Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security Bug IT

Gov't.-published List of Computer Security Holes 25

Arngautr writes "ScienceDaily.com reports that The U.S. government has created a 'comprehensive database of computer vulnerabilities,' The National Vulnerability Database. Updated daily, it currently includes almost 12,000 vulnerabilities. Should be a boon to IT professionals and script kiddies alike."
This discussion has been archived. No new comments can be posted.

Gov't.-published List of Computer Security Holes

Comments Filter:
  • by Anonymous Coward on Thursday August 11, 2005 @03:17PM (#13297312)
    The first thing that caught me eye on there was "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."

    And guess which version of Tar is GNU's latest.

    Anyway, I can't believe I'm saying this, but thanks US Gov!
    • Sure its useful...everything the government puts out is "useful" in some way or another. Personally I like the idea. The question is when will the site be hacked.
    • Ya the only way it could be any better is if they said which vulns actually had known exploits with links to the source. For, you know, testing purposes.
    • Granted, it would be a nice feature, but why would you run tar as root to install something into a globally readable folder without full knowing what it is extracting? And why is it tar's job to tell you that this is a bad idea?
      which may allow local users or remote attackers to gain privileges."
      A better way to say that is that you are giving local users or remote attackers priveledges. This is very different from a buffer overflow.
  • From the posting: Should be a boon to IT professionals and script kiddies alike.

    Are we for full disclosure or security through obscurity? Let's decide which and be consistent, please.

  • Unknown bug (Score:4, Funny)

    by TheCreeep ( 794716 ) on Thursday August 11, 2005 @03:27PM (#13297390)
    CAN-2005-1767 Summary: Unknown vulnerability in the Linux kernel 2.6.x and 2.4.x allows local users to cause a denial of service (stack fault exception) via unknown attack vectors. Published: 8/5/2005 Severity: Medium

    "I don't know where, I don't know how, but there's a bug in your kernel!"
  • What, no RSS Feed? (Score:1, Insightful)

    by Anonymous Coward
    My compliments to the U.S. Government for having the database, and having it be populated with current information.

    However, the whole thing is a bit 2002 in approach. Please add an RSS feed so that I can scan what's changed since I last looked at it.

    Yours,
    Sysadmin
  • I'm sure the NSA still keeps the most juicy security bugs for itself for "defending" against "cyberterrorism". I am willing to bet they would be willing to use these unvoluntary backdoors to bring down criminal organizations. Hopefully, all this information is in the hands of "good". </conspiracy>

If this is a service economy, why is the service so bad?

Working...