{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

BufferOverflow - How Does Buffer Overflow Attack Work S C...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 How Does Buffer Overflow Attack Work S. C. Kothari CPRE 556 Electrical and Computer Engineering Dept. Iowa State University Lecture Notes - Copyright © 2009 S. C. Kothari. All rights reserved. 2 Security: When is it software problem We can distinguish security problems by the mechanisms requiring changes to eliminate the vulnerability. Network Problem: requires changing networking mechanisms such as network protocols. OS Problem: requires changing OS mechanisms such OS resource management policies. Software Problem: requires changing software implementation or design Lecture Notes - Copyright © 2009 S. C. Kothari. All rights reserved. 3 Security Bugs Can Be Expensive Buffer overflow in IIS – Estimated cost: $3.26 billion Buffer overflow in SQL Server – Estimated cost: $1.2 billion Lecture Notes - Copyright © 2009 S. C. Kothari. All rights reserved. 4 What Entrances Do the Hackers Use Hackers exploit interactions with: – Operating System – User Interfaces – File System – Libraries Lecture Notes - Copyright © 2009 S. C. Kothari. All rights reserved. 5 Buffer Overflow Attack (BOA) Deadly attack underlying many computer highjackings in the past. Dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. Present the attacker the ability to inject and execute attack code. Typically attack a root program and executes code similar to “exec(sh)” to get a root shell. The attack is possible with C and C++ programs, not with Java. Lecture Notes - Copyright © 2009 S. C. Kothari. All rights reserved.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}