Focus on Linux
Red Hat vs Debian Linux: overall security Nov 27 2006 05:44PM
tjanas austin rr com (7 replies)
Re: Red Hat vs Debian Linux: overall security Nov 30 2006 12:19AM
jm (jm hcn com au)
Re: Red Hat vs Debian Linux: overall security Nov 29 2006 10:04PM
Uday K. MOORJANI (umoorjani mediaserv net)
RE: Red Hat vs Debian Linux: overall security Nov 28 2006 08:50PM
terry (tvernon24 comcast net)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:18PM
Cristobal Palmer (cristobalpalmer gmail com)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:15PM
Syv Ritch (syv 911networks com)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:09PM
Vincent Renardias (vincent renardias com)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:06PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
On 27/11/2006 17:44, tjanas (at) austin.rr (dot) com [email concealed] wrote:
> I am evaluating the overall security of Red Hat linux vs Debian. I've been told that Debian has many more vulnerabilities than Red Hat. I've also been told that Red Hat is quicker to release security patches than Debian is for the "stable" release. Can someone point me to a good overall assessment of the two? Using this tool: www.securityfocus.com/bid I see that Debian has 17 pages worth of issues but Red Hat has surprisingly few. Am I misinterpreting the results from this tool?

It depends how fine-grained you want to get. Being very rough-and-ready
about it:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=redhat
Results: 1591

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=debian
Results: 1526

...and, for reference, Fedora:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=fedora
Results: 423

From that, can you derive that Redhat is less secure than Debian? No.
You can only derive that there are more CVE entries for "redhat" than
there are for "debian", but with no more granularity than that.

On the face of it, RedHat releases new versions far more frequently than
Debian (see Fedora) and will, probably, be more likely to have more
vulnerabilities. However, what is the effect of said vulnerabilities?
Are they gaping, remote, root privilege escalation holes
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0010); or are
they more subtle, where a local user with a specific environment can
cause a local DoS attack by accessing a specially crafted filesystem
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815)?

You need to think about your definition of "security" before making a
move on your assessment. And have a good look around for the various
places this info is available, too.

Graeme
--
Graeme Fowler
Loughborough University

[ reply ]
Re: Red Hat vs Debian Linux: overall security Nov 29 2006 08:00PM
Alex Nordstrom (lx se linux org)


 

Privacy Statement
Copyright 2010, SecurityFocus