FREE ANTI-SPAM EVALUATION: Roaring Penguin Software - At last! An anti-spam solution that lets you stop spam on YOUR terms by giving you full control over its setup and administration. CanIt-PRO provides you with as much (or as little!) administrative and end-user control as you want. Try a free 20-day evaluation and test it out yourself. Click to find out more!
Introduction: Buffer Overflow Vulnerabilities
By: Erica R. Thomas
Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Buffer overflow vulnerabilities are one of the most common vulnerabilities. These kinds of vulnerabilities are perfect for remote access attacks because they give the attacker a great opportunity to launch and execute their attack code on the target computer. Broadly speaking, a buffer overflow attack occurs when the attacker intentionally enters more data than a program was written to handle. The data runs over and overflows the section of memory that was set aside to accept it. The extra data overwrites on top on another portion of memory that was meant to hold something else, like part of the program's instructions. This allows an attacker to overwrite data that controls the program and can takeover control of the program to execute the attacker's code instead of the program. Peikari and Chuvakin point out that, "buffer overflows result from an inherent weakness in the C++ programming language." (Peikari and Chuvakin, 2004) The problem is that C++ and other programming languages (those derived from C++), do not automatically perform bounds-checking when passing data. When variables are passed, extra characters could be written past the variable's end. The overflow consequence could result in the program crashing or allowing the attacker to execute their own code on the target system.
In order to make sense of how a buffer is overflowed, one must understand what a buffer is. A program contains code that accesses variables stored in various locations in memory. When a program is executed, a specific amount of memory is assigned for each variable. The amount of memory is determined by the type of data the variable is anticipated to hold. The memory set aside is used to store information that the program needs for its execution. According to Peikari and Chuvakin , "The program stores the value of a variable in this memory space, then pulls the value back out of memory when it's needed." (Peikari and Chuvakin, 2004) A buffer is this virtual space.
Read Full Article:
features/features/introduction-buffer-overflow-vulnerabilities
LinuxSecurity.com Feature Extras:
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
Debian: New axel packages fix arbitrary code execution | ||
13th, April, 2005
Updated package. advisories/debian/debian-new-axel-packages-fix-arbitrary-code-execution |
||
Fedora Core 3 Update: gftp-2.0.18-0.FC3 | ||
7th, April, 2005
Updated package advisories/fedora/fedora-core-3-update-gftp-2018-0fc3-15-07-00-118824 |
||
Fedora Core 2 Update: gftp-2.0.18-0.FC2 | ||
7th, April, 2005
Updated package advisories/fedora/fedora-core-2-update-gftp-2018-0fc2-15-08-00-118825 |
||
Fedora Core 3 Update: wireless-tools-27-1.2.0.fc3 | ||
7th, April, 2005
Please see below for changes. advisories/fedora/fedora-core-3-update-wireless-tools-27-120fc3-15-48-00-118827 |
||
Fedora Core 3 Update: glibc-2.3.5-0.fc3.1 | ||
7th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-glibc-235-0fc31-23-43-00-118836 |
||
Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.94 | ||
8th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-294-14-11-00-118839 |
||
Fedora Core 3 Update: kernel-2.6.11-1.14_FC3 | ||
11th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-kernel-2611-114fc3-16-55-00-118851 |
||
Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.96 | ||
11th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-296-17-33-00-118852 |
||
Fedora Core 3 Update: autofs-4.1.3-114 | ||
12th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-autofs-413-114-14-45-00-118862 |
||
Fedora Core 3 Update: gcc-3.4.3-22.fc3 | ||
12th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-gcc-343-22fc3-18-11-00-118864 |
||
Fedora Core 3 Update: gcc4-4.0.0-0.41.fc3 | ||
12th, April, 2005
Updated package. advisories/fedora/fedora-core-3-update-gcc4-400-041fc3-18-12-00-118865 |
||
Gentoo: GnomeVFS, libcdaudio CDDB response overflow | ||
8th, April, 2005
The GnomeVFS and libcdaudio libraries contain a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code. |
||
Gentoo: Smarty Template vulnerability | ||
10th, April, 2005
New ways of bypassing Smarty's "Template security" were found and fixed in Smarty. Users making use of that feature are encouraged to upgrade to version 2.6.9. The updated sections appear below. |
||
Gentoo: phpMyAdmin Cross-site scripting vulnerability | ||
11th, April, 2005
phpMyAdmin is vulnerable to a cross-site scripting attack. |
||
Gentoo: Axel Vulnerability in HTTP redirection handling | ||
12th, April, 2005
A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code. |
||
Mandrake: Updated shorewall packages | ||
7th, April, 2005
The shorewall package is being updated to provide appropriate bogons information and other minor fixes. |
||
Mandrake: Updated gtk+2.0 packages fix | ||
7th, April, 2005
A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues. |
||
Mandrake: Updated sharutils packages | ||
7th, April, 2005
Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. |
||
Mandrake: Updated gdk-pixbuf packages | ||
7th, April, 2005
A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf. The updated packages have been patched to correct these issues. |
||
RedHat: Moderate: kdegraphics security update | ||
12th, April, 2005
Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team advisories/red-hat/redhat-moderate-kdegraphics-security-update-3388 |
||
RedHat: Moderate: dhcp security update | ||
12th, April, 2005
An updated dhcp package that fixes a string format issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-dhcp-security-update-RHSA-2005-212-01 |
||
RedHat: Important: gaim security update | ||
12th, April, 2005
An updated gaim package that fixes multiple denial of service issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-gaim-security-update-79743 |
||
SuSE: various KDE security problems | ||
11th, April, 2005
Several vulnerabilities have been identified and fixed in the KDE desktop environment. |
||