Avaya Labs Releases Free Linux Security Software to Battle Hacker Attacks in Programs and Web Sites

Mar 21, 2001, 00:00 ET from Avaya Labs

    HANNOVER, Germany, March 21 /PRNewswire/ -- Avaya Labs announced today it
 is releasing Libsafe(TM) 2.0, an enhanced version of its free security
 software for the popular Linux operating system.  Libsafe version 2.0 adds the
 ability to protect against security attacks that exploit "format string"
 vulnerabilities in software, including programs that are widely deployed as
 part of the Internet infrastructure.
     As a result, Libsafe 2.0 protects against the two most common forms of
 security attacks:  "buffer overflow" and "format string."  Libsafe extends its
 protection to all application programs running on a system, and will even help
 to protect programs that have vulnerabilities yet to be discovered.
     Avaya Labs is the research and development arm of Avaya (NYSE:   AV), a
 global leader in business communication solutions and services.  The
 announcement was made at CeBIT, a communications show taking place here.
     "Enterprises worldwide are deploying servers and communication networks,
 counting on the high reliability of Linux," said Ravi Sethi, president of
 Avaya Labs.  "Avaya is making Libsafe 2.0 available free to help protect our
 customers, existing and potential, from malicious security attacks.  Our
 customers already benefit from additional Avaya Labs technology to enhance
 reliability by protecting against inadvertent errors."
     Security is a critical issue for businesses, particularly as they build
 their data networks.  Avaya recently further strengthened its portfolio of
 security products for businesses by acquiring VPNet Technologies Inc. -- an
 award-winning provider of virtual private networks and services -- and by
 acquiring certain security-related products from CyberIQ.
     Libsafe 2.0 detects and protects against both format string and buffer
 overflow attacks, which allow a non-authorized user to take control of a
 server by exploiting loopholes.  The loopholes allow a malicious user to
 insert code into a running program and then hijack control to execute the
 inserted code instead.  The non-authorized user could then access private data
 or stage attacks against other machines.  The attack proceeds by sending
 carefully formed requests to vulnerable server programs that set the stage for
 the hacker to write a string of characters that overwrite the server program's
 memory and trick it into handing control to the attacker.
     Earlier this year, the CERT Coordination Center at Carnegie Mellon
 University in Pittsburgh warned about format string and buffer overflow
 vulnerabilities in widely-used Internet name-server software called BIND
 (Berkeley Internet Name Domain).  The CERT advisory notes: "Because the
 majority of name servers in operation today run BIND, these vulnerabilities
 present a serious threat to the Internet infrastructure."
     For the past several years, buffer overflows have been the most common
 form of computer security vulnerability exploited by intruders, according to
 the Oregon Graduate Institute of Science & Technology (OGI).
     Libsafe was developed by Avaya Labs researchers Navjot Singh and Timothy
 Tsai.
     "It is generally accepted that the best solution to these security attacks
 is to fix the defective program," said Singh.  "But to do that, you have to
 know the program is defective.  Libsafe helps to protect against future
 attacks, even on programs not yet known to be vulnerable."
     Avaya Labs is making Libsafe freely available under the GNU Lesser General
 Public License.  Users and developers who would like further information and
 the Libsafe source code can visit
 http://www.research.avayalabs.com/project/libsafe.html.
     Libsafe is easy to use, requires no special security expertise and can be
 installed in minutes.  Tests by Avaya Labs have shown that it detects a large
 number of attacks, while using few computer resources.  It requires no
 modification to the operating system or application.
 
     About Avaya Labs
     Building on the heritage of Bell Labs, Avaya Labs is the research and
 development arm of Avaya, a global leader in business communication solutions
 and services.  Avaya Labs delivers competitive, innovative technology for
 Avaya's customers.  Avaya Labs has 1,500 patents and patent applications, and
 3,100 R&D professionals in more than 16 locations around the world.  Major
 locations are Denver, Colorado; Holmdel, N.J.; Tel Aviv, Israel; Concord,
 Mass.; the U.K.; Dallas, Texas; Milpitas, Calif., and Redmond, Wash.
 
     About Avaya
     Avaya, headquartered in Basking Ridge, N.J., USA, is a leading provider of
 communications systems for enterprises, including businesses, government
 agencies and other organizations.  Avaya offers converged voice and data,
 customer relationship management, messaging, voice multi-service networking
 and structured cabling products and services.  Avaya is a worldwide leader in
 sales of messaging and structured cabling systems and a U.S. leader in sales
 of enterprise voice communications and call center systems.  Avaya intends to
 use its leadership positions in enterprise communications systems and
 software, its broad portfolio of products and services, and strategic
 alliances with other technology and consulting services leaders to offer its
 customers comprehensive eBusiness solutions.  For more information about
 Avaya, visit its Web site at http://www.avaya.com.
 
 

SOURCE Avaya Labs
    HANNOVER, Germany, March 21 /PRNewswire/ -- Avaya Labs announced today it
 is releasing Libsafe(TM) 2.0, an enhanced version of its free security
 software for the popular Linux operating system.  Libsafe version 2.0 adds the
 ability to protect against security attacks that exploit "format string"
 vulnerabilities in software, including programs that are widely deployed as
 part of the Internet infrastructure.
     As a result, Libsafe 2.0 protects against the two most common forms of
 security attacks:  "buffer overflow" and "format string."  Libsafe extends its
 protection to all application programs running on a system, and will even help
 to protect programs that have vulnerabilities yet to be discovered.
     Avaya Labs is the research and development arm of Avaya (NYSE:   AV), a
 global leader in business communication solutions and services.  The
 announcement was made at CeBIT, a communications show taking place here.
     "Enterprises worldwide are deploying servers and communication networks,
 counting on the high reliability of Linux," said Ravi Sethi, president of
 Avaya Labs.  "Avaya is making Libsafe 2.0 available free to help protect our
 customers, existing and potential, from malicious security attacks.  Our
 customers already benefit from additional Avaya Labs technology to enhance
 reliability by protecting against inadvertent errors."
     Security is a critical issue for businesses, particularly as they build
 their data networks.  Avaya recently further strengthened its portfolio of
 security products for businesses by acquiring VPNet Technologies Inc. -- an
 award-winning provider of virtual private networks and services -- and by
 acquiring certain security-related products from CyberIQ.
     Libsafe 2.0 detects and protects against both format string and buffer
 overflow attacks, which allow a non-authorized user to take control of a
 server by exploiting loopholes.  The loopholes allow a malicious user to
 insert code into a running program and then hijack control to execute the
 inserted code instead.  The non-authorized user could then access private data
 or stage attacks against other machines.  The attack proceeds by sending
 carefully formed requests to vulnerable server programs that set the stage for
 the hacker to write a string of characters that overwrite the server program's
 memory and trick it into handing control to the attacker.
     Earlier this year, the CERT Coordination Center at Carnegie Mellon
 University in Pittsburgh warned about format string and buffer overflow
 vulnerabilities in widely-used Internet name-server software called BIND
 (Berkeley Internet Name Domain).  The CERT advisory notes: "Because the
 majority of name servers in operation today run BIND, these vulnerabilities
 present a serious threat to the Internet infrastructure."
     For the past several years, buffer overflows have been the most common
 form of computer security vulnerability exploited by intruders, according to
 the Oregon Graduate Institute of Science & Technology (OGI).
     Libsafe was developed by Avaya Labs researchers Navjot Singh and Timothy
 Tsai.
     "It is generally accepted that the best solution to these security attacks
 is to fix the defective program," said Singh.  "But to do that, you have to
 know the program is defective.  Libsafe helps to protect against future
 attacks, even on programs not yet known to be vulnerable."
     Avaya Labs is making Libsafe freely available under the GNU Lesser General
 Public License.  Users and developers who would like further information and
 the Libsafe source code can visit
 http://www.research.avayalabs.com/project/libsafe.html.
     Libsafe is easy to use, requires no special security expertise and can be
 installed in minutes.  Tests by Avaya Labs have shown that it detects a large
 number of attacks, while using few computer resources.  It requires no
 modification to the operating system or application.
 
     About Avaya Labs
     Building on the heritage of Bell Labs, Avaya Labs is the research and
 development arm of Avaya, a global leader in business communication solutions
 and services.  Avaya Labs delivers competitive, innovative technology for
 Avaya's customers.  Avaya Labs has 1,500 patents and patent applications, and
 3,100 R&D professionals in more than 16 locations around the world.  Major
 locations are Denver, Colorado; Holmdel, N.J.; Tel Aviv, Israel; Concord,
 Mass.; the U.K.; Dallas, Texas; Milpitas, Calif., and Redmond, Wash.
 
     About Avaya
     Avaya, headquartered in Basking Ridge, N.J., USA, is a leading provider of
 communications systems for enterprises, including businesses, government
 agencies and other organizations.  Avaya offers converged voice and data,
 customer relationship management, messaging, voice multi-service networking
 and structured cabling products and services.  Avaya is a worldwide leader in
 sales of messaging and structured cabling systems and a U.S. leader in sales
 of enterprise voice communications and call center systems.  Avaya intends to
 use its leadership positions in enterprise communications systems and
 software, its broad portfolio of products and services, and strategic
 alliances with other technology and consulting services leaders to offer its
 customers comprehensive eBusiness solutions.  For more information about
 Avaya, visit its Web site at http://www.avaya.com.
 
 SOURCE  Avaya Labs