Buffer overflow attacks, but no code injection
From: Tao Zhang (zhangtao_at_cc.gatech.edu)
Date: 11/06/04
- Next message: D. J. Bernstein: "Re: The Poly1305-AES message-authentication code"
- Previous message: David Wagner: "Re: The Poly1305-AES message-authentication code"
- Next in thread: Barry Margolin: "Re: Buffer overflow attacks, but no code injection"
- Reply: Barry Margolin: "Re: Buffer overflow attacks, but no code injection"
- Reply: Undisclosed: "Re: Buffer overflow attacks, but no code injection"
- Reply: Gregory G Rose: "Re: Buffer overflow attacks, but no code injection"
- Reply: Casper H.S. Dik: "Re: Buffer overflow attacks, but no code injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 6 Nov 2004 17:42:25 -0500
Hi, all
I want some real world examples of buffer overflow
attacks, in which no attacker code is injected / executed,
but some critical/control deciding values are tampered
through BOA.
An example to show the idea is like:
==========================
uint32 uid;
......
buffer overflow overwrites uid to 0
.......
if (uid == 0)
do root stuff
============================
Are there any real world attacks like this? As far as I
know, most BOAs involve code injection.
Thanks so much
Tao
- Next message: D. J. Bernstein: "Re: The Poly1305-AES message-authentication code"
- Previous message: David Wagner: "Re: The Poly1305-AES message-authentication code"
- Next in thread: Barry Margolin: "Re: Buffer overflow attacks, but no code injection"
- Reply: Barry Margolin: "Re: Buffer overflow attacks, but no code injection"
- Reply: Undisclosed: "Re: Buffer overflow attacks, but no code injection"
- Reply: Gregory G Rose: "Re: Buffer overflow attacks, but no code injection"
- Reply: Casper H.S. Dik: "Re: Buffer overflow attacks, but no code injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
