Cisco in a Heap of Trouble - What's a "Heap" Anyway
July 16, 2007
It was reported by another Tom Cross who works at IBM that major security flaws were found in Cisco's Unified Communications Manager which can impact VoIP calls. The vulnerability was determined to be an error in a trusted-certificate provider (good guy) that could cause a "heap-based buffer overflow" (which could come from a bad guy). In my pursuit to understand how “everything works” and explain the term via animation, I went to work. As a result, you will find an animated tutorial in www.techtionary.com under “H” for heap based overflows. If you “just want the facts,” here they are.
Memory leaks are allocated memory no longer in use. Memory leaks are often caused by programmers assigning data to specific unused memory addresses called a heap or free store and then not removing the assignments when the computer processing is complete. Heap overflows are caused by hackers who can write-over previously allocated memory with their own program or another. The hacker can potentially control the program being attacked. Programmers use garbage collectors to find and reclaim such memory so that it does not become a leak. The garbage detector is a subroutine library that helps the programmer find and eliminate memory leaks during development-programming. By using garbage collection to track down leaks, developers can benefit from garbage collection technology without being impaired by memory leaks.
Technorati
Del.icio.us
Slashdot
Digg
BoingBoing
Furl
Spurl
- Related Entries
Listed below are links to sites that reference Cisco in a Heap of Trouble - What's a "Heap" Anyway:
Trackback Pings
TrackBack URL:
http://blog.tmcnet.com/mt3/t.fcgi/33038
Previous blog:
Introduction to SIP-Session Initiation Protocol - Multi-Media TutorialCrossTalk Home Page
Next blog:
RTP versus RTCP