Re: controlling ebp/eip of a frame, does it always lead to possible code execution?

• Previous message: Alexander E. Cuttergo: "Re: OpenSSH Vulnerability"
• Maybe in reply to: Ingram: "controlling ebp/eip of a frame, does it always lead to possible code execution?"
• Next in thread: deepcode .: "Re: controlling ebp/eip of a frame, does it always lead to possible code execution?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 18 Sep 2003 19:44:42 +0200 (MEST)
To: vuln-dev@securityfocus.com

deepcode . wrote:
>By the looks of it, you are doing everything right. Your overwritten return

>address points
>directly to your nop's. The shellcode should be executed.
>
>What OS are you on, you may have aditional stack protections on the system
>to prevent
>standard overflows, particularly redhat 9 (shrike), which i'm using now,
>will prevent this: not
>sure exactly how yet ...

*doh*, sorry forgot to mention the os, i am running freebsd 4.8 without any
stack protections.

-- 
+++ GMX - die erste Adresse für Mail, Message, More! +++
Getestet von Stiftung Warentest: GMX FreeMail (GUT), GMX ProMail (GUT)
(Heft 9/03 - 23 e-mail-Tarife: 6 gut, 12 befriedigend, 5 ausreichend)
Jetzt selbst kostenlos testen: http://www.gmx.net

• Previous message: Alexander E. Cuttergo: "Re: OpenSSH Vulnerability"
• Maybe in reply to: Ingram: "controlling ebp/eip of a frame, does it always lead to possible code execution?"
• Next in thread: deepcode .: "Re: controlling ebp/eip of a frame, does it always lead to possible code execution?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]