Vulnerability Development mailing list archives

Re: Information on attacks other than format string bugs,and buf ove rflows.

From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Sat, 3 Mar 2001 08:37:17 -0800

"O'Kelly, Aidan" wrote:


I was wondering if anyone knows any good papers on other types of attacks,
apart from buffer overflows and format strings, that can result from bugs in
C, for example, the recent bug in sshd.(cant think of any more examples,
thats why I'm asking)


Unfiltered exec* calls, /tmp problems, symlink following, race conditions,
a whole raft of DoS conditions, and any number of design and
protocol errors.

Were you specifically looking at things that allow pushing of
arbitrary code?

                                        BB

Current thread:

Information on attacks other than format string bugs, and buf ove rflows. O'Kelly, Aidan (Mar 02)
- Re: Information on attacks other than format string bugs, and buf ove rflows. Jose Nazario (Mar 03)
- Re: Information on attacks other than format string bugs,and buf ove rflows. Blue Boar (Mar 03)