By Eric Harlow, VNU Net
Linux security was bolstered last week when Lucent’s Bell
Labs said that it is releasing free software for the operating
system to protect enterprise servers against buffer overflow
attacks.
Buffer overflows have been the most common form of computer
security vulnerability for the past 10 years, according to the
Defense Advanced Research Projects Agency (DARPA).
The software, called Libsafe, stops intruders deliberately
overflowing application buffer memory chips to gain access to a
computer. Linux vendors Red Hat, Mandrake, Turbolinux and Debian
are working with Bell to incorporate it into their operating
systems. The program can be downloaded from
www.bell-labs.com/org/11356/libsafe.html.
A buffer is a section of memory in which applications
temporarily store information. Some applications write information
to buffers without checking the size of the buffers.
Servers running such applications are most vulnerable to buffer
overflows – when too much data is sent to the buffer it overflows
into the adjacent memory section. Overflow code can write
additional commands to an application, effectively hijacking it.
Libsafe intercepts the use of vulnerable code functions and
prevents overflow.
Butler Group analyst Andrew Frost said that buffer overflow was
still a common problem, and that the only current solution was to
manually fix applications, although this required programming
skills. “Releasing this on Linux is another tick in the box for
deployment as an enterprise server. It will offer greater
availability for users. If only we had something like this for NT,”
he said.
Libsafe will be made available under the GNU public licence.
[ First appeared in Network News ]
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.