Re: Administrivia: List Announcement
Valdis.Kletnieks_at_vt.edu
Date: 05/15/03
- Previous message: Marco Ivaldi: "Re: vulndev1.c solution (warning SPOILER)"
- In reply to: Bernie Cosell: "Re: Administrivia: List Announcement"
- Next in thread: David R. Piegdon: "partial analysis of vulndev-1.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bernie Cosell <bernie@fantasyfarm.com> Date: Thu, 15 May 2003 02:52:03 -0400
On Tue, 13 May 2003 15:11:05 EDT, Bernie Cosell <bernie@fantasyfarm.com> said:
> that's clearly off by one and so the loop will run at least one char past
> the end of buf1, clobbering one byte beyond the end of the chunk of space
> that got malloc'ed for buf1.
>
> What harm that causes is hard to evaluate, though, isn't it? Doesn't it
> depend a lot on how a particular C compiler lays things out and how the
> libraries (in particular, malloc) work and what else the program has been
> doing?
Amazingly enough, the hole in XNTPD a while back was just this - a one byte
overflow. It was possible to leverage that into a complete remote exploit.
- application/pgp-signature attachment: stored
- Previous message: Marco Ivaldi: "Re: vulndev1.c solution (warning SPOILER)"
- In reply to: Bernie Cosell: "Re: Administrivia: List Announcement"
- Next in thread: David R. Piegdon: "partial analysis of vulndev-1.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
