Jump to content
Nytro

Buffer overflow vulnerabilities exploits and defensive techniques

Recommended Posts

BUFFER OVERFLOW VULNERABILITIES

EXPLOITS AND DEFENSIVE TECHNIQUES

Authors Peter Buchlovsky, Adam Butcher

UID 319295, 309235

Email msc33pxb@cs.bham.ac.uk, ug75ajb@cs.bham.ac.uk

Introduction

Buffer overflows are a very common method of security breach. They generally occur in programs

written in low-level languages like C or C++ which allow the manual management of

memory on the heap and stack.

Server processes or low-level programs running as the superuser are the usual targets for such

attacks. If a hacker can find a buffer overflow vulnerability in such a process and can exploit it,

it will usually give the hacker full control of the system.

The analysis of Lhee and Chapin [8] has proved most helpful in our research.

1.1 Array bounds checking

Most high-level programming languages claim to be safe. This means that programs written

in these language have rigorously controlled access to memory. Thus they do not suffer from

buffer overflows or dangling pointers. This is in contrast to the C and C++ programming languages

which have a more cavalier approach to memory access and safety. In C, array access is

not bounds checked. That means it is possible to write past the end (or indeed the beginning if

it is being written to backwards) of an array. This leads to a number of exploits that can used by

attackers.

Download:

citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.104.8202&rep=rep1&type=pdf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...