Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Find-and-patch Methods
Software patches
Software patches
Example: The vendor,
the customer, or a group
concerned about software security finds a buffer overflow and a patch is written and
released
Pros:
Very effective at preventing known buffer overflow
attacks for specific vulnerabilities
Cons:
No protection against unknown attacks or known attacks
for which a patch has not been released
Not all patches fix the buffer overflow, some are
specific to one attack but leave the buffer
overflow itself in place
The customer must regularly check for patches for their
system (at the vendors website or www.cert.org) and install them.