Buffer Overflows and Remote Root Exploits

From: Crispin Cowan (crispinat_private)
Date: Sat Oct 02 1999 - 11:29:17 PDT

Next message: .rain.forest.puppy.: "RFP9903: AeDebug vulnerability"

Previous message: Don: "Re: Team Asylum: Yahoo! Messenger DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm writing a paper on categorizing buffer overflow attacks and
defenses.  I conjecture (from my experience) that buffer overflow
attacks constitute a *huge* majority of all remote root exploits (the
other major category being weak escapes in CGI scripts).  Two questions:

   * Does the community agree with these conjectures?
   * Can anyone cite a paper or statistic to back up these claims?

Thanks,
    Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

Next message: .rain.forest.puppy.: "RFP9903: AeDebug vulnerability"
Previous message: Don: "Re: Team Asylum: Yahoo! Messenger DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:29 PDT