Beyond stack smashing: recent advances in exploiting buffer overruns

4 October 2004

journal article
Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Security & Privacy

Vol. 2 (4) , 20-27
https://doi.org/10.1109/msp.2004.36

Abstract

Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.

Keywords

PAYLOADS
RUNTIME ENVIRONMENT
PRIVACY
JAVA
COMPUTER SECURITY
POWER SYSTEM SECURITY
COMPUTER WORMS
LAB-ON-A-CHIP
COMPUTER HACKING

This publication has 0 references indexed in Scilit: