Beyond stack smashing: recent advances in exploiting buffer overruns Export

by: J. Pincus, B. Baker

Security & Privacy Magazine, IEEE, Vol. 2, No. 4. (2004), pp. 20-27.

[Posts]

View FullText article

IEEE Explore, Rent at DeepDyve

krisn11's tags for this article

buffer_overrun stack_smashing

Reviews [Write a review of this article]

Notes for this article

krisn11 has 1 private note and 0 public notes for this article. If you are krisn11 then you can log in to see the private note.

Find related articles from these CiteULike users

lionell, krisn11

Find related articles with these CiteULike tags

attack, buffer_overrun, integrity, memory, stack_smashing

Abstract

Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.

@article{citeulike:391342, abstract = {Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns.}, author = {Pincus, J. and Baker, B.}, citeulike-article-id = {391342}, citeulike-linkout-0 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1324594}, journal = {Security \& Privacy Magazine, IEEE}, keywords = {buffer\_overrun, stack\_smashing}, number = {4}, pages = {20--27}, posted-at = {2007-11-08 21:55:34}, priority = {0}, title = {Beyond stack smashing: recent advances in exploiting buffer overruns}, url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1324594}, volume = {2}, year = {2004} }

RIS record

TY - JOUR ID - citeulike:391342 L3 - citeulike-article-id:391342 N2 - Security vulnerabilities related to buffer overruns account for the largest share of CERT advisories, as well as high-profile worms - from the original Internet Worm in 1987 through Blaster's appearance in 2003. When malicious crackers discover a vulnerability, they devise exploits that take advantage of the vulnerability to attack a system. The article describes three powerful general-purpose families of exploits for buffer overruns: arc injection, pointer subterfuge, and heap smashing. These new techniques go beyond the traditional "stack smashing" attack and invalidate traditional assumptions about buffer overruns. IS - 4 JF - Security & Privacy Magazine, IEEE EP - 27 TI - Beyond stack smashing: recent advances in exploiting buffer overruns VL - 2 SP - 20 KW - buffer_overrun KW - stack_smashing AU - Pincus, J AU - Baker, B PY - 2004/// UR - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1324594 ER -

c	6
buffer_overflow	5
stack	5
language	4
buffer_overrun	4
stackless	4
security	4
compiler	3
cyclone	3
ccured	3
algol	2
gc	2
protothreads	1
protection	1
polymorphic	1
preemptive_threading	1
assembly	1
semantics	1
parser	1
executable_editing	1
memory_exploits	1
cache	1
design	1
memory	1
algorithms	1
cooperative_threading	1
generator	1
stackguard	1
antlr	1
call_stack	1
stackghost	1
hardware_security	1
cache_oblivious	1
stack_smashing	1
threads	1

Beyond stack smashing: recent advances in exploiting buffer overruns Export

Citation Format