|
Naziv
|
Overflow Variables and Tags
|
|
Sažetak
|
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
|
|
Preduvjeti
|
The target program consumes user-controllable data in the form of tags or variables.|The target program does not perform sufficient boundary checking.
|
|
Rješenja
|
['Use a language or compiler that performs automatic bounds checking.', 'Use an abstraction library to abstract away risky APIs. Not a complete solution.', 'Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.', 'Use OS-level preventative functionality. Not a complete solution.', 'Do not trust input data from user. Validate all user input.']
|
