Beyond stack smashing: recent advances in exploiting buffer overruns
Pincus, J.
Baker, B.
This paper appears in: Security & Privacy, IEEE
Publication Date: July-Aug. 2004
Volume: 2,
Issue: 4
On page(s): 20- 27
ISSN: 1540-7993
INSPEC Accession Number: 8062325
Digital Object Identifier: 10.1109/MSP.2004.36
Current Version Published: 2004-10-04
Abstract
Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
