• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers

  • CasePointer

  • VisionPort

  • Contact
  • Our Blog

    Ongoing observations by End Point Dev people

    Red Hat Enterprise Linux 4 Security Report

    Jon Jensen

    By Jon Jensen
    June 5, 2007

    Mark Cox, director of the Red Hat Security Reponse Team, has published a security report of the first two years of Red Hat Enterprise Linux 4, which was released in February 2005. He discusses the vulnerabilities, threats, time to release of updates, and mitigation techniques the operating system uses.

    It is interesting to note that the vast majority of security vulnerabilities affected software not used on servers: The Mozilla browser/email suite, Gaim instant messenger, xpdf, etc. Some of the server vulnerabilities would require certain user input to be exploited, such as running Links or Lynx, calling libtiff, or running a malicious binary. Others require less common setups such as Perl’s suidperl or Bluetooth drivers, or local shell access.

    Nothing is completely secure, but Red Hat Enterprise Linux, configured well and kept updated, has a very good track record so far.

    redhat linux