Taxonomy of C overflow vulnerabilities attack

• Published in: Communications in Computer and Information Science
• Main Author: Ahmad N.H.; Aljunid S.A.; Ab Manan J.-L.
• Format: Conference paper
• Language: English
• Published: 2011
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-79960358896&doi=10.1007%2f978-3-642-22191-0_33&partnerID=40&md5=1298564cc2374e8fc9d612bb3670a55b

Various software vulnerabilities classifications have been constructed since the early 70s for correct understanding of vulnerabilities, and thus acts as a strong foundation to protect and prevent software from exploitation. However, despite all research efforts, exploitable vulnerabilities still exist in most major software, the most common still being C overflows vulnerabilities. C overflow vulnerabilities are the most frequent vulnerabilities to appear in various advisories with high impact or critical severity. Partially but significantly, this is due to the absence of a source code perspective taxonomy to address all types of C overflow vulnerabilities. Therefore, we propose this taxonomy, which also classifies the latest C overflow vulnerabilities into four new categories. We also describe ways to detect and overcome these vulnerabilities, and hence, acts as a valuable reference for developers and security analysts to identify potential security C loopholes so as to reduce or prevent exploitations altogether. © 2011 Springer-Verlag.