Submitted by: Submitted by brocious971
Views: 361
Words: 905
Pages: 4
Category: Science and Technology
Date Submitted: 07/14/2011 02:51 AM
BUFFER-OVERFLOW ATTACKS
Introduction to Scripting and Database with Lab
COMP 230 ON SEC C
Summer 2007 Semester
August 18, 2007
Professor Charlotte McKenzie
Prepared by: William Owusu
Introduction
Security is everyone's problem. It is important to be aware of issues that can foster
security violations in software. Buffer overflows are a favorite exploit for hackers by
overflow attacks involve sending overly long input streams to the attacked server,
causing the server to overflow parts of the memory and either crash the system or execute
the attacker's arbitrary code as if it was part of the server's code. The result is full server
compromise or denial of service.
Some well known internet worms, including Code Red, Slapper and Slammer, use
buffer overflow attacks to propagate and execute payloads. Buffer overflow
vulnerabilities are some of the most common programming errors. The CVE vulnerability
database indicates that 23% of all vulnerabilities uncovered during 2006 were buffer
overflow vulnerabilities.
Security Issues
Security is probably not an issue with a small program that you write for your own use
and which is not even accessible by others. Consider, in contrast, software that is run on a
company server each time that someone on the Internet clicks on a particular link on a
company web page. If that software has a security flaw, it may then be possible for
malicious users to do things on this server that they should not be able to do. For
example, they might be able to read data that is confidential, they might be able to change
data on the server, they might be able to crash the server, and they might even be able to
gain administrative access to the server, thus giving themselves complete access to
everything on this server.
Examples
Buffer overflow occurs anytime the program writes more information into the buffer than
the space it has allocated in the memory....