缓冲区溢出漏洞

最近几年以来互联网发生的重大黑客或是病毒事件，基本上都是由于软件漏洞的存在而导致的，而缓冲区溢出漏洞一直是安全漏洞的最常见的一种形式。

Hacking incidents and virus incidents happened in recent years were mainly caused by the software vulnerabilities , and at the same time , Buffer overflow vulnerability has been a security vulnerability of the most common form .

本文详细分析了Linux操作系统平台下的5种缓冲区溢出漏洞产生的原因，阐述了这类漏洞攻击技术的原理，分析了3个具有代表性的漏洞实例，描述了其一般攻击方法。

The article analyses the causes of 5 kinds buffer overflow vulnerability under Linux operate system in detail , and expounds the principle of this series vulnerabilities exploiting technology . And the article analyses 3 typical vulnerability instances , and describes general exploiting method .

一种C语言缓冲区溢出漏洞检测的静态分析方法

A Static Analysis Method for Detecting Buffer Overflow Vulnerabilities in C Program

一种发现C程序中缓冲区溢出漏洞的算法

The algorithm of finding vulnerabilities in C code

对Linux系统缓冲区溢出漏洞攻击的防范

Prevention of attack on overflowing loopholes in buffer of Linux system

C程序的缓冲区溢出漏洞是近年来最为常见且危害极大的安全漏洞之一。

The buffer overflow problem in C programs is one of the most famous and dangerous vulnerabilities in the last decades .

基于以上工作，实现了一个COM组件栈缓冲区溢出漏洞检测原型系统。

Based on the work mentioned above , a prototype system that can detch stack buffer overflow of COM is realised .

ida远程缓冲区溢出漏洞对HSPS进行了测试。

Ida remote buffer overflow .

曾普遍适用于各种操作系统的缓冲区溢出漏洞攻击技术在WindowsVista以及.NET编译器的安全机制下被很好地遏制。

Buffer overflow vulnerability attacking which was widely used in all kinds of operating system is successfully retrained by the new security mechanism of Windows Vista and . NET compiler .

根据CVE显示的数据，2009年至今新发现的800多种漏洞中，有70多个都是缓冲区溢出漏洞。

According to the statistics from CVE , there were approximately 70 kinds vulnerabilities which suffered from buffer overflow among all 800 vulnerabilities discovered from the beginning of 2009 .

基于故障注入发现缓冲区溢出漏洞的研究

Research for Identifying Potential Vulnerabilities Method Based On Fault Injection Algorithm

缓冲区溢出漏洞攻击可以使得攻击者有机会获得一台主机的部分甚至全部控制权，而且缓冲区溢出漏洞普遍存在于各种操作系统和应用软件中。

Buffer overflow attacks can make a host controlled completely or partly .

在各种安全问题中，缓冲区溢出漏洞已成为主要问题之一。

Buffer overflow has become one of the mainly concerned security problems .

修复了一个可能导致执行任意代码的缓冲区溢出漏洞。

Fix for stack overflow vulnerability which could allow arbitrary code execution .

对现有各种缓冲区溢出漏洞检测和防护技术进行了分析与研究；

It analyzes the exiting detecting and defending technologies of buffer overflows .

C/C++源程序缓冲区溢出漏洞的静态检测

Statically Detecting Likely Buffer Overflow Vulnerabilities in C / C + + Program

近十几年来，由操作系统缓冲区溢出漏洞导致的攻击带来了严重的网络安全问题，它的安全危害级别相当高。

Buffer overflow vulnerabilities have endangered seriously the network security for the past decade .

一种缓冲区溢出漏洞分析与探测算法BOVADA

Arithmetic to Analyze and Detect Buffer Overflow Vulnerability

并在此基础上提出了开发防范缓冲区溢出漏洞的安全程序所应遵守的原则和框架。

Consequently , the principle and framework for developing safe and robust programs are proposed .

论文介绍了一种检测缓冲区溢出漏洞的建模方法。

A new method for finding potential buffer overrun vulnerabilities in security-critical C code is described .

缓冲区溢出漏洞利用与防御研究

Comprehensive Study on Buffer Overflow Vulnerability

缓冲区溢出漏洞检测技术研究进展

Progress of buffer overflow detection research

静态检测缓冲区溢出漏洞

Statically Detecting Buffer Overflow Vulnerabilities

缓冲区溢出漏洞二十多年来在计算机漏洞中一直扮演重要的角色。

Buffer overflow as the important aspect of vulnerabilities plays a significant role in last twenty years .

该模型的一个优点是在代码编译以前可以通过静态分析的方法来发现潜在的缓冲区溢出漏洞。

One major advantage of this method is that security bugs can be eliminated before C code is complied .

实验结果表明，本原型系统具有非常高的检测精度和检测效率，总体性能优于已有的典型缓冲区溢出漏洞静态检测系统。

The experiment results show that the prototype system can detect buffer overflow vulnerabilities automatically with high precision and high efficiency .

要想成功的战胜这些强大的攻击者，我们需要自动而高效的缓冲区溢出漏洞检测机制和攻击过滤机制。

To successfully overcome these powerful attack , we need automatic and efficient detection of buffer overflow and attack filtering mechanisms .

利用缓冲区溢出漏洞，攻击者往往能获得较高的非法权限，进而造成更大的危害。

Using the Buffer overflow vulnerability , an attacker can often get higher illegal privileges , and cause more serious damage .

实验验证了系统的有效性，不仅可以发现和定位试验程序中的缓冲区溢出漏洞，而且还能发现实际应用的商业程序中的一些缓冲区溢出漏洞。

Its effectiveness is tested and verified through our experiments . It can detect and locate buffer overflow vulnerabilities in binary code of business software .

缓冲区溢出漏洞是那么难相处，以防止数十种，他们都是被找到和利用操作系统和应用软件，每一天。

Buffer overrun vulnerabilities are so difficult to prevent that scores of them are being found and exploited in operating system and application software every day .