Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday July 31 2017, @05:01AM   Printer-friendly
from the imminent-recursion dept.

The 2017 Pwnie winner for lamest vendor response goes to Lennart Poettering for systemd. According to CSO which has reported on it, the Pwnie winners which were announced a few days ago, the summary for Lennart and systemd reads as follows:

The most spectacular mishandling of a security vulnerability by a vendor ended up winning a Pwnie for Lennart Poettering due to SystemD bugs 5998, 6225, 6214, 5144, 6237. The nomination reads: "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by TheRaven on Monday July 31 2017, @08:39AM (2 children)

    by TheRaven (270) on Monday July 31 2017, @08:39AM (#547037) Journal
    I'll give you cat, but the others have all had some pretty important bug fixes in the last few years. Bash was a really bad example: remember Shellshock?
    --
    sudo mod me up
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by PiMuNu on Monday July 31 2017, @10:18AM (1 child)

    by PiMuNu (3823) on Monday July 31 2017, @10:18AM (#547073)

    A couple of other people made the same comment. I would put security issues as a corner case, because they pertain to web servers - which is not the majority of users (well, pre-IOT at least).

    • (Score: 3, Insightful) by TheRaven on Monday July 31 2017, @01:49PM

      by TheRaven (270) on Monday July 31 2017, @01:49PM (#547137) Journal
      Shellshock didn't just pertain to web servers, any laptop user could have an attacker run arbitrary code as root in response to a DHCP packet.
      --
      sudo mod me up