[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: Generalized List of Threats and Vulnerabilities
From:       Crispin Cowan <crispin () WIREX ! COM>
Date:       2000-01-23 20:54:23
[Download RAW message or body]

Seth R Arnold wrote:

> My next thought is Elias Levy's (Aleph1, moderator of another
> SecurityFocus.com mailing list, bugtraq) Smashing the Stack for Fun and
> Profit. (I hope I got that correct.) It is an essay he wrote in a recent
> issue of phrack (phrack.com I think.) (But, this is an essay about a
> specific form of attack, but it is generalized away from specific attacks.
> If I recall. :)

It's not so recent (97, I believe) and it is pretty much a cook book for how to
write a stack-smashing style of buffer overflow attack.  I recently wrote a
generalization on buffer overflow attacks, classifying attacks in terms of attack
techniques, and classifying defenses in terms of the classes of attacks that they
stop.  It is available here as "Buffer Overflows:  Attacks and Defenses for the
Vulnerability of the Decade" http://immunix.org/documentation.html#stackguard .  The
PDF file is here:   http://immunix.org/StackGuard/discex00.pdf .

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org

[prev in list] [next in list] [prev in thread] [next in thread]