Buffer overflow attacks, but no code injection

From: Tao Zhang (zhangtao_at_cc.gatech.edu)
Date: 11/06/04

Date: Sat, 6 Nov 2004 17:42:25 -0500

Hi, all

I want some real world examples of buffer overflow
attacks, in which no attacker code is injected / executed,
but some critical/control deciding values are tampered
through BOA.

An example to show the idea is like:
uint32 uid;

buffer overflow overwrites uid to 0
if (uid == 0)
    do root stuff
Are there any real world attacks like this? As far as I
know, most BOAs involve code injection.

Thanks so much


Relevant Pages