不幸的是 CDE ToolTalk database server 在传递参数给 procedure _TT_CREATE_FILE()时存在一个堆溢出(heap buffer overflow)缺陷。一个可访问 ToolTalk RPC database service 的攻击者可利用此缺陷,精心构建一个 RPC message 来进行攻击。
基于16个网页-相关网页
The overflow buffer is used to satisfy peak memory requirements for any heap in the instance Shared memory region whenever a heap exceeds its configured size.
每当某个堆超出了其配置的大小时,便可以使用溢出缓冲区来满足实例共享内存区内任何堆的峰值需求。
Memory space breach — Accomplished via stack overflow, buffer overrun, or heap error, enables execution of arbitrary code supplied by the attacker with the permissions of the host process.
内存空间缺口——通过栈溢出、缓冲区溢出或堆错误来实现,以宿主进程的权限执行攻击者提供的任何代码。
Listing 1 does not validate user-supplied data when copying it to the buffer member of the previously allocated struct mystruct using the strcpy function, resulting in a heap-based buffer overflow.
在使用strcpy函数将用户提供的数据复制到先前分配的struct mystruct的buffer成员中时,清单1不验证用户提供的数据,造成堆中缓冲区溢出。
应用推荐