Remote Exploit test fail

From: Minchu Mo (morris_minchu@iwon.com)
Date: 10/25/01


Date: 25 Oct 2001 14:02:51 -0000
Message-ID: <20011025140251.6743.qmail@mail.securityfoucs.com>
From: Minchu Mo <morris_minchu@iwon.com>
To: focus-sun@securityfocus.com
Subject: Remote Exploit test fail


('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus

I am testing a remote buffer overflow exploit on
sparcV9/solaris7 machine. The buffer overflow
happen in stack but jump to the hacking code resides
in heap. The hacking code is borrowed from lsp-pl
site ( findsock and shellcode).

When I traced the vulnerable server using adb, I can
see the control was transfered into the hacking code,
and spawn a shell and then failed with code dump
after shell spawning. But if I let the server run freely
without control from adb, the server seem to immune
to the attack and continue running.

My question is:
1.why the server behavior differently in adb and
realtime.
2. Whether the heap allow the code be executed from
heap.
3. Or some other things prevent overflow happen



Relevant Pages

  • [NT] Multiple Vulnerabilities in JanaServer
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Windows platform can act as HTTP/FTP/NEWS/SNTP server, ... JanaServer up to 1.46 was freeware, ... HTTP server buffer overflow ...
    (Securiteam)
  • Switch Off Multiple Vulnerabilities
    ... Stack-based Buffer Overflow ... execute arbitrary code on the remote system - possibly with SYSTEM ... cause the server to execute a specially crafted request which will trigger ... vulnerability before such code is made public, ...
    (Bugtraq)
  • [VulnWatch] Switch Off Multiple Vulnerabilities
    ... Stack-based Buffer Overflow ... execute arbitrary code on the remote system - possibly with SYSTEM ... cause the server to execute a specially crafted request which will trigger ... vulnerability before such code is made public, ...
    (VulnWatch)
  • Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory]
    ... MailEnable's Mail Server software provides a enterprise messaging platform for Microsoft Windows NT/2000/XP/2003 systems. ... Two vulnerabilities were discovered by Hat-Squad Team in MailEnable's IMAP service including a stack based buffer overflow ... and an object pointer overwrite, both can lead to remote execution of arbitrary code. ... 8198 bytes will cause a stack buffer overflow.This vulnerability can be triggered before any kind of authentification. ...
    (Bugtraq)
  • [VulnWatch] IA WebMail Server 3.x Buffer Overflow Vulnerability
    ... IA WebMail Server 3.x Buffer Overflow Vulnerability ... the execution of a 'retn' instruction. ... It is also possible to execute a fairly large amount of code ...
    (VulnWatch)