Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Code Flaws Open Linux Apps to Attack

    By
    Daniel Drew Turner
    -
    September 17, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Vulnerabilities in code libraries that could potentially affect open-source programs using the GUI toolkit GTK+ were reported on the security Web site Secunia on Thursday. As initially discovered by Chris Evans, these problems could theoretically be exploited to spark a DDoS (distributed denial of service) attack and otherwise compromise a computer system.

      One vulnerability, which affects BMP image processing in applications, could be taken advantage of to create an infinite loop in the application. This could affect open-source image editors, for example.

      Two others rely on handling errors while decoding images in the XPixMap (XPM) format developed in 1989. These vulnerabilities could be exploited by the use of an XPM image to create either an integer or buffer overflow, either of which could allow the execution of malicious code.

      /zimages/2/28571.gifRead more here about integer overflows.

      One of these library routines, GdkPixBuf, is also used in Gnome 2. Gnome is a Unix and Linux desktop suite and development platform thats used by Sun in some Solaris desktops and in many Linux desktops.

      A final vulnerability works in decoding ICO images, which are used to create and display favorites icons (“favicons”) for Web sites. This also could allow a maliciously crafted ICO image to cause an integer overflow, which could cause the application to crash.

      But according to Chris Hofmann, director of engineering at the Mozilla Foundation in Mountain View, Calif., the Firefox browser is not vulnerable to a security breach over the Internet, as was recently reported about Microsofts Internet Explorer.

      Firefox and other browsers based on the open-source Mozilla code base use the affected libraries only for processing images from the users own computer. These browsers rely on a Mozilla cross-platform image library for decoding images downloaded from the Web.

      “The way we treat vulnerabilities, if someone can get to your hard drive, they have the capability to compromise your system in any number of ways,” Hofmann said. “The only way for an attack to occur in this case is for someone to get onto your hard drive and put one of these images there and get Firefox to open it.” He said all productz based on Mozilla technology—which include the Mozilla Suite and Netscape 7.2—exhibit the same security level.

      As of this writing, no updated versions of the affected libraries have been released.

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      /zimages/2/77042.gif

      Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page

      Daniel Drew Turner

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×