Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Check Point released an open-source fix for common Linux memory corruption security hole

May 24, 2020
in Internet Security
Check Point released an open-source fix for common Linux memory corruption security hole
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

For years, there’s been a known security vulnerability hiding in the GNU C Library (glibc). This library, which is critical for Linux and many other operating systems and programs, had a dynamic memory management security hole that could be used for denial of service (DoS) attacks. Now, the security company, Check Point, has issued an open-source patch, which will make it much more difficult to exploit this memory allocation (malloc) problem.

Check Point re-encountered this known problem when it discovered that so-called smart light bulbs could be used to hack into networks by exploiting unprotected single-linked-lists. The double-linked-list version of this problem had been fixed back in 2005 with Safe-Unlinking. But, the single-linked-list version, which is present in the memory primitive functions Fast-Bins and Thread Cache (TCache), remained vulnerable.  

You might also like

Intel joins DARPA in search of encryption ‘holy grail’

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

Now, the fix is in for this problem. This new built-in security mechanism is called Safe-Linking. It protects malloc by signing its single-linked-list pointers with random numbers derived from Linux’s Address Space Layout Randomization (ASLR) functionality. Combined with memory chunk alignment integrity checks, it protects the memory pointers from hijacking attempts and thus the system itself. 

The patch is now being integrated with the most common standard C library implementation, glibc. Safe-Linking will be released in glibc 2.32 in August 2020. It’s already up and running in glibc’s popular embedded counterpart: uClibc-NG. 

You may wonder why it took so long for this to be fixed since it was a known problem. Check Point’s technology lead, Eyal Itkin explained:

“While exploit developers have been aware of this problem for many years now, the developers of the libraries weren’t aware of a problem —  so nothing got fixed. By giving developers the feedback, along with an idea for a fix, we managed to close this issue once and for all. Linux users should be aware of this update and make sure they switch to using the most updated version of their standard library, once it gets released.”

Still, even once you have the fix, Itkin continued:

“It is important to note that Safe-Linking is not a magic bullet that will stop all exploit attempts against modern-day heap implementations. However, this is another step in the right direction. From our past experience, this specific mitigation would have blocked several major exploits that we demonstrated throughout the years, thus turning ‘broken’ software products to ones that are ‘unexploitable.'”

Related Stories:

Credit: Zdnet

Previous Post

Alyssa Milano’s Face Mask Is Her Crown as Queen of a Wildly Stupid Weekend

Next Post

What Is It Really Good For?

Related Posts

Intel joins DARPA in search of encryption ‘holy grail’
Internet Security

Intel joins DARPA in search of encryption ‘holy grail’

March 9, 2021
Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Next Post
Understanding The Recognition Pattern Of AI

What Is It Really Good For?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Intel joins DARPA in search of encryption ‘holy grail’
Internet Security

Intel joins DARPA in search of encryption ‘holy grail’

March 9, 2021
Microsoft Exchange Hackers Also Breached European Banking Authority
Internet Privacy

Microsoft Exchange Hackers Also Breached European Banking Authority

March 9, 2021
How Automation can be used for faster recovery, revival, and improved resilience in the wake of COVID-19
Data Science

How Automation can be used for faster recovery, revival, and improved resilience in the wake of COVID-19

March 9, 2021
Introduction to Machine Learning Model Evaluation
Machine Learning

Introduction to Machine Learning Model Evaluation

March 9, 2021
Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Is investing in AI the highest ROI opportunity?
Data Science

Is investing in AI the highest ROI opportunity?

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Intel joins DARPA in search of encryption ‘holy grail’ March 9, 2021
  • Microsoft Exchange Hackers Also Breached European Banking Authority March 9, 2021
  • How Automation can be used for faster recovery, revival, and improved resilience in the wake of COVID-19 March 9, 2021
  • Introduction to Machine Learning Model Evaluation March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates