Professor D.J. Bernstein of the University of Illinois at Chicago has notified the Unix security community that his students have found no fewer than forty four security vulnerabilities in Unix.
Bernstein gave the students for his MCS Computer Science (Unix) course the assignment to find ten previously undiscovered security holes in Unix, and boy did they deliver!
Despite the discovery, however, one of Bernstein’s students reports on Slashdot that most of the class failed, and that they themselves expect to fail despite averaging As on the exams. Wow, he must be a tough grader!
The Unix programs found to have security holes include CUPS, NASM, mpg123, MPlayer, xine-lib, and many others.
According to the student, the class of 25 was charged with finding the holes in “currently deployed Unix software”, which means you IT administrators who are administering systems running various flavours and derivitives of Unix had better take note.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
A complete list of the emails sent out notifying the SecureSoftware mailing list of the holes is available at [Page no longer available – we have linked to the archive.org version instead], and also includes jpeg2avi, meshviewer, and qwik-smtp.
Remember, while Unix is still considered to be far more secure than most other OSs out there, nothing is invulnerable.
You can read more about this on Slashdot.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
