• DocumentCode
    1065621
  • Title

    Beyond stack smashing: recent advances in exploiting buffer overruns

  • Author

    Pincus, Jonathan ; Baker, Brandon

  • Volume
    2
  • Issue
    4
  • fYear
    2004
  • Firstpage
    20
  • Lastpage
    27
  • Abstract
    Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster\´s appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.
  • Keywords
    computer crime; storage management; CERT advisories; arc injection; buffer overruns; exploits; heap smashing; high-profile worms; malicious crackers; pointer subterfuge; security vulnerabilities; stack smashing; Computer hacking; Computer security; Computer worms; Java; Lab-on-a-chip; Payloads; Power system security; Privacy; Runtime environment; 65; arc injection; attacking systems; buffer overruns; heap smashing; pointer subterfuge; stack smashing;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2004.36
  • Filename
    1324594
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1065621