Linux Security
    Linux Security
    Linux Security

    A Buffer Overflow Study: Attacks & Defenses

    Date
    4943
    Posted By
    A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code. . .
    A technical overview of heap and buffer overflows, Linux tools that can be used to reduce their risk, the kinds of exploits these tools can prevent, and more. "This study deals with the various kinds of overflows (heap, stack) to understand how they work and how they may be used to execute malicious code; then it focuses on a few Linux solutions (Grsecurity features, Libsafe...), and explains how they behave, which kinds of exploits they prevent respectively...

    It aims at presenting an overview of generic solutions which may be applied to a whole system, although it is a non-exhaustive one."

    On november 2, 1988 a new form of threat appeared with the Morris Worm, also known as the Internet Worm. This famous event caused heavy damages on the internet, by using two common unix programs, sendmail and fingerd. This was possible by exploiting a buffer overflow in fingerd. This is probably one of the most outstanding attacks based on buffer overflows.

    This kind of vulnerability has been found on largely spread and used daemons such as bind, wu-ftpd, or various telnetd implementations, as well as on applications such as Oracle or MS Outlook Express...

    The link for this article located at Pierre-Alain FAYOLLE, Vincent GLAUME is no longer available. 

     

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.