More Traps

[Previous Chapter] [Previous Page] [Contents] [Next Page]

*Never restrict your concerns to your own code as many security holes came from the C libraries. Examples are the locale library and the glob function. The latter affected a large number of FTP servers.
 
*There exist passive attacks beside the active attacks on network services. Passive attacks, however, require some ``patience'' on the side of the attacker:

*Lots of email clients were vulnerable to overly long headers or MIME attributes which allowed to execute arbitrary code (most recent examples: Mutt and Pine).
 
*The packet sniffer snoop (a tool comparable to tcpdump) could be exploited by malicious packets.
 

[Previous Chapter] [Previous Page] [Contents] [Next Page]
Copyright © 2001, 2002 Andreas Borchert, converted to HTML on April 07, 2002