Linux Today: Linux News On Internet Time.

LinuxPR: Avaya Labs Releases Free Linux Security Software to Battle Hacker Attacks in Programs and Web Sites

Mar 27, 2001, 22:50 (3 Talkback[s])

"Avaya Labs announced today it is releasing Libsafe 2.0, an enhanced version of its free security software for the popular Linux operating system. Libsafe version 2.0 adds the ability to protect against security attacks that exploit ``format string'' vulnerabilities in software, including programs that are widely deployed as part of the Internet infrastructure."

"As a result, Libsafe 2.0 protects against the two most common forms of security attacks: `buffer overflow' and `format string.' Libsafe extends its protection to all application programs running on a system, and will even help to protect programs that have vulnerabilities yet to be discovered...."

"Libsafe 2.0 detects and protects against both format string and buffer overflow attacks, which allow a non-authorized user to take control of a server by exploiting loopholes. The loopholes allow a malicious user to insert code into a running program and then hijack control to execute the inserted code instead. The non-authorized user could then access private data or stage attacks against other machines. The attack proceeds by sending carefully formed requests to vulnerable server programs that set the stage for the hacker to write a string of characters that overwrite the server program's memory and trick it into handing control to the attacker."

Press Release