| AIX5.3/6.1堆溢出漏洞利用原理分析 |
| |
| 引用本文: | 劳伟. AIX5.3/6.1堆溢出漏洞利用原理分析[J]. 信息网络安全, 2012, 0(5): 36-38,91 |
| |
| 作者姓名: | 劳伟 |
| |
| 作者单位: | 中国农业银行股份有限公司软件开发中心,北京,100073 |
| |
| 摘 要: | 文章通过深入分析Rightmost和Leftmost所利用的AIX5.3/6.1堆溢出漏洞原理,提出了一种新AIX堆溢出漏洞利用机制,通过CDEToolTalk数据文件解析堆溢出漏洞,对该机制进行了有效性实证,同时从系统内核层面给出弥补漏洞的建议。
|
| 关 键 词: | AIX 堆溢出漏洞 leftmost函数 rightmost函数 |
AIX5.3/6.1 Heap Exploitation Mechanisms Analysis |
| |
| LAO Wei. AIX5.3/6.1 Heap Exploitation Mechanisms Analysis[J]. Netinfo Security, 2012, 0(5): 36-38,91 |
| |
| Authors: | LAO Wei |
| |
| Affiliation: | LAO Wei(Software Development Center, Agricultural Bank of China, Beijing 100073, China) |
| |
| Abstract: | This paper puts forward a new AIX heap exploitation mechanism by analyzing the algorithms of rightmost and leftmost function in AIX 5.3/6.1, and demonstrated it by successful exploitation of the CDE ToolTalk vulnerability, which can be triggered by creating a fake database(.rec file) on the system. At the same time, this paper gives an advice on AIX kernel system to make up for exploitation. |
| |
| Keywords: | AIX heap exploitation leftmost function rightmost function |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
