Re: Buffer overflow?

From: Info-Mech (glarose_at_info-mech.com)
Date: 05/02/03 

Date: Fri, 2 May 2003 10:48:33 -0400

Buffer overflow attacks rely on a careful binary reverse-engineering of the
specific application to be attacked. The "overflow" data is crafted to
over-write stack space insde the program. At a minimum, this can cause a
crash due to clobbered return addresses. In the usual case, the attacker is
more creative and puts binary code in the "overflow" portion of the data,
which is jumped to by means of the clobbered return address in the same
stack space. Once that code is excuting the attacker can do anything he
wants, within the small space available.

Usually it is C/C++ programs that are attacked because their memory usage
patterns are well understood and predictable.

Some more info (in a Linux context) may be found at:

http://www.linuxjournal.com/article.php?sid=2902

Cheers,
  Gord Larose

"Jean-Philippe Houde" <please@nospam.com> wrote in message
news:tGD9a.3554$Xo3.616646@news20.bellglobal.com...
> Hi,
>
> I try to understand exactly how the buffer overflow work... What I
> understand is that you send a bunch of data to a program and it make it
> crash...
>
> What I'm not sure of... is if you look at the code that cause a program to
> crash, a lot of time you get a lot of junk like this:
>
> char shell[]=
> "\x90\x90\x90\x90\x90\x90\x90\x90"
> "\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
> "\xb0\x2e\xcd\x80\xeb\x15\x5b\x31"
> "\xc0\x88\x43\x07\x89\x5b\x08\x89"
> "\x43\x0c\x8d\x4b\x08\x31\xd2\xb0"
> "\x0b\xcd\x80\xe8\xe6\xff\xff\xff"
>
> This is the data send to the program that make it crash, I guess!
>
> Is these data mean somethings or its juste something not important.
> If this means something, that means that the person who find this bug know
> the exact string to send to make it crash?
>
> I don't know if you have some links that could describe how buffer
overflow
> work? It would be appreciated
>
> Thanks
> Jean-Philippe

Relevant Pages

  • Re: remote support questions - curiousity
    ... area business network. ... buffer overflow related to the use C language programming conventions ... then automatic scripting (much of which had been originally targeted ... to do something for the attacker (frequently involves divulging ...
    (bit.listserv.ibm-main)
  • Re: Needed info on Buffer/Boundary Overflow Attacks
    ... Needed info on Buffer/Boundary Overflow Attacks ... A vulnerability is characterized as an "Input validation error" if the ... While it could be argued that buffer overflow ...
    (Security-Basics)
  • Re: Buffer overflows and asctime()
    ... Mr Kuyper the subject of this thread is asctime() and what I say ... 999 just to avoid buffer overflow issues that are not relevant to the ... The standard does not say this, ... a reference implementation containing a buffer overflow. ...
    (comp.std.c)
  • AFFLIB(TM): Multiple Buffer Overflows
    ... Security Advisory ... Vendor Status: Vendor Notified, Fix Available ... due to the low likelihood of an attacker ... Remote Stack-based Buffer Overflow Through Use of LastModified * ...
    (Bugtraq)
  • [Full-disclosure] AFFLIB(TM): Multiple Buffer Overflows
    ... Security Advisory ... Vendor Status: Vendor Notified, Fix Available ... due to the low likelihood of an attacker ... Remote Stack-based Buffer Overflow Through Use of LastModified * ...
    (Full-Disclosure)
Quantcast