Page 1 of 2

Abstract

bugs. Most of those bugs will cause the service simply to fail in some circumstances. Attempts to provoke this type of failure are known as denial of service attacks. However a more dangerous type of failure is one that allows an external command to invoke some function on the server computer that was not supposed to be available. For example, a bug in a restricted server could allow a service to be requested before the necessary authentication has been performed, whilst even more seriously a bug in either class of server might allow commands to be given to the host computer that were not supposed to be part of the service at all. In the worst case, the bug may cause part of the external input to be executed by the host computer's command interpreter. This allows the intruder to run any operating system command they wish, to read or modify information, or alter the configuration or operation of the computer itself. Many services require special privileges to operate normally, and an