Buffer overflow and format string overflow vulnerabilities

@article{Lhee2003BufferOA,
  title={Buffer overflow and format string overflow vulnerabilities},
  author={Kyung-suk Lhee and Steve J. Chapin},
  journal={Software: Practice and Experience},
  year={2003},
  volume={33}
}
  • K. Lhee, S. Chapin
  • Published 2003
  • Computer Science
  • Software: Practice and Experience
Buffer overflow vulnerabilities are among the most widespread of security problems. Numerous incidents of buffer overflow attacks have been reported and many solutions have been proposed, but a solution that is both complete and highly practical is yet to be found. Another kind of vulnerability called format string overflow has recently been found and although not as widespread as buffer overflow, format string overflow attacks are no less dangerous. 
On the Evolution of Buffer Overflows
The vast majority of software vulnerabilities still originates from buffer overflows. Many different variations of buffer overflows evolved over time, rendering them a ubiquitous threat in everyExpand
Survey of Protections from Buffer-Overflow Attacks
Buffer-overflow attacks began two decades ago and persist today. Over that time, many solutions to provide protection from buffer-overflow attacks have been proposed by a number of researchers. TheyExpand
RICB: Integer Overflow Vulnerability Dynamic Analysis via Buffer Overflow
TLDR
A dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow) that includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. Expand
Realization of Buffer Overflow
  • An Zhiyuan, Liu Haiyan
  • Computer Science
  • 2010 International Forum on Information Technology and Applications
  • 2010
TLDR
This paper first explains the concept of buffer overflow, buffer overflow principle; and the jump instruction is given using the examples of realization ofbuffer overflow attacks; and finally, combined with the type of buffers overflow attacks, buffer overflows, raised preventive strategies must be beneficial to improving programmers' security code consciousness. Expand
Automatic Removal of Buffer Overflow Vulnerabilities in C/C++ Programs
TLDR
ABOR is a framework that integrates, extends and generalizes existing techniques to remove buffer overflow vulnerability more effectively and accurately and is an optimized solution that can eliminate buffer overflows while keeping a minimum runtime overhead. Expand
ABOR: An Automatic Framework for Buffer Overflow Removal in C/C++Programs
TLDR
ABOR, a framework to remove buffer overflow vulnerabilities from source code automatically only patches identified code segments, which means it is an optimized solution that eliminates buffer overflows at the maximum while adds runtime overhead at the minimum. Expand
A Taxonomy of Buffer Overflow Preconditions
Recent work on vulnerabilities has focused on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the end of the array, causingExpand
A New Detection Method for Stack Overflow Vulnerability Based on Component Binary Code for Third-Party Component
  • Wanggen Xie, Jinchang Hu, P. Kudjo, Lei Yu, Zhifeng Zeng
  • Computer Science
  • 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)
  • 2018
TLDR
The introduced SBOD (stack buffer overflow detection) algorithm is a promising direction to assist software engineers who seek to detect stack overflow vulnerability in order to improve software quality. Expand
Detection of Buffer Overflow Vulnerabilities in C/C++ with Pattern Based Limited Symbolic Evaluation
TLDR
This work proposes a novel method to efficiently detect vulnerable buffer overflows in any given control flow graph through recognizing two patterns and significantly improves the scalability while not sacrificing the detection precision. Expand
A Taxonomy of Buffer Overflow Characteristics
TLDR
This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist and discusses alternate approaches to ameliorating this vulnerability. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 48 REFERENCES
Buffer overflows: attacks and defenses for the vulnerability of the decade
TLDR
This paper surveys the various types of buffer overflows, and survey the various defensive measures that mitigate buffer overflow vulnerabilities, including the authors' own StackGuard method, to consider which combinations of techniques can eliminate the problem of buffer overflow deficiencies, while preserving the functionality and performance of existing systems. Expand
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
  • C. Cowan
  • Computer Science
  • USENIX Security Symposium
  • 1998
TLDR
StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance. Expand
Statically Detecting Likely Buffer Overflow Vulnerabilities
TLDR
An implementation of a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code is described that extends the LCLint annotation-assisted static checking tool. Expand
FormatGuard: Automatic Protection From printf Format String Vulnerabilities
TLDR
This paper describes the format bug problem, and FormatGuard is a small patch to glibc that provides general protection against format bugs that is effective in protecting several real programs with format vulnerabilities against live exploits. Expand
Type-Assisted Dynamic Buffer Overflow Detection
TLDR
This paper presents a buffer overflow detection technique that range checks the referenced buffers at run time and augments executable files with type information of automatic buffers and static buffers andstatic buffers in order to detect the actual occurrence of buffer overflow. Expand
Transparent Run-Time Defense Against Stack-Smashing Attacks
TLDR
Two new methods to detect and handle buffer overflow vulnerabilities in process stacks are presented that work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis. Expand
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
TLDR
The design and prototype of a new technique for finding potential buffer overrun vulnerabilities in security-critical C code are implemented and used to find new remotely-exploitable vulnerabilities in a large, widely deployed software package. Expand
Detecting Format String Vulnerabilities with Type Qualifiers
We present a new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine. We describe new techniques for presenting theExpand
RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities
TLDR
RaceGuard is presented: a kernel enhancement that detects attempts to exploit temporary file race vulnerabilities, and does so with sufficient speed and precision that the attack can be halted before it takes effect. Expand
Cyclone: A Safe Dialect of C
TLDR
This paper examines safety violations enabled by C’s design, and shows how Cyclone avoids them, without giving up C”s hallmark control over low-level details such as data representation and memory management. Expand
...
1
2
3
4
5
...