Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] %m format specifier 2nd MAC (Media Address Control) Macros, C programming language magic_quotes option (PHP) mail spools, UNIX mailslot squatting mailslots, Windows NT, IPC (interprocess communications) Maimon, Uriel maintaining state client IP addresses cookies embedding state in HTML and URLs HTTP authentication 2nd Referer request header sessions 2nd security vulnerabilities session management session tokens stateful versus stateless systems maintenance, SDLC (Systems Development Life Cycle) major components make_table( ) function malicious input, tracing malloc( ) function 2nd man-in-the-middle attacks management, sessions mapping CLSIDs to applications Max-Forwards header field (HTTP) Maximum Limit on Memory Allocation listing (7-43) Maximum Memory Allocation Limit Vulnerability listing (7-44) McDonald, John 2nd 3rd 4th McGraw, Gary Media Address Control (MAC) Mehta, Neel 2nd 3rd memory blocks, shared memory blocks memory buffers, unitialized memory buffers memory corruption assessing buffer overflows global overflows heap overflows off-by-one errors process memory layout SHE (structured exception handling) attacks stack overflows static overflows protection mechanisms ASLR (address space layout randomization) function pointer obfuscation heap hardening nonexecutable stack SafeSEH stack cookies shellcode memory management, auditing ACC (allocation-check-copy) logs allocation functions allocator scorecards double-frees error domains memory pages, nonexecutable memory pages memory, 0 bytes, allocating memset( ) function message queues Message-Id header field (HTTP) messaging, Windows NT, IPC (interprocess communications) metacharacter evasion Metacharacter Vulnerability in PCNFSD listing (8-24) metacharacters 2nd embedded delimiters filtering character stripping vunerabilities escaping metacharacters insufficient filtering metacharacter evasion format strings formats NUL-byte injection path metacharacters file canonicalization Windows registry Perl open( ) function shell metacharacters SQL queries truncation UNIX programs, indirect invocation metadata methods CONNECT COPY DELETE GET 2nd LOCK MKCOL MOVE OPTIONS POST PROPFIND PROPPATCH PUT SEARCH SPACEJUMP TEXTSEARCH TRACE UNLOCK Microsoft Developer Network (MSDN) Microsoft Windows Internals, 4th Edition MIDL (Microsoft Interface Definition Language) DCOM (Distributed Component Object Model) RPCs (Remote Procedure Calls) misinpreterpeting return values Misuse of putenv( ) in Solaris Telnetd listing (10-3) mitigating factors, operational vunerabilities mitigation, threats MKCOL method mkdtemp( ) function mkstemp( ) function mktemp( ) function 2nd Model component (MVC) Model-View-Controller (MVC) modular artihmetic modules analyzing, CC (code comprehension) loosely coupled modules strongly coupled modules Modulus Vulnerability Example listing (6-28) mount points, UNIX MOVE method MS-RPC DCOM Buffer Overflow Listing listing (7-16) MSDN (Microsoft Developer Network) MTA (mulitthreaded apartment), COM (Component Object Model) multibyte character sequences, interpretation MultiByteToWideChar( ) function 2nd Multics (Multiplexed Information and Computing Service) Multiple Embedded Delimiters listing (8-9) multiple encoding layers multiple-input test cases, code audits Multiplexed Information and Computing Service (Multics) multiplication overflows, Intel architectures 2nd multiplicative operators multithreaded apartment (MTA), COM (Component Object Model) multithreaded programs, synchronization deadlocks PThreads API race conditions starvation Windows API Murray, Bill mutex mutex objects, Windows NT mutexes, PThreads API MVC (Model-View-Controller) my_malloc( ) function |