Statically Detecting Likely Buffer Overflow Vulnerablitites

10 December 2001

David Larochelle

•1988: Morris worm exploits buffer overflows in fingerd to infect 6,000 servers

•2001: Code Red exploits buffer overflows in IIS to infect 250,000 servers

–Single largest cause of vulnerabilities in CERT advisories

–Buffer overflow threatens Internet- WSJ(1/30/01)