Vulnerability Development mailing list archives
Re: Generalized List of Threats and Vulnerabilities
From: crispin () WIREX COM (Crispin Cowan)
Date: Sun, 23 Jan 2000 20:54:23 +0000
Seth R Arnold wrote:
My next thought is Elias Levy's (Aleph1, moderator of another SecurityFocus.com mailing list, bugtraq) Smashing the Stack for Fun and Profit. (I hope I got that correct.) It is an essay he wrote in a recent issue of phrack (phrack.com I think.) (But, this is an essay about a specific form of attack, but it is generalized away from specific attacks. If I recall. :)
It's not so recent (97, I believe) and it is pretty much a cook book for how to write a stack-smashing style of buffer overflow attack. I recently wrote a generalization on buffer overflow attacks, classifying attacks in terms of attack techniques, and classifying defenses in terms of the classes of attacks that they stop. It is available here as "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade" http://immunix.org/documentation.html#stackguard . The PDF file is here: http://immunix.org/StackGuard/discex00.pdf . Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
- Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)