Remote Exploit test fail

From: Minchu Mo (morris_minchu@iwon.com)
Date: 10/25/01


Date: 25 Oct 2001 14:02:51 -0000
Message-ID: <20011025140251.6743.qmail@mail.securityfoucs.com>
From: Minchu Mo <morris_minchu@iwon.com>
To: focus-sun@securityfocus.com
Subject: Remote Exploit test fail


('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus

I am testing a remote buffer overflow exploit on
sparcV9/solaris7 machine. The buffer overflow
happen in stack but jump to the hacking code resides
in heap. The hacking code is borrowed from lsp-pl
site ( findsock and shellcode).

When I traced the vulnerable server using adb, I can
see the control was transfered into the hacking code,
and spawn a shell and then failed with code dump
after shell spawning. But if I let the server run freely
without control from adb, the server seem to immune
to the attack and continue running.

My question is:
1.why the server behavior differently in adb and
realtime.
2. Whether the heap allow the code be executed from
heap.
3. Or some other things prevent overflow happen