On CHOW: Throw parties like a pro
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 35 of 46:
Next »
« Previous
Stop spreading the FUD
Dear Linux zealots:

I know how you love to take this opportunity to tell the world how Bill Gates is the minion of Satan and Linux is perfect. I'm asking you to be truthful. Linux, like all software, has flaws. It is not perfect. The flaws don't get much coverage because, now let's be honest, the flaws don't affect as many people as a Microsoft flaw.

Too many of you like to take every opportunity to show how Microsoft is doomed and Linux is perfect. I'll now take this time to point out CURRENT flaws with some of the Linux distros:

Fedora Update Notification
FEDORA-2004-116
2004-07-01
Product : Fedora Core 1
Name : rsync
Version : 2.5.7
Release : 5.fc1
Summary : A program for synchronizing files over a network.
Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module's "path", depending on the privileges
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue.

Fedora Update Notification
FEDORA-2004-168
2004-07-01
Product : Fedora Core 2
Name : mailman
Version : 2.1.5
Release : 7
Summary : Mailing list manager with built in Web access.
Mailman subscriber passwords could be retrieved by a remote attacker.


Fedora Update Notification
FEDORA-2004-205
2004-07-02
Product : Fedora Core 2
Name : kernel
Version : 2.6.6
Release : 1.435.2.3
Summary : The Linux kernel (the core of the Linux operating system)
During an audit of the Linux kernel, SUSE discovered a flaw in the
Linux kernel that inappropriately allows an unprivileged user to
change the group ID of a file to his/her own group ID.


FreeBSD-SA-04:13.linux Security Advisory
The FreeBSD Project

Topic: Linux binary compatibility mode input validation error

Category: core
Module: kernel
Announced: 2004-06-30
Credits: Tim Robbins
Affects: All 4.x and 5.x releases
II. Problem Description

A programming error in the handling of some Linux system calls may
result in memory locations being accessed without proper validation.

III. Impact

It may be possible for a local attacker to read and/or overwrite
portions of kernel memory, resulting in disclosure of sensitive
information or potential privilege escalation. A local attacker can
cause a system panic.

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: apache
Advisory ID: MDKSA-2004:065
Date: June 29th, 2004

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

A buffer overflow vulnerability was found by George Guninski in
Apache's mod_proxy module, which can be exploited by a remote user
to potentially execute arbitrary code with the privileges of an
httpd child process (user apache).

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: apache2
Advisory ID: MDKSA-2004:064
Date: June 29th, 2004

Affected versions: 10.0, 9.1, 9.2
______________________________________________________________________

Problem Description:

A Denial of Service (Dos) condition was discovered in Apache 2.x by
George Guninski. Exploiting this can lead to httpd consuming an
arbitrary amount of memory. On 64bit systems with more than 4GB of
virtual memory, this may also lead to a heap-based overflow.

I could go on, but I think you get the point. Linux is not perfect. Microsoft isn't either. Get off your high horse, stop spreading your FUD, and get back to work. As IT professionals it should be important that we all understand what we are doing. It does none of us any good to make our projects look indestructable when we ALL know that given the motivation, any software can be broken.

We ALL must teach the consumers of our efforts that given time, software and hardware will fail. We should continue to educate them that because everything can and will fail, that it is important that they keep us around because we know how to fix these issues.

So please, do us all a favor, stop the cheerleading. They same goes for the Microsoft zealots.
Posted by: dj_45_cal   Posted on: 07/08/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Nonsense..  Mike Cox | 07/08/04
9.5  Linux User 147560 | 07/08/04
Stop it Mike... you're scaring me  Tux Groomer | 07/08/04
not that was good .) (NT)  ryusen | 07/08/04
Yes, surely the prophet speaks. . .  boomslang_z | 07/12/04
Try fixing linux  Enterprise Analyst. | 07/08/04
Fantasy...  Tim Patterson | 07/08/04
Only with an IT staff  frgough@... | 07/08/04
And this is different from Windows how?  B.O.F.H. | 07/08/04
It's different  frgough@... | 07/08/04
No...  Linux User 147560 | 07/08/04
Another difference you forgot to mention  Monkey_MCSE | 07/08/04
Having worked in many small businesses  B.O.F.H. | 07/08/04
Guess i wasn't the only one thinking of the licensing issue here(NT)  Monkey_MCSE | 07/08/04
Have you used RPMs or other  michael-t | 07/08/04
Bring it back when you're done??????  NemesisNL | 07/16/04
You are so right:  michael-t | 07/08/04
Dell selling linux  zijiang | 07/08/04
Why are they trying to  Linux User 147560 | 07/08/04
This is about  Linux User 147560 | 07/08/04
Actually it would not  FirstNLastN | 07/08/04
not all MCSE's are "incompetent"..  Monkey_MCSE | 07/08/04
Try making sense  Jeff Spicoli | 07/08/04
The percentage of Linux...  bjbrock | 07/08/04
Smart business person  jsjag1 | 07/08/04
Re: Try fixing Linux  issthatso | 07/08/04
Linux will be secure until...  zijiang | 07/08/04
How hard is it?  ryusen | 07/08/04
I think that  michael-t | 07/08/04
MS has the best desktop  Enterprise Analyst. | 07/08/04
Not an apple user just a tech  xshakes | 07/08/04
I agree  Michael Kelly | 07/08/04
Enterprise has been trolling all morning...ignore (nt)  el1jones | 07/08/04
why would i think _I_ could do better?  ryusen | 07/08/04
Stop spreading the FUD  dj_45_cal | 07/08/04
Who (realistically) says Linux is perfect?  Michael Kelly | 07/08/04
Hear, hear  Linux User 147560 | 07/08/04
too many do  zijiang | 07/08/04
I'll readily admit...  Michael Kelly | 07/08/04
but that's the point isn't it?  ryusen | 07/08/04
Your list is almost as long as the updates in my add/remove window  jdunn_z | 07/08/04
did you install fedora?  zijiang | 07/08/04
No suse,  jdunn_z | 07/08/04
I know  zijiang | 07/08/04
MSFT is not going to change  Chad_z | 07/08/04
Destroyed by the Blog?  Anton Philidor | 07/08/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline