|
Format String Bug
Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the call stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write the number of bytes formatted to an address stored on the stack. Details A typical exploit uses a combination of these techniques to take control of the instruction pointer (IP) of a process, for example by forcing a program to overwrite the address of a library function or the return address on the stack with a poi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Code Injection
Code injection is a computer security exploit where a program fails to correctly process external data, such as user input, causing it to interpret the data as executable commands. An attacker using this method "injects" code into the program while it is running. Successful exploitation of a code injection vulnerability can result in data breaches, access to restricted or critical computer systems, and the spread of malware. Code injection vulnerabilities occur when an application sends untrusted data to an interpreter, which then executes the injected text as code. Injection flaws are often found in services like Structured Query Language (SQL) databases, Extensible Markup Language (XML) parsers, operating system commands, Simple Mail Transfer Protocol (SMTP) headers, and other program arguments. Injection flaws can be identified through source code examination, Static analysis, or dynamic testing methods such as fuzzing. There are numerous types of code injection vulnerabilit ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Fuzz Testing
In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, such as in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are "valid enough" in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are "invalid enough" to expose corner cases that have not been properly dealt with. For the purpose of security, input that crosses a trust boundary is often the most useful. For example, it is more important to fuzz code that handles a file uploaded by any user than it is to fuzz the code th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cross-application Scripting
Cross-application scripting (CAS) is a vulnerability affecting desktop applications that don't check input in an exhaustive way. CAS allows an attacker to insert data that modifies the behaviour of a particular desktop application. This makes it possible to extract data from inside of the users' systems. Attackers may gain the full privileges of the attacked application when exploiting CAS vulnerabilities; the attack is to some degree independent of the underlying operating system and hardware architecture. Initially discovered by Emanuele Gentili and presented with two other researchers (Alessandro Scoscia and Emanuele Acri) that had participated in the study of the technique and its implications, it was presented for the first time during the Security Summit 2010 in Milan. The format string attack is very similar in concept to this attack and CAS could be considered as a generalization of this attack method. Some aspects of this technique have been previously demonstrated in cli ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GNU Compiler Collection
The GNU Compiler Collection (GCC) is a collection of compilers from the GNU Project that support various programming languages, Computer architecture, hardware architectures, and operating systems. The Free Software Foundation (FSF) distributes GCC as free software under the GNU General Public License (GNU GPL). GCC is a key component of the GNU toolchain which is used for most projects related to GNU and the Linux kernel. With roughly 15 million lines of code in 2019, GCC is one of the largest free programs in existence. It has played an important role in the growth of free software, as both a tool and an example. When it was first released in 1987 by Richard Stallman, GCC 1.0 was named the GNU C Compiler since it only handled the C (programming language), C programming language. It was extended to compile C++ in December of that year. Compiler#Front end, Front ends were later developed for Objective-C, Objective-C++, Fortran, Ada (programming language), Ada, Go (programming la ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TESO (Austrian Hacker Group)
TESO was a Hacker (computer security), hacker group, which originated in Austria. It was active from 1998 to 2004, and during its peak around 2000, it was responsible for a significant share of the Exploit (computer security), exploits on the bugtraq mailing list. In 2000, some of their members took over Phrack, phrack magazine and released the first ever hardcover (#57) at Quadrennial_Dutch_hacker_convention, HAL2001. History In 1998, Teso was founded, and quickly grew to 6 people, which first met in 1999 at the Chaos Computer Club, CCC Camp near Berlin. By 2000, the group was at its peak, and started speaking on various conferences, wrote articles for Phrack and released security tools and exploits at a very high pace. Some of its exploits only became known after leaking to the community. This included exploits for wu-ftp, apache, and openssh. 2000 First remote vulnerability OpenBSD 2.x - Pending ARP Request Remote Denial of Service in OpenBSD followed by a series of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tim Newsham
Tim Newsham is a computer security professional. He has been contributing to the security community for more than a decade. He has performed research while working at security companies including @stake, Guardent, ISS, and Network Associates (originally Secure Networks). Contributions Newsham is best known for co-authoring the paper ''Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection'' with Thomas Ptacek, a paper that has been cited by more than 150 academic works on Network Intrusion Detection since. He has published other prominent white papers: * ''The Problem With Random Increments'' * ''Format String Attacks'' * ''Cracking WEP Keys: Applying Known Techniques to WEP Keys'' In addition to his research, Newsham is also known for his pioneering work on security products, including: * Internet Security Scanner * Ballista (Cybercop) Scanner * The software that would later drive Veracode WEP Security Newsham partially discovered the Newsham 21-bit W ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Przemysław Frasunek
Przemysław Frasunek (also known as venglin, born 6 May 1983) is a " white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s, noted for one of the first published successful software exploits for the format string bug class of attacks, just after the first exploit of the person using nickname tf8. Until that time the vulnerability was thought harmless. He is the CEO of Redge Technologies. Vulnerability research Notable vulnerabilities credited to Przemysław Frasunek: * , Format string bug in WU-FTPD (''remote root exploit''), one of the first exploits for the format string bug class of attacks. * , Buffer overflow (''remote root exploit'') in NTP server, affecting wide range of systems. * , Signal race condition in FTP server, affecting NetBSD and Mac OS X. * , Privilege escalation (''local root exploit'') affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolari ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bugtraq
Bugtraq was an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It was a high-volume mailing list, with as many as 776 posts in a month, and almost all new security vulnerabilities were discussed on the list in its early days. The forum provided a vehicle for anyone to disclose and discuss computer vulnerabilities, including security researchers and product vendors. While the service has not been officially terminated, and its archives are still publicly accessible, no new posts have been made since January 2021. History Bugtraq was created on November 5, 1993 by Scott Chasin in response to the perceived failings of the existing Internet security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the full disclosure movement of vu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Snprintf
The C programming language provides many standard library functions for file input and output. These functions make up the bulk of the C standard library header . The functionality descends from a "portable I/O package" written by Mike Lesk at Bell Labs in the early 1970s, and officially became part of the Unix operating system in Version 7. The I/O functionality of C is fairly low-level by modern standards; C abstracts all file operations into operations on streams of bytes, which may be "input streams" or "output streams". Unlike some earlier programming languages, C has no direct support for random-access data files; to read from a record in the middle of a file, the programmer must create a stream, seek to the middle of the file, and then read bytes in sequence from the stream. The stream model of file I/O was popularized by Unix, which was developed concurrently with the C programming language itself. The vast majority of modern operating systems have inherited streams f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ProFTPD
ProFTPD (short for ''Pro FTP daemon'') is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows (via Cygwin). Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD's primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user. Supported platforms * AIX * BSD/OS * DG/UX * Digital Unix * FreeBSD * HP/UX * IRIX * Linux * Mac OS X * NetBSD * OpenBSD * SCO * Solaris * SunOS * Windows (via Cygwin) Configuration and features ProFTPD includes a number of options that are not available with many other FTP daemons. The configuration of ProFTPD is performed in a single main configuration file called /etc/proftpd/proftpd.conf. Due to its similarities to the configuration file of Apache HTTP Server it is intuitively understandable to so ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Audit
An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas. When centered on the Information technology (IT) aspects of information security, it can be seen as a part of an information ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
