L | The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Lai, Xuejia
languages (programming), C
     arithmetic boundary conditions
     binary encoding
     bit fields
     bitwise shift operators
     byte order
     character types
     data storage
     floating types
     function invocations
     implementation defined behavior
     integer types
     macros
     objects
     operators
     order of evaluation
     pointers
     precedence
     preprocessor
     signed integer boundaries
     standards
     structure padding
     switch statements
     type conversion vunerabilities
     type conversions
     types
     typos
     unary + operator
     unary operator
     unary operator
     undefined behavior
     unsigned integer boundaries 2nd
Last Stage of Delirium (LSD)
Last-Modified header field (HTTP)
layer 1 (physical), network segmentation
layer 2 (data link), network segmentation
layer 3 (network), network segmentation
layer 4 (transport), network segmentation
layer 5 (session), network segmentation
layer 6 (presentation), network segmentation
layer 7 (application)
     enterprise firewalls
     network segmentation
layering, stateful inspection firewalls
layers
     multiple encoding layers
     network segmentation
LD_LIBRARY_PATH environment variable (UNIX)
LD_PRELOAD environment variable (UNIX)
Le Blanc, David
leaks, file descriptors, UNIX
Leblanc, David 2nd 3rd
Lebras, Gregory
Leidl, Bruce
length calculations, multiple calculations on same input
Length Miscalculation Example for Constructing an ACC log listing (7-33)
length variables, DNS (Domain Name System) 2nd 3rd
Lenstra, Arjen
levels, impersonation, IPC (interprocess communications
libraries
     UNIX
Lincoln, Abraham
linked lists
     auditing
     circular linked lists
     doubly linked lists
     singly linked lists
linking objects, vunerabilities
links
     UNIX files
         hard links 2nd
         soft links
     Windows NT files
         hard links
         junction points
Linux
     capabilities
     do_mremap( ) function, vunerabilities
     environment strings
     file system IDs
     kernel probes, vunerabilities
     teardrop vunerability
Linux do_mremap( ) Vulnerability listing (7-26)
Linux Teardrop Vulnerability listing (7-14)
List Pointer Update Error listing (7-13)
list_add( ) function
list_init( ) function
listings
     10-1 (Kernel Probe Vulnerability in Linux 2.2)
     10-2 (Setenv( ) Vulnerabilty in BSD)
     10-3 (Misuse of putenv( ) in Solaris Telnetd)
     13-1 (Signal Interruption)
     13-2 (Signal Race Vulnerability in WU-FTPD)
     13-3 (Race Condition in the Linux Kernel's Uselib( ))
     16-1 (Name Validation Denial of Service)
     16-2 (Certificate Payload Integer Underflow in CheckPoint ISAKMP)
     5-1 (Function Prologue)
     5-2 (Off-by-One Length Miscalculation)
     5-3 (Off-by-One Length Miscalculation)
     5-4 (Overflowing into Local Variables)
     5-5 (Indirect Memory Corruption)
     5-6 (Off-by-One Overwrite)
     6-1 (Twos Complement Representation of -15)
     6-10 (Antisniff v1.1.1 Vulnerability)
     6-11 (Antisniff v1.1.2 Vulnerability)
     6-12 (Sign Extension Vulnerability Example)
     6-13 (Prescan Sign Extension Vulnerability in Sendmail)
     6-14 (Sign-Extension Example)
     6-15 (Zero-Extension Example)
     6-16 (Truncation Vulnerability Example in NFS)
     6-17 (Truncation Vulnerabilty Example)
     6-18 (Detect_attack Small Packet Algorithm in SSH)
     6-19 (Detect_attack Truncation Vulnerability in SSH)
     6-2 (Integer Overflow Example)
     6-20 (Comparison Vulnerability Example)
     6-21 (Signed Comparison Vulnerability)
     6-22 (Unsigned Comparison Vulnerability)
     6-23 (Signed Comparison Example in PHP)
     6-24 (Sizeof Misuse Vulnerability Example)
     6-25 (Sign-Preserving Right Shift)
     6-26 (Right Shift Vulnerability Example)
     6-27 (Division Vulnerability Example)
     6-28 (Modulus Vulnerability Example)
     6-29 (Pointer Arithmetic Vulnerability Example)
     6-3 (Challenge-Response Integer Overflow Example in OpenSSH 3.1)
     6-30 (Order of Evaluation Logic Vulnerability)
     6-31 (Order of Evaluation Macro Vulnerability)
     6-32 (Structure Padding in a Network Protocol)
     6-33 (Example of Structure Padding Double Free)
     6-34 (Example of Bad Counting with Structure Padding)
     6-4 (Unsigned Integer Underflow Example)
     6-5 (Signed Integer Vulnerability Example)
     6-6 (Integer Sign Boundary Vulnerability Example in OpenSSL 0.9.6l)
     6-7 (Signed Comparison Vulnerability Example)
     6-8 (Antisniff v1.0 Vulnerability)
     6-9 (Antisniff v1.1 Vulnerability)
     7-1 (Apache mod_dav CDATA Parsing Vulnerability)
     7-10 (Arithmetic Vulnerability Example in the Parent Function)
     7-11 (Type Confusion)
     7-12 (Empty List Vulnerabilities)
     7-13 (List Pointer Update Error)
     7-14 (Linux Teardrop Vulnerability)
     7-15 (Simple Nonterminating Buffer Overflow Loop)
     7-16 (MS-RPC DCOM Buffer Overflow Listing)
     7-17 (NTPD Buffer Overflow Example)
     7-18 (Apache mod_php Nonterminating Buffer Vulnerability)
     7-19 (Apache 1.3.29/2.X mod_rewrite Off-by-one Vulnerability)
     7-2 (Bind 9.2.1 Resolver Code gethostans( ) Vulnerability)
     7-20 (OpenBSD ftp Off-by-one Vulnerability)
     7-21 (Postincrement Loop Vulnerability)
     7-22 (Pretest Loop Vulnerability)
     7-23 (Break Statement Omission Vulnerability)
     7-24 (Default Switch Case Omission Vulnerability)
     7-25 (Ignoring realloc( ) Return Value)
     7-26 (Linux do_mremap( ) Vulnerability)
     7-27 (Finding Return Values)
     7-28 (Ignoring Return Values)
     7-29 (Unexpected Return Values)
     7-3 (Sendmail crackaddr( ) Related Variables Vulnerability)
     7-30 (Outdated Pointer Vulnerability)
     7-31 (Outdated Pointer Use in ProFTPD)
     7-32 (Sendmail Return Value Update Vulnerability)
     7-33 (Length Miscalculation Example for Constructing an ACC log)
     7-34 (Buffer Overflow in NSS Library's ssl2_HandleClientHelloMessage)
     7-35 (Out-of-Order Statements)
     7-36 (Netscape NSS Library UCS2 Length Miscalculation)
     7-37 (Integer Overflow with 0-Byte Allocation Check)
     7-38 (Allocator-Rounding Vulnerability)
     7-39 (Allocator with Header Data Structure)
     7-4 (OpenSSH Buffer Corruption Vulnerability)
     7-40 (Reallocation Integer Overflow)
     7-41 (Dangerous Data Type Use)
     7-42 (Problems with 64-bit Systems)
     7-43 (Maximum Limit on Memory Allocation)
     7-44 (Maximum Memory Allocation Limit Vulnerability)
     7-45 (Double-Free Vulnerability)
     7-46 (Double-Free Vulnerability in OpenSSL)
     7-47 (Reallocation Double-Free Vulnerability)
     7-5 (OpenSSL BUF_MEM_grow( ) Signed Variable Desynchronization)
     7-6 (Uninitialized Variable Usage)
     7-7 (Uninitialized Memory Buffer)
     7-8 (Uninitialized Object Attributes)
     7-9 (Arithmetic Vulnerability Example)
     8-1 (Different Behavior of vsnprintf( ) on Windows and UNIX)
     8-10 (NUL-Byte Injection with Memory Corruption)
     8-11 (Data Truncation Vulnerability)
     8-12 (Data Truncation Vulnerability 2)
     8-13 (Correct Use of GetFullPathName( ))
     8-14 (GetFullPathName( ) Call in Apache 2.2.0)
     8-15 (Directory Traversal Vulnerability)
     8-16 (Format String Vulnerability in WU-FTPD)
     8-17 (Format String Vulnerability in a Logging Routine)
     8-18 (Shell Metacharacter Injection Vulnerability)
     8-19 (Example of Dangerous Program Use)
     8-2 (Dangerous Use of strncpy( ))
     8-20 (SQL Injection Vulnerability)
     8-21 (SQL Truncation Vulnerability)
     8-22 (Character Black-List Filter)
     8-23 (Character White-List Filter)
     8-24 (Metacharacter Vulnerability in PCNFSD)
     8-25 (Vulnerability in Filtering a Character Sequence)
     8-26 (Vulnerability in Filtering a Character Sequence #2)
     8-27 (Hex-encoded Pathname Vulnerability)
     8-28 (Decoding Incorrect Byte Values)
     8-29 (Return Value Checking of MultiByteToWideChar( ))
     8-3 (Strcpy( )-like Loop)
     8-30 (Dangerous Use of IsDBCSLeadByte( ))
     8-31 (Code Page Mismatch Example)
     8-32 (NUL Bytes in Multibyte Code Pages)
     8-4 (Character Expansion Buffer Overflow)
     8-5 (Vulnerable Hex-Decoding Routine for URIs)
     8-6 (If Header Processing Vulnerability in Apache's mod_dav Module)
     8-7 (Text-Processing Error in Apache mod_mime)
     8-8 (Embedded Delimiter Example)
     8-9 (Multiple Embedded Delimiters)
     9-1 (Privilege Misuse in XFree86 SVGA Server)
     9-2 (Incorrect Temporary Privilege Relinquishment in FreeBSD Inetd)
     9-3 (Race Condition in access( ) and open( ))
     9-4 (Race Condition from Kerberos 4 in lstat( ) and open( ))
     9-5 (Race Condition in open( ) and lstat( ))
     9-6 (Reopening a Temporary File)
lists
     auditing 2nd
     data ranges 2nd
     duplicate elements
     empty lists, vunerabilities
     linked lists
     pointer updates, errors
little-endian architecture, bytes, ordering
loading
     DLLs
     Processes, Windows NT
local namespaces, Windows NT
local privilege separation socket, OpenSSH
Location header field (HTTP)
lock matching, synchronization objects
LOCK method
log files, UNIX
logic
     business logic
     presentation logic
login groups, UNIX
logon rights, Windows NT sessions
longjmp( ) function
looping constructs, auditing
loops
     data copy
     posttest loops
     pretest loops
     terminating conditions
     typos
loose coupling, software design
loosely coupled modules
Lopatic, Thomas 2nd 3rd
lreply( ) function
LSD (Last Stage of Delirium)
lstat( ) function