Language Selection

English French German Italian Portuguese Spanish

Preventing Buffer Overflow Exploits

Filed under
Security

Internet servers, including Web, e-mail, and FTP servers have long been a target of different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit.

Buffer Overflow Exploit in Action

A successful buffer overflow exploit has four steps:
1. Find a process that is vulnerable to the buffer overflow exploits
2. In order to inject the most damage, the process should run with root privileges.
3. Decide what to execute as a result of buffer overflow exploit
4. Find a way from the vulnerable process to start the chosen process

The troubling thing about buffer overflow exploits is that good programming practices could wipe out even potential exploits; however, that simply has not happened. The defense against such exploits should revolve around controlling access to sensitive systems, installing software updates that replace exploitable software, and being aware of what a buffer overflow exploit looks like when your system is the intended victim.

Part 1.

Part 2.

More in Tux Machines

6 Linux Kernel Changes IT Pros Need To Know

The 4.7 Linux kernel includes enhancements to security, automated testing prior to release, and an average 7.8 additions per hour over 10 weeks of development. Here is a look at what IT pros need to know about the OS that powers everything from mobile devices to servers and supercomputers. Read more

University fuels NextCloud's improved monitoring

Encouraged by a potential customer - a large, German university - the German start-up company NextCloud has improved the resource monitoring capabilities of its eponymous cloud services solution, which it makes available as open source software. The improved monitoring should help users scale their implementation, decide how to balance work loads and alerting them to potential capacity issues. NextCloud’s monitoring capabilities can easily be combined with OpenNMS, an open source network monitoring and management solution. Read more

Linux Kernel Developers on 25 Years of Linux

One of the key accomplishments of Linux over the past 25 years has been the “professionalization” of open source. What started as a small passion project for creator Linus Torvalds in 1991, now runs most of modern society -- creating billions of dollars in economic value and bringing companies from diverse industries across the world to work on the technology together. Hundreds of companies employ thousands of developers to contribute code to the Linux kernel. It’s a common codebase that they have built diverse products and businesses on and that they therefore have a vested interest in maintaining and improving over the long term. The legacy of Linux, in other words, is a whole new way of doing business that’s based on collaboration, said Jim Zemlin, Executive Director of The Linux Foundation said this week in his keynote at LinuxCon in Toronto. Read more

Car manufacturers cooperate to build the car of the future

Automotive Grade Linux (AGL) is a project of the Linux Foundation dedicated to creating open source software solutions for the automobile industry. It also leverages the ten billion dollar investment in the Linux kernel. The work of the AGL project enables software developers to keep pace with the demands of customers and manufacturers in this rapidly changing space, while encouraging collaboration. Walt Miner is the community manager for Automotive Grade Linux, and he spoke at LinuxCon in Toronto recently on how Automotive Grade Linux is changing the way automotive manufacturers develop software. He worked for Motorola Automotive, Continental Automotive, and Montevista Automotive program, and saw lots of original equipment manufacturers (OEMs) like Ford, Honda, Jaguar Land Rover, Mazda, Mitsubishi, Nissan, Subaru and Toyota in action over the years. Read more