security by apps

ralph

Verified User
Joined
Mar 29, 2006
Messages
8
Location
Norway
since DA is not using apt's own packages i wonder how i am supposed to check for vuln regulary.

a quick nmap shows me this.

21/tcp open ftp ProFTPD 1.2.10
22/tcp open ssh OpenSSH 3.8.1p1 Debian-8.sarge.4 (protocol 2.0)
25/tcp open smtp Exim smtpd 4.54
53/tcp open domain ISC Bind 9.2.4
80/tcp open http Apache httpd 1.3.34
110/tcp open pop3 vm-pop3d 1.1.7f-T6-DA (derived from gnu-pop3d)
113/tcp open auth?
143/tcp open imap UW imapd 2003.339
443/tcp open http Apache httpd 1.3.34
3306/tcp open mysql MySQL (unauthorized)

i guess DA not updates vulnerable applications itself, but this is still very important. Why not use apt?

--
Ralph
 
DA maintains it's own hosting environment no matter what the OS distribution.

If it did otherwise then you'd have to monitor all the config files to make sure they work with DA.

I think that would be a nightmare. My guess is the DA programming staff thinks the same.

Jeff
 
how about making it possible to use its OS's package management system on your own risk.
Or making a security type of thing telling users when to upgrade the software used by DA because of vulnerabilities? This happens all the time and consumes much work for everybody. If its not done about 50% of DA servers is vulnerable to exploits and no one wants that?
 
Back
Top