Για να καταλάβετε καλύτερα,δείτε δυο πρόσφατα παραδείγματα από τις λίστες του debian.
Το πρώτο αφορά το Open Office και το πώς αυτό χειρίζεται αρχεία .lwp (Lotus Word Pro)
το δεύτερο αφορά το asterisk και διορθώνει ένα bug Που μπορεί να το κρασάρει remotely.
Package : openoffice.org
Vulnerability : stack-based buffer overflow
Problem type : local
Debian-specific: no
CVE ID : none yet
Will Dormann and Jared Allar discovered that the Lotus Word Pro import
filter of OpenOffice.org, a full-featured office productivity suite that
provides a near drop-in replacement for Microsoft(R) Office, is not
properly handling object ids in the ".lwp" file format. An attacker can
exploit this with a specially crafted file and execute arbitrary code with
the rights of the victim importing the file.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in
version 1:3.2.1-11+squeeze3.
For the testing distribution (wheezy), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
libreoffice version 1:3.3.3-1.
We recommend that you upgrade your openoffice.org packages.
Package : asterisk
Vulnerability : multiple denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2529 CVE-2011-2535
Debian Bug : 631445 631446 631448
Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008
(CVE-2011-2529) through which an unauthenticated attacker may crash an Asterisk
server remotely. A package containing a null char causes the SIP header parser
to alter unrelated memory structures.
Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009
through which an unauthenticated attacker may crash an Asterisk server remotely.
If a user sends a package with a Contact header with a missing left angle
bracket (<) the server will crash. A possible workaround is to disable chan_sip.
The vulnerability identified as AST-2011-010 (CVE-2011-2535) reported about an
input validation error in the IAX2 channel driver. An unauthenticated attacker
may crash an Asterisk server remotely by sending a crafted option control frame.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.21.2~dfsg-3+lenny3.
For the stable distribution (squeeze), this problem has been fixed in
version 1.6.2.9-2+squeeze3.
For the testing distribution (wheezy), this problem has been fixed in
version 1:1.8.4.3-1.
For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.4.3-1.
We recommend that you upgrade your asterisk packages.
Όπως βλέπετε οι ενημερώσεις ασφαλείας συνήθως διορθώνουν bugs που μπορεί να εκμεταλλευτεί κάποιος κακόβουλος,locally ή remotely, για να εκτελέσει arbitrary κώδικα ,να προκαλέσει buffer κάποιο overflow και γενικά να βάλει σε κίνδυνο την ασφάλεια και την σταθερότητα του συστήματος.