Real World Buffer Overflow

Browse https://cve.mitre.org/cve and/or https://web.nvd.nist.gov and read about recent or historic buffer overflows. Note that not all security issues listed on these sites will be buffer overflows.

Find one that interests you and research it in detail. If possible, look at the source code that caused the issue. Read other people's analysis (e.g. search the internet by CVE id etc and find others discussing it). You should spend at least 30 minutes researching the issue.

Prepare a 1 page summary of the issue using your own understanding of the bug and discuss what modern buffer-overflow countermeasures would have prevented or mitigated the issues.

Submit a PDF to learningsuite.

Don't use this as your own overflow, but as an example, you might find CVE-1999-0002 - “Buffer overflow in NFS mountd gives root access to remote attackers (mostly linux)”. A list of interesting reading about it:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002 http://www.securityfocus.com/bid/121/discuss http://www.securityfocus.com/bid/121/exploit https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0002

Source code wasn't immediately findable for such an old vulnerability, but with some effort, it could be tracked down.

cs-465/homework-12.txt · Last modified: 2017/10/31 02:47 by seamons
Back to top
CC Attribution-Share Alike 4.0 International
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0