CERT Advisory CA-2001-16

[ddm at pizzashack.org (Derek Martin)]

On Wed, Jul 04, 2001 at 01:11:20AM +0000, Chris Janicki wrote:

> Rookie question:  How is it possible for a buffer overflow to allow 
> access?  Does the overflow automatically provide a shell?  Or does it put 
> the process in some debugging mode with remote privileges?

The short, oversimplified answer is that a buffer overflow allows an
attacker to overwrite the return address of a function with a value
that they have inserted into the buffer, which if done carefully will
cause the code they've inserted into that buffer to be executed.

For the long answer and a much more detailed explanation of how it
works, see the wonderful paper by Aleph One called "Smashing The Stack
For Fun And Profit" which can be found everywhere via web search, or
for the exceptionally lazy (like myself) here:

  http://immunix.org/StackGuard/profit.html

Another good reference is this one:

  http://members.tripod.com/mixtersecurity/exploit.txt

And if you really need details, try this one:

  http://destroy.net/~nate/machines/security/nate-buffer.ps

You will probably need at least a basic understanding of assembly
language and C to follow these.

-- 
---------------------------------------------------
Derek Martin          |   Unix/Linux geek
ddm at pizzashack.org    |   GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).