Don Parker: Catch Them If You Can
Catch Them If You Can
Related Files:
Electric Fence 2.1 - Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Removed work-arounds, most operating systems and C libraries have been fixed now. Authored By Bruce Perens.
Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Fixed shared library to be position-independent code. Homepage here. Authored By Bruce Perens
Electric Fence 2.2.2 - Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Merge in bug-fixes, multi-thread patch, shared library patch, debian/ subdirectory used for building the Debian package. Authored By Bruce Perens.
Raw Glue AP is a program that catches wireless stations searching for preferred SSIDs. This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any SSID. All this stuff is done in monitor mode and uses raw injection which seems to be required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). This program is a basic proof-of-concept code. Changes: Public release. Homepage: http://rfakeap.tuxfamily.org/. Authored By Laurent Butti
Electric Fence 2.2.0 - Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Electric Fence will now debug multi-threaded programs correctly. Besides the static version, it’s loadable as a shared library using LD_PRELOAD, thus you don’t have to re-link your program to debug it with Electric Fence. The command “ef
Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a “CAPABILITIES_RES_MESSAGE” packet where the capabilities count is greater than the total number of items in the capabilities_res_message array. Note that this requires an authenticated session. Homepage: http://www.asterisk.org/security. Authored By Wei Wang, Jason Parker
Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a packet where the claimed length of the data is between 0 and 3, followed by length + 4 or more bytes, due to an overly large memcpy. The side effects of this extremely large memcpy have not been investigated. Related CVE Number: CVE-2007-3764. Homepage: http://www.asterisk.org/security. Authored By Jason Parker
Test for catching the SIGSEGV or SIGBUS without crashing and combined with try{}catch(){}. Homepage here. Authored By Guidob
dfingerd v0.6 takes the place of your original finger service, providing totally false information to clients. This can be useful to catch people trying to crack your server, or to just really confuse them. You can define output for individual users, empty requests, and forward requests to another system. Authored By Jon Beaton.
Rkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer. Homepage here. Authored By Andrew Daviel