“十年来攻击和防卫的弱点”——缓冲区溢出攻击
缓冲区是内存中存放数据的地方。在程序妄图将数据放到机器内存中的某一个方位的时候,由于没有满足的空间就会发作缓冲区溢出。而人为的溢出则是有必定妄图的,攻击者写一个超越缓冲区长度的字符串,然后植入到缓冲区,而再向一个有限空间的缓冲区中植入超长的字符串可能会出现两个结果,一是过长的字符串覆盖了相邻的存储单元,引起程序运行失败,严峻的可致使系统溃散;还有一个结果就是使用这种漏洞可以履行任意命令,乃至可以获得系统root特级权限。大多造成缓冲区溢出的原因是程序中没有仔细检测用户输入参数而造成的。“十年来攻击和防卫的弱点”——缓冲区溢出攻击.doc
(A buffer is where data is stored in memory. When the program tries to put the data in a certain location in the machine memory, the buffer overflow will occur because there is not enough space. The artificial overflow has a certain intention. The attacker writes a string that exceeds the length of the buffer, and then implants it into the buffer, and then implants an ultra-long string into a buffer with limited space. There are two results, one is that the excessively long string covers the adjacent storage units, causing the program to fail to run, which can seriously cause the system to crash; the other is that this vulnerability can be used to execute arbitrary commands, and even obtain system root. Privilege privileges. Most buffer overflows are caused by programs that do not carefully detect user input parameters.
"A Decade of Weaknesses in Attacks and Defenses" - Buffer Overflow Attacks.doc)
页:
[1]