ok, idemo dalje
posluzicemo se [search.us-cert.gov] bazom za Cyber Security Alerts & Vulnerability Notes
["Microsoft" u nazivu] = [ 441 pogodak ]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
-------------------------------------------------------------------------------
["Red Hat"] = [ 190 pogodaka]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
-------------------------------------------------------------------------------
["Suse"] = [ 159 pogodaka ]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
-------------------------------------------------------------------------------
["Trustix"] = [ 58 pogodaka ]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
-------------------------------------------------------------------------------
["Slackware"] = [ 46 pogodka ]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
-------------------------------------------------------------------------------
["Linux"] = [ 238 pogodaka]
http://search.us-cert.gov/quer...et=iso-8859-1&ql=a&qt=
Bill Gates:
Citat:
Now, in terms of delivering on more secure systems, I think there are three general things that we do. The first is advancing the technology. We spend over US$6 billion a year on research and development. I'd say that over a third of that is directly security-focused, and the other two-thirds all tie in and relate to that security work, all the new code being reviewed and going through the threat model, a pretty dramatic thing there. So, big advances on the technology front, and I'll spend most of my time talking about the milestones there and the road ahead there.
...hehe secam se price za 2k3...
==============================================================
Vulnerability Notes search na
www.kb.cert.org
Ono sto nas interesuje su "severity points"(kolona metric)
Sve vrednosti iznad 40 se smatraju ozbiljne:
[Microsoft]
http://www.kb.cert.org/vuls/by...searchview&query=microsoft
250 pogodaka od kojih 39 ima vrednost iznad 40:
94.5 VU#254236 9/10/2003 Microsoft Windows RPCSS Service contains heap verflow in DCOM request filename handling
94.5 VU#483492 9/10/2003 Microsoft Windows RPCSS Service contains heap overflow in DCOM activation routines
79.31 VU#789543 5/14/2001 IIS decodes filenames superfluously after applying security checks
78.75 VU#568148 7/16/2003 Microsoft Windows RPC vulnerable to buffer overflow
78.0 VU#117394 3/17/2003 Buffer Overflow in Core Microsoft Windows DLL
76.5 VU#323070 11/25/2003 Outlook Express MHTML protocol handler does not properly validate location of alternate data
69.3 VU#952336 6/18/2001 Microsoft Index Server/Indexing Service used by IIS 4.0/5.0 contains unchecked buffer used when encoding double-byte characters
64.8 VU#713878 6/3/2004 Microsoft Internet Explorer does not properly validate source of redirected frame
63.78 VU#842160 11/2/2004 Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements
61.96 VU#972415 12/21/2004 Microsoft Windows HTML Help ActiveX control does not adequately validate window source
60.75 VU#980499 3/29/2001 Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTML
56.7 VU#865940 8/20/2003 Microsoft Internet Explorer does not properly evaluate ""application/hta"" MIME type referenced by DATA attribute of OBJECT element
56.1 VU#266926 2/15/2004 Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files
56.04 VU#652452 9/10/2003 Microsoft Internet Explorer does not adequately validate javascript: protocol URL
55.28 VU#820427 2/8/2005 Microsoft Hyperlink Object Library buffer overflow
54.0 VU#516648 5/1/2001 Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)
52.58 VU#542081 11/20/2002 Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request
52.31 VU#279156 11/11/2003 Microsoft FrontPage Server Extensions contains buffer overflow in remote debugging functionality
51.84 VU#251788 5/8/2003 Microsoft Internet Explorer does not safely handle multiple file download requests
51.63 VU#951555 12/20/2001 Microsoft Windows Universal Plug and Play (UPNP) vulnerable to buffer overflow via malformed advertisement packets
51.3 VU#454091 4/10/2002 Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields
50.62 VU#575892 10/15/2003 Buffer overflow in Microsoft Messenger Service
50.62 VU#713779 5/9/2002 Microsoft MSN Messenger Chat Control contains a buffer overflow in ""ResDLL"" parameter
50.62 VU#443699 12/13/2001 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers
48.55 VU#255924 4/13/2004 Microsoft Windows ASN.1 library contains a memory management vulnerability
46.57 VU#228028 7/13/2004 Microsoft Windows Task Scheduler Buffer Overflow
45.56 VU#567620 11/11/2003 Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message
45.24 VU#274496 10/12/2004 Microsoft Excel parameter validation error
45.18 VU#627275 3/12/2002 Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
45.1 VU#771604 9/10/2003 Microsoft Internet Explorer does not properly validate URL sources
44.75 VU#625856 12/23/2004 Microsoft Windows LoadImage API vulnerable to integer overflow
43.69 VU#547820 10/10/2003 Microsoft Windows DCOM/RPC vulnerability
43.28 VU#399260 7/24/2002 Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
43.28 VU#484891 7/24/2002 Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
42.09 VU#326412 9/10/2003 Microsoft Internet Explorer execCommand method does not properly validate URL source
41.76 VU#610986 1/22/2003 Microsoft Locator service contains buffer overflow
41.0 VU#784102 11/25/2003 Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log
40.16 VU#586540 4/13/2004 Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
40.07 VU#422156 10/15/2003 Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests
[Red Hat]
http://www.kb.cert.org/vuls/bymetric?searchview&query=redhat
55 pogodaka od kojih 3 ima vrednost iznad 40:
108.16 VU#16532 11/10/1999 BIND T_NXT record processing may cause buffer overflow
87.72 VU#29823 6/23/2000 Format string input validation error in wu-ftpd site_exec() function
48.19 VU#382365 9/25/2000 LPRng can pass user-supplied input as a format string parameter to syslog() calls
ISO/IEC JTC1/SC22/WG14-ISO/IEC 9899:1999