文档介绍:信息安全技术2
近现代黑客历史
黑客的今朝与明天
CNN/YAHOO/E-Bay…
“” 汶川大地震的启迪…
Date
8
缓冲区溢出攻击
Date
9
BOF 的历史
Von Neumanm
Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code
Oracle9iAS Web Cache vulnerable to buffer overflow
Buffer Overflow in CDE Subprocess Control Service
Buffer Overflow in System V(UNIX) Derived Login
Buffer Overflow in UPnP Service on Microsoft Windows
%
2001 年度报告:37个漏洞中有13个缓冲区溢出的漏洞
CERT/CC 年度报告
Date
15
Exploitation of Vulnerability in CDE Subprocess Control Service
Buffer Overflow in AOL ICQ
Buffer Overflow in Microsoft Internet Explorer
Multiple Vulnerabilities in Oracle Servers
Buffer Overflow in Microsoft's MSN Chat ActiveX Control
Buffer Overflow in Macromedia JRun
Buffer Overflows in Multiple DNS Resolver Libraries
Multiple Vulnerabilities in OpenSSL
Integer Overflow In XDR Library
Buffer Overflow in CDE ToolTalk
Buffer Overflow in Kerberos Administration Daemon
Buffer Overflow in Solaris X Window Font Service
Buffer Overflow in Microsoft Windows Shell
%
2002 年度报告:37个漏洞中有13个缓冲区溢出的漏洞
CERT/CC 年度报告
Date
16
Buffer Overflows in ISC DHCPD Minires Library
Buffer Overflow in Windows Locator Service
Remote Buffer Overflow in Sendmail
Buffer Overflow in Core Microsoft Windows DLL
Integer overflow in Sun RPC XDR library routines
Buffer Overflow in Sendmail
Buffer Overflow in Microsoft Windows HTML Conversion Library
Buffer Overflow in Microsoft RPC
RPCSS Vulnerabilities in Microsoft Windows
Buffer Overflow in Windows Workstation Service
%
2003 年度报告:28个漏洞中有10个缓冲区溢出的漏洞
CERT/CC 年度报告
Date
17
2004 Annual Report:
“Heaven help us if we still have
buffer overflow in our software
in 20 years!”
-- Tom Longstaff,R&D manager,CERT/CC
CERT/CC 年度报告
Date
18
CERT/CC 关于缓冲区溢出漏洞的分析
%
1997
%
1998
%
1999
9%
2000
%
2001
%
2002
%
2003
Date
19
实验二
#include <>
#include <>
void helloworld (char sbuff[],char lbuff[])