[REVS] Protection against Exploitation of Stack and Heap Overflows

• Previous message: support@securiteam.com: "[NEWS] Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 14 Apr 2003 16:55:02 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

  Protection against Exploitation of Stack and Heap Overflows
------------------------------------------------------------------------

SUMMARY

Exurity Inc. has published a new research document discussing several
methods protecting against Buffer / Heap overflow. The techniques
suggested in the document are to be applied in the source code.

DETAILS

Reports of buffer overflow vulnerability pop up almost everyday. Vendors
try, sometimes desperately, to patch up their software holes before their
software vulnerabilities are maliciously exploited.
This article addresses how to protect against off-by-one exploitation of
overflowed stack, how to repair the heap allocation and free scheme to
catch the exploitation, potentially malicious, of the overflowed heap, how
to protect against overflowed structured exception handling (SEH) frame
like Code Red, and how to refuse RET to defend against brute force
exploitation shown in WebDAV exploitation.

The full document can be found at:
 <http://members.rogers.com/exurity/pdf/AntiOverflows.pdf>
http://members.rogers.com/exurity/pdf/AntiOverflows.pdf

ADDITIONAL INFORMATION

The information has been provided by <mailto:exurity@rogers.com> Exurity
Inc.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support@securiteam.com: "[NEWS] Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]