[12693] in bugtraq

home help back first fref pref prev next nref lref last post

Buffer Overflow Survey Paper

daemon@ATHENA.MIT.EDU (Crispin Cowan)
Tue Nov 23 01:51:38 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <3839FE78.E75324FE@cse.ogi.edu>
Date:         Tue, 23 Nov 1999 02:39:53 +0000
Reply-To: crispin@CSE.OGI.EDU
From: Crispin Cowan <crispin@CSE.OGI.EDU>
X-To:         "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

Six weeks ago, I asked Bugtraq for responses on the question of whether
buffer overflows dominate the area of security vulnerabilities as part
of a paper I was writing.  Numerous people asked me to post results when
I'm done.

On the narrow question:  approximately 2/3 of respondants thought that
buffer overflows do indeed dominate the problem of security
vulnerabilities.  The remaining 1/3 thought that mis-configuration was
the dominant problem.  I respect both views, but think that
"misconfiguration" is not really a software problem, it's an operational
problem.  Thus, one could say that buffer overflows are the leading
cause of software vulnerabilities, and misconfiguration is the leading
operational problem.  Which problem dominates overall vulnerability is
unclear.

On the broader question:  the paper is complete.  It will appear at the
DARPA Information Survivability Expo (
http://schafercorp-ballston.com/discex/ ) and will also appear as an
invited talk at SANS 2000 (
http://www.sans.org/newlook/events/sans2000.htm ).  This paper
categorizes the various kinds of buffer overflow attacks, the various
kinds of defensive measure that can be employed, and shows which
defenses are effective against which attacks.

The paper itself is available for download here:
http://immunix.org/StackGuard/discex00.pdf

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org

home help back first fref pref prev next nref lref last post