[REVS] Buffer Overflow Demystified

From: support@securiteam.com
Date: 10/17/02


From: support@securiteam.com
To: list@securiteam.com
Date: 17 Oct 2002 00:08:52 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Buffer Overflow Demystified
------------------------------------------------------------------------

SUMMARY

The following article will try to explain what Buffer Overflows are, why
they occur and how to exploit them.

DETAILS

Introduction:
Emergence of buffer overflow vulnerabilities dates back to 1970s. Morris
Worm (1980s) can be considered the first public use of them. A document
such as Aleph1's famous "Smashing the Stack for Fun and Profit" and code
related to it has been being published on the Internet since 1990s.

This document is a starter of a series of documents about some sort of
subjects, which require great attention and involve pretty much detail;
and aims to explain and clarify the very basic vulnerability type, namely
local buffer overflows, and document the way to write exploits making use
of such vulnerabilities.

To understand what goes on, some C and assembly knowledge is required.
Virtual Memory, some Operating Systems essentials, like, for example, how
a process is laid out in memory will be helpful. You MUST know what a
setuid binary is, and of course you need to be able to -at least- use UNIX
systems. If you have an experience of gdb/cc, it will be a good bonus.
Document is Linux/ix86 specific. The details differ depending on the
Operating System or architecture you're using. In the upcoming documents,
relatively more advanced overflow and shellcode techniques will be
explained.

ADDITIONAL INFORMATION

The complete article can be downloaded from:
 <http://www.enderunix.org/docs/eng/bof-eng.txt>
http://www.enderunix.org/docs/eng/bof-eng.txt

The information has been provided by .

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.