Marcel Weber wrote:
In the actual case of the hacked servers it was not just a bug, but a security problem (CAN-2003-0961) without an existing exploit.
I want to correct myself: CAN-2003-0961 dates from the 26th November 2003, as far I could see on the CVE.org site. This means that unless every discovered bug would be fixed, this incident could not have been avoided. This is of course not realistic.