Windows 2003 Server - Defeating the stack protection mechanism

From: NGSSoftware Insight Security Research (nisr_at_nextgenss.com)
Date: 09/11/03

Next message: Ingram: "Cannot access memory at address 0x90909090"

Previous message: xenophi1e: "Re: Half-Life client buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>, <vulnwatch@vulnwatch.org>, <full-disclosure@lists.netsys.com>, <vuln-dev@securityfocus.com>
Date: Thu, 11 Sep 2003 15:40:20 +0100

For those interested, NGSS has just published a paper describing how to
defeat the mechanism built into Windows 2003 Server to prevent exploitation
of stack based buffer overflow vulnerabilities. Previous work done in this
area presented methods that only worked in highly specific scenarios - the
new methods presented in this paper are generic. The paper can be downloaded
from http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf .
Cheers,
David Litchfield
NGSSoftware Ltd
http://www.nextgenss.com/
+44(0)208 401 0070

Next message: Ingram: "Cannot access memory at address 0x90909090"

Previous message: xenophi1e: "Re: Half-Life client buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] Windows 2003 Server - Defeating the stack protection mechanism
... defeat the mechanism built into Windows 2003 Server to prevent exploitation ... of stack based buffer overflow vulnerabilities. ...
(Full-Disclosure)
Windows 2003 Server - Defeating the stack protection mechanism
... defeat the mechanism built into Windows 2003 Server to prevent exploitation ... of stack based buffer overflow vulnerabilities. ...
(Full-Disclosure)
Windows 2003 Server - Defeating the stack protection mechanism
... defeat the mechanism built into Windows 2003 Server to prevent exploitation ... of stack based buffer overflow vulnerabilities. ...
(Bugtraq)
[NEWS] Multiple ValiCert Security Problems
... * Enterprise VA Host Server for processing validation requests VA API ... Multiple buffer overflows exist in the CGI script, forms.exe, which is ... Analysis of the code and stack contents reveals that the unchecked buffer ...
(Securiteam)
Re: IIS Hack : Anyone explain cause...
... it looks like you cleaned up the server -- if you care about security, ... Microsoft tries and mostly succeeds to release patches PRIOR to ... weeks/months/years prior to exploitation. ... > protected rant as we all know that IIS and indeed lots of software has ...
(microsoft.public.inetserver.iis)