Question

In: Computer Science

Research buffer overflow attacks and develop a timeline of major attacks. Comment on why the buffer...

Research buffer overflow attacks and develop a timeline of major attacks. Comment on why the buffer overflow vulnerability still exists

Solutions

Expert Solution

First of all, let's discuss in brief, what is this Buffer Overflow?

  • It is an anomaly that occurs when the data to a buffer overflows the buffer’s capacity, resulting in adjacent memory locations being overwritten.
  • We can also say like, too much information is being passed into a container that does not have enough space.,

Now, when hackers or people with wrong intentions exploit this thing, it is called Buffer Overflow Attack.

Common timeline of these attacks:

  • 1988: Robert Morris's Internet Worm: overflow in fingered
  • 2001: Code Red: overflow in ISS
  • 2003: Slammer: Overflow in Microsoft SQL server 2000
  • 2004: Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
  • 2006: In Adobe Acrobat
  • 2007: Vulnerability in Windows Animated Cursor Handling
  • 2008: RealNetworks RealPlayer ’rmoc3260.dll’ ActiveX Control Memory Corruption
  • 2009: Operation Aurora: Zero-day vulnerabilities in IE

There are numerous of Buffer Overflow attacks happened in history on various systems. Few of the very high-profile affected systems are(Many important details about these systems are not publically available):

  1. Many famous VPN products. Exact product: Unknown
  2. NVIDIA SHIELD TV
  3. macOS Catalina
  4. Chat Messanger applications

There are many reasons why the buffer overflow vulnerability still exists. The most important among them are as follows:

  • Still, few languages are not very capable in every aspect. Like C and C++ still don’t have built-in safeguards against overwriting or accessing data in their memory. And as we all know Linux, Windows, macOS all uses C and C++.
  • Due to dependency on external applications. It is not always possible to write everything from scratch and due to this dependencies, these type of vulnerability may arise as we can't fully control the implementation of external applications.

Please let me know in the comments if you have any confusion. Also, please upvote if you like.


Related Solutions

Research on buffer overflow attacks. How do the various types of overflow attacks differ? When did...
Research on buffer overflow attacks. How do the various types of overflow attacks differ? When did they first start to occur? What can they do and not do? What must a programmer do to prevent a buffer overflow? Answer briefly in your own words.
How integer overflow can be exploited for buffer overflow attacks?
How integer overflow can be exploited for buffer overflow attacks?
How format string vulnerabilities can be exploited for buffer overflow attacks?
How format string vulnerabilities can be exploited for buffer overflow attacks?
How can buffer overflows be avoided and what are the steps involved in a buffer overflow...
How can buffer overflows be avoided and what are the steps involved in a buffer overflow exploit? What are some of the C functions susceptible to buffer overflow?
What is an NX (no-execute) bit, and how can it be used to counter buffer overflow...
What is an NX (no-execute) bit, and how can it be used to counter buffer overflow attacks?
Windows vulnerability that has been exploited widely, such as the SQL Injection, Buffer Overflow. a) What...
Windows vulnerability that has been exploited widely, such as the SQL Injection, Buffer Overflow. a) What windows vulnerability in SQL Injection is and explain with references? b) What windows vulnerability in Buffer Overflow is and explain with references? c) What the weakness windows was and how it was exploited? d) What was the impact to society and economy?
1.write three methods to exploit buffer overflow and to archive the goal. If local variables are...
1.write three methods to exploit buffer overflow and to archive the goal. If local variables are exploited present all possible approaches. Goal: The goal is to exploit the program to let it print out “CORRECT SERIAL”. Note: A “Segmentation fault” is fine if the program prints out the desired message. C programming
I am exploiting a buffer overflow attack and need to find three pieces of information in...
I am exploiting a buffer overflow attack and need to find three pieces of information in Linux using gdb. 1) The address of the function system 2) The address of the function parameter for system() which is /bin/sh. /bin/ parameter is what will spawn a shell 3) The address of a function that can exit the shell. I was able to use gbd commands to find the first two but what command would I use to find the address of...
Develop or illustrate a timeline of epidemiologic milestones in public health. What is one of the...
Develop or illustrate a timeline of epidemiologic milestones in public health. What is one of the most significant milestones to you? Why?
develop a timeline of the evolution of business in canada over the last 50 years? for...
develop a timeline of the evolution of business in canada over the last 50 years? for each era in the evolution of business list at least two improvements in the way people do business compared with the previous era?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT