CSCI 4531 Lecture Notes - Lecture 12: Stack Overflow, Microsoft Sql Server, Sql Slammer
Document Summary
12/06/2016 - chapter 10: buffer overflow & chapter 11: software security. A brief history of some buffer overflow attacks. 1988: the morris internet worm uses a buffer overflow exploit in fingerd as one of its attack mechanisms. 1995: a buffer overflow in ncsa httpd 1. 3 was discovered and published on the. 1996: aleph one published smashing the stack for fun and profit in phrack magazine, giving a step by step introduction to exploiting stack-based buffer overflow vulnerabilities. 2001: the code red worm exploits a buffer overflow in microsoft iis 5. 0. 2003: the slammer worm exploits a buffer overflow in microsoft sql server. 2004: the sasser worm exploits a buffer overflow in microsoft windows 2000 / First widely used by morris worm in 1988. Legacy of buggy code in widely deployed operating systems and applications. A buffer overflow, also known as a buffer overrun, is defined in the nist glossary as follows: of key information security terms.