How does an adversary attack a computer system? One approach is to provide data to a program running on that system that causes it to act on behalf of the attacker. The Morris worm, released in 1988, attacked vulnerable services including fingerd, and sendmail, as well as poorly configured rexec and rsh. When it attacked fingerd, it sent a 536-byte request to C code using gets() that provided a buffer with only 512 bytes of space; the resulting overflow allowed the worm’s code to execute on the target.
On systems running between 2008 and 2013, most services that listen for unsolicited network connections have ...