Lucent's Bell Labs Releases Free Linux Software That Foils The Most Common Computer Security Attack
- Date:
- April 25, 2000
- Source:
- Bell Labs - Lucent Technologies
- Summary:
- Lucent Technologies' Bell Labs is releasing free Linux software that foils the most common form of computer security attack: buffer overflow.
- Share:
MURRAY HILL, N.J. (April 20, 2000) -- Lucent Technologies' (NYSE: LU) Bell Labs announced today that it is releasing free Linux software that foils the most common form of computer security attack. Lucent's Libsafe software prevents electronic intruders from overflowing an application program's buffer memory to gain unauthorized access to a computer.
Buffer overflows have been the most common form of computer security vulnerability exploited by intruders for the past 10 years, according to a recent report published by the Oregon Graduate Institute of Science & Technology (OGI) and funded in part by the Defense Advanced Research Projects Agency (DARPA).
Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux and Debian GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into their software releases. The Linux computer operating system contains an "open" source code that anyone is free to modify. Modeled on Bell Labs' Unix software, Linux has been gaining popularity for server and desktop computers over the last few years.
A buffer is a region of computer memory that application programs use to temporarily store information. Programs that write information to buffers without properly checking the size of the buffers are potentially vulnerable to security attacks. Such attacks cause an inordinately large amount of data to be written, overwriting the memory immediately following the buffer region. The overflow injects additional code into an application program and then hijacks control of that program to execute the injected code. Lucent's Libsafe software intercepts and monitors the use of vulnerable standard functions and prevents buffer overflow hijackings.
"Red Hat is pleased that Bell Labs is participating in the on-going development of the Linux platform," said Paul McNamara, VP of Business Development, Red Hat. "Innovations like Libsafe will continue to expand Linux' leading position as the preferred platform for internet infrastructure."
"In the current context where security has become a major concern, this innovation further improves the security of the Linux-Mandrake system and meets the expectations of today's users," said Jacques Le Marois, president of MandrakeSoft.
"TurboLinux is focused on delivering secure, Linux solutions to our customers in the enterprise," said Steve Quan, senior director of product marketing, TurboLinux. "Lucent Libsafe is an important step forward in securing Linux for the enterprise."
"Debian treats system security very seriously, and works hard to discover and eliminate security exposures in the free and open-source software we distribute; the Libsafe package adds additional protection against undiscovered exploits in poorly-designed programs, and is therefore beneficial to Debian GNU/Linux users," said David Coe, one of the developers of Debian Linux.
Libsafe does not require access to the source code of the application programs and protects all application programs running on a system. Bell Labs' tests indicate that Libsafe's effect on a computer's performance is negligible.
It is generally accepted that the best solution to buffer overflow attacks is to fix the original defects in programs. However, this requires knowing that a particular program is defective. Libsafe helps protect programs that are not yet known to be vulnerable.
Bell Labs is making Libsafe freely available under the GNU Library General Public License. Users and developers who would like further information and the Libsafe source code can visit http://www.bell-labs.com/org/11356/libsafe.html.
About Bell Labs
Bell Labs is celebrating its 75th anniversary this year. One of the most innovative R&D entities in the world, Bell labs has generated more than 40,000 inventions since 1925. It has played a pivotal role in inventing and perfecting key communications technol
Story Source:
Materials provided by Bell Labs - Lucent Technologies. Note: Content may be edited for style and length.
Cite This Page: