Exploitation Analysis of Buffer Overflow in SL-Mail Server
Buffer overflows are known as the most widely used and the oldest forms of attacks used by attackers to gain access for remote code execution and similar attacks. Being the most common form of attack methodologies, these vulnerabilities are still being exploited in the current scenario. Buffer overf...
Saved in:
| Published in: | International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (Online) pp. 1361 - 1370 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
11.11.2021
|
| Subjects: | |
| ISSN: | 2768-0673 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Buffer overflows are known as the most widely used and the oldest forms of attacks used by attackers to gain access for remote code execution and similar attacks. Being the most common form of attack methodologies, these vulnerabilities are still being exploited in the current scenario. Buffer overflows are the vulnerabilities which are exploited due copying function which aren't set to be bounded. Buffer overflows being a code or system vulnerability has been dominating the field of network and remote execution vulnerabilities. One of its attacks being the SL-Mail server enables attacker to insert remote code into the application and perform numerous attacks, this scenario of exploitation and step by step execution of buffer overflow, which can be used for further study for developing more secure applications. Eliminating buffer overflow vulnerability effectively, a great number of threats would also be eliminated. These vulnerabilities are generally exploited when a general program is provided with a larger data than it can normally accept. Most common defense mechanisms included writing application code in languages that perform bound check such as pascal or java, thus lacking data manipulation for some applications; hence this mitigation technique was not efficient. Several classification techniques have been introduced. Vulnerabilities resulting from buffer overflows are used as testing techniques that indicates the tracking of memory buffers and perform several checks for determining boundary and further conditions. An efficient detection method for severe vulnerability like buffer overflow needs to be discovered as current techniques are flawed and need a greater classification and a greater study of exploiting as well as identifying exploits has to be conducted. Several defense mechanisms along with a detailed study of exploitation of buffer overflow are discussed in this paper. This paper concentrates on these respective exploitation techniques and detection and prevention mechanisms. A quantitative comparison between analysis techniques of buffer overflow detection and analysis of different forms of exploitation methods have been compared for effectiveness for exploiting every aspect of buffer overflow in the source code as well as prevention technique effectiveness has been studied. |
|---|---|
| AbstractList | Buffer overflows are known as the most widely used and the oldest forms of attacks used by attackers to gain access for remote code execution and similar attacks. Being the most common form of attack methodologies, these vulnerabilities are still being exploited in the current scenario. Buffer overflows are the vulnerabilities which are exploited due copying function which aren't set to be bounded. Buffer overflows being a code or system vulnerability has been dominating the field of network and remote execution vulnerabilities. One of its attacks being the SL-Mail server enables attacker to insert remote code into the application and perform numerous attacks, this scenario of exploitation and step by step execution of buffer overflow, which can be used for further study for developing more secure applications. Eliminating buffer overflow vulnerability effectively, a great number of threats would also be eliminated. These vulnerabilities are generally exploited when a general program is provided with a larger data than it can normally accept. Most common defense mechanisms included writing application code in languages that perform bound check such as pascal or java, thus lacking data manipulation for some applications; hence this mitigation technique was not efficient. Several classification techniques have been introduced. Vulnerabilities resulting from buffer overflows are used as testing techniques that indicates the tracking of memory buffers and perform several checks for determining boundary and further conditions. An efficient detection method for severe vulnerability like buffer overflow needs to be discovered as current techniques are flawed and need a greater classification and a greater study of exploiting as well as identifying exploits has to be conducted. Several defense mechanisms along with a detailed study of exploitation of buffer overflow are discussed in this paper. This paper concentrates on these respective exploitation techniques and detection and prevention mechanisms. A quantitative comparison between analysis techniques of buffer overflow detection and analysis of different forms of exploitation methods have been compared for effectiveness for exploiting every aspect of buffer overflow in the source code as well as prevention technique effectiveness has been studied. |
| Author | Pawar, Kshitij Shafana, N. Jeenath |
| Author_xml | – sequence: 1 givenname: N. Jeenath surname: Shafana fullname: Shafana, N. Jeenath email: jeenathn1@srmist.edu.in organization: SRM Institute of Science and Technology,Department of Computer Science and Engineering,Chennai,India – sequence: 2 givenname: Kshitij surname: Pawar fullname: Pawar, Kshitij email: kshitijpawar04@gmail.com organization: SRM Institute of Science and Technology,Department of Computer Science and Engineering,Chennai,India |
| BookMark | eNotj8tOwzAUBQ0CiVLyBWz8Aw729SM2uxAVqJSqi8C6cuNrySgkVRIe_Xsq0dWRZjGjc0uu-qFHQqjguRDcPaxZsykrDVLyHDiI3BnFC1NckMwVVhijFRgF9pIsoDCWcVPIG5JN0wfnXAKXzqkFeVz9HrohzX5OQ0_L3nfHKU10iPTpK0Yc6fYbx9gNPzT1tKnZxqeONjie6B25jr6bMDvvkrw_r96qV1ZvX9ZVWbN0isxMAqq9BeHAByXQYutb7bQLpsUg4p6HqGwbhddowUMbwAtAE7RRwYkY5ZLc_3sTIu4OY_r043F3fiv_AOVRS64 |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/I-SMAC52330.2021.9640767 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781665426428 166542642X |
| EISSN | 2768-0673 |
| EndPage | 1370 |
| ExternalDocumentID | 9640767 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IL 6IN AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK OCL RIE RIL |
| ID | FETCH-LOGICAL-i203t-32e4b82192ad41e8ecac5959d6ced1fb0df48cf1a5e82a2cd2a12e6d564d91ff3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000760875500238&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:53:48 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-32e4b82192ad41e8ecac5959d6ced1fb0df48cf1a5e82a2cd2a12e6d564d91ff3 |
| PageCount | 10 |
| ParticipantIDs | ieee_primary_9640767 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-Nov.-11 |
| PublicationDateYYYYMMDD | 2021-11-11 |
| PublicationDate_xml | – month: 11 year: 2021 text: 2021-Nov.-11 day: 11 |
| PublicationDecade | 2020 |
| PublicationTitle | International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (Online) |
| PublicationTitleAbbrev | I-SMAC |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003203994 |
| Score | 1.7974266 |
| Snippet | Buffer overflows are known as the most widely used and the oldest forms of attacks used by attackers to gain access for remote code execution and similar... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1361 |
| SubjectTerms | Buffer Overflow Buffer overflows Codes Fault diagnosis Java Open source software Operating systems Servers SL-Mail Server Threats Vulnerabilities |
| Title | Exploitation Analysis of Buffer Overflow in SL-Mail Server |
| URI | https://ieeexplore.ieee.org/document/9640767 |
| WOSCitedRecordID | wos000760875500238&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA5t8eBJpRXf5ODRtJvHZhNvWiwKWgtV6K1kkwkUZFfqVv--yXZbEbx4C4FAZhLmY2a-mUHoUifSOC40kbmPTbWpJ7k0hnDpRGJSkCzJ62ET2XisZjM9aaGrbS0MANTkM-jHZZ3Ld6VdxVDZQMesk8zaqJ1lcl2rtY2ncJYErBUbsk6iBw9k-nQzDI4WT4IfyGi_Of5rjkoNI6O9_11gH_V-6vHwZIs0B6gFRRdd1_S5psU23jQXwaXHt6s49AQ_h1_q38ovvCjw9JFENgWOpgGWPfQ6unsZ3pNmEgJZBLEqwhmIXAXjwowTFBRYY1OdaictOOrzxHmhrKdBuYoZZh0zlIF0qRROU-_5IeoUZQFHCLvUW8cteCO9SJXPJfc504oGMDPBWzpG3Sj3_H3d7GLeiHzy9_Yp2o2qjcV5lJ6hTrVcwTnasZ_V4mN5Ub_QN6XxkjQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA61CnpSacW3OXg0bV6bJt60WFpsa6EVeivZPKAgu1Jb_fsm221F8OIt5BAykzAfM_PNDAC3CgttGVdIpD421SYepUJrxITlWCdOUJwWwyZaw6GcTtWoAu62tTDOuYJ85hpxWeTybW5WMVTWVDHrJFo7YDfhnOJ1tdY2osIoDmjLN3QdrJo9NB48tIOrxXDwBClplAf8mqRSAEnn8H9XOAL1n4o8ONpizTGouKwG7gsCXdlkG27ai8Dcw8dVHHsCX8I_9W_5F5xncNxHkU8Bo3Fwizp47TxN2l1UzkJA8yDWEjHqeCqDeaHacuKkM9okKlFWGGeJT7H1XBpPgnol1dRYqgl1wiaCW0W8ZyegmuWZOwXQJt5YZpzXwvNE-lQwn1IlSYAzHfylM1CLcs_e1-0uZqXI539v34D97mTQn_V7w-cLcBDVHEv1CLkE1eVi5a7Anvlczj8W18VrfQNzIZV7 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=International+Conference+on+I-SMAC+%28IoT+in+Social%2C+Mobile%2C+Analytics+and+Cloud%29+%28Online%29&rft.atitle=Exploitation+Analysis+of+Buffer+Overflow+in+SL-Mail+Server&rft.au=Shafana%2C+N.+Jeenath&rft.au=Pawar%2C+Kshitij&rft.date=2021-11-11&rft.pub=IEEE&rft.eissn=2768-0673&rft.spage=1361&rft.epage=1370&rft_id=info:doi/10.1109%2FI-SMAC52330.2021.9640767&rft.externalDocID=9640767 |