always reset the admin password on your box to a new one of your choosing, and install away... Whether or not this is a good idea in your situation is left to your judgement.
A useful utility to accomplish this can be found here:
http://home.eunet.no/~pnordahl/ntpasswd/
While it's kinda overkill in this case, I think I'd trust it over a newly released exploit. Hope that helps a bit.
Hi, you've missed the point. I hope you're not trolling, because I'm going to bite.
Every box at my workplace is patched with SP2. In this case, it doesn't matter - one of the exploits is still useable.
The problem is not (this time, thankfully) the corporate enterprise deployment of windows. It's friends and family. Every time a new windows exploit like this comes out, jerk spyware/worm/virus writers are on it within 24 hours, populating their zombie networks with your mom's, friends' and families' computers. Manditory regular patching at work is easy. The same for people you see occaisionally who are not computer literate is not. These are the people who it really screws with - for example, all one of my buddies wants to do with his dell is play games, send email and surf. He knows nothing beyond that, and is certainly not going to run down to the basement on christmas eve to make sure his operating system is secure RIGHT NOW.
This business of "patch or you deserve it" is utter BS. I maintain that virus writers should be dragged into the street and beaten with keyboards, followed shortly by geeks who empower them by putting any of the blame on the end user. If I paid thousands for an OS site license, I should not be spending my holidays fixing it. If I spend hundreds for an oem copy at home, the same applies. The only ones who deserve ANYTHING bad here are the exploiters and the providers of the crappy OS in question.
[BLOCKQUOTE]"They are rather serious," Huger said. "Both can be exploited by anything that processes images or reads help files."[/BLOCKQUOTE] Oh noes! Firefox isn't safe. It must be the end of the world.
If you don't have any fancy admin rights, you shouldn't be able to anything in code to crash your machine, regardless of the OS.
One line blog. I hear that they're called Twitters now.
(sigh) Stick with VB.
Nice try, but you should check the return code from malloc(). If it is -1 then there is a problem and you don't need to do the If statement. A lot of times the trouble comes not when allocating memory but when using a pointer to WRITE to memory. It's a C programmer trick to set up a pointer to a block of size X and write to it via the pointer, of course if you lose track of the pointer address you can easily go too far. Common errors are off by one in the count, assuming you are writing 8/16/32 bits without checking the underlying data type first,
or just writing to whatever address the pointer says w/o checking that *p > MAX_MEMORY_ADDRESS. These are errors a beginner programmer would make, and from the looks of how common these errors are in Windows that is the type of folks MS uses. It also says to me that they don't use any sort of Automated Code Analysis tools which can catch these sorts of errors. Or maybe they don't do any indpendant QA at all? It's pretty pathetic when the worlds most popular software is made by a company that probably doesn't meet SEI Level 2 criteria. I only wish that the laws allowed someone to sue for lost time/income from the "basic" errors that shouldn't have been present.
Most FOSS programs are the result of someone who really wants to write something good. Rarely have I seen someone being forced to write FOSS code to meet a release date schedule or to remain competitive. It's about It'll be done when it's done, sort of Code Poetry. Most of the code was written to run in a hostile environment where black hats can read the code (like the above peice) and screw everyone who runs bad code. The term security in obscurity as far as coding style does not even enter your mind.
Also vulnerabilities are easier to find when you have the source - like that professor who set his students to find vulnerabilities in FOSS. Unlike a corporate setup - you have a practically unlimited number of reviewers if your program is popular (and if it is not, a vulnerability is no big deal anyway, right). Also everyone runs a different binary, slightly different from what everyone else runs (security often needs you to recompile stuff with stack canaries)
So FOSS software evolves (yes, Natural Selection) to avoid these vulnerabilities by dying out or it "adapts" - Someone adds more good ideas and makes it better like.. (s/ideas/genes == Sexual reproduction) . Also the good ones read Wietse's papers.
Quidquid latine dictum sit, altum videtur
The LoadImage API is implemented in kernel-mode for speed so a bug in there can bring down a system.
Warning: If you are on Windows Don't download
www.xfocus.net/flashsky/icoExp/KERNELBLUE.ani
Instant Reboot. This is a very critical vulnerability. Reminds me of the old exploits that referenced "CON" in the file path inside a webpage to trigger a BSOD.
You managed to.
One line blog. I hear that they're called Twitters now.
...are the bugs digitally signed?
my True Love gave to me,
Four hacked boxen
Three spywares
Two viruses
And another Windows vulnerability.
Brackets contain world's first nanosig, highly magnified:[.]
I've tested all of the vulnerabilities on Windows 2000 and they did nothing!! I'm invincibNOCARRIER
...does Internet Explorer use any of these functions to load internet images?
We cal discuss all day about some local API exploit but there is a big difference between a local API bug and a remote bug.
Does IE use these functions to load images? Or does it handle these kind of primitive formats using his own code? After all, is not that hard to "parse" BMPs and ICOs and it would be much better to handle all file formats inside an internal library, thus avoiding conflicting API methodologies.
I'm really curious about this. Does anyone knows the answer for my question? Can anyone test the faulty BMPs and ICOs inside a HTML page?
It sure is a good thing Microsoft digitally signs everything. Clearly they are lightyears ahead of open-source in terms of security.
Now that it takes less than 5 minutes connected to the Internet for a Windows box to be hijacked, I have gone back to dual-booting Linux with Windows 98 SE.
A lot of Windows viruses simply won't run on it.
All I need is Office, so it's good enough.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
Twas the morn be for Christmas and all through the cage.
Not a creature was stirring not even a 10th level mage.
Then Flash, i look at my bookmarks and what did appear!?
A story on slashdot spreading with fear.
"Peril Peril", It screamed with fervor and fight.
"What shall we do about this vulnerability tonight?"
It's christmas eve and in the story lay more,
For this affected Santa and hurt him to the core.
His Server Used Exchange to give and recieve,
a malicious cracker got in to make Santa Grieve.
The clean cut elves said format and reinstall, while the ones with long beards solved it in no time at all.
"There will be no Christmas this year" Santa Said with dismay.
The naughty and nice list was lost in the fray.
And yet with precision and care the elves brought out from back,
santas new gift! a blade server rack!
"It runs Linux in fact!" said the elves in unison
"cron jobs too, back up that old piece of Sh.."
one interupted "Stop it Sam",
So christmas would go on with ease and ablitity, that is until santa went on his killing spree.
The End
At least dual boot, shhez. What does it take for MSFT users before they finally get enough?
If it gets any worse they're going to have to start including a jar of anal lube with a Windows license. Knowing MSFT they'll try to charge you for it and blame users for not being able to keep a tight bunghole.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I haven't had a Windows machine for a long time, so I don't have much knowledge of the inner workings of the latest Windows versions, so I've been wondering, does XP SP2 have some kind of buffer overflow protection besides NX?
AFAIR, only the latest x86 CPUs have support for NX, yet all the recent buffer overflow exploits in XP don't seem to affect SP2.
If Microsoft found and fixed all these exploits for SP2, wouldn't releasing a complete list of the fixes be less embarrassing than the weekly news about newly discovered vulnerabilities.
How can these exploits be unpatched if SP2 isn't vulnerable? Or do they mean that while the other windows versions are exploitable, SP2 just crashes?
using namespace slashdot;
troll::post();
If I'm reading the news right, none of these bugs work in XP SP2? I'd hardly call that "Unpatched"
You should remember that, according to Microsofts testimony to the DOJ, Internet Explorer and the Windows OS itself are now inseperably linked.
As much as I think it's idiotic that the two couldn't be decoupled, such deep integration does suggest that a fault in a user-mode application could indeed transcend the user/kernel seperation and bring the whole works down.
Of course, this is fantastically poor design, but what did you really expect from the people who brought us Microsoft Bob?
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
why in this day and age, 99%-100% of automated exploits still happens to be some kind of overflow. why do we keep thinking that we dont have to check the sizes when moveing data about as its defined by a standard anyways? its like not checking to see if you have room for something in your house or car before buying it at the very least.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
what did you really expect from the people who brought us Microsoft Bob?
Actually, they tried to bring us Bob but we didn't want it. So now we have Clippy, just because some ideas are too damned good to kill off.
Hal Spacejock: Science Fiction with Nuts
Yes.
If the length of the mem to copy is stored in a signed int, you can get an integer overflow that will let it pass your MAX_BUFFER_SIZE check and overflow the buffer. If you're dealing with strings, you should probably be checking for MAX_BUFFER_SIZE - 1, because a handful of string-related functinos (at least in C) like to copy the null terminator over as well.
I think the release schedule thing has much to do with bad code. You have good intentions but when the deadline is near you drop them to "just get the thing done at all".
Linux is not Windows
...about running knoppix or any of the other live cds? Easy enough for them to run XP when it's not connected to the internet for games or whathaveyou,and therefore avoid exploits, and when they want to surf, have them boot up a knoppix. Really, an easy enough solution to that sort of problem. Not sure what sort of machine they have, but just recently, like two weeks ago when I gave away an older machine to a kid with no computer,I've run knoppix down to a pentium 1 level Iit's a 166 machine) and only 32 megs ram and it still worked, slow but once loaded after a few minutes it was zippy enough. It's not even supposed to work at that level but I tried it anyway just for grins. Anything above that with a reasonable amount of RAM and it's quite speedy. And as to useability,really, how is it much different from a windows OS, down in bottom left corner is a big K start menu,mash that, slide around, pick an app, works. About the same as any other OS with a GUI.
--just a suggestion is all, no biggee, but avoiding holiday (or any other day) headaches is a good thing, IMO. Linux, especially from a live cd, is just not that hard or different from windows unless you are a power user, and these folks sound like non power users, so the learning curve is probably identical, so you might as well start with something a little more secure.
Clippy... too funny.
"Goodbye, Cruel World...."
Blip!
"Hi there! It looks like you're writing a suicide letter. May I make the following suggestions:"
bash-3.00$ uname -a
SunOS panda 5.10 Generic sun4u sparc SUNW,Ultra-2
So, what about Windows 3.1, Windows NT 3.51 etc.?
> I only wish that the laws allowed someone to sue for lost time/income from the "basic" errors that shouldn't have been present.
Be careful what you wish for. Such a law would place the small-time software developer in a highly actionable position.
I for one would quite writing cheap shareware if I could get sued into oblivion for every little bug that was in my software.
A quick search of the source code seems to show that the native OS LoadImage function is only used to set Mozilla icons (system tray, window icons, etc) and the splash screen (and the cck). Since none of these images come from untrusted sources*, it seems that the LoadImage hole is not exploitable via Mozilla.
*without major user intervention, like installing an XPI or messing with the JAR files that make up Mozilla
My server
Slashdot has made subtle changes to the definitions of Patched and Unpatched.
Patched Open Source: A vulnerability has been identified and someone is thinking about fixing it. Because the time between discovery and fix is vanishingly small, there are no unpatched open source vulnerabilities.
Patched Windows/Proprietary: A patch has been available for not less than 12 months and is installed on not less than 99% of affected systems. It will be several months, if not years, before vulnerabilities fixed by Windows XP SP2 will be considered patched.
I know the feeling. When I visited my family back home for a week, I worked on 8 PCs before I left. If you're handing out stuff in lieu of fixing hte computer, you might consider the Ubuntu CD package. Last I checked Ubuntu is still shipping free pressed CD packs. I just received all 10 of mine yesterday, and they look good. The package includes both a Live CD and an Install CD, with a brief explanation of what each does. I plan to hand the CD out to people I think would be interested in trying something different.
This doesn't have to apply to kernel stuff. A lot of Windows apps rely on for example the "common controls" API. It handles toolbars, tooltips, listviews and so on. Quite a lot of UI goodies. Most of those are implemented without any kernel side, they're normal user mode controls/"windows" with their own drawing.
Now to the point: This DLL was updated quite a few times with Internet Explorer 3, 4 and 5. The versions in Windows 98, 2000 and XP are/were directly related to the matching (sub-)version of Internet Explorer. If you wrote an app for Win-95 and wanted to use one of those common controls, the recommended redistribution scenario was redistributing IE.
If they simply ripped out anything that is officially part of the "IE codebase", it's completely true that quite a few apps would fail.
This is of course even more true of some of other APIs with a more apparent connection to Internet Explorer, like WinInet for interacting with HTTP/FTP without doing sockets yourself (and using the IE cache and other stuff) or employing the IE HTML/XML parsing and possibly rendering hosted in another application. I chose common controls because they're very frequently used, and some quite significant updates were introduced through IE. These updates are still there in "Win98 lite" and whatever you would do to a Windows system to rip out IE, but retain a reasonable level of compatibility. Just because it's part of the OS and a frequently used API doesn't mean it's kernel mode. And very little IE related code is *in the kernel*.
Now to the point: LoadImage is quite a low level function. Display drivers are allowed to use it on their own and modify its functionality. That makes it belong in kernel mode. Even if they moved back some more UI stuff from the kernel, stuff like this probably belongs there, if you buy the concept of placing display drivers in kernel mode at all.
For calloc() and malloc(), the value returned is a pointer
to the allocated memory, which is suitably aligned for any
kind of variable, or NULL if the request fails.
emt 377 emt 4
These guys seem to disagree:
e ie .idg/
http://www.cnn.com/TECH/computing/9903/09/remov
http://nuhi.msfn.org/nlite.html
http://www.vorck.com/remove-ie.html
Haven't tried it myself, but I haven't found any hard evidence that they're wrong.
about Windows XP is the stupid help system contating the internet whenever I clicked on it. Windows didn't have to phone home and display a fancy GUI dialog just cause I forgot a command. Wait and see, there'll be more Windows Help system exploits.
Nice try but if malloc(3) is not too buggy (if it is, you have other problems) it will only return NULL or a valid pointer. If it never supposed to return -1 (unless -1 is a valid pointer) or some value larger than MAX_MEMORY_ADDRESS (from where does this macro come anyway?).
No GNU has been Hurd during the making of this comment.
Your statement is untrue. "Forced" means coercion, which you interpret can only be delivered through violence (an Uzi) but is not a true definition.
Your narrow definition of forced is plain wrong.
Try this new software.. it's called a dictionary:
forced. Come back when you finish your homework. Other suggested reading.
Fuçking hell.., full backup yestday while the office party had started and finish crap for the fùçking payroll/bank yearend (53 month years suck)..., had beer in work so was ok..., but now on my first day off in over 6 months...., sitting in pub (in Ireland) trying to kill the hangover from office pay., to read ill have to head back into work on the "Day of Drinkng EvE"..., - rant over Snackbite getting warm (the best beer in the world) fûçk shitty Treo600 pisssing me off and crap all gprs signal in Bruxcells - best Metal Pub in Ireland.......
--------
Noodle.........,
I'm not sure if many people have tried it already, but I loaded the exploit page with Firefox.
Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
It took a few seconds to load on my p3 600mhz, but it got there just fine.
well on my amd64 system running windows XP pro wehever i try to upgrade to sp2 the hole system crashes on all boot attempts
Dude, the list contains programs for Linux.
Microsoft could stick a thumb up your ass, and people would still buy more of it.
"This thumb is better than ever! It's new easier installation interface and slick operation will make upgrading well worth it. Yet, it is 100% compatible with your old thumb!" (a lie, of course, as the new thumb tries to emulate the old one but breaks the memory management).
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
Please stop the bs - the updates are already available at MICROSOFT.COM. Go check for yourself.
(unless -1 is a valid pointer)
Given that memory addressing starts at zero, the only conclusion of a -1 return value is that MALLOC HAS ACCESSED A PARALLEL UNIVERSE AND THAT THEY KNOW WE EXIST! SAVE YOURSELVES!!!
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
Most FOSS programs are the result of someone who really wants to write something good. Rarely have I seen someone being forced to write FOSS code to meet a release date schedule or to remain competitive.
I'm sorry but I think that that is a little naive. An FOSS programmer still likely has desires that someone actually use their product and so they force themselves to work faster to keep up with the market. You are also discounting the fact that a large portion of open source work is done by large companies such as IBM and Sun to combat Microsoft. And you can bet that those programmers have deadlines and release schedules.
"Four New Unpatched Windows Vulnerabilities"
What a load of bull. This article is blatant Microsoft bashing.
Repeat after me: XP SP2 is not affected
Since when has "fixed in SP2" been the same as "unpatched"?
No GNU has been Hurd during the making of this comment.
that just had to be an I.T Charlie speaking.
your sheer ignorance (and that of your employer)
is the sole reason Microsoft is still so successful.
OH, there's no doubt. The problem is that people (read: INTERNET SERVERS) that are...skiddish of installing patches. They are skiddish because in the past, with NT 4.0 and later 5.0, the system bluescreened after reboot. Just like that time when Billy plugged in a USB printer and the computer bluescreened on him in front of 300 people.
The problem isn't that a "patch is available". It's that "our fucking server didn't come back up in the past, until $1200 and 48 hours later, and as far as we know, no one has broken in just yet so we're going to risk it this time".
Kind of like speeding on the freeway. There's hundreds more sons of bitches, just like you. And the idea is that you'll see them getting pulled over before you are, so you'll have time to reduce your speed (or disconnect your internet connection like Gabe Newell walked around, telling his entire staff when a German kid tiptoed in).
When you are a gazelle, there is safety in numbers.
Or so the theory goes...
Microsoft releases 'Service Packs' because it's a break in the Operating System version that lets sys admins know what they're getting into when they upgrade. A Service Pack is an upgrade so large and significant that it's considered a new Operating System Version, kinda like going from Kernel 2.4 to 2.6. Try upgradeing XP Home to XP Pro with SP2 installed in Home using a Pro SP1 CD, it'll helpfully stop you before you do something dumb. Service Packs also help identify to a technician (which I am) what's on the computer, what tools we can expect to be available, how those tools will behave, and where they can be found.
Also, modularity doesn't work so well when you're pushing 800+ megs worth of updates to a user base that just wants the darn thing to work. With SP2, I can give a friend a copy of the network install and say "here, install this before your internet" and not worry nearly as much about spyware / viruses. I don't have to worry about them getting tired after double clicking 20 separate patches and missing an important one....
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Well, if you install Windows 2000 without it in the first place, that is.
None of the exploits worked on my machine when I tried them, including the fuxored help files that were apparently supposed to do something bad, but only gave me an invalid help file message...
Fred Vorck
(Running Windows 2000 without IE, per my instructions)
Download installer (under windows) to somewhere
Boot with fav live cd that has good ntfs (I assume that it what your Win box is using) write support.
Copy installer to admin startup directory (or link to installer with options you want set)
Reboot
The Singularity is closer than you think
Quant
Yes, a bug at any kernel trap is a way to crash -or find a back door into- a system. The goal/idea is that the kernel -NT, BSD, Linux or whatever- should be trap call safe. Of course, an OS with high redundancy at his trap level (read Windows NT and derivates) has a higher risk level, as people who program kernels are humans, just like you and I. As example, "commercial and very expesive real time UNIXes" are not bug free, few weeks ago we found at the office that the 'execl' kernel trap did bad his work when the thread number for a process was going above the 80% of his limit; white papers guaranted the operation, but in fact there was no such security, giving system panics and so on, dramatic.