The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Lai, Xuejia

languages (programming), C

     arithmetic boundary conditions

     binary encoding

     bit fields

     bitwise shift operators

     byte order

     character types

     data storage

     floating types

     function invocations

     implementation defined behavior

     integer types

     macros

     objects

     operators

     order of evaluation

     pointers

     precedence

     preprocessor

     signed integer boundaries

     standards

     structure padding

     switch statements

     type conversion vunerabilities

     type conversions

     types

     typos

     unary + operator

     unary operator

     unary operator

     undefined behavior

     unsigned integer boundaries 2nd

Last Stage of Delirium (LSD)

Last-Modified header field (HTTP)

layer 1 (physical), network segmentation

layer 2 (data link), network segmentation

layer 3 (network), network segmentation

layer 4 (transport), network segmentation

layer 5 (session), network segmentation

layer 6 (presentation), network segmentation

layer 7 (application)

     enterprise firewalls

     network segmentation

layering, stateful inspection firewalls

layers

     multiple encoding layers

     network segmentation

LD_LIBRARY_PATH environment variable (UNIX)

LD_PRELOAD environment variable (UNIX)

Le Blanc, David

leaks, file descriptors, UNIX

Leblanc, David 2nd 3rd

Lebras, Gregory

Leidl, Bruce

length calculations, multiple calculations on same input

Length Miscalculation Example for Constructing an ACC log listing (7-33)

length variables, DNS (Domain Name System) 2nd 3rd

Lenstra, Arjen

levels, impersonation, IPC (interprocess communications

libraries

     UNIX

Lincoln, Abraham

linked lists

     auditing

     circular linked lists

     doubly linked lists

     singly linked lists

linking objects, vunerabilities

links

     UNIX files

         hard links 2nd

         soft links

     Windows NT files

         hard links

         junction points

Linux

     capabilities

     do_mremap( ) function, vunerabilities

     environment strings

     file system IDs

     kernel probes, vunerabilities

     teardrop vunerability

Linux do_mremap( ) Vulnerability listing (7-26)

Linux Teardrop Vulnerability listing (7-14)

List Pointer Update Error listing (7-13)

list_add( ) function

list_init( ) function

listings

     10-1 (Kernel Probe Vulnerability in Linux 2.2)

     10-2 (Setenv( ) Vulnerabilty in BSD)

     10-3 (Misuse of putenv( ) in Solaris Telnetd)

     13-1 (Signal Interruption)

     13-2 (Signal Race Vulnerability in WU-FTPD)

     13-3 (Race Condition in the Linux Kernel's Uselib( ))

     16-1 (Name Validation Denial of Service)

     16-2 (Certificate Payload Integer Underflow in CheckPoint ISAKMP)

     5-1 (Function Prologue)

     5-2 (Off-by-One Length Miscalculation)

     5-3 (Off-by-One Length Miscalculation)

     5-4 (Overflowing into Local Variables)

     5-5 (Indirect Memory Corruption)

     5-6 (Off-by-One Overwrite)

     6-1 (Twos Complement Representation of -15)

     6-10 (Antisniff v1.1.1 Vulnerability)

     6-11 (Antisniff v1.1.2 Vulnerability)

     6-12 (Sign Extension Vulnerability Example)

     6-13 (Prescan Sign Extension Vulnerability in Sendmail)

     6-14 (Sign-Extension Example)

     6-15 (Zero-Extension Example)

     6-16 (Truncation Vulnerability Example in NFS)

     6-17 (Truncation Vulnerabilty Example)

     6-18 (Detect_attack Small Packet Algorithm in SSH)

     6-19 (Detect_attack Truncation Vulnerability in SSH)

     6-2 (Integer Overflow Example)

     6-20 (Comparison Vulnerability Example)

     6-21 (Signed Comparison Vulnerability)

     6-22 (Unsigned Comparison Vulnerability)

     6-23 (Signed Comparison Example in PHP)

     6-24 (Sizeof Misuse Vulnerability Example)

     6-25 (Sign-Preserving Right Shift)

     6-26 (Right Shift Vulnerability Example)

     6-27 (Division Vulnerability Example)

     6-28 (Modulus Vulnerability Example)

     6-29 (Pointer Arithmetic Vulnerability Example)

     6-3 (Challenge-Response Integer Overflow Example in OpenSSH 3.1)

     6-30 (Order of Evaluation Logic Vulnerability)

     6-31 (Order of Evaluation Macro Vulnerability)

     6-32 (Structure Padding in a Network Protocol)

     6-33 (Example of Structure Padding Double Free)

     6-34 (Example of Bad Counting with Structure Padding)

     6-4 (Unsigned Integer Underflow Example)

     6-5 (Signed Integer Vulnerability Example)

     6-6 (Integer Sign Boundary Vulnerability Example in OpenSSL 0.9.6l)

     6-7 (Signed Comparison Vulnerability Example)

     6-8 (Antisniff v1.0 Vulnerability)

     6-9 (Antisniff v1.1 Vulnerability)

     7-1 (Apache mod_dav CDATA Parsing Vulnerability)

     7-10 (Arithmetic Vulnerability Example in the Parent Function)

     7-11 (Type Confusion)

     7-12 (Empty List Vulnerabilities)

     7-13 (List Pointer Update Error)

     7-14 (Linux Teardrop Vulnerability)

     7-15 (Simple Nonterminating Buffer Overflow Loop)

     7-16 (MS-RPC DCOM Buffer Overflow Listing)

     7-17 (NTPD Buffer Overflow Example)

     7-18 (Apache mod_php Nonterminating Buffer Vulnerability)

     7-19 (Apache 1.3.29/2.X mod_rewrite Off-by-one Vulnerability)

     7-2 (Bind 9.2.1 Resolver Code gethostans( ) Vulnerability)

     7-20 (OpenBSD ftp Off-by-one Vulnerability)

     7-21 (Postincrement Loop Vulnerability)

     7-22 (Pretest Loop Vulnerability)

     7-23 (Break Statement Omission Vulnerability)

     7-24 (Default Switch Case Omission Vulnerability)

     7-25 (Ignoring realloc( ) Return Value)

     7-26 (Linux do_mremap( ) Vulnerability)

     7-27 (Finding Return Values)

     7-28 (Ignoring Return Values)

     7-29 (Unexpected Return Values)

     7-3 (Sendmail crackaddr( ) Related Variables Vulnerability)

     7-30 (Outdated Pointer Vulnerability)

     7-31 (Outdated Pointer Use in ProFTPD)

     7-32 (Sendmail Return Value Update Vulnerability)

     7-33 (Length Miscalculation Example for Constructing an ACC log)

     7-34 (Buffer Overflow in NSS Library's ssl2_HandleClientHelloMessage)

     7-35 (Out-of-Order Statements)

     7-36 (Netscape NSS Library UCS2 Length Miscalculation)

     7-37 (Integer Overflow with 0-Byte Allocation Check)

     7-38 (Allocator-Rounding Vulnerability)

     7-39 (Allocator with Header Data Structure)

     7-4 (OpenSSH Buffer Corruption Vulnerability)

     7-40 (Reallocation Integer Overflow)

     7-41 (Dangerous Data Type Use)

     7-42 (Problems with 64-bit Systems)

     7-43 (Maximum Limit on Memory Allocation)

     7-44 (Maximum Memory Allocation Limit Vulnerability)

     7-45 (Double-Free Vulnerability)

     7-46 (Double-Free Vulnerability in OpenSSL)

     7-47 (Reallocation Double-Free Vulnerability)

     7-5 (OpenSSL BUF_MEM_grow( ) Signed Variable Desynchronization)

     7-6 (Uninitialized Variable Usage)

     7-7 (Uninitialized Memory Buffer)

     7-8 (Uninitialized Object Attributes)

     7-9 (Arithmetic Vulnerability Example)

     8-1 (Different Behavior of vsnprintf( ) on Windows and UNIX)

     8-10 (NUL-Byte Injection with Memory Corruption)

     8-11 (Data Truncation Vulnerability)

     8-12 (Data Truncation Vulnerability 2)

     8-13 (Correct Use of GetFullPathName( ))

     8-14 (GetFullPathName( ) Call in Apache 2.2.0)

     8-15 (Directory Traversal Vulnerability)

     8-16 (Format String Vulnerability in WU-FTPD)

     8-17 (Format String Vulnerability in a Logging Routine)

     8-18 (Shell Metacharacter Injection Vulnerability)

     8-19 (Example of Dangerous Program Use)

     8-2 (Dangerous Use of strncpy( ))

     8-20 (SQL Injection Vulnerability)

     8-21 (SQL Truncation Vulnerability)

     8-22 (Character Black-List Filter)

     8-23 (Character White-List Filter)

     8-24 (Metacharacter Vulnerability in PCNFSD)

     8-25 (Vulnerability in Filtering a Character Sequence)

     8-26 (Vulnerability in Filtering a Character Sequence #2)

     8-27 (Hex-encoded Pathname Vulnerability)

     8-28 (Decoding Incorrect Byte Values)

     8-29 (Return Value Checking of MultiByteToWideChar( ))

     8-3 (Strcpy( )-like Loop)

     8-30 (Dangerous Use of IsDBCSLeadByte( ))

     8-31 (Code Page Mismatch Example)

     8-32 (NUL Bytes in Multibyte Code Pages)

     8-4 (Character Expansion Buffer Overflow)

     8-5 (Vulnerable Hex-Decoding Routine for URIs)

     8-6 (If Header Processing Vulnerability in Apache's mod_dav Module)

     8-7 (Text-Processing Error in Apache mod_mime)

     8-8 (Embedded Delimiter Example)

     8-9 (Multiple Embedded Delimiters)

     9-1 (Privilege Misuse in XFree86 SVGA Server)

     9-2 (Incorrect Temporary Privilege Relinquishment in FreeBSD Inetd)

     9-3 (Race Condition in access( ) and open( ))

     9-4 (Race Condition from Kerberos 4 in lstat( ) and open( ))

     9-5 (Race Condition in open( ) and lstat( ))

     9-6 (Reopening a Temporary File)

lists

     auditing 2nd

     data ranges 2nd

     duplicate elements

     empty lists, vunerabilities

     linked lists

     pointer updates, errors

little-endian architecture, bytes, ordering

loading

     DLLs

     Processes, Windows NT

local namespaces, Windows NT

local privilege separation socket, OpenSSH

Location header field (HTTP)

lock matching, synchronization objects

LOCK method

log files, UNIX

logic

     business logic

     presentation logic

login groups, UNIX

logon rights, Windows NT sessions

longjmp( ) function

looping constructs, auditing

loops

     data copy

     posttest loops

     pretest loops

     terminating conditions

     typos

loose coupling, software design

loosely coupled modules

Lopatic, Thomas 2nd 3rd

lreply( ) function

LSD (Last Stage of Delirium)

lstat( ) function

Related

Категории