“Avaya Labs announced today it is releasing Libsafe 2.0, an
enhanced version of its free security software for the popular
Linux operating system. Libsafe version 2.0 adds the ability to
protect against security attacks that exploit “format string”
vulnerabilities in software, including programs that are widely
deployed as part of the Internet infrastructure.”
“As a result, Libsafe 2.0 protects against the two most common
forms of security attacks: `buffer overflow’ and `format string.’
Libsafe extends its protection to all application programs running
on a system, and will even help to protect programs that have
vulnerabilities yet to be discovered….”
“Libsafe 2.0 detects and protects against both format string and
buffer overflow attacks, which allow a non-authorized user to take
control of a server by exploiting loopholes. The loopholes allow a
malicious user to insert code into a running program and then
hijack control to execute the inserted code instead. The
non-authorized user could then access private data or stage attacks
against other machines. The attack proceeds by sending carefully
formed requests to vulnerable server programs that set the stage
for the hacker to write a string of characters that overwrite the
server program’s memory and trick it into handing control to the
attacker.”