1. 시스템 보안 개론
* SEH overwriting은 canary를 우회할 수 있다.
* gets(buf) 함수는 입력으로 들어오는 스트링의 크기를 확인하지 않는다는 문제가 있다. 입력 크기를 확인해서 문제를 해결할 수 있음. 117 more words
Last post we got some shellcode to execute in the notesearch program from HTAE. I basically followed what Jon Erickson did with some minor modifications to make the exploit work on the Debian-32 machine that I’ve been using. 949 more words
On the 2nd November, 1988 the Morris Worm was the first blended threat affecting multiple systems on the Internet. One of the things the worm did was to exploit a buffer overflow against the fingerd daemon due to the usage of gets() library function. 2,308 more words