This is why our next four columns will deal with buffer overflow.
这就是下面四个专栏将讨论缓冲区溢位的原因。
Fundamentally, all these approaches reduce the damage of a buffer overflow attack from a program-takeover attack into a denial-of-service attack.
从根本上讲,所有这些方法都能减轻从程序接管攻击到拒绝服务攻击的缓冲区溢出攻击所带来的破坏。
Attacking using a buffer overflow can change this process and allow an attacker to execute any function they wish.
利用缓冲区溢出进行攻击可以改变这个过程,并且允许黑客执行任何他们期望的函数。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
There are two main types of root exploits: buffer overflow attacks and executing scripts against a server.
这里有两种主要的超级用户进入类型:缓冲溢出攻击和在服务器上执行脚本。
Clearly, you would think by now that buffer overflow errors would be obsolete.
很明显,至此您不会认为缓冲区溢位错误将是过时的。
The return value is always the size of the combined string if no buffer overflow occurred; this makes it really easy to detect an overflow.
如果没有发生缓冲区溢出,返回值始终是组合字符串的长度;这使得检测缓冲区溢出真正变得容易了。
There are a number of tools that can help detect buffer overflow vulnerabilities before they're released.
有许多工具可以在缓冲区溢出缺陷导致问题之前帮助检测它们。
And the data show that the problem is growing instead of shrinking; see "Buffer overflow: Dejavu all over again".
并且资料显示这一问题正在扩大,而不是在缩减;请参阅「缓冲区溢位︰捲土重来」。
A creative attacker can take advantage of a buffer overflow vulnerability through stack-smashing and then run arbitrary code (anything at all).
有创造力的攻击者会透过摧毁堆叠利用缓冲区溢位的弱点,然后执行任何程序码。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
This makes it much harder to manipulate the return address, but it doesn't defend against buffer overflow attacks that change the data of calling functions.
这样使得操纵返回地址困难多了,但它不会阻止改变调用函数的数据的缓冲区溢出攻击。
For instance, a program designed to exploit a buffer overflow is very likely to use some inline assembly for the target platform.
举例来说,设计利用缓存溢出的程序很可能会对目标平台使用内联汇编。
The data are extremely discouraging since the buffer overflow problem has been widely known in security circles for years.
由于缓冲区溢位问题近年来在安全性领域中已受到瞩目,这一资料是相当令人灰心的。
In a buffer overflow attack, the hacker takes advantage of specific type of computer program bug that involves the allocation of storage during program execution.
在缓冲溢出攻击中,黑客利用了程序执行期间存储分配中的特定计算机程序漏洞。
In the final two columns in this series, we'll examine the engine's workings and explain how a buffer overflow attack does its dirty work on particular architectures.
本系列的最后两个专栏,将检查引擎的工作并说明缓冲区溢位的攻击在特定系统架构上是如何进行破坏的。
For example, a buffer overflow in a network server program that can be tickled by outside users may provide an attacker with a login on the machine.
例如,外部使用者可以利用的网路伺服器程序中的缓冲区溢位,可能使攻击者登入到机器。
This column gives an overview of the buffer overflow problem.
本专栏概述了缓冲区溢位问题。
As a result, buffer overflow problems are often invisible during standard testing.
因此,缓冲区溢位问题常常在标准测试期间是发现不了的。
Buffer overflow proves impossible as data copies only when room for extra data exists.
事实证明缓冲区溢出也不可能会发生,因为仅当存在额外数据空间时才会复制数据。
All of these attacks — and many others — exploited a vulnerability called a buffer overflow.
所有这些攻击——以及其他许多攻击,都利用了一个称做为缓冲区溢出的程序缺陷。
A buffer overflow, or buffer overrun, occurs when a process attempts to store data beyond the boundaries of a fixed-length buffer.
当进程尝试将数据储存到固定长度的缓冲区的范围之外时,就会出现缓冲区溢出。
Looking at the program, it is also easier for an attacker to figure out how to cause a buffer overflow with real inputs.
检视这个程序,攻击者更容易得出如何利用实际输入导致缓冲区溢位。
Doing so can lead some poorly written implementations into buffer overflow errors (and all that implies).
这样做会使编写不够严谨的程序出现缓冲区溢出错误(以及所有类似隐患)。
The default installation of MySQL, particularly the empty root password and the potential vulnerability to buffer overflow, makes the database server an easy target for attacks.
MySQL的默认安装,特别是根密码空缺和缓冲区溢出的潜在漏洞,使得这个数据库服务器成为容易攻击的目标。
One common type of malware, called a buffer overflow attack, overwhelms programs that accept input, like the address line in a Web browser or a search window for a database.
恶意软件的一种常见攻击类型,所谓的缓冲区溢出攻击,会使接受输入的程序崩溃,如web浏览器的地址栏或数据库的搜索窗口。
The immediate cause of the vulnerability was that one of Sendmail's security checks was flawed, permitting a buffer overflow.
造成这一漏洞的直接原因是,Sendmail的一个安全检测是有缺陷的,可以发生缓冲区溢出。
A fix for a buffer overflow problem in DHCPD (8).
修复了dhcpd(8)中的缓冲区溢出问题。
The following example is vulnerable to a heap-based buffer overflow
以下示例容易出现基于堆的缓冲区溢出
Many well used UNIX applications, including LPR, xterm and eject, have been abused into giving up root through exploit of buffer overflow in suid regions of the code.
许多用得很好的UNIX应用程序,包括lpr、xterm和eject,都被滥用,而在程序码的suid栏位中利用缓冲区溢位放弃了root权限。
应用推荐