CSOonline

New Snort overflow exploit

Snort can be buffer overflowed. About once a year, Snort gets a buffer overflow vulnerability. Any piece of additional software in a defense strategy has to be carefully considered (e.g. Snort, ...
Ars Technica

What causes code in buffer overflows to execute?

AFAIK, IANAP:<BR> <BR>Some programming languages (C, for instance) have certain functions that <I>do not</I> check whether an argument is too big for its buffer, eg printf(). There are functions that ...
ZDNet

Open-source team fights buffer overflows

The OpenBSD project hopes new changes to its latest release will eliminate "buffer overflows," a software issue that has been plaguing security experts for more than three decades. Theo de Raadt, the ...
CSOonline

CISA, FBI call software with buffer overflow issues ‘unforgivable’

The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples. FBI and CISA have issued a joint advisory to warn software ...
The Washington Post

'No Execute' Flag Waves Off Buffer Attacks

Pour a 12-ounce can of soda into an eight-ounce glass, and you've got spilled soda and a sticky mess. Hackers know this principle, too. But when they apply it in crafting viruses and worms, the mess ...
Network World

VoIP vulnerabilities increasing, but not exploits

PBXs are servers on corporate networks and are susceptible to the many exploits that networks in general are heir to, such as denial-of-service and buffer overflows. There have been few exploits so ...
Ars Technica

OpenSSL 3 patch, once Heartbleed-level “critical,” arrives as a lesser “high”

An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a “high” security fix for a buffer ...