Fall 2018

Section 1: TTh 3:00pm 2113 JKB

Homework #11

Browse https://cve.mitre.org/cve and/or https://web.nvd.nist.gov and read about recent or historic buffer overflows. Note that not all security issues listed on these sites will be buffer overflows.

Find one that interests you and research it in detail. If possible, look at the source code that caused the issue. Read other people's analysis (e.g. search the internet by CVE id or keyword and find others discussing it). You should spend at least 30 minutes researching the issue.

Prepare a 1 page summary of the issue using your own understanding of the bug and discuss what modern buffer-overflow countermeasures would have prevented or mitigated the issues.

Don't use this as your own overflow, but as an example, you might find CVE-1999-0002 - “Buffer overflow in NFS mountd gives root access to remote attackers (mostly linux)”. A list of interesting reading about it:

Source code wasn't immediately findable for such an old vulnerability, but with some effort, it could be tracked down.

Submission

Submit a PDF via Learning Suite.