Periodically I test new IPS systems or fingerprinting tools and end up having to fire up some system that I havent used for a while that is missing some patches so I can trip some signatures. I occasionally leave a couple systems in the lab in various states of missing patches and keep a supply of applications with known vulnerabilities to have something to test against. In doing some research for a project that I am working on, I came across a linux distro called Damn Vulnerable Linux.
This linux distribution has an interesting history behind it. Although linux was deliberately written to be secure, this distro was written to be the exact opposite. The beauty of DVL is that you dont have to install it on a machine, just boot it up from a machine that has a DVD drive in it (The download is almost 1.6GB). For those of you who use BitTorrent, you can find it out there. For those who dont, you can download it from here. The DVL website doesnt appear to offier downloads at this time. The latest version I have been able to find is v1.5.