There have been several software bugs which get detected after their long-time presence in the software. Other vulnerabilities in the same library might get fixed, but these latent bugs keep silent over years. For decades, these critical bugs simply go unnoticed and it's quite a common factor now. There are many reasons why a bug stays undetected or sometimes ignored too. Here we present a list of five such bugs which have lived for a long time without the knowledge of developers.
1. OpenBSD’s head bug:
This bug was present in the software for 37 years and two months before it got fixed in October, 2014. The bug is actually quite older than OpenBSD, which was born just 18 years ago. Though it was fixed, the bug remained in some BSD derivatives like NetBSD and the bug was present when OpenBSD was created in 1996. The problem was fixed in October 2014 after the previous fix was merged into OpenBSD.
2. Excel’s year 1900 problem:
This 27-year-old bug is not resolved yet. When Microsoft was creating the first version of Excel for Windows in mid 80s, it was competing against IBM's Lotus 1-2-3, the dominant PC spreadsheet of that time. Microsoft ported spreadsheets from Lotus, copying a Lotus bug as well into Excel and it started treating 1900 as a leap year. To make the date calculations easier, Lotus engineers ignored this bug as it was considered as a minor issue. This behaviour was followed in Microsoft Excel too and the bug is still present 27 years later, as fixing it would lead to several problems.
3. Bash’s Shellshock vulnerability:
This vulnerability was fixed in September, 2014. Bash shell was created in 1989 as a part of the GNU project. It was aimed to replace Bourne shell and over a period of time it became an integral part of all Unix-based systems, ranging from BSD to Linux and also Mac OS X. It contained a severe vulnerability which remained unnoticed for decades. In 2014 the bug was detected by Linux developer Stephane Chazelas asnd it was named Shellshock. Web servers were at huge risk and it would also allow hackers to take remote control over a server and create botnets. The first patches were released in September, 2014.
4. Windows’ NT Virtual DOS Machine problem:
When Windows NT, the first 32-bit system by Microsoft, was released in 1983, the Windows NT Virtual DOS Machine allowed all the 16-bit software to run on 32-bit NT computers. 16-bit programs and DOS were well-accessible on the 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2009 and Windows 7. Then 16 years later Google researcher Tavis Ormandy discovered a severe bug in the NT VDM code which could allow a hacker to enjoy privileges to the SYSTEM level. The issue was fixed in March 2010.
5. IE6’s Flash exploit:
Microsoft's Internet Explorer version 6 became the dominant web browser after its launch in 2001 and grabbed 90 per cent of the market. Naturally it became a popular target for hackers. It was highly vulnerable to exploits and it was named one of the worst software ever. Vulnerabilities are still there is IE6. In April 2014 a Flash exploitation was detected in IE6 which could allow remote code execution by hackers.
Courtesy: IT World
1. OpenBSD’s head bug:
This bug was present in the software for 37 years and two months before it got fixed in October, 2014. The bug is actually quite older than OpenBSD, which was born just 18 years ago. Though it was fixed, the bug remained in some BSD derivatives like NetBSD and the bug was present when OpenBSD was created in 1996. The problem was fixed in October 2014 after the previous fix was merged into OpenBSD.
2. Excel’s year 1900 problem:
This 27-year-old bug is not resolved yet. When Microsoft was creating the first version of Excel for Windows in mid 80s, it was competing against IBM's Lotus 1-2-3, the dominant PC spreadsheet of that time. Microsoft ported spreadsheets from Lotus, copying a Lotus bug as well into Excel and it started treating 1900 as a leap year. To make the date calculations easier, Lotus engineers ignored this bug as it was considered as a minor issue. This behaviour was followed in Microsoft Excel too and the bug is still present 27 years later, as fixing it would lead to several problems.
3. Bash’s Shellshock vulnerability:
This vulnerability was fixed in September, 2014. Bash shell was created in 1989 as a part of the GNU project. It was aimed to replace Bourne shell and over a period of time it became an integral part of all Unix-based systems, ranging from BSD to Linux and also Mac OS X. It contained a severe vulnerability which remained unnoticed for decades. In 2014 the bug was detected by Linux developer Stephane Chazelas asnd it was named Shellshock. Web servers were at huge risk and it would also allow hackers to take remote control over a server and create botnets. The first patches were released in September, 2014.
4. Windows’ NT Virtual DOS Machine problem:
When Windows NT, the first 32-bit system by Microsoft, was released in 1983, the Windows NT Virtual DOS Machine allowed all the 16-bit software to run on 32-bit NT computers. 16-bit programs and DOS were well-accessible on the 32-bit versions of Windows NT, 2000, XP, Server 2003, Vista, Server 2009 and Windows 7. Then 16 years later Google researcher Tavis Ormandy discovered a severe bug in the NT VDM code which could allow a hacker to enjoy privileges to the SYSTEM level. The issue was fixed in March 2010.
5. IE6’s Flash exploit:
Microsoft's Internet Explorer version 6 became the dominant web browser after its launch in 2001 and grabbed 90 per cent of the market. Naturally it became a popular target for hackers. It was highly vulnerable to exploits and it was named one of the worst software ever. Vulnerabilities are still there is IE6. In April 2014 a Flash exploitation was detected in IE6 which could allow remote code execution by hackers.
Courtesy: IT World
No comments:
Post a Comment