Security Focus: Too Cool For Secure Code
Mar 27, 2003, 20:30 (28 Talkback[s])
(Other stories by Jon Lasser)
"Most notable among these is the Linux kernel ptrace
vulnerability, which allows local users to acquire root privileges.
Next, there is a clever timing attack against OpenSSL that can
reveal a site's private key and thus compromise all of its traffic.
There is also the mysql configuration file vulnerability, whereby a
malicious user can write out a file that will allow him to acquire
full privileges; a buffer overflow and local root exploit in the
venerable lpr print daemon; a buffer overflow and potential root
exploit in the Mutt mail reader's IMAP code; and a glibc integer
overflow that allows remote code execution via RPC.
"Also reported in the last three weeks are perhaps a dozen more
security holes in programs including file, ethereal, ircii,
qpopper, Evolution, rxvt, Samba, and others. These are, by and
large, holes discovered and reported by the good guys--there's no
telling what black-hat hackers have discovered.
"Most of these bugs are buffer overflows, format string
vulnerabilities and input validation errors. In short, these are
the same sort of holes that we've seen over and over again for
years. Format string vulnerabilities are new, discovered circa
1999; the other two classes of bugs have been known and actively
exploited on Unix for quite a while: the first Internet worm
exploited a buffer overflow in Finger in 1988.
"Why do we still see these bugs...?"