- 1、本文档共29页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
bufferoverflowattacks-texasa
BUFFER OVERFLOW
ATTACKS
Aravind Aluri
Mohit Kumar
1
OUTLINE
n INTRODUCTION
n STACK BASICS
n EXAMPLE
n OTHER EXPLOITS
n SOLUTIONS
n CONCLUSION
n Q A
2
INTRODUCTION
n What is buffer overflow?
More data is put into a holding area than it can handle.
Cause: Lack of bound checking (eg: standard C library )
n Acc. to CERT (Computer Emergency Readiness Team)
In 2003, 75% of vulnerabilities due to buffer overflows1
n Morris worm (November 1988)
Used finger Daemon to overflow buffer2
1. www.cert .org/stats/
2. E.Spafford. The Internet Worm Program: Analysis. Computer Communication Review, January 1989. 3
INTRODUCTION
n Code Red worm (July 2001)
A remotely exploitable buffer overflow in one of the ISAPI
extensions installed with most versions of IIS 4.0 and 5.0
/advisories/CA-2001-19.html
n Slammer Worm (Jan 2003)
Exploits the vulnerability in Microsoft SQL Server 2000
/advisories/CA-2003-04.html
n An Intrusion or a Successful Attack aims to change the flow of
control ( using buffer overflow), letting the attacker execute
arbitrary code
4
STACK BASICS
PROCESS MEMORY LAYOUT
5
STACK BASICS
STACK LAYOUT
6
STACK BASICS
EXAMPLE
void function( int a, int b , int c){
char buffer1[5];
char buffer2[10];
}
void main(){
function(1,2,3);
}
您可能关注的文档
- analysis of strongfstrong-104c world's altitude record flight.pdf
- analysis of the patient protection and affordable care act.pdf
- analysis on advantages and disadvantages of china's insurance.pdf
- analysis of verification summary data school year 2008-2009.pdf
- analytic evaluation of shared-memory architectures.pdf
- analytical strongmodelstrong development and strongmodelstrong reduction for.pdf
- analyzing and specifying reusable security requirements.pdf
- analytic evaluation of shared-memory architectures - parallel.pdf
- analyzing the open stronggroupstrong architecture framework from the geram.pdf
- analyzing cuda workloads usingadetailedgpusimulator.pdf
文档评论(0)