LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: April 22nd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for MySQL, PHP, libexif, gtkhtml, info2www, geneweb, f2c, XFCE, vixie-cron, at, nasm, aspell, urw-fonts, htdig, alsa-lib, curl, HelixPlayer, cvs, foomatic, monkeyd, mplayer, xloadimage, logwatch, kernel, OpenOffice, and PostgreSQL. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.


FREE ANTI-SPAM EVALUATION: Roaring Penguin Software - At last! An anti-spam solution that lets you stop spam on YOUR terms by giving you full control over its setup and administration. CanIt-PRO provides you with as much (or as little!) administrative and end-user control as you want. Try a free 20-day evaluation and test it out yourself. Click to find out more!

Introduction: Buffer Overflow Vulnerabilities
By: Erica R. Thomas

In exploiting the buffer overflow vulnerability, the main objective is to overwrite some control information in order to change the flow of control in the program. The usual way of taking advantage of this is to modify the control information to give authority to code provided by the attacker to take control. According to Shaneck, "The most widespread type of exploit is called 'Smashing the Stack' and involves overwriting the return address stored on the stack to transfer control to code placed either in the buffer, or past the end of the buffer." (Shaneck, 2003) The stack is a section of memory used for temporary storage of information. In a stack-based buffer overflow attack, the attacker adds more data than expected to the stack, overwriting data. Farrow explains this in an example, "Let's say that a program is executing and reaches the stage where it expects to use a postal code or zip code, which it gets from a Web-based form that customers filled out." (Farrow, 2002) The longest postal code is fewer than twelve characters, but on the web form, the attacker typed in the letter "A" 256 times, followed by some other commands. The data overflows the buffer allotted for the zip code and the attacker's commands fall into the stack. After a function is called, the address of the instruction following the function call is pushed onto the stack to be saved so that the function knows where to return control when it is finished. A buffer overflow allows the attacker to change the return address of a function to a point in memory where they have already inserted executable code. Then control can be transferred to the malicious attack code contained with the buffer, called the payload (Peikari and Chuvakin, 2004). The payload is normally a command to allow remote access or some other command that would get the attacker closer to having control of the system. As Holden explains, "a computer is flooded with more information than it can handle, and some of it may contain instructions that could damage files on the computer or disclose information that is normally protected- or give the hacker root access to the system." (Holden, 2004)

The best defense against any of these attacks is to have perfect programs. In ideal circumstances, every input in every program would do bounds checks to allow only a given number of characters. Therefore, the best way to deal with buffer overflow problems is to not allow them to occur in the first place. Unfortunately, not all programs are perfect and some have bugs that permit the attacks discussed in this paper. As described by Farrow, "because programs are not perfect, programmers have come up with schemes to defend against buffer overflow attacks." (Farrow, 2002) One technique entails enforcing the computer to use the stack and the heap for data only and to never to execute any instructions found there. This approach can work for UNIX systems, but it can't be used on Windows systems. Farrow describes another scheme using a canary to protect against buffer overflows, but only the kind that overwrite the stack. (Farrow, 2002) The stack canary protects the stack by being put in sensitive locations in memory like the return address (that tells the computer where to find the next commands to execute after it completes its current function). As described by Farrow, "before return addresses get used, the program checks to see if the canary is okay." (Farrow, 2002) If the canary has been hit, the program then quits because it knows that something has gone wrong. As a user of the programs, the best countermeasure is to make sure your systems are fully patched in order to protect yourself from exploits targeting vulnerabilities.

Read Full Article:
http://www.linuxsecurity.com/content/view/118881/49/

LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Conectiva
  Conectiva: MySQL Fixes for two mysql vulnerabilities
  20th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118933
 
   Debian
  Debian: New PHP3 packages fix denial of service
  15th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118884
 
  Debian: New libexif packages fix arbitrary code execution
  15th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118889
 
  Debian: New gtkhtml packages fix denial of service
  18th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118901
 
  Debian: New info2www packages fix cross-site scripting vulnerability
  19th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118907
 
  Debian: New geneweb packages fix insecure file operations
  19th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118915
 
  Debian: New f2c packages fix insecure temporary files
  20th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118927
 
   Fedora
  Fedora Core 3 Update: XFCE 4.2.1.1 (15 packages)
  15th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118890
 
  Fedora Core 3 Update: vixie-cron-4.1-33_FC3
  15th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118891
 
  Fedora Core 3 Update: at-3.1.8-70_FC3
  15th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118892
 
  Fedora Core 3 Update: nasm-0.98.38-3.FC3
  18th, April, 2005

The new NASM packages contain fixes for CAN-2004-1287 and one additional vsprintf buffer overflow.

http://www.linuxsecurity.com/content/view/118899
 
  Fedora Core 3 Update: php-4.3.11-2.4
  18th, April, 2005

This update includes the latest stable release of PHP 4.3, including a number of security fixes to the exif extension (CVE CAN-2005-1042 and CAN-2005-1043) and the getimagesize() function (CVE CAN-2005-0524), along with many bug fixes.

http://www.linuxsecurity.com/content/view/118900
 
  Fedora Core 3 Update: aspell-bg-0.50-8.fc3
  19th, April, 2005

aspell-bg-0.50-7 contains many false words. aspell-bg-0.50-8.fc3 fix this problem.

http://www.linuxsecurity.com/content/view/118914
 
  Fedora Core 3 Update: urw-fonts-2.3-0.FC3.1
  19th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118916
 
  Fedora Core 3 Update: htdig-3.2.0b6-3.FC3.1
  19th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118917
 
  Fedora Core 3 Update: alsa-lib-1.0.6-8.FC3
  20th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118931
 
  Fedora Core 3 Update: curl-7.12.3-3.fc3
  20th, April, 2005

New curl version fixes CAN-2005-0490 problem (Multiple stack based overflows).

http://www.linuxsecurity.com/content/view/118932
 
  Fedora Core 3 Update: HelixPlayer-1.0.4-1.0.fc3.1
  20th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118934
 
  Fedora Core 3 Update: cvs-1.11.17-6.FC3
  20th, April, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118935
 
  Fedora Core 3 Update: foomatic-3.0.2-13.4
  20th, April, 2005

This is a minor bug-fix update.

http://www.linuxsecurity.com/content/view/118936
 
   Gentoo
  Gentoo: OpenOffice.Org DOC document Heap Overflow
  15th, April, 2005

OpenOffice.Org is vulnerable to a heap overflow when processing DOC documents, which could lead to arbitrary code execution.

http://www.linuxsecurity.com/content/view/118893
 
  Gentoo: monkeyd Multiple vulnerabilities
  15th, April, 2005

Format string and Denial of Service vulnerabilities have been discovered in the monkeyd HTTP server, potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118894
 
  Gentoo: PHP Multiple vulnerabilities
  18th, April, 2005

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118897
 
  Gentoo: CVS Multiple vulnerabilities
  18th, April, 2005

Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.

http://www.linuxsecurity.com/content/view/118905
 
  Gentoo: XV Multiple vulnerabilities
  19th, April, 2005

Multiple vulnerabilities have been discovered in XV, potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118906
 
  Gentoo: Mozilla Firefox, Mozilla Suite Multiple vulnerabilities
  19th, April, 2005

New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges.

http://www.linuxsecurity.com/content/view/118910
 
  Gentoo: MPlayer Two heap overflow vulnerabilities
  20th, April, 2005

Two vulnerabilities have been found in MPlayer which could lead to the remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118924
 
   Red Hat
  RedHat: Low: xloadimage security update
  19th, April, 2005

A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in filenames is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118919
 
  RedHat: Moderate: logwatch security update
  19th, April, 2005

An updated logwatch package that fixes a denial of service issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118920
 
  RedHat: Important: kernel security update
  19th, April, 2005

Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system.

http://www.linuxsecurity.com/content/view/118921
 
  RedHat: Critical: RealPlayer security update
  20th, April, 2005

An updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118937
 
  RedHat: Critical: HelixPlayer security update
  20th, April, 2005

An updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118938
 
  RedHat: Critical: RealPlayer security update
  20th, April, 2005

An updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118940
 
  RedHat: Important: firefox security update
  21st, April, 2005

Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118941
 
   SuSE
  SuSE: php remote denial of service
  15th, April, 2005

This update fixes the following security issues in the PHP scripting language.

http://www.linuxsecurity.com/content/view/118883
 
  SuSE: cvs (SUSE-SA:2005:024)
  18th, April, 2005

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the available updates. The CVE project has assigned the CAN number CAN-2005-0753.

http://www.linuxsecurity.com/content/view/118898
 
  SuSE: OpenOffice heap overflow problem
  19th, April, 2005

This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.

http://www.linuxsecurity.com/content/view/118911
 
  SuSE: RealPlayer buffer overflow in RAM
  20th, April, 2005

This update fixes a security issue within the RealPlayer media player.

http://www.linuxsecurity.com/content/view/118925
 
  SuSE: PostgreSQL buffer overflow problems
  20th, April, 2005

Several problems were identified and fixed in the PostgreSQL database server.

http://www.linuxsecurity.com/content/view/118926
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.