Portal de Periódicos da CAPES

Beyond stack smashing: recent advances in exploiting buffer overruns

2004; Institute of Electrical and Electronics Engineers; Volume: 2; Issue: 4 Linguagem: Inglês

10.1109/msp.2004.36

1558-4046

Jon Pincus, Brian Baker,

Network Security and Intrusion Detection

Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.