[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)



Lucent's Bell Labs releases free Linux software that foils the most common 
computer security attack
FOR RELEASE THURSDAY APRIL 20, 2000

MURRAY HILL, N.J. -- Lucent Technologies' (NYSE: LU) Bell Labs announced 
today that it is releasing free Linux software that foils the most common 
form of computer security attack. Lucent's Libsafe software prevents 
electronic intruders from overflowing an application program's buffer memory 
to gain unauthorized access to a computer.

Buffer overflows have been the most common form of computer security 
vulnerability exploited by intruders for the past 10 years, according to a 
recent report published by the Oregon Graduate Institute of Science & 
Technology (OGI) and funded in part by the Defense Advanced Research 
Projects Agency (DARPA).

Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux and Debian 
GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into 
their software releases. The Linux computer operating system contains an 
"open" source code that anyone is free to modify. Modeled on Bell Labs' Unix 
software, Linux has been gaining popularity for server and desktop computers 
over the last few years.

A buffer is a region of computer memory that application programs use to 
temporarily store information. Programs that write information to buffers 
without properly checking the size of the buffers are potentially vulnerable 
to security attacks. Such attacks cause an inordinately large amount of data 
to be written, overwriting the memory immediately following the buffer 
region. The overflow injects additional code into an application program and 
then hijacks control of that program to execute the injected code. Lucent's 
Libsafe software intercepts and monitors the use of vulnerable standard 
functions and prevents buffer overflow hijackings.

"Red Hat is pleased that Bell Labs is participating in the on-going 
development of the Linux platform," said Paul McNamara, VP of Business 
Development, Red Hat. "Innovations like Libsafe will continue to expand 
Linux' leading position as the preferred platform for internet 
infrastructure."

"In the current context where security has become a major concern, this 
innovation further improves the security of the Linux-Mandrake system and 
meets the expectations of today's users," said Jacques Le Marois, president 
of MandrakeSoft.

"TurboLinux is focused on delivering secure, Linux solutions to our 
customers in the enterprise," said Steve Quan, senior director of product 
marketing, TurboLinux. "Lucent Libsafe is an important step forward in 
securing Linux for the enterprise."

"Debian treats system security very seriously, and works hard to discover 
and eliminate security exposures in the free and open-source software we 
distribute; the Libsafe package adds additional protection against 
undiscovered exploits in poorly-designed programs, and is therefore 
beneficial to Debian GNU/Linux users," said David Coe, one of the developers 
of Debian Linux.

Libsafe does not require access to the source code of the application 
programs and protects all application programs running on a system. Bell 
Labs' tests indicate that Libsafe's effect on a computer's performance is 
negligible.

It is generally accepted that the best solution to buffer overflow attacks 
is to fix the original defects in programs. However, this requires knowing 
that a particular program is defective. Libsafe helps protect programs that 
are not yet known to be vulnerable.

Bell Labs is making Libsafe freely available under the GNU Library General 
Public License. Users and developers who would like further information and 
the Libsafe source code can visit 
http://www.bell-labs.com/org/11356/libsafe.html.


________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il