Will the Code You Write Today Headline Tomorrow's BugTraq Mail List?
- Includes Numbered-by-Line Exploit Code Examples That Illustrate the Differences Between Stack Overflows, Heap Corruption, and Format String Bugs
- Provides Case Studies for ost Major Platforms and Environments, Including Windows, FreeBSD, FrontPage, and Linux
- Avoid Worm or Custom Exploits by Analyzing Your Source Code to Detect Buffer Overflow Vulnerabilities
Forensic investigations of notorious Internet attcks, such as the SQL Slammer and Blaster Worms, reveal buffer overflows to be the sophisticated hacker's "vulnerability of choice". These worms crippled the Internet and cost billions of dollars to clean up. Now, even more powerful and insidious threats hve appeared in the form of "custom exploits". These one-time only exploits are custom crafted to attack your enterprise, making them even more difficult to detect and defend. No catchy names, no media coverage; just your own personal disaster. James C. Fster's Buffer Overflow Attacks clearly demonstrates that the only way to defend against the endless variety of buffer overflow attacks is to implement a comprehensive design, coding and test plan for all of your applications. From Dave Aitel's Forword through the last appendix, this is the only book dedicated exclusively to detecting, exploiting, and preventing buffer overflow attacks. CONTENTS OF THIS BOOK INCLUDEBuffer Overflows: The EssentialsUnderstanding ShellcodeWriting ShellcodeWin32 AssemlyCase Study: FreeBSD NN Exploit CodeCase Study: xlockmore User Supplied Format String Vulnerability (CVE-2000-0763)Case Study: FrontPage Denial of Service Utilizing WinSockStack OverflowsHeap CorruptionFormat String AttacksWindows Buffer OverflowsCase Stdy: cURL buffer overflow on LinuxCase Study: OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability (CAN-2002-0656)Case Study: X11R6 4.2 XLOCALEDIR OverflowCase Study: Microsoft MDAC Denial of ServiceCase Study: Local UUX Buffer Overflow n HPUXFinding Buffer Overflows in SourceCase Study: InlineEgg ICase Study: InlineEgg IICase Study: Seti@Home Exploit CodeCase Study: Microsoft CodeBlue Exploit Code The Complete Data Conversion TableUseful SyscallsAdditional Exploit References