[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(no subject)
Lucent's Bell Labs releases free Linux software that foils the most common
computer security attack
FOR RELEASE THURSDAY APRIL 20, 2000
MURRAY HILL, N.J. -- Lucent Technologies' (NYSE: LU) Bell Labs announced
today that it is releasing free Linux software that foils the most common
form of computer security attack. Lucent's Libsafe software prevents
electronic intruders from overflowing an application program's buffer memory
to gain unauthorized access to a computer.
Buffer overflows have been the most common form of computer security
vulnerability exploited by intruders for the past 10 years, according to a
recent report published by the Oregon Graduate Institute of Science &
Technology (OGI) and funded in part by the Defense Advanced Research
Projects Agency (DARPA).
Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux and Debian
GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into
their software releases. The Linux computer operating system contains an
"open" source code that anyone is free to modify. Modeled on Bell Labs' Unix
software, Linux has been gaining popularity for server and desktop computers
over the last few years.
A buffer is a region of computer memory that application programs use to
temporarily store information. Programs that write information to buffers
without properly checking the size of the buffers are potentially vulnerable
to security attacks. Such attacks cause an inordinately large amount of data
to be written, overwriting the memory immediately following the buffer
region. The overflow injects additional code into an application program and
then hijacks control of that program to execute the injected code. Lucent's
Libsafe software intercepts and monitors the use of vulnerable standard
functions and prevents buffer overflow hijackings.
"Red Hat is pleased that Bell Labs is participating in the on-going
development of the Linux platform," said Paul McNamara, VP of Business
Development, Red Hat. "Innovations like Libsafe will continue to expand
Linux' leading position as the preferred platform for internet
infrastructure."
"In the current context where security has become a major concern, this
innovation further improves the security of the Linux-Mandrake system and
meets the expectations of today's users," said Jacques Le Marois, president
of MandrakeSoft.
"TurboLinux is focused on delivering secure, Linux solutions to our
customers in the enterprise," said Steve Quan, senior director of product
marketing, TurboLinux. "Lucent Libsafe is an important step forward in
securing Linux for the enterprise."
"Debian treats system security very seriously, and works hard to discover
and eliminate security exposures in the free and open-source software we
distribute; the Libsafe package adds additional protection against
undiscovered exploits in poorly-designed programs, and is therefore
beneficial to Debian GNU/Linux users," said David Coe, one of the developers
of Debian Linux.
Libsafe does not require access to the source code of the application
programs and protects all application programs running on a system. Bell
Labs' tests indicate that Libsafe's effect on a computer's performance is
negligible.
It is generally accepted that the best solution to buffer overflow attacks
is to fix the original defects in programs. However, this requires knowing
that a particular program is defective. Libsafe helps protect programs that
are not yet known to be vulnerable.
Bell Labs is making Libsafe freely available under the GNU Library General
Public License. Users and developers who would like further information and
the Libsafe source code can visit
http://www.bell-labs.com/org/11356/libsafe.html.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il