Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated.
Read the rest of this entry »

• 0 Comments

Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool.
Read the rest of this entry »

• 0 Comments

A potential security vulnerability has been discovered in Oracle Internet Directory (OID). OID release 2.1.1.0.0 is vulnerable to a potential buffer overflow problem which may permit unauthorized access to the operating system. Products Oracle Internet Directory (OID) release 2.1.1.0.0 On Unix platforms 1. Change the ownership of executable “ oidldapd”from root user to the UNIX user who owns the OID installation in the operating system. 2. Set the file permissions on “ oidldapd”to 710. 3. Change the ownership of executable “ oidmon”from root user to the UNIX user who owns the OID installation in the operating system.
Read the rest of this entry »

• 0 Comments

Oracle Security Alert #27. Reference date: 28 December 2001. Vulnerabilities in Oracle9i Application Server. Web Cache. Products. Oracle9iAS Web Cache
Read the rest of this entry »

• 0 Comments