Differences
This shows you the differences between two versions of the page.
Next revision Both sides next revision | |||
note_on_buffer_overflows [2008/10/26 21:27] vkuncak created |
note_on_buffer_overflows [2008/10/26 21:29] vkuncak |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Note on Buffer Overflows ====== | ====== Note on Buffer Overflows ====== | ||
+ | A study by Cisco Systems, describes virus Code Red, | ||
- | + | "Code Red (2001) | |
- | Code Red (2001) | + | |
The Code Red worm was a self-replicating malicious code that exploited a known vulnerability in Microsoft IIS servers. Code Red attempted | The Code Red worm was a self-replicating malicious code that exploited a known vulnerability in Microsoft IIS servers. Code Red attempted | ||
to connect to TCP port 80 on a randomly chosen host. When a successful connection to port 80 was achieved, the attacking host sent an | to connect to TCP port 80 on a randomly chosen host. When a successful connection to port 80 was achieved, the attacking host sent an | ||
HTTP GET request to the victim, attempting to exploit a buffer overflow in the indexing service. Depending on the configuration of the host | HTTP GET request to the victim, attempting to exploit a buffer overflow in the indexing service. Depending on the configuration of the host | ||
- | that received this request, there were varied consequences. | + | that received this request, there were varied consequences. If the exploit was successful, Code Red began executing on the new victim host." |
+ | |||
+ | and shows the world-wide economic impact to be $2.62 billion. | ||
+ | |||
+ | Many of such errors could be prevented with memory-safe languages such as Java and Scala. |