Excessive input is used to overrun input buffers, thus
overwriting program or data storage so as to grant the attacker undesired
access. Examples include sendmail overflows resulting in unlimited system
access from attackers over the Internet, Web server overflows granting
Internet attackers unlimited access to Web servers, buffer overruns in
privileged programs allowing users to gain privilege, and excessive input
used to overrun input buffers causing loss of critical data so as to deny
services or disrupt operations.
Complexity: In the case of denial of
service, these attacks are trivial to carry out with a high probability of
success. If the attacker wishes to gain access for more specific results,
it is usually necessary to identify characteristics of the system under
attack and create a customized attack version for each victim configuration.
This is not very complex but it is time and resource consumptive.
fc@red.a.net