Contents:
B U F F E R O V E R F L O W AT TA C K S A R E T H E most popular method intruders use to gain remote and privileged access to computer systems. Programs that fail to use appropri- ate bounds checking can allow an attacker to write data beyond the intended bound- aries of a buffer and thus possibly corrupt control structures in the program. This enables an attacker to execute arbitrary code with the same privilege as the victim process. An attacker’s preference is usually to over- write the saved instruction pointer that is pushed onto the stack before a function call or to overwrite a function pointer that will be used later in the program. It is also possible to use these attacks simply to over- write other data. This kind of attack is harder to pre- vent but, fortunately, is less common than the previous type and is not discussed here. Buffer over?ows ?rst gained attention with the release of the famed Morris worm which exploited a buffer over?ow in ?ngerd [1]. Despite the attack used in the Morris worm, buffer over?ows did not become popular until the release of two papers that detailed the discov- ery and exploitation of these vulnerabilities [2,3]. This paper discusses vulnerabilities in two compiler- level protection mechanisms, StackGuard and Point- Guard. While this paper takes a critical look at both of these solutions, it does not intend to make them seem insigni?cant. The attacks described in this paper help to show how StackGuard and PointGuard should be complemented to construct a more complete protec- tion system.
File Details: May 28, 2005 354kb (13 pages)
Source: www.usenix.org
