LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

RHEL, kernel vulnerabilities, and days of risk

RHEL, kernel vulnerabilities, and days of risk

Posted Mar 25, 2005 3:30 UTC (Fri) by quickening (guest, #14807)
Parent article: RHEL, kernel vulnerabilities, and days of risk

Has anyone seen a study of days of risk from known exploits? How about number of successful intrusions? A simple up-time metric for web servers would indirectly indicate Linux is far more secure than Microsoft.

I am personally familiar with a samba DOS exploit against Win2K3 (it remotely crashes the box!) which took Microsoft 3 months to patch after I told them about it, and that patch is still not part of a service pack - and probably not installed on most servers. Something really stinks when you know there's lots of these patches which Microsoft never bothers to publish, and which never make it into these "official" studies.

(Log in to post comments)

RHEL, kernel vulnerabilities, and days of risk

Posted Mar 25, 2005 8:10 UTC (Fri) by khim (subscriber, #9252) [Link]

Exactly! If you can remotely crash the box then chances are high it's buffer overflow somewhere and that it can be used as exploit - but since exploit is not shown Microsoft can claim "it's not a security issue".

When and if exploit will be shown they'll claim "it's new, just discovered problem" and counter will be reset...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds