Last Years Vulnerabilies

[mandraketux]

From Jan2005 to Dec2005 is a year-end summary of software vulnerabilities.
There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.
Notice the WindowsXP is at the top with the most. Also with the Critical IE vulnerabilitie.
Windows XP 77.92%
Windows 2000 9.82%
Windows 98 4.78%
Mac OS 4.11%
Windows ME 1.99%
Windows NT 0.86%
Linux 0.30%
Windows 95 0.12%
Web TV 0.03%
Windows CE 0.02%
SunOS sun4u 0.01%
PSP 0.01%
Hiptop 0.01%
FreeBSD i386 0.00%

Theres a reason i love FreeBSD not sure about anyone but thats just me. one OS that i like along with SuSe

[nihil]

Sorry mate.......................the math just does not stack up?

Can you post the source?

For example,

Windows XP 77.92%
Windows 2000 9.82%

They are much too similar for such a vast difference? Those look more like infection rates or something?

Also, what do you mean by "vulnerability"?.......................could it be "malware"? The numbers seem way to high?

[HTRegz]

Hey Hey,

I'm guessing someone took legitimate results and added some percentages on their own?

The numbers are originally from US-CERT

Source: http://www.us-cert.gov/cas/bulletins/SB2005.html


2005 Year-End Index
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.

It's actually humerous that it's broken down as Windows XP/2K in the original post... not sure who did that... If you look through the US-CERT List you'll see that quite a few of them are actually 3rd Party software... which (for the most part) would be OS inspecific.

Peace,
HT

[Computernerd22]

I have to agree with Nihil on this one. The calculations just doesn't add up. For example, I went to google and did the math like so.

There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities;

There are 5,198 vulnerabilities (total). 812 of those 5,198 vulnerabilities are Windows. Now, if you divide 812 / 5,198 it doesn't equal your results which is Windows XP 77.92%

Mandraketux how did you come up with these figures? Also, post the URL to the site where you obtained this information. Thank you, CN22

812 into 5,198 = 6.40147783

You must spread your AntiPoints around before giving it to nihil again.

If I could I would. When I get the chance I will.

I think mandraketux obtained his information from here:

http://blogs.zdnet.com/Spyware/index.php?m=

found it by using this

http://www.google.com/search?hl=en&q...ws+XP+77.92%25

[Relyt]

FreeBSD i386 0.00%

He didn't really post that did he? Here's all the vulnerabilities and bugs they had to fix in 2005 while releasing 6.0:

2.1 Security Advisories

A bug in the fetch(1) utility, which allows a malicious HTTP server to cause arbitrary portions of the client's memory to be overwritten, has been fixed. For more information, see security advisory FreeBSD-SA-04:16.fetch. [MERGED]

A bug in procfs(5) and linprocfs(5) which could allow a malicious local user to read parts of kernel memory or perform a local denial of service attack by causing a system panic, has been fixed. For more information, see security advisory FreeBSD-SA-04:17.procfs. [MERGED]

Two buffer overflows in the TELNET client program have been corrected. They could have allowed a malicious TELNET server or an active network attacker to cause telnet(1) to execute arbitrary code with the privileges of the user running it. More information can be found in security advisory FreeBSD-SA-05:01.telnet. [MERGED]

An information disclosure vulnerability in the sendfile(2) system call, which could permit it to transmit random parts of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:02.sendfile. [MERGED]

An information leak vulnerability in the SIOCGIFCONF ioctl(2), which leaked 12 bytes of kernel memory, has been fixed. More details are in security advisory FreeBSD-SA-05:04.ifconf. [MERGED]

Several programming errors in cvs(1), which could potentially cause arbitrary code to be executed on CVS servers, have been corrected. Further information can be found in security advisory FreeBSD-SA-05:05.cvs. [MERGED]

An error in the default permissions on the /dev/iir device node, which allowed unprivileged local users can send commands to the hardware supported by the iir(4) driver, has been fixed. For more information, see security advisory FreeBSD-SA-05:06.iir. [MERGED]

A bug in the validation of i386_get_ldt(2) system call input arguments, which may allow kernel memory to be disclosed to a user process, has been fixed. For more information, see security advisory FreeBSD-SA-05:07.ldt. [MERGED]

Several information disclosure vulnerabilities in various parts of the kernel have been fixed. For more information, see security advisory FreeBSD-SA-05:08.kmem. [MERGED]

Because of an information disclosure vulnerability on processors using Hyper-Threading Technology (HTT), the machdep.hyperthreading_allowed sysctl variable has been added. It defaults to 1 (HTT enabled) on FreeBSD CURRENT, and 0 (HTT disabled) on the 4-STABLE and 5-STABLE development branches and supported security fix branches. More information can be found in security advisory FreeBSD-SA-05:09.htt. [MERGED]

A bug in the tcpdump(1) utility which allows a malicious remote user to cause a denial-of-service by using specially crafted packets, has been fixed. For more information, see security advisory FreeBSD-SA-05:10.tcpdump. [MERGED]

Two problems in the gzip(1) utility have been fixed. These may allow a local user to modify permissions of arbitrary files and overwrite arbitrary local files when uncompressing a file. For more information, see security advisory FreeBSD-SA-05:11.gzip. [MERGED]

A bug in BIND 9 DNSSEC has been fixed. When DNSSEC is enabled, this bug may allow a remote attacker to inject a specially crafted packet which will cause named(8) to terminate. For more information, see security advisory FreeBSD-SA-05:12.bind9. [MERGED]

A bug has been fixed in ipfw(4) that could cause packets to be matched incorrectly against a lookup table. This bug only affects SMP machines or UP machines that have the PREEMPTION kernel option enabled. More information is contained in security advisory FreeBSD-SA-05:13.ipfw. [MERGED]

Two security-related problems have been fixed in bzip2(1). These include a potential denial of service and unauthorized manipulation of file permissions. For more information, see security advisory FreeBSD-SA-05:14.bzip2. [MERGED]

Two problems in FreeBSD's TCP stack have been fixed. They could allow attackers to stall existing TCP connections, creating a denial-of-service situation. More information is contained in security advisory FreeBSD-SA-05:15.tcp. [MERGED]

freebsd.org

Cheers

[HTRegz]

Hey Hey,

Let me amend what I've posted previously... The first part of mandraketux's post is legit (it's from the US-CERT page that I quoted)... The second part is also legit (the numbers anyways)... However it relates to OS Market Share.... Not vulnerabilities..

The following will look familiar

Source: http://marketshare.hitslink.com/repo...rame=M&qpsp=82

Windows XP 77.92%
Windows 2000 9.82%
Windows 98 4.78%
Mac OS 4.11%
Windows ME 1.99%
Windows NT 0.86%
Linux 0.30%
Windows 95 0.12%
Web TV 0.03%
Windows CE 0.02%
SunOS sun4u 0.01%
PSP 0.01%
Hiptop 0.01%
Unknown 0.00%
FreeBSD i386 0.00%

This is what happens when people blog and just join random numbers...

Peace,
HT

[Relyt]

Thought something was fishing because Ver 5.4 was released on 9 May 2005, and they needed to do some work on it and 6.0 was released on 4 Nov 2005. That's only 6 months between them!

Thanks

[nihil]

Well,

Using number of applications vulnerabilities and OS market share isn't a particularly useful statistic?

I think that this is the relevant consideration:

If you look through the US-CERT List you'll see that quite a few of them are actually 3rd Party software... which (for the most part) would be OS inspecific.

The vulnerability count does not refer to the operating system per se, most of them are related to applications that happen to run on a particular operating system. I must admit that I did wonder how *nix could chalk up 2,328

Another consideration would be how many of these "vulnerabilities" have actually got exploits in the wild?

And again, how many of these vulnerable applications are you running, and are you actually exposed?

For example (crude) say there are 5,000 vulnerabilities and only one person in the whole World is running them..................who would care.

On the other hand, if there were only 5 vulnerabilities and 90% of Humanity was running them, it would be a different story?

Just a few thoughts

[Tiger Shark]

This whole thread stinks of some noob *nix wally trying to prove how much better thier OS is than everyone elses.....

Mandrake: If you don't have $h1t worth talking about stfu.... because you make yourself look really f'ing dumb when you don't even understand the stats you are looking at....

[nihil]

I think that the real villain of the piece is the woman who wrote that ZDNet article.

She took these "vulnerability statistics" then tried to correlate them to "market shares"

As has been noted, these are "vulnerabilities" (not neccessarily exploits in the wild) and they very largely relate to applications (the majority of which are third party).

What she seemed to be implying(?????????????) is that as there were only 800 MS vulnerabilities and 2,300 *nix ones, if *nix were as popular as Windows it would get swamped to a much greater extent.

My point is that you would have to be running the application in the first place? and your setup would have to permit an exploit to run.

I would make the observation that as MS Windows is closed source single ownership, they can take a much harder line over standards in their business partners than the open source community can. That makes these statistics totally unremarkable to me

Also, as the MS platform is by far the largest, there is fierce competition amongst Apps suppliers to that market? If they get a reputation for "sloppy" they are toast?

The "scoring" seems to be rather arbitrary also................for example if I write a bad application with 100 vulnerabilities and maybe 1,000 customers, I make that platform look a lot worse than an application with one vulnerability and 50,000,000 users?

I do believe that you should make a very clear distinction between applications and operating systems. I also believe that you need to consider mitigating circumstances and potential damage?

I see a lot of these articles and subsequent discussions, but remain very sceptical as whether we have sufficient data to determine anything like the true risk or potential impact. For example, there are quite a few patches I don't apply because I just don't do "that" or even have it installed?

Just my thoughts (but I don't have to churn out articles like a hamburger machine for a living )