[REVS] Security holes... Who cares? (Security patches handling case study)

From: support@securiteam.com
Date: 11/18/02

  • Next message: support@securiteam.com: "[NEWS] Default SNMP Community in Surecom Broadband Router" 
    From: support@securiteam.com
To: list@securiteam.com
Date: 18 Nov 2002 10:28:59 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security would like to welcome Tiscali World Online
    to our service provider team.
    For more info on their service offering IP-Secure,
    please visit http://www.worldonline.co.za/services/work_ip.asp
    - - - - - - - - -

      Security holes... Who cares? (Security patches handling case study)
    ------------------------------------------------------------------------

    SUMMARY

    RTFM reported on an observational study of user response following the
    OpenSSL remote buffer overflows of July 2002 and the worm that exploited
    it in September 2002. Immediately after the publication of the bug and its
    subsequent fix we identified a set of vulnerable servers. In the weeks
    that followed we regularly probed each server to determine whether it had
    applied one of the relevant fixes. RTFM reports two primary results.
    First, RTFM found that administrators are generally very slow to apply the
    fixes. Two weeks after the bug announcement, more than two thirds of
    servers were still vulnerable. Second, RTFM has identified several weak
    predictors of user response and find that the pattern differs in the
    period following the release of the bug and that following the release of
    the worm.

    DETAILS

    The complete research paper can be found at:
     <http://www.rtfm.com/upgrade.pdf> http://www.rtfm.com/upgrade.pdf [PDF]
     <http://www.rtfm.com/upgrade.ps> http://www.rtfm.com/upgrade.ps [PS]

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:ekr@rtfm.com> Eric Rescorla
    of RTFM.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

    Relevant Pages