BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CERT Advisory CA-2001-16

Subject: CERT Advisory CA-2001-16
From: Janicki at ia-inc.com (Chris Janicki)
Date: Wed, 04 Jul 2001 14:19:38 GMT
In-reply-to: <20010703232011.A9183@pizzashack.org>
References: <e1.16f6310d.2873ba36@aol.com> <20010704.1112000@storm.> <20010703232011.A9183@pizzashack.org>

Robert & Derek,

Excellent answers!  Thanks guys.

I wonder if this is a good argument for implementing network services in 
Java?

Chris

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 7/3/01, 11:20:12 PM, Derek Martin <ddm at pizzashack.org> wrote regarding 
Re: CERT Advisory CA-2001-16:


> On Wed, Jul 04, 2001 at 01:11:20AM +0000, Chris Janicki wrote:

> > Rookie question:  How is it possible for a buffer overflow to allow
> > access?  Does the overflow automatically provide a shell?  Or does it put
> > the process in some debugging mode with remote privileges?

> The short, oversimplified answer is that a buffer overflow allows an
> attacker to overwrite the return address of a function with a value
> that they have inserted into the buffer, which if done carefully will
> cause the code they've inserted into that buffer to be executed.

> For the long answer and a much more detailed explanation of how it
> works, see the wonderful paper by Aleph One called "Smashing The Stack
> For Fun And Profit" which can be found everywhere via web search, or
> for the exceptionally lazy (like myself) here:

>   http://immunix.org/StackGuard/profit.html

> Another good reference is this one:

>   http://members.tripod.com/mixtersecurity/exploit.txt

> And if you really need details, try this one:

>   http://destroy.net/~nate/machines/security/nate-buffer.ps

> You will probably need at least a basic understanding of assembly
> language and C to follow these.

> --
> ---------------------------------------------------
> Derek Martin          |   Unix/Linux geek
> ddm at pizzashack.org    |   GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu

> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

Follow-Ups:
- CERT Advisory CA-2001-16
  - From: jc at trillian.mit.edu (John Chambers)

References:
- CERT Advisory CA-2001-16
  - From: BayBrianA at aol.com (BayBrianA at aol.com)
- CERT Advisory CA-2001-16
  - From: Janicki at ia-inc.com (Chris Janicki)
- CERT Advisory CA-2001-16
  - From: ddm at pizzashack.org (Derek Martin)

Prev by Date: CERT Advisory CA-2001-16
Next by Date: Palm Pilot/Visor and Linux questions
Previous by thread: CERT Advisory CA-2001-16
Next by thread: CERT Advisory CA-2001-16
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org