CERT Advisory CA-2001-16
Robert L Krawitz
rlk at alum.mit.edu
Tue Jul 3 22:41:31 EDT 2001
From: Chris Janicki <Janicki at ia-inc.com>
Date: Wed, 04 Jul 2001 01:11:20 GMT
Rookie question: How is it possible for a buffer overflow to allow
access? Does the overflow automatically provide a shell? Or does
it put the process in some debugging mode with remote privileges?
The overflow overwrites some area of memory that's being used for
another purpose. If the buffer is on the stack, a typical attack
would be to fill it with a sequence of instructions that amount to
exec("/bin/sh");
and then continue on to overwrite the return address of the current
stack frame to point to the buffer. When the current call returns, it
will "return" to the address of the buffer, and start executing code
there. There are a lot of variations depending upon exactly where the
buffer is and so forth. If the buffer is on the heap or in the static
data region, the attack will have to be done a bit differently. It
has to be crafted for the individual vulnerability.
--
Robert Krawitz <rlk at alum.mit.edu> http://www.tiac.net/users/rlk/
Tall Clubs International -- http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf at uunet.uu.net
Project lead for Gimp Print/stp -- http://gimp-print.sourceforge.net
"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list