One new feature of “Web 2.0″, the movement to build a more responsive Web, is the utilization of XML content feeds which use the RSS and Atom standards. These feeds allow both users and Web sites to obtain content headlines and body text without needing to visit the site in question, basically providing users with a summary of that sites content. Unfortunately, many of the applications that receive this data do not consider the security implications of using content from third parties and unknowingly make themselves and their attached systems susceptible to various forms of attack.
Read the rest of this entry »

• 0 Comments

Microsoft Windows Vista, like previous versions, supports animated mouse pointer. The animated mouse pointers are loaded from .ANI files by the functions from USER32.DLL called LoadCursorIconFromResource and LoadCursor. These functions use an internal function called _LoadCursorIconFromFileMap which, under certain conditions, is prone to a buffer overflow
Read the rest of this entry »

• 0 Comments

Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated.
Read the rest of this entry »

• 0 Comments

This paper presents several methods of bypassing the protection mechanism built into Microsoft’s Windows 2003 Server that attempts to prevent the exploitation of stack based buffer overflows. Recommendations about how to thwart these attacks are made where appropriate. Introduction Microsoft is committed to security. I’ve been playing with Microsoft products, as far as security is concerned, since 1997 and in the past year and a half or two I’ve seen a marked difference with some very positive moves made. In a way they had to. With the public relations crisis caused by worms such as Code Red Microsoft needed to do something to stem the flow of customers moving away from the Windows OS to other platforms.
Read the rest of this entry »

• 0 Comments

Buffer overflow attacks may be today’s single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotation-assisted static checking tool.
Read the rest of this entry »

• 0 Comments

The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to opensource gcc-enhancements. A comprehensive testsuite was developed consisting of speci?cally-designed test cases and model programs containing real-world vulnerabilities.
Read the rest of this entry »

• 0 Comments

The x86-64 CPU platform (i.e. AMD64 or Hammer) introduces new features to protect against exploitation of buffer overflows, the so called No Execute (NX) or Advanced Virus Protection (AVP). This non-executable enforcement of data pages and the ELF64 SystemV ABI render common buffer overflow exploitation techniques useless. This paper describes and analyzes the protection mechanisms in depth.
Read the rest of this entry »

• 0 Comments

BUFFER OVERFLOW ATTACK SARE THE most popular method intruders use to gain remote and privileged access to computer systems. Programs that fail to use appropriate bounds checking can allow an attacker to write data beyond the intended boundaries of a buffer and thus possibly corrupt control structures in the program. This enables an attacker to execute arbitrary code with the same privilege as the victim process. An attacker’s preference is usually to overwrite the saved instruction pointer that is pushed onto the stack before a function call or to overwrite a function pointer that will be used later in the program. It is also possible to use these attacks simply to overwrite other data.
Read the rest of this entry »

• 0 Comments