{"id":476131,"date":"2023-08-09T07:26:52","date_gmt":"2023-08-09T07:26:52","guid":{"rendered":""},"modified":"2023-09-05T11:12:07","modified_gmt":"2023-09-05T11:12:07","slug":"buffer-overflow-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/buffer-overflow-attack\/","title":{"rendered":"\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483"},"content":{"rendered":"<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3068\u306f\u3001\u653b\u6483\u8005\u304c\u30d0\u30c3\u30d5\u30a1\u306b\u672c\u6765\u4fdd\u6301\u3059\u308b\u4e88\u5b9a\u3088\u308a\u3082\u591a\u304f\u306e\u30c7\u30fc\u30bf\u3092\u9001\u4fe1\u3057\u3066\u30d0\u30c3\u30d5\u30a1\u306b\u904e\u8ca0\u8377\u3092\u304b\u3051\u3088\u3046\u3068\u3059\u308b\u30b5\u30a4\u30d0\u30fc \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8105\u5a01\u3092\u6307\u3057\u307e\u3059\u3002\u3053\u306e\u30c7\u30fc\u30bf\u306e\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306b\u3088\u308a\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u3001\u30b7\u30b9\u30c6\u30e0\u306e\u30af\u30e9\u30c3\u30b7\u30e5\u3001\u307e\u305f\u306f\u91cd\u8981\u306a\u30c7\u30fc\u30bf\u306e\u6539\u3056\u3093\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u6b74\u53f2\u7684\u80cc\u666f\u3068\u51fa\u73fe<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u3001\u521d\u671f\u306e\u30e1\u30a4\u30f3\u30d5\u30ec\u30fc\u30e0 \u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u306e\u6642\u4ee3\u3067\u3042\u308b 1960 \u5e74\u4ee3\u304b\u3089 1970 \u5e74\u4ee3\u521d\u982d\u306b\u521d\u3081\u3066\u8a00\u53ca\u3055\u308c\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3001\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u304c\u3088\u308a\u5b8c\u5168\u306b\u7406\u89e3\u3055\u308c\u3001\u60aa\u610f\u306e\u3042\u308b\u653b\u6483\u8005\u306b\u3088\u3063\u3066\u60aa\u7528\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u305f\u306e\u306f 1980 \u5e74\u4ee3\u306b\u306a\u3063\u3066\u304b\u3089\u3067\u3059\u3002\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u6700\u521d\u306e\u91cd\u5927\u306a\u516c\u8868\u4f8b\u306f\u30011988 \u5e74\u306e Morris \u30ef\u30fc\u30e0\u3067\u3057\u305f\u3002\u3053\u306e\u30ef\u30fc\u30e0\u306f\u3001UNIX \u306e\u300cfingerd\u300d\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30b5\u30fc\u30d3\u30b9\u306e\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3001\u521d\u671f\u306e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306e\u5927\u90e8\u5206\u306b\u91cd\u5927\u306a\u6df7\u4e71\u3092\u5f15\u304d\u8d77\u3053\u3057\u307e\u3057\u305f\u3002<\/p>\n<h2>\u8a73\u7d30\u306a\u6d1e\u5bdf: \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u3001\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u30c7\u30fc\u30bf\u3092\u30d0\u30c3\u30d5\u30a1\u306b\u66f8\u304d\u8fbc\u307f\u3001\u30c7\u30fc\u30bf\u91cf\u3092\u30c1\u30a7\u30c3\u30af\u3057\u306a\u3044\u5834\u5408\u306b\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30d0\u30c3\u30d5\u30a1\u306e\u5bb9\u91cf\u3092\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3055\u305b\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u30d0\u30c3\u30d5\u30a1\u304c\u30aa\u30fc\u30d0\u30fc\u30e9\u30f3\u3059\u308b\u3068\u3001\u96a3\u63a5\u3059\u308b\u30e1\u30e2\u30ea\u304c\u4e0a\u66f8\u304d\u3055\u308c\u3001\u305d\u306e\u9818\u57df\u306b\u4fdd\u6301\u3055\u308c\u3066\u3044\u308b\u30c7\u30fc\u30bf\u304c\u7834\u640d\u3057\u305f\u308a\u5909\u66f4\u3055\u308c\u305f\u308a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u4e0a\u66f8\u304d\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306b\u5b9f\u884c\u53ef\u80fd\u30b3\u30fc\u30c9\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u305d\u306e\u30b3\u30fc\u30c9\u304c\u64cd\u4f5c\u3055\u308c\u3066\u653b\u6483\u8005\u306e\u76ee\u7684\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u304c\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u305f\u3068\u3048\u3070\u3001\u653b\u6483\u8005\u306f\u3053\u306e\u8106\u5f31\u6027\u3092\u5229\u7528\u3057\u3066\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3057\u3066\u5b9f\u884c\u3057\u305f\u308a\u3001\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u5b9f\u884c\u30d1\u30b9\u3092\u5909\u66f4\u3057\u305f\u308a\u3001\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30af\u30e9\u30c3\u30b7\u30e5\u3055\u305b\u3066\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u4e0d\u80fd\u306b\u3057\u305f\u308a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f\u3055\u307e\u3056\u307e\u306a\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u8a00\u8a9e\u3067\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306b\u5bfe\u3059\u308b\u4fdd\u8b77\u6a5f\u80fd\u304c\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u306a\u3044 C \u304a\u3088\u3073 C++ \u3067\u7279\u306b\u8513\u5ef6\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2>\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u30e1\u30ab\u30cb\u30ba\u30e0<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf \u30b7\u30b9\u30c6\u30e0\u306e\u5185\u90e8\u52d5\u4f5c\u3092\u6df1\u304f\u6398\u308a\u4e0b\u3052\u308b\u3053\u3068\u3067\u3088\u308a\u3088\u304f\u7406\u89e3\u3067\u304d\u307e\u3059\u3002\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u5b9f\u884c\u3055\u308c\u308b\u3068\u3001\u30b9\u30bf\u30c3\u30af \u30e1\u30e2\u30ea\u7a7a\u9593\u304c\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u5272\u308a\u5f53\u3066\u3089\u308c\u307e\u3059\u3002\u3053\u306e\u30b9\u30bf\u30c3\u30af\u306f\u3001\u30ed\u30fc\u30ab\u30eb\u5909\u6570 (\u30d0\u30c3\u30d5\u30a1)\u3001\u5236\u5fa1\u30c7\u30fc\u30bf\u3001CPU \u30ec\u30b8\u30b9\u30bf\u306a\u3069\u306e\u3055\u307e\u3056\u307e\u306a\u30bb\u30af\u30b7\u30e7\u30f3\u306b\u5206\u5272\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u5236\u5fa1\u30c7\u30fc\u30bf\u306b\u306f\u3001\u30b9\u30bf\u30c3\u30af\u306e\u30d9\u30fc\u30b9\u3092\u6307\u3059\u30d9\u30fc\u30b9 \u30dd\u30a4\u30f3\u30bf (BP) \u3068\u3001\u73fe\u5728\u306e\u95a2\u6570\u304c\u7d42\u4e86\u3057\u305f\u5f8c\u306e\u5b9f\u884c\u30dd\u30a4\u30f3\u30c8\u3092\u793a\u3059\u30ea\u30bf\u30fc\u30f3 \u30dd\u30a4\u30f3\u30bf (RP) \u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<p>\u653b\u6483\u8005\u304c\u30d0\u30c3\u30d5\u30a1\u3092\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u3055\u305b\u308b\u3068\u3001\u904e\u5270\u306a\u30c7\u30fc\u30bf\u304c\u5236\u5fa1\u30c7\u30fc\u30bf\u9818\u57df\u306b\u6ea2\u308c\u51fa\u3057\u307e\u3059\u3002\u653b\u6483\u8005\u304c\u5165\u529b\u3092\u614e\u91cd\u306b\u8a2d\u8a08\u3057\u305f\u5834\u5408\u3001\u30ea\u30bf\u30fc\u30f3 \u30dd\u30a4\u30f3\u30bf\u30fc\u3092\u65b0\u3057\u3044\u5024\u3067\u4e0a\u66f8\u304d\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u65b0\u3057\u3044\u5024\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9 (\u3053\u308c\u3082\u5165\u529b\u306e\u4e00\u90e8\u3068\u3057\u3066\u653b\u6483\u8005\u306b\u3088\u3063\u3066\u63d0\u4f9b\u3055\u308c\u308b) \u3092\u6307\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3053\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u305b\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u4e3b\u306a\u7279\u5fb4<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u9855\u8457\u306a\u7279\u5fb4\u3092\u3044\u304f\u3064\u304b\u793a\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>\n<p><strong>\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u306e\u5f31\u70b9\u306e\u60aa\u7528:<\/strong> \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u4e3b\u306b\u3001C \u3084 C++ \u306a\u3069\u306e\u7279\u5b9a\u306e\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u8a00\u8a9e\u304c\u914d\u5217\u5883\u754c\u30c1\u30a7\u30c3\u30af\u3092\u5b9f\u884c\u3057\u306a\u3044\u3068\u3044\u3046\u4e8b\u5b9f\u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u306e\u5b9f\u884c:<\/strong> \u3053\u306e\u30bf\u30a4\u30d7\u306e\u653b\u6483\u306e\u4e3b\u306a\u76ee\u7684\u306e 1 \u3064\u306f\u3001\u8106\u5f31\u306a\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u7279\u6a29\u306e\u6607\u683c:<\/strong> \u3053\u308c\u3089\u306e\u653b\u6483\u306f\u3001\u30b7\u30b9\u30c6\u30e0\u5185\u306e\u653b\u6483\u8005\u306e\u7279\u6a29\u30ec\u30d9\u30eb\u3092\u6607\u683c\u3055\u305b\u308b\u305f\u3081\u306b\u3088\u304f\u4f7f\u7528\u3055\u308c\u3001\u653b\u6483\u8005\u306b\u7ba1\u7406\u5236\u5fa1\u3092\u4e0e\u3048\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5e83\u7bc4\u56f2\u306b\u308f\u305f\u308b\u640d\u5bb3\u306e\u53ef\u80fd\u6027:<\/strong> \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u975e\u5e38\u306b\u7834\u58ca\u7684\u306a\u3082\u306e\u3068\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30b7\u30b9\u30c6\u30e0 \u30af\u30e9\u30c3\u30b7\u30e5\u3092\u5f15\u304d\u8d77\u3053\u3057\u305f\u308a\u3001\u91cd\u5927\u306a\u30c7\u30fc\u30bf\u4fb5\u5bb3\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ul>\n<h2>\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u7a2e\u985e<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u3001\u30bf\u30fc\u30b2\u30c3\u30c8\u3068\u306a\u308b\u30e1\u30e2\u30ea\u9818\u57df\u306b\u57fa\u3065\u3044\u3066\u5206\u985e\u3067\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30b9\u30bf\u30c3\u30af\u30d9\u30fc\u30b9\u306e\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483:<\/strong> \u3053\u308c\u3089\u306f\u6700\u3082\u4e00\u822c\u7684\u306a\u30bf\u30a4\u30d7\u3067\u3001\u30b9\u30bf\u30c3\u30af \u30e1\u30e2\u30ea\u5185\u3067\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u3001\u30ed\u30fc\u30ab\u30eb\u5909\u6570\u3084\u95a2\u6570\u306e\u623b\u308a\u30a2\u30c9\u30ec\u30b9\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30d2\u30fc\u30d7\u30d9\u30fc\u30b9\u306e\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483:<\/strong> \u3053\u3053\u3067\u306f\u3001\u5b9f\u884c\u6642\u306b\u52d5\u7684\u306b\u5272\u308a\u5f53\u3066\u3089\u308c\u308b\u30d2\u30fc\u30d7 \u30e1\u30e2\u30ea\u3067\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3057\u3001\u30c7\u30fc\u30bf\u304c\u7834\u640d\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<table>\n<thead>\n<tr>\n<th>\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u7a2e\u985e<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30b9\u30bf\u30c3\u30af\u30d9\u30fc\u30b9<\/td>\n<td>\u30b9\u30bf\u30c3\u30af\u30e1\u30e2\u30ea\u3067\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3059\u308b<\/td>\n<\/tr>\n<tr>\n<td>\u30d2\u30fc\u30d7\u30d9\u30fc\u30b9<\/td>\n<td>\u30d2\u30fc\u30d7\u30e1\u30e2\u30ea\u3067\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u767a\u751f\u3059\u308b<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u5b9f\u65bd\u3068\u5bfe\u7b56<\/h2>\n<p>\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306f\u3001\u30d5\u30a1\u30ba \u30c6\u30b9\u30c8\u3084\u30ea\u30d0\u30fc\u30b9 \u30a8\u30f3\u30b8\u30cb\u30a2\u30ea\u30f3\u30b0\u306a\u3069\u306e\u3055\u307e\u3056\u307e\u306a\u624b\u6cd5\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u88c5\u3067\u304d\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u305d\u308c\u3089\u3092\u9632\u3050\u305f\u3081\u306b\u63a1\u7528\u3067\u304d\u308b\u5bfe\u7b56\u306f\u6570\u591a\u304f\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\n<p><strong>\u5883\u754c\u30c1\u30a7\u30c3\u30af:<\/strong> \u30b3\u30fc\u30c9\u5185\u306e\u3059\u3079\u3066\u306e\u914d\u5217\u304a\u3088\u3073\u30dd\u30a4\u30f3\u30bf\u30fc\u53c2\u7167\u306b\u5bfe\u3057\u3066\u5883\u754c\u30c1\u30a7\u30c3\u30af\u3092\u5f37\u5236\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u3068\u9759\u7684\u5206\u6790:<\/strong> \u5b9a\u671f\u7684\u306b\u30b3\u30fc\u30c9\u3092\u30ec\u30d3\u30e5\u30fc\u3057\u3001\u9759\u7684\u5206\u6790\u3092\u5b9f\u65bd\u3057\u3066\u6f5c\u5728\u7684\u306a\u5f31\u70b9\u3092\u7279\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30a2\u30c9\u30ec\u30b9\u7a7a\u9593\u30ec\u30a4\u30a2\u30a6\u30c8\u306e\u30e9\u30f3\u30c0\u30e0\u5316 (ASLR):<\/strong> \u30b7\u30b9\u30c6\u30e0\u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u304c\u30e1\u30e2\u30ea\u306b\u30ed\u30fc\u30c9\u3055\u308c\u308b\u5834\u6240\u3092\u30e9\u30f3\u30c0\u30e0\u5316\u3057\u3066\u3001\u653b\u6483\u8005\u304c\u30bf\u30fc\u30b2\u30c3\u30c8 \u30a2\u30c9\u30ec\u30b9\u3092\u4e88\u6e2c\u3059\u308b\u3053\u3068\u3092\u56f0\u96e3\u306b\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5b9f\u884c\u4e0d\u53ef\u80fd\u306a\u30b9\u30bf\u30c3\u30af:<\/strong> \u30b9\u30bf\u30c3\u30af\u3084\u30d2\u30fc\u30d7\u306a\u3069\u306e\u30e1\u30e2\u30ea\u9818\u57df\u3092\u5b9f\u884c\u4e0d\u53ef\u80fd\u3068\u3057\u3066\u30de\u30fc\u30af\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u304c\u3053\u308c\u3089\u306e\u30ea\u30fc\u30b8\u30e7\u30f3\u304b\u3089\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ul>\n<h2>\u6bd4\u8f03\u3068\u7279\u5fb4<\/h2>\n<table>\n<thead>\n<tr>\n<th><\/th>\n<th>\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc<\/th>\n<th>SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/th>\n<th>\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u76ee\u6a19<\/td>\n<td>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e1\u30e2\u30ea<\/td>\n<td>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u306e\u30d6\u30e9\u30a6\u30b6<\/td>\n<\/tr>\n<tr>\n<td>\u8a00\u8a9e\u306e\u8106\u5f31\u6027<\/td>\n<td>C\/C++\u3067\u3088\u304f\u3042\u308b\u3053\u3068<\/td>\n<td>SQL<\/td>\n<td>HTML\/JavaScript<\/td>\n<\/tr>\n<tr>\n<td>\u4e88\u9632\u30c6\u30af\u30cb\u30c3\u30af<\/td>\n<td>\u5883\u754c\u30c1\u30a7\u30c3\u30af\u3001ASLR\u3001\u975e\u5b9f\u884c\u53ef\u80fd\u30b9\u30bf\u30c3\u30af<\/td>\n<td>\u30d7\u30ea\u30da\u30a2\u30c9\u30b9\u30c6\u30fc\u30c8\u30e1\u30f3\u30c8\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u306e\u30a8\u30b9\u30b1\u30fc\u30d7\u3001\u6700\u5c0f\u6a29\u9650<\/td>\n<td>\u5165\u529b\u691c\u8a3c\u3001\u51fa\u529b\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3001HttpOnly Cookie<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u5c06\u6765\u306e\u5c55\u671b<\/h2>\n<p>\u4eba\u5de5\u77e5\u80fd\u3068\u6a5f\u68b0\u5b66\u7fd2\u306e\u9032\u6b69\u306b\u3088\u308a\u3001\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u691c\u51fa\u3068\u9632\u6b62\u304c\u5411\u4e0a\u3059\u308b\u3068\u4e88\u60f3\u3055\u308c\u307e\u3059\u3002 AI \u3092\u6d3b\u7528\u3057\u305f\u8105\u5a01\u691c\u51fa\u30b7\u30b9\u30c6\u30e0\u306f\u3001\u73fe\u5728\u306e\u65b9\u6cd5\u3088\u308a\u3082\u6b63\u78ba\u304b\u3064\u8fc5\u901f\u306b\u8907\u96d1\u306a\u653b\u6483\u30d1\u30bf\u30fc\u30f3\u3092\u7279\u5b9a\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u3088\u308a\u512a\u308c\u305f\u30e1\u30e2\u30ea\u7ba1\u7406\u3092\u5099\u3048\u305f\u8a00\u8a9e (Rust \u306a\u3069) \u306e\u4f7f\u7528\u3082\u5897\u52a0\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u8a00\u8a9e\u306f\u8a2d\u8a08\u306b\u3088\u308a\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u308b\u305f\u3081\u3001\u5b89\u5168\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u958b\u767a\u3059\u308b\u305f\u3081\u306e\u9b45\u529b\u7684\u306a\u30aa\u30d7\u30b7\u30e7\u30f3\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3068\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u9632\u3050\u4e0a\u3067\u6975\u3081\u3066\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u3068\u30b5\u30fc\u30d0\u30fc\u306e\u9593\u306e\u4ef2\u4ecb\u8005\u3068\u3057\u3066\u6a5f\u80fd\u3059\u308b\u3053\u3068\u3067\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u5206\u6790\u304a\u3088\u3073\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u3001\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u5146\u5019\u3092\u793a\u3059\u53ef\u80fd\u6027\u306e\u3042\u308b\u4e0d\u5be9\u306a\u52d5\u4f5c\u306e\u691c\u51fa\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001\u65e2\u77e5\u306e\u5b89\u5168\u306a\u30b3\u30de\u30f3\u30c9\u306e\u307f\u3092\u8a31\u53ef\u3059\u308b\u3088\u3046\u306b\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u69cb\u6210\u3057\u3066\u3001\u30bf\u30fc\u30b2\u30c3\u30c8 \u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u306e\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u304c\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3088\u3046\u3068\u3057\u305f\u5834\u5408\u3067\u3082\u3001\u653b\u6483\u8005\u304c\u5b9f\u884c\u3057\u3088\u3046\u3068\u3059\u308b\u6709\u5bb3\u306a\u30a2\u30af\u30b7\u30e7\u30f3\u306f\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306b\u3088\u3063\u3066\u30d6\u30ed\u30c3\u30af\u3055\u308c\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<ol>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Buffer_Overflow\" target=\"_new\" rel=\"noopener nofollow\">OWASP: \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc<\/a><\/li>\n<li><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/120.html\" target=\"_new\" rel=\"noopener nofollow\">CWE-120: \u5165\u529b\u306e\u30b5\u30a4\u30ba\u3092\u30c1\u30a7\u30c3\u30af\u3057\u306a\u3044\u30d0\u30c3\u30d5\u30a1 \u30b3\u30d4\u30fc (\u300c\u30af\u30e9\u30b7\u30c3\u30af \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u300d)<\/a><\/li>\n<li><a href=\"https:\/\/www.nist.gov\/cyberframework\/online-learning\/understanding-buffer-overflow-attacks\" target=\"_new\" rel=\"noopener nofollow\">NIST: \u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306b\u3064\u3044\u3066<\/a><\/li>\n<li><a href=\"https:\/\/www.imperva.com\/learn\/application-security\/buffer-overflow\/\" target=\"_new\" rel=\"noopener nofollow\">\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u306e\u5b8c\u5168\u30ac\u30a4\u30c9<\/a><\/li>\n<\/ol>","protected":false},"featured_media":476132,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476131","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Buffer Overflow Attack: Unpacking the Details<\/mark>","faq_items":[{"question":"What is a buffer overflow attack?","answer":"<p>A buffer overflow attack is a cyber security threat where an attacker attempts to overload the buffer by sending more data than it was intended to hold. This can result in the execution of malicious code, system crash, or alteration of crucial data.<\/p>"},{"question":"When was the first buffer overflow attack reported?","answer":"<p>The first significant publicized instance of a buffer overflow attack was the Morris Worm in 1988. It exploited a buffer overflow vulnerability in the UNIX 'fingerd' network service, causing significant disruption to large portions of the early Internet.<\/p>"},{"question":"What causes a buffer overflow attack?","answer":"<p>Buffer overflow attacks primarily occur due to a lack of array bounds checking in programming languages such as C and C++. When a program writes data into a buffer and does not verify the volume of data, it can exceed the buffer's capacity, overwriting adjacent memory and potentially leading to the execution of malicious code.<\/p>"},{"question":"What are some key features of buffer overflow attacks?","answer":"<p>Buffer overflow attacks exploit programming weaknesses, can execute arbitrary code, often aim to elevate the attacker's privilege level, and can cause widespread damage, including system crashes and significant data breaches.<\/p>"},{"question":"What are the types of buffer overflow attacks?","answer":"<p>Buffer overflow attacks can be categorized based on the memory area they target: Stack-based buffer overflow attacks where the overflow occurs in the stack memory, and Heap-based buffer overflow attacks where the overflow occurs in the heap memory.<\/p>"},{"question":"How can buffer overflow attacks be prevented?","answer":"<p>Preventive measures include implementing bounds checking, conducting code reviews and static analysis, using Address Space Layout Randomization (ASLR), and marking memory regions such as stack and heap as non-executable.<\/p>"},{"question":"What is the future perspective on buffer overflow attacks?","answer":"<p>Future advancements in artificial intelligence and machine learning are expected to improve the detection and prevention of buffer overflow attacks. Furthermore, increased usage of languages with better memory management could inherently prevent such attacks.<\/p>"},{"question":"How are proxy servers associated with buffer overflow attacks?","answer":"<p>Proxy servers can play a key role in preventing buffer overflow attacks. They can analyze and filter traffic, detect suspicious behavior, and can be configured to only allow known safe commands, preventing the execution of arbitrary code on the target system.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476131\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/476132"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=476131"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}