Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Lai, Xuejia languages (programming), C arithmetic boundary conditions binary encoding bit fields bitwise shift operators byte order character types data storage floating types function invocations implementation defined behavior integer types macros objects operators order of evaluation pointers precedence preprocessor signed integer boundaries standards structure padding switch statements type conversion vunerabilities type conversions types typos unary + operator unary operator unary operator undefined behavior unsigned integer boundaries 2nd Last Stage of Delirium (LSD) Last-Modified header field (HTTP) layer 1 (physical), network segmentation layer 2 (data link), network segmentation layer 3 (network), network segmentation layer 4 (transport), network segmentation layer 5 (session), network segmentation layer 6 (presentation), network segmentation layer 7 (application) enterprise firewalls network segmentation layering, stateful inspection firewalls layers multiple encoding layers network segmentation LD_LIBRARY_PATH environment variable (UNIX) LD_PRELOAD environment variable (UNIX) Le Blanc, David leaks, file descriptors, UNIX Leblanc, David 2nd 3rd Lebras, Gregory Leidl, Bruce length calculations, multiple calculations on same input Length Miscalculation Example for Constructing an ACC log listing (7-33) length variables, DNS (Domain Name System) 2nd 3rd Lenstra, Arjen levels, impersonation, IPC (interprocess communications libraries UNIX Lincoln, Abraham linked lists auditing circular linked lists doubly linked lists singly linked lists linking objects, vunerabilities links UNIX files hard links 2nd soft links Windows NT files hard links junction points Linux capabilities do_mremap( ) function, vunerabilities environment strings file system IDs kernel probes, vunerabilities teardrop vunerability Linux do_mremap( ) Vulnerability listing (7-26) Linux Teardrop Vulnerability listing (7-14) List Pointer Update Error listing (7-13) list_add( ) function list_init( ) function listings 10-1 (Kernel Probe Vulnerability in Linux 2.2) 10-2 (Setenv( ) Vulnerabilty in BSD) 10-3 (Misuse of putenv( ) in Solaris Telnetd) 13-1 (Signal Interruption) 13-2 (Signal Race Vulnerability in WU-FTPD) 13-3 (Race Condition in the Linux Kernel's Uselib( )) 16-1 (Name Validation Denial of Service) 16-2 (Certificate Payload Integer Underflow in CheckPoint ISAKMP) 5-1 (Function Prologue) 5-2 (Off-by-One Length Miscalculation) 5-3 (Off-by-One Length Miscalculation) 5-4 (Overflowing into Local Variables) 5-5 (Indirect Memory Corruption) 5-6 (Off-by-One Overwrite) 6-1 (Twos Complement Representation of -15) 6-10 (Antisniff v1.1.1 Vulnerability) 6-11 (Antisniff v1.1.2 Vulnerability) 6-12 (Sign Extension Vulnerability Example) 6-13 (Prescan Sign Extension Vulnerability in Sendmail) 6-14 (Sign-Extension Example) 6-15 (Zero-Extension Example) 6-16 (Truncation Vulnerability Example in NFS) 6-17 (Truncation Vulnerabilty Example) 6-18 (Detect_attack Small Packet Algorithm in SSH) 6-19 (Detect_attack Truncation Vulnerability in SSH) 6-2 (Integer Overflow Example) 6-20 (Comparison Vulnerability Example) 6-21 (Signed Comparison Vulnerability) 6-22 (Unsigned Comparison Vulnerability) 6-23 (Signed Comparison Example in PHP) 6-24 (Sizeof Misuse Vulnerability Example) 6-25 (Sign-Preserving Right Shift) 6-26 (Right Shift Vulnerability Example) 6-27 (Division Vulnerability Example) 6-28 (Modulus Vulnerability Example) 6-29 (Pointer Arithmetic Vulnerability Example) 6-3 (Challenge-Response Integer Overflow Example in OpenSSH 3.1) 6-30 (Order of Evaluation Logic Vulnerability) 6-31 (Order of Evaluation Macro Vulnerability) 6-32 (Structure Padding in a Network Protocol) 6-33 (Example of Structure Padding Double Free) 6-34 (Example of Bad Counting with Structure Padding) 6-4 (Unsigned Integer Underflow Example) 6-5 (Signed Integer Vulnerability Example) 6-6 (Integer Sign Boundary Vulnerability Example in OpenSSL 0.9.6l) 6-7 (Signed Comparison Vulnerability Example) 6-8 (Antisniff v1.0 Vulnerability) 6-9 (Antisniff v1.1 Vulnerability) 7-1 (Apache mod_dav CDATA Parsing Vulnerability) 7-10 (Arithmetic Vulnerability Example in the Parent Function) 7-11 (Type Confusion) 7-12 (Empty List Vulnerabilities) 7-13 (List Pointer Update Error) 7-14 (Linux Teardrop Vulnerability) 7-15 (Simple Nonterminating Buffer Overflow Loop) 7-16 (MS-RPC DCOM Buffer Overflow Listing) 7-17 (NTPD Buffer Overflow Example) 7-18 (Apache mod_php Nonterminating Buffer Vulnerability) 7-19 (Apache 1.3.29/2.X mod_rewrite Off-by-one Vulnerability) 7-2 (Bind 9.2.1 Resolver Code gethostans( ) Vulnerability) 7-20 (OpenBSD ftp Off-by-one Vulnerability) 7-21 (Postincrement Loop Vulnerability) 7-22 (Pretest Loop Vulnerability) 7-23 (Break Statement Omission Vulnerability) 7-24 (Default Switch Case Omission Vulnerability) 7-25 (Ignoring realloc( ) Return Value) 7-26 (Linux do_mremap( ) Vulnerability) 7-27 (Finding Return Values) 7-28 (Ignoring Return Values) 7-29 (Unexpected Return Values) 7-3 (Sendmail crackaddr( ) Related Variables Vulnerability) 7-30 (Outdated Pointer Vulnerability) 7-31 (Outdated Pointer Use in ProFTPD) 7-32 (Sendmail Return Value Update Vulnerability) 7-33 (Length Miscalculation Example for Constructing an ACC log) 7-34 (Buffer Overflow in NSS Library's ssl2_HandleClientHelloMessage) 7-35 (Out-of-Order Statements) 7-36 (Netscape NSS Library UCS2 Length Miscalculation) 7-37 (Integer Overflow with 0-Byte Allocation Check) 7-38 (Allocator-Rounding Vulnerability) 7-39 (Allocator with Header Data Structure) 7-4 (OpenSSH Buffer Corruption Vulnerability) 7-40 (Reallocation Integer Overflow) 7-41 (Dangerous Data Type Use) 7-42 (Problems with 64-bit Systems) 7-43 (Maximum Limit on Memory Allocation) 7-44 (Maximum Memory Allocation Limit Vulnerability) 7-45 (Double-Free Vulnerability) 7-46 (Double-Free Vulnerability in OpenSSL) 7-47 (Reallocation Double-Free Vulnerability) 7-5 (OpenSSL BUF_MEM_grow( ) Signed Variable Desynchronization) 7-6 (Uninitialized Variable Usage) 7-7 (Uninitialized Memory Buffer) 7-8 (Uninitialized Object Attributes) 7-9 (Arithmetic Vulnerability Example) 8-1 (Different Behavior of vsnprintf( ) on Windows and UNIX) 8-10 (NUL-Byte Injection with Memory Corruption) 8-11 (Data Truncation Vulnerability) 8-12 (Data Truncation Vulnerability 2) 8-13 (Correct Use of GetFullPathName( )) 8-14 (GetFullPathName( ) Call in Apache 2.2.0) 8-15 (Directory Traversal Vulnerability) 8-16 (Format String Vulnerability in WU-FTPD) 8-17 (Format String Vulnerability in a Logging Routine) 8-18 (Shell Metacharacter Injection Vulnerability) 8-19 (Example of Dangerous Program Use) 8-2 (Dangerous Use of strncpy( )) 8-20 (SQL Injection Vulnerability) 8-21 (SQL Truncation Vulnerability) 8-22 (Character Black-List Filter) 8-23 (Character White-List Filter) 8-24 (Metacharacter Vulnerability in PCNFSD) 8-25 (Vulnerability in Filtering a Character Sequence) 8-26 (Vulnerability in Filtering a Character Sequence #2) 8-27 (Hex-encoded Pathname Vulnerability) 8-28 (Decoding Incorrect Byte Values) 8-29 (Return Value Checking of MultiByteToWideChar( )) 8-3 (Strcpy( )-like Loop) 8-30 (Dangerous Use of IsDBCSLeadByte( )) 8-31 (Code Page Mismatch Example) 8-32 (NUL Bytes in Multibyte Code Pages) 8-4 (Character Expansion Buffer Overflow) 8-5 (Vulnerable Hex-Decoding Routine for URIs) 8-6 (If Header Processing Vulnerability in Apache's mod_dav Module) 8-7 (Text-Processing Error in Apache mod_mime) 8-8 (Embedded Delimiter Example) 8-9 (Multiple Embedded Delimiters) 9-1 (Privilege Misuse in XFree86 SVGA Server) 9-2 (Incorrect Temporary Privilege Relinquishment in FreeBSD Inetd) 9-3 (Race Condition in access( ) and open( )) 9-4 (Race Condition from Kerberos 4 in lstat( ) and open( )) 9-5 (Race Condition in open( ) and lstat( )) 9-6 (Reopening a Temporary File) lists auditing 2nd data ranges 2nd duplicate elements empty lists, vunerabilities linked lists pointer updates, errors little-endian architecture, bytes, ordering loading DLLs Processes, Windows NT local namespaces, Windows NT local privilege separation socket, OpenSSH Location header field (HTTP) lock matching, synchronization objects LOCK method log files, UNIX logic business logic presentation logic login groups, UNIX logon rights, Windows NT sessions longjmp( ) function looping constructs, auditing loops data copy posttest loops pretest loops terminating conditions typos loose coupling, software design loosely coupled modules Lopatic, Thomas 2nd 3rd lreply( ) function LSD (Last Stage of Delirium) lstat( ) function |