by Mark Cox

Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report takes a look at the state of security for the first four years from release. We look at key metrics, specific vulnerabilities, and the most common ways users were affected by security issues. We will show some best practices that could have been used to minimise the impact of the issues, and also take a look at how the included security innovations helped.

This report is an update to the three-year risk report published in Red Hat Magazine in February 2007.

1. Introduction
2. Vulnerabilities

2.1. Vulnerability Counts
2.2. Critical Flaws
2.3. Expanding “days of risk”
2.4. Riskiest packages
2.5. Advisory Workload

3. Threats

3.1. Exploits

3.1.1. Kernel exploits
3.1.2. Browser exploits
3.1.3. Other user-complicit exploits
3.1.4. PHP exploits
3.1.4. Servers and services exploits

3.2. Worms

4. Conclusion
5. Further Reading
6. About the Author

Red Hat Magazine | Risk report: Four years of Red Hat Enterprise Linux 4