这种攻击可能还会导致缓冲区溢出。
为什么缓冲区溢出如此常见?
缓冲区溢出是许多安全性问题的起因。
以下示例容易出现基于堆的缓冲区溢出
The following example is vulnerable to a heap-based buffer overflow
防止缓冲区溢出的新技术。
现在让我们快速回顾一下缓冲区溢出问题。
导致缓冲区溢出的常见c和C+ +错误。
什么是缓冲区溢出?
修复了dhcpd(8)中的缓冲区溢出问题。
然而,没有哪种方法允许开发人员忽略缓冲区溢出。
However, none of this lets developers ignore buffer overflows.
有些语言存在允许缓冲区溢出发生的“转义”子句。
Some languages have "escape" clauses that allow buffer overflows to occur.
缓冲区溢出了?
有许多工具可以在缓冲区溢出缺陷导致问题之前帮助检测它们。
There are a number of tools that can help detect buffer overflow vulnerabilities before they're released.
有些内建的函数也已经被更新,以较小的开销防止缓冲区溢出。
Some built-in functions have also been updated to protect against buffer overruns with a minimal amount of overhead.
如果攻击者能够导致缓冲区溢出,那么它就能控制程序中的其他值。
If an attacker can cause a buffer to overflow, then the attacker can control other values in the program.
这可防止在缓冲区溢出时服务器进行额外的CPU和磁盘工作。
This prevents the server from doing added CPU and disk work if the buffer overflows.
缓冲区溢出导致许多软件出现漏洞,并因此为恶意开发提供了可乘之机。
Buffer overflows cause many software weaknesses and, therefore, are the basis of malicious exploits.
诸如find这样的程序中的缓冲区溢出可能会给大量的系统带来风险。
A buffer overflow in a program such as find is likely to be a risk to a great number of systems.
在缓冲区溢出攻击的实例中,程序的内部值溢出,从而改变程序的运行方式。
In the instance of a buffer overflow attack, an internal value in a program is overflowed to alter how the program runs.
这样做会使编写不够严谨的程序出现缓冲区溢出错误(以及所有类似隐患)。
Doing so can lead some poorly written implementations into buffer overflow errors (and all that implies).
针对缓冲区溢出的一种简单解决办法就是转为使用能够防止缓冲区溢出的语言。
A simple solution for buffer overflows is to switch to a language that prevents them.
当进程尝试将数据储存到固定长度的缓冲区的范围之外时,就会出现缓冲区溢出。
A buffer overflow, or buffer overrun, occurs when a process attempts to store data beyond the boundaries of a fixed-length buffer.
所有这些攻击——以及其他许多攻击,都利用了一个称做为缓冲区溢出的程序缺陷。
All of these attacks — and many others — exploited a vulnerability called a buffer overflow.
事实证明缓冲区溢出也不可能会发生,因为仅当存在额外数据空间时才会复制数据。
Buffer overflow proves impossible as data copies only when room for extra data exists.
利用缓冲区溢出进行攻击可以改变这个过程,并且允许黑客执行任何他们期望的函数。
Attacking using a buffer overflow can change this process and allow an attacker to execute any function they wish.
这样使得操纵返回地址困难多了,但它不会阻止改变调用函数的数据的缓冲区溢出攻击。
This makes it much harder to manipulate the return address, but it doesn't defend against buffer overflow attacks that change the data of calling functions.
一种替代方法是使用另一种编程语言,因为如今的几乎其他所有语言都能防止缓冲区溢出。
An alternative is to use another programming language, since almost all of today's other languages protect against buffer overflows.
攻击者也许能够通过改变函数中其他数据的值来利用缓冲区溢出;没有哪种方法能够防止这点。
An attacker may be able to exploit a buffer overflow by changing the value of other data in the function; none of these approaches counter that.
任何允许外部实体来输入数据的程序都容易受到恶意的攻击,例如缓冲区溢出和嵌入式控制字符。
Any program that allows an external entity to input data is vulnerable to malicious activity, such as buffer overflows and embedded control characters.
任何允许外部实体来输入数据的程序都容易受到恶意的攻击,例如缓冲区溢出和嵌入式控制字符。
Any program that allows an external entity to input data is vulnerable to malicious activity, such as buffer overflows and embedded control characters.
应用推荐