Talk:Buffer overflow
 | WildBot has stopped running and will not check this page. You can still use the Dablinks tool to check this page for links to disambiguation pages. This tag can be safely removed. |
 | Computer security: Computing B‑class High‑importance | |||||||||||||||||
| ||||||||||||||||||
 | Computing B‑class Mid‑importance | |||||||||
| ||||||||||
 | Buffer overflow is a former featured article candidate. Please view the links under Article milestones below to see why the nomination was archived. For older candidates, please check the archive. | ||||||||||||
| |||||||||||||
| Current status: Former featured article candidate | |||||||||||||
Archive: Archive 1
Merge from Stack buffer overflow
Stack buffer overflow is a good article, but I think a lot of the content (esp diagrams) could be placed on this page instead, there is little which is specific to stack buffer overflows. -- Tompsci 14:01, 17 August 2007 (UTC)
- I disagree that this information is specific to stack buffer overflows, the details of exploiting a buffer overflow are very different for a heap overflow vs a stack overflow for example...I for one would be opposed to such a merge... --Michael Lynn 17:55, 17 August 2007 (UTC)
- Agreed, but the buffer overflow article is about buffer overflows in general and all the concepts you discuss can be generalised to apply to the heap aswell, or apply already. I think some of the content which covers ground already covered by "Buffer Overflow", covers it better, especially where the diagrams are used, which are really clear and aesthetically pleasing. That's why I am suggesting a merge. Especially since the stack-based page is not wiki linked much. -- Tompsci 00:49, 18 August 2007 (UTC)
- I think it might be better to add or edit the content of buffer overflows article than to try to generalize buffer overflows with stack overflow content. the reason i say this is because the details of exploiting a stack buffer overflow are *completely* different from exploiting heap overflows. so much of the literature on this subject seperates the topics thats why I don't see it too bad to seperate them here. The way i think would be best would be to discuss the generalities of what people do with buffer overflows without respect to which kind they are and without going into the details of how they are exploited, and leaving the details of exploitation to the heap overflow and stack buffer overflow articles..that would leave the buffer overflow article to discuss the details of the impact of buffer overflow in general. You'll notice that I left most of the overall security ramifications out of the stack buffer overflows article because that seemed to fit in this article much better. I'm currently working on more diagrams for heap overflows, off by one exploits, and format string bugs, that would make them all look like they all go together better i think. --Michael Lynn 08:22, 18 August 2007 (UTC)
- Ok, that makes more sense to me now. But I think some of the material belongs in buffer overflow not stack buffer overflow and the stack buffer overflow material can be removed as I think your material is superior to what already exists. I'll make the relevant changes and if you disagree then we can maybe revert the changes. -- Tompsci 10:52, 18 August 2007 (UTC)
- sure thing, but do keep in mind that a little bit of duplication is not always a bad thing. --Michael Lynn 11:13, 18 August 2007 (UTC)
- Agreed —Preceding unsigned comment added by 70.100.173.51 (talk) 22:40, 2 October 2007 (UTC)
- sure thing, but do keep in mind that a little bit of duplication is not always a bad thing. --Michael Lynn 11:13, 18 August 2007 (UTC)
- Ok, that makes more sense to me now. But I think some of the material belongs in buffer overflow not stack buffer overflow and the stack buffer overflow material can be removed as I think your material is superior to what already exists. I'll make the relevant changes and if you disagree then we can maybe revert the changes. -- Tompsci 10:52, 18 August 2007 (UTC)
- I think it might be better to add or edit the content of buffer overflows article than to try to generalize buffer overflows with stack overflow content. the reason i say this is because the details of exploiting a stack buffer overflow are *completely* different from exploiting heap overflows. so much of the literature on this subject seperates the topics thats why I don't see it too bad to seperate them here. The way i think would be best would be to discuss the generalities of what people do with buffer overflows without respect to which kind they are and without going into the details of how they are exploited, and leaving the details of exploitation to the heap overflow and stack buffer overflow articles..that would leave the buffer overflow article to discuss the details of the impact of buffer overflow in general. You'll notice that I left most of the overall security ramifications out of the stack buffer overflows article because that seemed to fit in this article much better. I'm currently working on more diagrams for heap overflows, off by one exploits, and format string bugs, that would make them all look like they all go together better i think. --Michael Lynn 08:22, 18 August 2007 (UTC)
- Agreed, but the buffer overflow article is about buffer overflows in general and all the concepts you discuss can be generalised to apply to the heap aswell, or apply already. I think some of the content which covers ground already covered by "Buffer Overflow", covers it better, especially where the diagrams are used, which are really clear and aesthetically pleasing. That's why I am suggesting a merge. Especially since the stack-based page is not wiki linked much. -- Tompsci 00:49, 18 August 2007 (UTC)
- Why? There are a lot of articles, where subthemes are represented as separated articles. Buffer overflow is the general type consiting of a set of subtypes. With such a success we can merge, for instance, Buffer overflow and Heap overflow articles.--91.76.20.6 (talk) 07:18, 23 December 2007 (UTC)
- I disagree that this information is specific to stack buffer overflows, the details of exploiting a buffer overflow are very different for a heap overflow vs a stack overflow for example...I for one would be opposed to such a merge... --Michael Lynn 17:55, 17 August 2007 (UTC)
Does "deep packet inspection" section matter?
Deep packet inspection doesn't find modern buffer overflows. The technique has been of clearly limited value since Ptacek and Newsham's paper. Should that section go away?
1 question about the Code Red worm mentioned in this article...
In this article it's been written that the code red worm exploited a buffer overflow on IIS, but didn't it just exploit the web trasversal unicode bug? I mean, if so, no buffer overflows where used in that exploit, just unicode double encoding, that is pretty more simple... GET /scripts/%252e%252e/%252e%252e/%252e%252e/winnt/cmd.exe?/c+dir+c: HTTP/1.0\r\nHost: IIS.insecure.domain.com\r\n\r\n —Preceding unsigned comment added by 80.180.208.118 (talk) 19:05, 15 October 2007 (UTC)
it would've beem extremely informative
giving the windows buffer's file names and some technical review. regards, 23:19, 8 January 2009 (UTC)
Overwriting VMTs of heap allocated objects
The Heap Exploits section could mention this method. It's possible under some object layouts.
Categories:
- B-Class Computer security articles
- High-importance Computer security articles
- B-Class Computer security articles of High-importance
- B-Class Computing articles
- High-importance Computing articles
- All Computing articles
- All Computer security articles
- Mid-importance Computing articles
- Old requests for peer review