Tags:
create new tag
, view all tags
Notes and resources dealing with writing secure programs.

See also ComputerSecurityResources.

See AboutThesePages.

Contents

Security Vulnerabilities

For now, listing the various types of security vulnerabilities I run across, adding explanations as I find them or whatever. I/m starting by noting those I find in the current LWN (17 April 2003).

Clearly, I'm making no (or very little) attempt (so far) to separate symptoms and causes (or even just words or phrases that should become part of your (my) vocabulary to allow discussion of security issues).

  • arbitrary code execution
  • buffer overflow
  • buffer overflow (remotely-exploitable)
  • code execution vulnerability (for man: "which can be exploited by a carefully crafted man file")
  • crafted filename passed to the program could lead to the execution of arbitrary code
  • crafted reply strings, trigger client to write beyond buffer boundaries
  • crafted file "KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files."
  • crafted network packet which causes tcpdump to enter an infinite loop (listed below also under infinite loop, and I guess I could add it as a denial of service, so clearly, I need a better categorization scheme)
  • cross-site scripting (for Squirrelmail: "allow remote attackers to execute script as other Web users via mailbox displays, message displays, or search results displays")
  • cryptographic weakness
  • denial of service
  • denial of service "Receiving certain ICQ message types that do not contain the required 0xFE seperator causes all versions to crash." OK, a crash, yes, that's a denial of service, but not quite what I thought the term implied
  • failure to filter shell metacharacters
  • failure to properly drop privileges in certain cases after a crontab modification operation.
  • file creation, insecure
  • file creation race
  • file descriptor leak (stunnel — "can be used to hijack stunnel's services")
  • format string vulnerability (same as overflow?)
  • heap overflow
  • infinite loop (attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop)
  • insecure temporary file "insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon."
  • "creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of the user running emacs and eldav"
  • integer bounds checking vulnerability
  • integer overflow
  • key compromise (e.g., GnuPG (ElGamal sign+encrypt) signing key)
  • local vulnerabilities
  • malformed messages cause crash
  • memory allocation problem
  • poisoned (DNS) cache (denial of service)
  • privilege escalation (due to, e.g., buffer overflow)
  • remote vulnerabilities
  • root exploit (perhaps many possible causes, including buffer overrun)
  • stack overflow
  • symlink attacks
  • timing attack (local and remote extraction of RSA private key)
  • world-writable spooling directory (mgetty)

Resources

See ResourceRecommendations. Feel free to add additional resources to these lists, but please follow the guidelines on ResourceRecommendations including ResourceRecommendations#Guidelines_for_Rating_Resources.

Recommended

Recommended for Specific Needs

  • (rhk) [[][]] --

Recommended by Others

  • (rhk) [[][]] --

<Currently, no significant content below this line.>

No Recommendation

Not Recommended

  • (rhk) [[][]] --

Contributors

  • () RandyKramer - 04 Dec 2002
  • <If you edit this page: add your name here; move this to the next line; and include your comment marker (initials), if you have created one, in parenthesis before your WikiName.>

Page Ratings

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2003-12-23 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look