在 中文 中使用 缓冲区溢出 的示例及其翻译为 英语
{-}
-
Political
-
Ecclesiastic
-
Programming
我们还将研究缓冲区溢出发生时会发生什么,以及减少其有害影响的缓解技术。
We will also look at what happens when a buffer overrun occurs and mitigation techniques to minimize their harmful effects.为了创造这次缓冲区溢出的情形,我建立了一个叫"overflow.cnf"的文件。
To create the buffer overflow situation, I created a file called"overflow. cnf".它正在利用printf函数上的缓冲区溢出来执行任意代码(这里是我们的堆喷射shellcode)。
It's exploiting a buffer overflow on printf function to execute arbitrary code(here, our heap-sprayed shellcode).诸如缓冲区溢出等隐患可能被用来执行特权提升,从而在本地系统级别执行任意代码。
一旦攻击者触发了缓冲区溢出,它就可以在受影响的计算机上执行任意代码并接管它。
Once the attacker has triggered a buffer overflow, it can execute arbitrary code on the affected machine and take over it.另一种保护缓冲区溢出的方法是在它们发生时检测它们并缓解这种情况。
Another way of safeguarding to buffer overflows is 在下面关于缓冲区溢出的教程中,我们将学习使用shellcode而不是1和2来覆盖缓冲区。
In the following tutorials about buffer overflows we will learn Duvall:几个字母之后,就出现了缓冲区溢出问题。
Duvall: After 我们向开发人员展示了鲜活生动的细节,以阐述如何识别和避免一些常见的编码级问题,例如缓冲区溢出、竞争条件等。
We show developers in gory detail how to recognize and to avoid common implementation-level problems such as buffer overflows and race conditions.简单的C标准函数gets()就是一个例子,因为使用此函数可能在使用它的程序中引入缓冲区溢出问题。
The simple C standard function gets() is APP3590.2:CATI):设计人员将确保应用程序不使用已知容易遭到缓冲区溢出攻击的函数。
(APP3590.2: CAT I) The Designer will ensure the application does not use functions known 使用Ada,您可以快速准确地知道出现了什么问题,而不是在缓冲区溢出或未初始化的驱动程序上搔痒几个小时。
With Ada you know quickly and exactly what is going wrong instead of scratching you head for hours on a buffer overflow or uninitialized driver.特别值得一提的是SP1对使用WSDL文档、防止数据执行和防范安全性问题(例如缓冲区溢出)提供了更好的支持。
Of particular note, SP1 provides better support for consuming WSDL documents, Data Execution prevention and protection from security issues such as buffer overruns.在访问某些启用了HTTP/1.1协议以及数据压缩的网站时,向IE6传递超长的URL可能造成一个缓冲区溢出。
When visiting websites with HTTP/1.1 protocol and data compression enabled, a buffer overflow might occur if 直到1990年代后期,主流操作系统没有为该类攻击作出任何防范,微软直到2004年才提供了缓冲区溢出保护。
Until the late 1990s, major operating systems did not offer any protection against these attacks; Microsoft Windows provided no buffer-overrun protections until 2004.造成这一漏洞的直接原因是,Sendmail的一个安全检测是有缺陷的,可以发生缓冲区溢出。
The immediate cause of the vulnerability was that one of Sendmail's security checks was flawed, permitting a buffer overflow.成功利用漏洞可能会使攻击者在受影响的设备上造成缓冲区溢出,这可能会产生以下影响:.
数据执行保护(DEP):支持禁止执行位,有助于防止缓冲区溢出攻击,它是WindowsServer入侵中常用的攻击手段之一。
Data Execution Prevention(DEP): Support for the No Execute(NX) bit which helps to prevent buffer overflow exploits that are often the attack vector of Windows Server exploits.非执行堆栈大多数应用程序不需要执行任何在堆栈上,所以一个明显的防御缓冲区溢出攻击是使栈非执行。
Most applications never need to execute anything on the stack, so an obvious defense against buffer overflow exploits is to make the stack nonexecutable.以一个先前的专栏中我们已经论及了一个常见的错误:缓冲区溢出(参阅以获得安全编程先前部分的链接)。
We have already covered one common mistake, buffer overflows, in a previous column(see Related topics for links to previous installments of Secure programmer).
