Staf of EC-Council - Ethical Hacking Student Courseware. Certidied Ethical Hacker-Exam 312-50 (EC-Council E-Business Certification Series)

We have dealt with various security concerns, attack methods and countermeasures in the preceding modules. Buffer Overflow attacks had been a constant source of worry from time to time. This module looks at different aspects of buffer overflow exploits. After completing this module, you will be familiar with the following topics:

• What is a Buffer Overflow?

• Exploitation

• How to detect Buffer Overflows in a program?

• Skills required

• CPU / OS Dependency

• Understanding Stacks

• Stack Based Buffer Overflows

• Technical details

• Writing your own exploits

• Defense against Buffer Overflows

On Oct 19 2000, hundreds of flights were grounded or delayed because of a software problem in the Los Angeles air traffic control system. The cause was attributed to Mexican Controller typing 9 (instead of 5) characters of flight-description data, resulting in a buffer overflow.