Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gov't.-published List of Computer Security Holes

Posted by timothy on Thursday August 11, 2005 @07:16AM from the benefitting-the-commonwealth dept.

Arngautr writes "ScienceDaily.com reports that The U.S. government has created a 'comprehensive database of computer vulnerabilities,' The National Vulnerability Database. Updated daily, it currently includes almost 12,000 vulnerabilities. Should be a boon to IT professionals and script kiddies alike."

2 of 25 comments (clear)

Min score:

Reason:

Sort:

This might actually be useful by Anonymous Coward · 2005-08-11 07:17 · Score: 4, Interesting

The first thing that caught me eye on there was "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."

And guess which version of Tar is GNU's latest.

Anyway, I can't believe I'm saying this, but thanks US Gov!
Unknown bug by TheCreeep · 2005-08-11 07:27 · Score: 4, Funny

CAN-2005-1767 Summary: Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local users to cause a denial of service (stack fault exception) via unknown attack vectors. Published: 8/5/2005 Severity: Medium

"I don't know where, I don't know how, but there's a bug in your kernel!"