Attacks On Uninitialized Local Variables presented at Blackhat Europe 2006

by Thomas ( Halvar Flake ) Dullien (SABRE Security ),

Tags: Security

Summary : Buffer overflows have been abused in order to compromise software systems for the better part of the last 25 years. In recent years, many restricted solutions to curb their negative effect (stack canaries, frontlink/backlink verification for heap implementations, reordering of local variables) have been proposed and implemented in most popular compilers and operating systems. What is commonly overlooked is that the 'general' problem is the ability of attackers to trigger behaviour that is 'undefined' by the ANSI C99 standard, not the (relatively small) subclass of 'buffer overflow'.