NULL-ifying Application Security
Results 1 to 1 of 1

Thread: NULL-ifying Application Security

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003

    NULL-ifying Application Security

    Exploiting buffer overflows is old news. Security researchers are now losing sleep over the NULL pointer...

    NULL pointer exploit excites researchers - CIO

    In simple terms a NULL pointer dereference is when a software application tries to access a memory address that has been declared to have the value NULL (a special value that tells software that there is nothing there, as there is a real but critical difference between '', ' ', '0', NULL, or any other number of means of representing nothing). In most cases, the application should stop running and crash whenever a NULL value in memory is accessed by the program, but it has been found that it is possible to force some applications to access and execute arbitrary memory locations whenever a NULL pointer is accessed. The only problem has been that it was considered extremely difficult to achieve, and not so easy to develop a generic approach for. That has now changed, with Dowd effectively providing a framework that could be used to probe for exploitable NULL pointer dereferences across multiple platforms - essentially a generic attack / vulnerability finder for this class of vulnerability.
    Fun, huh?
    Last edited by phernandez; April 22nd, 2008 at 05:46 PM. Reason: Title bug.

Similar Threads

  1. 10 ways to protect yourself with 'pragmatic network security'
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: June 15th, 2006, 02:21 AM
  2. Apache, PHP, MySQL with basic security settings.
    By nightcat in forum The Security Tutorials Forum
    Replies: 9
    Last Post: May 28th, 2005, 02:47 AM
  3. Basic Unix security tutorial
    By \/IP3R in forum AntiOnline's General Chit Chat
    Replies: 16
    Last Post: March 7th, 2005, 09:25 PM
  4. CISSP Notes: Security Models: Access Control Models
    By MrLinus in forum The Security Tutorials Forum
    Replies: 4
    Last Post: October 11th, 2003, 03:22 AM
  5. NEWS: This weeks security news.
    By xmaddness in forum Security News
    Replies: 1
    Last Post: August 15th, 2002, 03:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts