Professor D.J. Bernstein of the University of Illinois at Chicago has notified the Unix security community that his students have found no fewer than forty four security vulnerabilities in Unix.
Bernstein gave the students for his MCS Computer Science (Unix) course the assignment to find ten previously undiscovered security holes in Unix, and boy did they deliver!
Despite the discovery, however, one of Bernstein’s students reports on Slashdot that most of the class failed, and that they themselves expect to fail despite averaging As on the exams. Wow, he must be a tough grader!
The Unix programs found to have security holes include CUPS, NASM, mpg123, MPlayer, xine-lib, and many others.
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
According to the student, the class of 25 was charged with finding the holes in “currently deployed Unix software”, which means you IT administrators who are administering systems running various flavours and derivitives of Unix had better take note.
A complete list of the emails sent out notifying the SecureSoftware mailing list of the holes is available at [Page no longer available – we have linked to the archive.org version instead], and also includes jpeg2avi, meshviewer, and qwik-smtp.
Remember, while Unix is still considered to be far more secure than most other OSs out there, nothing is invulnerable.
You can read more about this on Slashdot.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!