A sta to podrzava SSH root login po defaultu? NetBSD? FreeBSD? Ili OpenBSD? :) vec se kupi... Sto manje moras da radis nakon man afterboot sistem je sigurniji. A NetBSD i FreeBSD su itekako sigurni.
Npr. na NetBSD moras da setujes ALLOW_VULNERABLE_PACKAGES da bi mogao da instaliras ista sto ima exploit.Po defaultu PHP ne mozes da instaliras! Ili GIMP :) A i svipaketi se podrazumevano kompajliraju tako da su maksimalno bezbedni
erika# audit-packages
Package kdegraphics-3.5.0 has a buffer-overflow vulnerability, see
http://www.kde.org/info/security/advisory-20051207-2.txt
Package poppler-0.4.2nb2 has a arbitrary-code-execution vulnerability, see
http://scary.beasts.org/security/CESA-2005-003.txt
Package kdelibs-3.5.0 has a buffer-overflow vulnerability, see
http://www.kde.org/info/security/advisory-20060119-1.txt
Package xine-lib-1.0.3anb3 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
Package xine-lib-1.0.3anb3 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
Package kdegraphics-3.5.0 has a arbitrary-code-execution vulnerability, see
http://www.kde.org/info/security/advisory-20060202-1.txt
Package gnupg-1.4.2 has a verification-bypass vulnerability, see
http://secunia.com/advisories/18845/
Package gnupg-1.4.2 has a incorrect-signature-verification vulnerability, see
http://lists.gnupg.org/piperma...pg-announce/2006q1/000216.html
Package tiff-3.7.4 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0405
Package tiff-3.7.4 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-2024
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
Package tiff-3.7.4 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-2120
Package xine-lib-1.0.3anb3 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664
Package openldap-2.3.11nb1 has a buffer-overflow vulnerability, see
http://secunia.com/advisories/20126/
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see
http://secunia.com/advisories/20488/
Package seamonkey-1.0.2 has a remote-information-exposure vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
Package kdebase-3.5.0nb1 has a local-information-exposure vulnerability, see
http://www.kde.org/info/security/advisory-20060614-1.txt
Package netpbm-10.30 has a denial-of-service vulnerability, see
http://secunia.com/advisories/20729/
Package gnupg-1.4.2 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
Package php-5.1.4nb1 has a security-bypass vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3011
Package xine-lib-1.0.3anb3 has a remote-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802
Package gimp-2.3.4nb1 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
Package apache-2.0.58 has a remote-code-execution vulnerability, see
http://secunia.com/advisories/21197/
Package gnupg-1.4.2 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
Package mysql-server-5.0.22 has a security-bypass vulnerability, see
http://secunia.com/advisories/21259/
Package mysql-server-5.0.22 has a security-bypass vulnerability, see
http://secunia.com/advisories/21506/
Package mysql-server-5.0.22 has a privilege-escalation vulnerability, see
http://secunia.com/advisories/21506/
Package tiff-3.7.4 has a multiple-vulnerabilities vulnerability, see
http://secunia.com/advisories/21304/
Package php-5.1.4nb1 has a security-bypass vulnerability, see
http://secunia.com/advisories/21403/
Package ImageMagick-6.2.8.0 has a arbitrary-code-execution vulnerability, see
http://secunia.com/advisories/21462/
Package php-5.1.4nb1 has a multiple-vulnerabilities vulnerability, see
http://secunia.com/advisories/21546/
Package libwmf-0.2.8.4nb3 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Package freetype2-2.2.1 has a arbitrary-code-execution vulnerability, see
http://secunia.com/advisories/21450/
Package ImageMagick-6.2.8.0 has a arbitrary-code-execution vulnerability, see
http://secunia.com/advisories/21615/
Package musicbrainz-2.1.1nb1 has a remote-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4197
Package gtar-base-1.15.1nb2 has a denial-of-service vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Package gtar-base-1.15.1nb2 has a arbitrary-code-execution vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Package openldap-2.3.11nb1 has a bypass-security-restrictions vulnerability, see
http://secunia.com/advisories/21721/
Package seamonkey-1.0.2 has a buffer-overflow vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
Package seamonkey-1.0.2 has a signature-forgery vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
Package seamonkey-1.0.2 has a frame-content-spoofing vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
Package ns-flash-7.0.63 has a remote-code-execution vulnerability, see
http://www.adobe.com/support/security/bulletins/apsb06-11.html
Package gnutls-1.4.0 has a signature-forgery vulnerability, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790
erika#
jedna komanda i sve znas, to je druga stvar zbog koje ovo ni za sta ne menjam.
Kada je u NetBSD 3.0 otkriveno par lokalnih exploita vezanih za audio podsistem (nov u 3.0) patch za kernel je izbacen u roku od odmah. I tu ne govorimo o remote rupama. Imas GIMP? Tvoj OpenBSD nije bezbedan. Da li to znas? :)