Title :
Beyond stack smashing: recent advances in exploiting buffer overruns
Author :
Pincus, Jonathan ; Baker, Brandon
Abstract :
Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster\´s appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.
Keywords :
computer crime; storage management; CERT advisories; arc injection; buffer overruns; exploits; heap smashing; high-profile worms; malicious crackers; pointer subterfuge; security vulnerabilities; stack smashing; Computer hacking; Computer security; Computer worms; Java; Lab-on-a-chip; Payloads; Power system security; Privacy; Runtime environment; 65; arc injection; attacking systems; buffer overruns; heap smashing; pointer subterfuge; stack smashing;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.36
