Subject: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: Andy Ruhl <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 01/12/2007 13:24:24
On Fri, 12 Jan 2007 10:05:33 -0700
"Andy Ruhl" <email@example.com> wrote:
> On 1/12/07, Gavan Fantom <firstname.lastname@example.org> wrote:
> > Unless your box was severely hardened against malicious local
> > users, you really should consider it rooted once a local account is
> > compromised.
> It's not me, it's another guy. I was just chiming in which maybe was a
> bad idea...
> But still, I find it difficult to believe how quickly people assume
> the box is rooted just because a user account was compromised. Is it
> really that easy to get root on NetBSD? Or is it just simply unknown
> how many compromises there are?
It's unknown and unknowable.
To take a random example, here's the current vulnerabilities list from
>> 01.11.07 : Computer Associates BrightStor ARCserve Backup RPC Engine PFC Request Buffer Overflow Vulnerability
>> 01.09.07 : Microsoft Excel Invalid Column Heap Corruption Vulnerability
>> 01.09.07 : Microsoft Excel Long Palette Heap Overflow Vulnerability
>> 01.09.07 : Microsoft Windows VML Element Integer Overflow Vulnerability
>> 01.09.07 : Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
>> 01.09.07 : Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability
>> 01.09.07 : Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability
>> 01.09.07 : Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability
>> 01.05.07 : Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability
>> 01.05.07 : Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability
>> 01.05.07 : Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability
Note that this list is just for this month -- new vulnerabilities just
announced within the last two weeks. At least five of them could
affect NetBSD users. The X vulnerabilities affect XFree86 and Xorg; I
wouldn't be surprised if vnc were vulnerable, too. The X
vulnerabilities, I should note, are described as local exploits.
Want more? There were 27 security advisories for NetBSD last year
alone. On January 1, 2006, pkg-vulnerabilities was 1657 lines long;
today, it's 2385 lines long.
--Steve Bellovin, http://www.cs.columbia.edu/~smb