Pwnie Award winners 2009
The winners of the “prestigious” Pwnie Awards were announced last Saturday at Black Hat USA. The honored recipients are:
- Best Server-Side Bug: Linux SCTP FWD Chunk Memory Corruption (CVE-2009-0065)
- Best Privilege Escalation Bug: Linux udev Netlink Message Privilege Escalation (CVE-2009-1185)
- Best Client-Side Bug: msvidctl.dll MPEG2TuneRequest Stack buffer overflow (CVE-2008-0015)
- Mass 0wnage: Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-3844)
- Best Research: From 0 to 0day on Symbian (pdf)
- Lamest Vendor Response: Linux (for continually assuming that all kernel memory corruption bugs are only denial-of-service)
- Most Overhyped Bug: MS08-067 Server Service NetpwPathCanonicalize() Stack Overflow (CVE-2008-4250)
- Most Epic FAIL: Twitter Gets Hacked and the “Cloud Crisis”
- Lifetime Achievement Award: Solar Designer
- Best Song: Nice Report (mp3) by Doctor RAID
Linux was justly trashed in this year’s awards. The kernel bugs and the Red Hat (and Fedora) compromise were significant (Fedora was also hit), as was last year’s Pwnie winning Debian OpenSSL debacle.
Related posts: