Audit Truncation and Filters with Buffer Overflow
Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in realtime processing, but the oversized transaction causes a logic branch or an exception of some
• |
Table of Contents |
kind that is trapped. In other words, the transaction is still executed, but the logging or |
|
• |
Index |
filtering mechanism still fails. This has two consequences, the first being that you can run
ExploitingtransactionsSoftwarethatHoware notto BreakloggedCodein any way (or perhaps the log entry is completely
corrupted). The second consequence is that you might slip through an active filter that
ByG eg Hoglund,Gary McGraw otherwise would stop your attack.
Publisher: Addison Wesley
Pub Date: February 17, 2004
ISBN: 0-201-78695-8
Pages: 512
Attack Pattern: Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. If the filter fails "open" you win.
How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
* Attack Example: Filter Failure in Taylor UUCP Daemon
Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from Sending in arguments that are too long to cause the filter to fail open is one instantiation of
attack, you must first learn how real attacks are really carried out.
the filter failure attack. The Taylor UUCP daemon is designed to remove hostile arguments
before they can be executed. If the arguments are too long, however, the daemon fails to
This must-have book may shock you—and it will certainly educate you.Getting beyond the remove them. This leaves the door open for attack.
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Reverse engineering
Techniques for crafting malicious input
Rootkits
Attack Pattern: Buffer Overflow in Local Command-line
Utilities
•Command-lineTableutilitiesof Contentsavailable in a number of shells can be used to escalate
•privilege toIndexroot.
Exploiting Software How to Break Code
ByGreg Hoglund,Gary McGraw
* Attack Example: HPUX passwd
Publisher: Addison Wesley
Pub Date: February 17, 2004
A buffer overflow in the HPUX passwd command allows local users to gain root privileges via
ISBN: 0-201-78695-8
a command-line option.
Pages: 512
* Attack Example: Solaris getopt
A buffer overflow in Solaris's getopt command (found in libc) allows local users to gain root How does software break? How do attackers make software break on purpose? Why are
privileges via a long argv[0].
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.
Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.
The Multiple Operation Problem
Whenever data are manipulated by a function, the function should track exactly what it's doing to the data. This is straightforward when only one function is "munging" data. But when multiple operations are working on the same data, keeping track of the effects of each
• |
Table of Contents |
operation gets much harder. Incorrect tracking leads to big problems. This is especially true if |
|
• |
Index |
the operation changes a string somehow.
Exploiting Software How to Break Code
There are a number of common operations on strings that will change the size of the string.
ByGreg Hoglund,Gary McGraw
The problem we're discussing occurs if the code performing the conversion does not resize
the buffer that the string lives in.
Publisher: Addison Wesley
Pub Date: February 17, 2004
ISBN: 0-201-78695-8
Pages: 512
Attack Pattern: Parameter Expansion
If supplied parameters are expanded into a larger string by a function, but the
larger size is not accounted for, an attacker gains a foothold. This happens when
How does software break? How do attackers make software break on purpose? Why are
theoriginal string size may be (incorrectly) considered by later parts of the
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
program.
What tools can be used to break software? This book provides the answers.
Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
* Attack Example: FTP glob()
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the Theglob() function in FTP servers has been susceptible to attack as a result of incorrect
script kiddie treatment found in many hacking books, you will learn about resizing.
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.