摘要
远程缓冲区溢出漏洞是网络安全领域最严重的安全漏洞。而远程过程调用广泛应用于分布式环境中,是发起远程缓冲区溢出攻击的常见手段。首先,阐述缓冲区溢出的基本原理,给出windows下利用远程过程调用发起远程缓冲区溢出攻击的一般方法和主要流程,通过一个缓冲区溢出漏洞利用的实例,说明攻击流程和分析方法的有效性,为如何在网络环境下有效防范缓冲区溢出漏洞利用提供指导。
The remote buffer overflow vulnerability is the most serious security vulnerability in network security domain. Remote procedure call has been widely applied to distribute computing. Thus, RPC is a common technology which is used in vulnerability exploiting of buffer overflow. Firstly, the principles and technology about buffer overflow exploiting are described, and then methods of vulnerability analysis and the process of vulnerability exploiting by RPC are provid- ed, because most of buffer overflows exploiting belongs to remote attacking. Finally, an instance of vulnerability exploiting is provided to verify the validity of exploiting process and instruct how to prevent buffer overflow exploiting.
出处
《北京联合大学学报》
CAS
2009年第2期7-10,共4页
Journal of Beijing Union University
