You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Programming Languages

Programming Languages White Papers

Large-Scale Analysis of Format String Vulnerabilities in Debian Linux

Tags:
programming languages

Overview Format-string bugs are relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, the paper designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, using type-qualifier inference, a static analysis technique that can find taint violations. They successfully analyze 66% of C/C++ source packages in the Debian 3.1 Linux distribution. The system finds 1,533 format string taint warnings. They estimate that 85% of these are true positives, i.e., real bugs; ignoring duplicates from libraries, about 75% are real bugs. They suggest that the technology exists to render format string vulnerabilities extinct in the near future.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	June 2007
Format	White Papers
Topics	Programming Languages, Linux - Open Source

Did you find this white paper useful? 11 out of 22 users found this white paper useful

Citizants: Bringing IT In-House

Citizant enhances IT flexibility and scalability by creating a virtualized Dell infrastructure that will pay for itself in 18 months.

Publisher:
Dell EqualLogic

Tags:
application servers

Designing High Availability for Internet Information Services

End downtime forever! - Organizations today are relying more and more on Web services for the implementation of mission-critical applications. With the advent of Service-Oriented Architectures (SOAs),which make extensive use...

Publisher:

Tags:
servers

Five JavaScript Frameworks: A Point-by-Point Comparison

There are a multitude of JavaScript frameworks available today for programming rich client-side interactions in web applications. With many such different options, it is important to choose a framework that...

Publisher:
Harbinger Systems

Tags:
java

Increase Reliability with IBM WebSphere File Transfer Edition (FTE)

"Does your organization still use FTP software? Did you know these links require 3 to 4 times more time and effort to build and maintain versus SOA-based Application Integration projects?...

Publisher:
IBM

Tags:
application servers

Video-Centric Network Coding Strategies for 4G Wireless Networks: An Overview

The impact of Internet content and IP based television on networks is growing. Video is now ubiquitous in the home and on the street. It demands new approaches to video...

Publisher:
MIT

Tags:
programming languages

Solaris faces hacker threat

The vulnerabilities are a buffer overflow exploit in SNMP (Simple Network Management Protocol) components in the OS, and a format string vulnerability in the same component. A format string vulnerability comes when a hacker can manipulate the...

Channel:
Security Strategy

Renegade program stealing passwords at banking sites

Security experts have stressed the vulnerability of Microsoft's Internet Explorer recently, following public warnings of vulnerabilities in the browser that could enable attackers to install malicious programs.

Channel:
Malware

Trio of Windows flaws opens door to nasties

Bugs in file format handling are increasingly being uncovered. The software maker urges Windows users to install the security update that accompanied the alert as soon as possible to protect against any attacks via the security bugs.

Microsoft issues flaw fixes for Outlook and Windows

Patches to repair the bugs are available via the online bulletins and the company urges people to install them as soon as possible. The new Exchange and Outlook vulnerability affects all current versions of the software except Exchange 2003 with...

Google fixes Gmail address book flaw

Most of these are relatively new types of weaknesses in web applications - for example, cross-site scripting bugs which could help scammers launch phishing attacks. Adkins said in an emailed statement: "To our knowledge, no one exploited the...

Channel:
Security Strategy
Tags:
gmail

Apple patches QuickTime flaw at last

An attacker could exploit the flaw and commandeer a vulnerable system by placing a special RTSP string in a QuickTime file and tricking a user into opening that file, Apple said. Several other vulnerabilities in Apple software have been disclosed...

Featured White Papers

The Value of Location Intelligence in the Communications Industry

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities and government departments make more informed decisions and derive greater value from current location-based information and data. Read this whitepaper to see how you can take advantage of location intelligence.

Publisher:
Pitney Bowes

Best Practices for Translating Customer Satisfaction into Revenue

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language. How do you quantify customer satisfaction? Download the Best Practices for Benchmarking Customer Satisfaction to get industry research the Association of Support Professionals (ASP) on how to measure and leverage customer satisfaction.

Publisher:
Citrix Online

HP print solutions and 3M

the objective for 3M was to optimize office printing infrastructure at 3Mlocations worldwide Reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print soultions, More than $3 million in savings in first two years and Per page costs reduced by up to 90 percent.