摘要
文章通过深入分析Rightmost和Leftmost所利用的AIX5.3/6.1堆溢出漏洞原理,提出了一种新AIX堆溢出漏洞利用机制,通过CDE ToolTalk数据文件解析堆溢出漏洞,对该机制进行了有效性实证,同时从系统内核层面给出弥补漏洞的建议。
This paper puts forward a new AIX heap exploitation mechanism by analyzing the algorithms of rightmost and leftmost function in AIX 5.3/6.1, and demonstrated it by successful exploitation of the CDE ToolTalk vulnerability, which can be triggered by creating a fake database(.rec file) on the system. At the same time, this paper gives an advice on AIX kernel system to make up for exploitation.
出处
《信息网络安全》
2012年第5期36-38,91,共4页
Netinfo Security