Bugtraq: Buffer Overflows and Remote Root Exploits

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Buffer Overflows and Remote Root Exploits

From: crispin () CSE OGI EDU (Crispin Cowan)
Date: Sat, 2 Oct 1999 18:29:17 +0000


I'm writing a paper on categorizing buffer overflow attacks and
defenses.  I conjecture (from my experience) that buffer overflow
attacks constitute a *huge* majority of all remote root exploits (the
other major category being weak escapes in CGI scripts).  Two questions:

   * Does the community agree with these conjectures?
   * Can anyone cite a paper or statistic to back up these claims?

Thanks,
    Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

By Date By Thread

Current thread:

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Oct 01)
- Team Asylum: iHTML Merchant (Follow-up) Team Asylum (Oct 01)
- RFP9903: AeDebug vulnerability .rain.forest.puppy. (Oct 01)
  - Re: RFP9903: AeDebug vulnerability Matt (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Pavel Kankovsky (Oct 02)
- Buffer Overflows and Remote Root Exploits Crispin Cowan (Oct 02)
- (no subject) Dennis Conrad (Oct 03)
  - Re: Sample DOS against the Sambar HTTP-Server Steve (Oct 06)
    - Re: Sample DOS against the Sambar HTTP-Server Dennis Conrad (Oct 08)
  - Re: Sample DOS against the Sambar HTTP-Server syz (Oct 09)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 30)